08-15-2012 04:54 PM - edited 03-10-2019 07:25 PM
Hi All;
I am somewhat a Newbie with ACS, and am trying to document, resolve and understand a 4.2 implementation in preparation for an upgrade to current version.
In our system we might have 20 engineers, some of whom need access to some of 10 service groups, where a service group could be 3 servers in a cluster providing a network service like logging, SIEM, Configuration control, Key Management etc.
Engineer A might need access to Logging Servers and SIEMs
Engineer B might need access to SIEMS and Key Management servers
Engineer C might need access to Key Management Servers and Logging servers.
Because each engineer uses a single admin user object held in the local ACS internal database, I believe the engineer can be a member of only 1 ACS group.
And there is no easy way to create groups that match to all the different role combinations.
What was put in place with ACS 4.2 was:
Create a separate group for each engineer.
For each network service like Logging or SIEM, place all the logging servers in a separate dedicated NDG
Create a separate policy for access to logging servers
Then for each of the 4 out of our 20 engineers that need access to the logging servers, create 4 permit rules in the Logging NAP policy, a separate permit rule for each of the 4 engineers.
This is not a design to be overly proud of, and is not very scalable, but it works fine at our level.
I understand ACS 5.3 provides a more elegant and scalable solution. Can you please advise/provide links to clarify a preferred solution?
Thanks
Drew
08-15-2012 08:19 PM
Drew,
ACS 5.3 will help you with you current situation. With ACS 4 there was the group mapping landscape in the way users were mapped and dropped in a bucket with those operations. ACS 5.x is a policy driven solution and can really does process policies based on the endpoint and can combine multiple policies in order to match a result.
Here is the basics of ACS 5 and the comparison of ACS 4 -
Thanks,
Tarik Admani
*Please rate helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide