Accepted Solutions
Very informative Answer Krishnan 
I am planning to upgrade to ACS 5.8 in my network from the existing end of support virtual edition of ACS 3.x
Based on my main requirements below I am wondering whether I should stay with ACS or go with ISE at this point from my investment protection perspective:
- Flexible functionality to add/remove/edit infrastructure users. Friendly clean GUI.
- Resilient and easily restorable configurations and database.
- Configurable on-the-fly user privilege and account parameters. Meaning, can administer without downtime.
- Network infrastructure password manager. Changes in passwords and security levels can fully managed by tool and password changes are pushed from the tool. Validation of change should also be automated.
- Auditable. Available reports of accounts, asset changes, user activity, asset monitoring, etc.
- Synchronized system appliances at two different data centers for redundancy. But we only manage accounts and other aspects on a single box. Redundancy monitoring. We will only administer the secondary box for special purposes.
- Able to update community strings and different levels of access, console, etc.
Any suggestion/recommendation will be highly appreciated. Many thanks in advance.
Please see the blog Do I migrate from ACS 3.x to 5.8 or move to ISE directly?
ISE does support external and internal DB for both RADIUS and TACACS+.
Provides ability to import/export users/group and network devices.
ISE 2.0 UI support HTML and is fast to browse
ISE supports following reports, supports scheduling report as well as ability save the report for future use
Please see the ACS to ISE Migration for more details on deployment models, feature comparisons etc.
ISE support distributed deployment with synchorizing between nodes in different datacenter with 200ms latency requirement for RADIUS. Please reach out to a Cisco Sales rep or our channel partners for further discussion.
Thanks
Krishnan
