Cisco Secure ACS 5.4 supports distributed deployment to provide high availability and scalability. A deployment can be composed of multiple ACS instances that are managed together in a single, distributed deployment. One system is designated as primary, and that system accepts configuration changes and propagates them to the secondary instances. For the smallest deployments, one primary and secondary instance are recommended for redundancy. Larger deployments can add additional secondary servers as dictated by network design. Release 5.4 officially supports up to 21 instances (1 primary and 20 secondary, including a log collector) in a single cluster. All the Cisco Secure ACS instances are identical in the sense that a full Cisco Secure ACS software version is installed on each of them. Yet part of the functionality (authentication, authorization, and accounting [AAA], management interface, and monitoring and reporting) could be disabled on these instances, allowing for each Cisco Secure ACS instance to play a specific role or roles in the deployment.

Each Cisco Secure ACS 5.4 appliance or software package is delivered with a Base license, and each Cisco Secure ACS instance requires a Base license to operate. Add-on licenses are available to support deployments with more than 500 network devices and to support advanced Security Group Access (SGA) features. For available part numbers and detailed descriptions, refer to the Cisco Secure ACS 5.4 Ordering Guide at http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/product_bulletin_c25-689829.html.