07-19-2012 04:54 AM - edited 03-10-2019 07:19 PM
hi ,
Does cisco provides updates for underlying windows server in ACS SE 1113 ? Patch updates are available for ACS 4.2 , but how can we update underlying windows server , Does patches for ACS is enough to secure underlying windows server .
Solved! Go to Solution.
07-19-2012 06:49 AM
Hi,
the ACS appliances has the option of running the CSA agent which provide a layer of security. The windows updates are done through the patches and are usually included in one of the two step patch/upgrade processes. However it isnt clearly documented as to which upgrades are completed during the upgrade. If you need this documentation please open a tac case and an engineer should be able to provide that for you.
Thanks,
Tarik Admani
*Please rate helpful posts*
07-23-2012 10:19 AM
Kamal,
It would be best if you opened a TAC case, in order to get some answers. The ACS 1113 SE is a hardened appliance where remote desktop and other features are locked down and this unit can be only administered through console, or the ACS web. If there is a critical microsoft fix that needs to be applied to this unit, it is usually done through one of the patch releases. If Cisco allowed dynamic windows updates and if there was a hotfix that broke functionality within one of the ACS dll files then it would be a nightmare for cisco to be able to support all the devices immediatly after one of the MS fixes were published.
Here is a guide that states which services are running and which are disabled on the solution engine - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/servscop.html
Tarik Admani
*Please rate helpful posts*
07-19-2012 06:49 AM
Hi,
the ACS appliances has the option of running the CSA agent which provide a layer of security. The windows updates are done through the patches and are usually included in one of the two step patch/upgrade processes. However it isnt clearly documented as to which upgrades are completed during the upgrade. If you need this documentation please open a tac case and an engineer should be able to provide that for you.
Thanks,
Tarik Admani
*Please rate helpful posts*
07-22-2012 11:47 PM
Hi
Tarik Admani ,
Thanks a lot for the info . So it is sure that Windows patches are covered in Patches provided for ACS , because Auto update process in Windows for ACS is disabled by default , SO in no way the appliance can update itself from Microsoft update server . It would be great if you can provide additional info .
Thanks .
07-23-2012 10:19 AM
Kamal,
It would be best if you opened a TAC case, in order to get some answers. The ACS 1113 SE is a hardened appliance where remote desktop and other features are locked down and this unit can be only administered through console, or the ACS web. If there is a critical microsoft fix that needs to be applied to this unit, it is usually done through one of the patch releases. If Cisco allowed dynamic windows updates and if there was a hotfix that broke functionality within one of the ACS dll files then it would be a nightmare for cisco to be able to support all the devices immediatly after one of the MS fixes were published.
Here is a guide that states which services are running and which are disabled on the solution engine - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/servscop.html
Tarik Admani
*Please rate helpful posts*
07-23-2012 08:32 PM
Hi Tarik,
Thanks a lot .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: