cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10803
Views
18
Helpful
6
Replies

ACS vs ISE: ACS EOL?

marcpere
Cisco Employee
Cisco Employee

Hi team,

I'm sure this is not last nor first time this topic arises in these mailing lists, but I have a customer in a cross-road in order to decide on the best approach regarding having to move from device access control function on deployed ACS to a add BYOD and other user access control functions: ACS+ISE or ISE only.

So he is looking for ACS vs ISE detailed features table and any ACS EOL/EOS date?

First point I was able to find here (https://communities.cisco.com/docs/DOC-63901), but now I'm looking for any internal or external vision of a future or near future EOL/EOS initiative in what regards to ACS. Are you able to help me?

Regards,

Marco Pereira

1 ACCEPTED SOLUTION

Accepted Solutions

kthiruve
Cisco Employee
Cisco Employee

Hi Marco,

Here is the ISE migration guide that discusses your option to move over to ISE. Please look at the TACACS log sizing link in the web page below.

https://communities.cisco.com/docs/DOC-63880

Here is the product community page that will have EOL related information.

https://communities.cisco.com/community/technology/security/pa/acs

In short, ACS 5.8 would be the last official ACS release and it will have one more patch/Maintenance release supporting 35xx platform. ETA not known yet.

BU has announced EOL on all the versions of ACS till 5.7. That said, expecting closer parity in the next two  ISE releases in terms of deployment limits, minor  features etc.

AFAIK plan is to announce EOL of ACS 5.8 after that. Tal Surasky is the PM for ISE.

You can reach out to him for specific information.

Hope this helps.

Thanks

Krishnan

Krishnan Thiruvengadam, 408-525-8675

Techincal Marketing Engineer, Policy and Access

.:ili:.:ili:.Cisco Systems

ISE 2.0 POV ::POV Q&A

View solution in original post

6 REPLIES 6

kthiruve
Cisco Employee
Cisco Employee

Hi Marco,

Here is the ISE migration guide that discusses your option to move over to ISE. Please look at the TACACS log sizing link in the web page below.

https://communities.cisco.com/docs/DOC-63880

Here is the product community page that will have EOL related information.

https://communities.cisco.com/community/technology/security/pa/acs

In short, ACS 5.8 would be the last official ACS release and it will have one more patch/Maintenance release supporting 35xx platform. ETA not known yet.

BU has announced EOL on all the versions of ACS till 5.7. That said, expecting closer parity in the next two  ISE releases in terms of deployment limits, minor  features etc.

AFAIK plan is to announce EOL of ACS 5.8 after that. Tal Surasky is the PM for ISE.

You can reach out to him for specific information.

Hope this helps.

Thanks

Krishnan

Krishnan Thiruvengadam, 408-525-8675

Techincal Marketing Engineer, Policy and Access

.:ili:.:ili:.Cisco Systems

ISE 2.0 POV ::POV Q&A

Thanks for posting this.  Very relevant to my environment. 

Very informative Answer Krishnan

I am planning to upgrade to ACS 5.8 in my network from the existing end of support virtual edition of ACS 3.x

Based on my main requirements below I am wondering whether I should stay with ACS or  go with ISE at this point from my investment protection perspective:

  1. Flexible functionality to add/remove/edit infrastructure users.  Friendly clean GUI.
  2. Resilient and easily restorable configurations and database.
  3. Configurable on-the-fly user privilege and account parameters.  Meaning, can administer without downtime.
  4. Network infrastructure password manager.  Changes in passwords and security levels can fully managed by tool and password changes are pushed from the tool.  Validation of change should also be automated.
  5. Auditable. Available reports of accounts, asset changes, user activity, asset monitoring, etc.
  6. Synchronized system appliances at two different data centers for redundancy.  But we only manage accounts and other aspects on a single box.  Redundancy monitoring.  We will only administer the secondary box for special purposes.
  7. Able to update community strings and different levels of access, console, etc.

Any suggestion/recommendation will be highly appreciated. Many thanks in advance.

Please see the blog Do I migrate from ACS 3.x to 5.8 or move to ISE directly?

ISE does support external and internal DB for both RADIUS and TACACS+.

Provides ability to import/export users/group and network devices.

ISE 2.0 UI support HTML and is fast to browse

ISE supports following reports, supports scheduling report as well as ability save the report for future use

Please see the ACS to ISE Migration for more details on deployment models, feature comparisons etc.

ISE support distributed deployment with synchorizing between nodes in different datacenter with 200ms latency requirement for RADIUS. Please reach out to a Cisco Sales rep or our channel partners for further discussion.

Thanks

Krishnan

Thanks for the information Krishnan.

In other worlds can I directly go to ACS5.8 (manual configuration ?) with any of the below mentioned options: SNS (with H/W) or ESX (with S/W) ??

Later if I decide to migrate to ISE then yes I can do that.

Ordering Information

This solution can be purchased as one of the following offerings:

   Application on the Cisco Secure Network Server 3415, 3515, 3495 or 3595 >> Option 1

   Software upgrade for an existing Secure Access Control System 1121 Appliance >> Not Applicable End of Sale

   Software appliance for installation as a virtual machine on VMware ESX or ESXi 5.0, 5.1, 5.5, or 6.0 >> Option 2

Cisco Secure Access Control System 5.8 Bulletin - Cisco

As per the recommendation I can directly got the ISE where no need to migrate from ACS.

Not sure if there is a question here. You can directly go to ISE that is the recommendation.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: