Identity-Based Networking Services (IBNS)
ACS deployment considerations

How an enterprise network is configured is probably the most important factor in deciding how and where to deploy Cisco Secure ACS. The decision of how to deploy Cisco Secure ACS may vary widely depending on the network topology into which it is to be deployed.

Small LAN Environment
In the small LAN environment, a single Cisco Secure ACS would usually be located close to the switch. In this environment, the user database is usually small because few switches would require access to the Cisco Secure ACS for AAA. A single Cisco Secure ACS will be able to handle the modest workload. A second server can be deployed for redundancy. The second server should be set up as a replication partner to the primary server because losing the Cisco Secure ACS would prevent users from gaining access to the network. An example of a Cisco Secure ACS deployment in a small LAN is shown in Figure . Access to the system hosting the Cisco Secure ACS should be limited to as small a number of users and devices as necessary. In Figure , this is achieved by connecting the Cisco Secure ACS host through to a private LAN segment on the firewall. Access to this segment would be limited only to the Cisco Catalyst Switch client and those user machines that require HTTP access to the Cisco Secure ACS for administrative purposes. Normal LAN users should not be able to see the Cisco Secure ACS at all.

Large Network Environment
In a larger network that is geographically dispersed, speed, redundancy, and reliability will be important in determining whether to use a centralized Cisco Secure ACS service or a number of geographically dispersed Cisco Secure ACS servers. Network speed can be important in deciding how Cisco Secure ACS should be deployed because delays in authentication introduced by the network can result in timeouts at the client side or the switch.

A useful approach in large extended networks, such as for a globally dispersed corporation, is to have at least one Cisco Secure ACS deployed in each major geographical region. Depending upon the quality of the WAN links, these may act as backup partners to servers in other regions to protect against failure of the Cisco Secure ACS in any particular region. In Figure , Switch 1 is configured with Cisco Secure ACS 1 as its primary AAA server but with Cisco Secure ACS 2 of Region 2 as its secondary. Switch 2 is configured with Cisco Secure ACS 2 as its primary but with Cisco Secure ACS 3 as its secondary. Likewise, Switch 3 uses Cisco Secure ACS 3 as its primary but Cisco Secure ACS 1 as its secondary. In this way, AAA WAN traffic is minimized by using a local Cisco Secure ACS as the primary AAA server, and the number of Cisco Secure ACS units required is also minimized by using the primary Cisco Secure ACS from another region as the secondary when necessary.

The model may be extended further down to campus or even individual site level if reliable high-speed connections between locations are not available, or if the performance requirements of the individual sites call for local servers. The same issue can be applied to an external database used by the Cisco Secure ACS. The database should be deployed near enough to the Cisco Secure ACS installation to ensure reliable and timely access.