C H A P T E R
1-1
Installation Guide for Cisco Secure ACS Solution Engine 4.1
OL-9969-03
1
Cisco Secure ACS Solution Engine Overview
System Description
Cisco Secure ACS Solution Engine (ACS SE) is a highly scalable, rack-mounted, dedicated platform that
serves as a high-performance access control server supporting centralized Remote Access Dial-In User
Service (RADIUS) and Terminal Access Controller Access Control System (). ACS SE
controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources
through the network.
You use ACS SE to control who can access the network, to authorize what types of network services are
available for particular users or groups of users, and to keep an accounting record of all user actions in
the network. The appliance supports access control and accounting for dial-up access servers, firewalls
and VPNs, Voice-over-IP solutions, content networking, and switched and wireless local area networks
(LANs and WLANs). In addition, you can use the same AAA framework, via , to manage
administrative roles and groups and to control how network administrators change, access, and configure
the network internally.
ACS SE provides almost the same set of features and functions as in the Cisco Secure ACS for Windows
Server (the software product) in a dedicated, security hardened, application-specific, appliance
packaging. ACS SE includes additional features specific to operating and managing the ACS appliance.
See
Release Notes for Cisco Secure ACS 4.1
for the new features in this release.
To ensure a highly secure posture, ACS SE:
•
Runs only the necessary services of the underlying hardened Windows operating system. (See
Appendix B, “Windows Service Advisement,”
for details on the hardening.)
•
Does not support a keyboard or monitor.
•
Does not provide access to its file system.
•
Does not allow you to run arbitrary applications on it.
•
Allows TCP/IP connections only via the ports necessary for its own operations.