ACS for Windows vs ACS Appliance?

raun.williams · ‎11-19-2008

First, the only thing I saw on the Appliance was that it was a 'hardened OS'. So I'm assuming like many of their other appliances that this is Windows 2003 locked down? Regardless if it is or not, are there any issues with the appliance being in a mixed environment with ACS for Windows and replication between the two?

Thanks,

Raun

Jagdeep Gambhir · ‎11-22-2008

No there are no issue with replication or any other compatibility issues.

Regards,

~JG

Do rate helpful posts

huangedmc · ‎11-25-2008

One caveat:

ACS SE (appliance) does NOT support ODBC, and you're required to install ACS remote agents on Windows member servers or domain controllers, which could be a pain depending on the politics in your firm.

raun.williams · ‎11-26-2008

Really? Can you show this to me in a document somewhere? I'm just curious as to why this would be required on the appliance and not on the Windows version that we're currently running. They're pretty much the same thing after all. I find that disturbing.

huangedmc · ‎11-26-2008

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawo.html

When you use ACS for Windows, you install it on a member server, which can "relay" the auth requests to the domain controllers.

ACS SE's are not a member in the domain, therefore you need to install the remote agent on a member/DC, so that it would act as a "relay agent" for the auth requests.

You'll also need to manually create a workstation account in AD to allow auth requests from the ACS SE's.

The default name used is "CISCO", but it can be defined differently.

For this part, see

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp311476

raun.williams · ‎11-26-2008

Thank you much! 5stars