Cisco® Secure Access Control System (ACS) is a centralized identity and access policy solution that ties together an enterprise's network access policy and identity strategy. Cisco Secure ACS 5.4 is a highly sophisticated policy- based access control platform that delivers existing and new features, including:
• Unique, flexible, and granular device administration in IPv4 and IPv6 networks with full auditing and reporting capabilities as required for standards compliance
• A powerful, attribute-driven rules-based policy model that addresses complex policy needs in a flexible manner
• A lightweight, web-based GUI with intuitive navigation and workflow accessible from both IPv4 and IPv6 clients
• Integrated advanced monitoring, reporting, and troubleshooting capabilities for maximum control and visibility
• A distributed architecture for medium-sized and large-scale deployments, up to 21 instances in a single ACS cluster
• Capability to connect different nodes (instances) in an ACS cluster to a different Active Directory domain
• Admin authentication via Active Directory/LDAP
• API for Create/Read/Update/Delete operations on devices and hosts
• Online Certificate Status Protocol (OCSP) support
• Synchronization of MAR cache among all ACS instances in a cluster
Availability
Cisco Secure ACS 5.4 is currently orderable. Customers interested in purchasing this product can place orders through their normal sales channels.
Ordering Information
Cisco Secure ACS 5.4 is offered as four different options:
• The Cisco 1121 Secure Access Control System appliance
• Cisco Secure ACS application option on the new Cisco 3415 Secure Network Services appliance
• Software upgrade for existing Cisco 1120/1121 Secure Access Control System appliances
• Software appliance available for installing as a virtual machine into VMware ESX/ESXi 5.0
The appliance and VMware versions each include a Base license. The Base license is required for each Cisco Secure ACS 5.4 appliance or software instance in a network.
With the Base license, Cisco Secure ACS 5.4 appliances or software virtual machines can support deployments of up to 500 network devices (authentication, authorization, and accounting [AAA] clients). The number of network devices is based on how many unique IP addresses are configured. This is not a limit for each individual appliance or instance, but a deployment-wide limit that applies to a set of ACS instances (primary and secondary) that are configured for replication.
The optional Large Deployment add-on license allows a deployment to support more than 500 network devices. Only one Large Deployment license is required per deployment, as it is shared by all instances.
The optional Security Group Access System license is required to enable Security Group Access (SGA) and 802.1ae (also known as MACsec) functionality. Only one Security Group Access System license is required per deployment, as it is shared by all instances.
To order Cisco Secure ACS 5.4, you must order one of the Base product part numbers shown in Table 1. If you are upgrading an existing ACS deployment, you will need to order a product part number from Table 3 or Table 4.
Table 1. Cisco Secure ACS 5.4 Part Numbers for New Orders
Part Number
Description
CSACS-1121-K9
ACS 1121 Access Control System Appliance with 5.4 Software and Base License
SNS-3415-K9 with Application SW Option
SNS-3415-K9 Secure Network Server Appliance for ACS, ISE, and NAC products
CSACS-3415-K9
ACS application software option and ACS Base License for SNS-3415-K9 appliance
CSACS-5.4-VM-K9
ACS 5.4 VMware Software and Base License
R-CSACS-54VM-K9=
ACS 5.4 VMware Software and Base License (Electronic Delivery)
Additional Licenses
If you require any additional licenses, such as the Large Deployment license to support more than 500 devices, you will need to order one of the product part numbers shown in Table 2.
Table 2. Cisco Secure ACS 5.4 Part Numbers for Additional Licenses
Part Number
Description
CSACS-5-LRG-LIC
ACS 5 Large Deployment Add-On License
L-CSACS-5-LRG-LIC
ACS 5 Large Deployment Add-On License (Electronic Delivery)
CSACS-5-ADV-LIC
ACS 5 Security Group Access System License
L-CSACS-5-ADV-LIC
ACS 5 Security Group Access System License (Electronic Delivery)
Upgrades and Migration
Customers can upgrade from any previous version of Cisco Secure ACS to Release 5.4. Cisco Secure ACS 5.4 includes software utilities to migrate data from ACS 4.x and previous versions. These utilities are included in the upgrade package. Please see Migration Guide for the Cisco Secure Access Control System for more details on data migration.
To upgrade from Cisco Secure ACS 4.2 or earlier, please choose the relevant part number from Table 3.
Table 3. Cisco Secure ACS 5.4 Upgrade Part Numbers for Releases 4.2 and Earlier
Part Number
Description
CSACS-1121-UP-K9
ACS 1121 Access Control System Appliance and 5.4 Software Upgrade for previous versions
SNS-3415-K9 with Application SW Option
SNS-3415-K9 Secure Network Server Appliance for ACS, ISE, and NAC products
CSACS-3415-UP-K9
Upgrade to ACS application software on SNS-3415-K9 appliance with Base License from previous versions
CSACS-5.4-VM-UP-K9
ACS 5.4 VMware Software and Base License Upgrade for previous versions
To upgrade from the Cisco 1120 Secure Access Control System appliance running Cisco Secure ACS 5.x, the Cisco 1121 Access Control System Appliance running Cisco Secure ACS 5.1/5.2/5.3, or a VMware product, please choose the relevant part numbers from Table 4. Note: You should select the relevant part number based on whether you have an existing Software Application Support (SAS) contract or not.
Table 4. Cisco Secure ACS 5.4 Upgrade Part Numbers for 5.x Installations
Part Number
Description
CSACS-5.4SW-MR-K9=
ACS 5.4 Minor Upgrade for customers without SAS
CSACS-5.4SW-SR-K9=
ACS 5.4 Minor Upgrade for customers with SAS
Electronic Delivery
Electronic delivery is available for VMware software appliance versions of Cisco Secure ACS 5.4 and additional license options, such as the Large Deployment license.
After you order one of the electronic delivery part numbers, you will receive details on how to download the software and obtain a license via email. This allows you to get the software without having to wait for delivery of physical media and licenses packages.
Electronic delivery is only available for the software and license part numbers shown in Table 5.
Table 5. Cisco Secure ACS 5.4 Electronic Delivery Part Numbers
Part Number
Description
R-CSACS-54VM-K9=
ACS 5.4 VMware Software and Base License (Electronic Delivery)
ACS 5 Large Deployment License (Electronic Delivery)
L-CSACS-5-ADV-LIC
ACS 5 Security Group Access System License (Electronic Delivery)
Software and Hardware Support
Cisco Secure ACS 5.4 running on the Cisco 1121 Secure Access Control System requires the purchase of two support service options (SMARTnet® and SAS) in order for customers to be eligible for Cisco ACS support on both hardware and software. SMARTnet entitles customers to hardware support with replacement coverage, and SAS entitles customers to ACS software maintenance and minor updates, as well as access to online resources and support services.
Special Ordering Instructions
SMARTnet service for the new SNS-3415-K9 appliance includes hardware support and application software maintenance support, including upgrades to future 5.x releases and access to online resources and support services.
However, when ordering CSACS-1121-K9 or CSACS-1121-UP-K9, you must order both SMARTnet and SAS support services in order to get Cisco TAC support on both 1121 appliance hardware and ACS 5.4 software. Quoting an order with two services for one product can only be done in the Multiline Configurator (MLC) tool. To correctly configure an order, set services for the major and minor line items using the "Set Service Options" tab. On the first line, SMARTnet comes up as the line item for the appliance. SAS is added after making the software version selection for ACS; it will show as line item 2.1.
An example of a complete order with correct service options is shown in Figure 1.
Figure 1. 1121 ACS Appliance Ordering Example
Summary: Ordering service for the 1121 ACS appliance requires use of the MLC tool. SMARTnet is set on Line 2; SAS is set on Line 2.1 by using the "Set Service Options" capability.
