Guest

Cisco Secure Access Control System

Cisco Secure Access Control System 5.2 Ordering Guide

  • Viewing Options

  • PDF (193.1 KB)
  • Feedback

PB504495

Product Overview

Cisco ® Secure Access Control System (ACS) is a centralized identity and access policy solution that ties together an enterprise's network access policy and identity strategy. Cisco Secure ACS 5.2 is a next-generation platform that delivers major capabilities, including:

• A powerful, attribute-driven rules-based policy model that addresses complex policy needs in a flexible manner

• A lightweight, web-based graphical user interface (GUI) with intuitive navigation and workflow

• Integrated advanced monitoring, reporting, and troubleshooting capabilities for maximum control and visibility

• Improved integration with external identity and policy databases, including Windows Active Directory and Lightweight Directory Access Protocol (LDAP)-accessible databases, simplifying policy configuration and maintenance

• A new distributed architecture for large-scale deployments

Availability

Cisco Secure ACS 5.2 is currently orderable. Customers interested in purchasing this product can place orders through their normal sales channels.

Ordering Information

Cisco Secure ACS 5.2 is offered as three different options:

• The Cisco 1121 Access Control System appliance

• Software upgrade for existing Cisco 1120 Access Control System appliances

• Software appliance available for installing as a virtual machine into VMware ESX

All versions of Cisco Secure ACS 5.2 run the same software image and support the same features. For system specifications, please view the Cisco Secure ACS 5.2 data sheet at http://www.cisco.com/go/acs.

Licensing Options

The appliance and VMware versions each include a Base license. The Base license is required for each Cisco Secure ACS 5.2 appliance or software instance in a network.
With the Base license, Cisco Secure ACS 5.2 appliances or software virtual machines can support deployments of up to 500 network devices (authentication, authorization, and accounting [AAA] clients). The number of network devices is based on how many unique IP addresses are configured. This is not a limit for each individual appliance or instance, but a deployment-wide limit that applies to a set of ACS instances (primary and secondary) that are configured for replication.
The optional Large Deployment add-on license allows a deployment to support more than 500 network devices. Only one Large Deployment license is required per deployment as it is shared by all instances.
The optional Security Group Access System license is required to enable Security Group Access (SGA) and 802.1ae (also known as MACSec) functionality. Only one Security Group Access System license is required per deployment as it is shared by all instances.
Please see the Cisco Secure ACS 5.2 Deployment Guide for guidelines on deployment planning and sizing.

Base Components

To order Cisco Secure ACS 5.2 you must order one of the Base product part numbers shown in Table 1. If you are upgrading an existing ACS deployment, you will need to order a product part number from Table 3 or Table 4.

Table 1. Cisco Secure ACS 5.2 Part Numbers for New Orders

Part Number

Description

CSACS-1121-K9

ACS 1121 Access Control System Appliance with 5.2 Software and Base License

CSACS-5.2-VM-K9

ACS 5.2 VMware Software and Base License

L-CSACS-52VM-K9

ACS 5.2 VMware Software and Base License (Electronic Delivery)

Additional Licenses

If you require any additional licenses, such as the Large Deployment license to support more than 500 devices, you will need to order one of the product part numbers shown in Table 2.

Table 2. Cisco Secure ACS 5.2 Part Numbers for Additional Licenses

Part Number

Description

CSACS-5-LRG-LIC

ACS 5.x Large Deployment Add-On License

L-CSACS-5-LRG-LIC

ACS 5.x Large Deployment Add-On License (Electronic Delivery)

CSACS-5-ADV-LIC

ACS 5.x Security Group Access System License

L-CSACS-5-ADV-LIC

ACS 5.x Security Group Access System License (Electronic Delivery)

Upgrades and Migration

Customers can upgrade from any previous version of Cisco Secure ACS to the 5.2 release. Cisco Secure ACS 5.2 includes software utilities to migrate data from ACS 4.x and previous versions. These utilities are included in the upgrade package. Please see Migration Guide for the Cisco Secure Access Control System 5.2 or more details on data migration.
To upgrade from Cisco Secure ACS 4.2 or earlier, please choose the relevant part number from Table 3.

Table 3. Cisco Secure ACS 5.2 Upgrade Part Numbers for Releases 4.2 and Earlier

Part Number

Description

CSACS-1121-UP-K9

ACS 1121 Access Control System Appliance and 5.2 Software Upgrade for Previous Versions

CSACS-5.2-VM-UP-K9

ACS 5.2 VMware Software and Base License Upgrade for Previous Versions

L-CSACS-52VMUP-K9

ACS 5.2 VMware Software Upgrade (Electronic Delivery)

To upgrade from the Cisco 1120 Access Control System Appliance running Cisco Secure ACS 5.0, the Cisco 1121 Access Control System Appliance running Cisco Secure ACS 5.1, or a VMware product, please choose the relevant part numbers from Table 4. Note: You should select the relevant part number based on whether you have an existing Software Application Support (SAS) contract or not.

Table 4. Cisco Secure ACS 5.2 Upgrade Part Numbers for 5.x Installations

Part Number

Description

CSACS-5.2SW-MR-K9

ACS 5.2 Minor Upgrade for Customers without SAS

CSACS-5.2SW-SR-K9

ACS 5.2 Minor Upgrade for Customers with SAS

Electronic Delivery

Electronic Delivery is available for VMware software appliance versions of Cisco Secure ACS 5.2 and additional license options, such as the Large Deployment license.
When ordering one of the Electronic Delivery part numbers, you will receive the details on how to download the software and obtain a license via email after the order has been placed. This allows you to get the software without having to wait for delivery of physical media and licenses packages.
Electronic Delivery is only available for the software and license part numbers shown in Table 5.

Table 5. Cisco Secure ACS 5.2 Electronic Delivery Part Numbers

Part Number

Description

L-CSACS-52VM-K9

ACS 5.2 VMware Software and Base License (Electronic Delivery)

L-CSACS-52VMUP-K9

ACS 5.2 VMware Software Upgrade (Electronic Delivery)

L-CSACS-5-LRG-LIC

ACS 5 Large Deployment License (Electronic Delivery)

L-CSACS-5-ADV-LIC

ACS 5 Security Group Access System License (Electronic Delivery)

Software and Hardware Support

Cisco Secure ACS 5.2 requires the purchase of two support service options (SMARTnet ® and Software Application Support [SAS]) in order for customers to be eligible for Cisco ACS support on both hardware and software. SMARTnet entitles customers to hardware support with replacement coverage while SAS entitles customers to ACS software maintenance and minor updates, as well as access to online resources and support services.

Special Ordering Instructions

When ordering CSACS-1121-K9 or CSACS-1121-UP-K9ACS, you must order both SMARTnet and SAS support services.
Quoting an order with two services for one product can only be done in the Multi-line Configurator (MLC) tool. To correctly configure an order, set services for the major and minor line items using the "Set Service Options" tab. On the first line, SMARTnet comes up as the line item for the appliance. SAS is added after making the software version selection for ACS; it will show as line item 1.1.
An example of a complete order with correct service options is shown in Figure 1.

Figure 1. Ordering Example

Summary: Requires uses of MLC tool. SMARTnet is set on Line 1; SAS is set on Line 1.1 by using the "Set Service Options" capability.
For more information on SAS and SMARTnet, please visit
http://www.cisco.com/en/US/products/svcs/ps3034/ps2827/serv_category_home.html.
To find support part numbers and options that relate to specific ACS part numbers, please visit
http://www.cisco-servicefinder.com.

Note: SAS part numbers for the hardware options can be found by searching for CSACS-5.2-SW-K9.

For More Information

Please check the Cisco Secure ACS homepage at http://www.cisco.com/go/acs for the latest information about Cisco Secure ACS.
For more information, please send your questions to acs-mkt@cisco.com or contact your account representative.