Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
743
Views
0
Helpful
4
Replies

ACS 1113 SE - Windows updates

Go to solution
kamal kumar
Level 4
Level 4

‎07-19-2012 04:54 AM - edited ‎03-10-2019 07:19 PM

hi ,

Does cisco provides updates for underlying windows server in ACS SE 1113 ? Patch updates are available for ACS 4.2 , but how can we update underlying windows server , Does patches for ACS is enough to secure underlying windows server .

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎07-19-2012 06:49 AM

Hi,

the ACS appliances has the option of running the CSA agent which provide a layer of security. The windows updates are done through the patches and are usually included in one of the two step patch/upgrade processes. However it isnt clearly documented as to which upgrades are completed during the upgrade. If you need this documentation please open a tac case and an engineer should be able to provide that for you.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to kamal kumar

‎07-23-2012 10:19 AM

Kamal,

It would be best if you opened a TAC case, in order to get some answers. The ACS 1113 SE is a hardened appliance where remote desktop and other features are locked down and this unit can be only administered through console, or the ACS web. If there is a critical microsoft fix that needs to be applied to this unit, it is usually done through one of the patch releases. If Cisco allowed dynamic windows updates and if there was a hotfix that broke functionality within one of the ACS dll files then it would be a nightmare for cisco to be able to support all the devices immediatly after one of the MS fixes were published.

Here is a guide that states which services are running and which are disabled on the solution engine - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/servscop.html

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎07-19-2012 06:49 AM

Hi,

the ACS appliances has the option of running the CSA agent which provide a layer of security. The windows updates are done through the patches and are usually included in one of the two step patch/upgrade processes. However it isnt clearly documented as to which upgrades are completed during the upgrade. If you need this documentation please open a tac case and an engineer should be able to provide that for you.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Go to solution
kamal kumar
Level 4
Level 4
In response to Tarik Admani

‎07-22-2012 11:47 PM

Hi

Tarik Admani ,

Thanks a lot for the info . So it is sure that Windows patches are covered in Patches provided for ACS , because Auto update process in Windows for ACS is disabled by default , SO in no way the appliance can update itself from Microsoft update server . It would be great if you can provide additional info .

Thanks .

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to kamal kumar

‎07-23-2012 10:19 AM

Kamal,

It would be best if you opened a TAC case, in order to get some answers. The ACS 1113 SE is a hardened appliance where remote desktop and other features are locked down and this unit can be only administered through console, or the ACS web. If there is a critical microsoft fix that needs to be applied to this unit, it is usually done through one of the patch releases. If Cisco allowed dynamic windows updates and if there was a hotfix that broke functionality within one of the ACS dll files then it would be a nightmare for cisco to be able to support all the devices immediatly after one of the MS fixes were published.

Here is a guide that states which services are running and which are disabled on the solution engine - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/servscop.html

Tarik Admani
*Please rate helpful posts*

0 Helpful

Go to solution
kamal kumar
Level 4
Level 4
In response to Tarik Admani

‎07-23-2012 08:32 PM

Hi Tarik,

Thanks a lot .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents