Q. What is Cisco® Secure Access Control System (ACS) View?
A. Cisco Secure ACS View is a Web-based, advanced reporting application for Cisco Secure ACS 4.x deployments. ACS View extracts logging information and configuration data from the ACS servers across your network and provides reporting and alerting features.
Q. Why do I need ACS View?
A. ACS View provides on-demand and scheduled reporting capabilities, an easy-to-use GUI, access to real-time authentication and authorization information, and session troubleshooting tools and utilities. ACS View aggregates and correlates data from multiple ACS servers and allows you to monitor and troubleshoot user access control as well as audit access control policy compliance.
Q. What do I need to use ACS View?
A. ACS View is provided as an appliance that includes the operating system and the ACS View application. All that is required is a deployment of one or more ACS servers. ACS View works optimally with the recently released ACS 4.2. ACS View can operate with data from ACS 4.1.4, but certain reports including the administration status, administration entitlement, and ACS backup/restore reports will not be available. ACS View is not supported with versions earlier than 4.1.4.
Q. Why is ACS View provided as a separate product rather than provided as a component of Cisco Secure ACS?
A. The functionality of ACS View is computationally intensive and is provided as a standalone system to have minimal impact on the performance of your ACS deployment.
Q. What is the hardware platform specification for ACS View?
A. ACS View is based on the Cisco ADE 2120 Series appliance:
• Linux operating system
• Intel Core 2 Duo 2.13 GHz processor with 1066 MHz front-side bus (FSB) and 2 MB of Level 2 cache
• 4 GB of RAM (SDRAM)
• Two 250 GB hard disk drives
• One slimline DVD-ROM drive
• Two fixed RJ-45 10BASE-T/100BASE-TX/1000BASE-T network interface connectors
• Serial and USB ports
Q. What are the features in ACS View?
A. Core features include:
• ACS data collection and aggregation
• Scheduled reporting and on-demand queries
• Predefined and custom reporting
• Threshold alerts
• Troubleshooting reports and tools
• Data purging
• Automatic time-zone conversion
Q. What types of reports does ACS View generate?
A. ACS View reports include:
• Authentication reports
• Session reports
• Device administration reports
• ACS configuration reports
• ACS administration reports
Q. How can the reports can be viewed or exported?
A. Reports are available in chart and tabular formats, through which you can navigate to view details. You can also export to HTML, comma-separated value (CSV), or PDF format and e-mail and print the reports. Reports can be shared among all ACS View users or be kept private.
Q. Can the reports be formatted according to the individual requirements?
A. Yes, the ACS View Interactive Viewer feature can be used to format, sort, group, aggregate, and filter a generated report.
Q. Does ACS View have a built-in database?
A. Yes, ACS View uses an embedded Sybase database.
Q. Is the data in the database encrypted?
A. No, Data stored in the database is not encrypted. However, ACS administrator credentials are encrypted.
Q. Does ACS View support reporting on data in an external database?
A. No, ACS View operates only on data stored in its internal database. Support for storing and processing data on external databases may be provided at a later date. ACS View is capable of backing up existing data for offline report generation at a later date. A separate ACS View system is recommended for use in this scenario.
Q. How does ACS View handle time-zone differences?
A. ACS View and ACS servers may be located in different time zones. ACS View automatically converts the timestamp of the data received from different ACS servers to Greenwich Mean Time (GMT) prior to storage, and all reports generated are based on the GMT timestamp.
Q. What ports and protocols are used by ACS View?
A. Ports and protocols include,
• 80 HTTP / 443 HTTPS
• 21 FTP / 69 TFTP / 115 SFTP
• 514 syslog
• 2049 Network File System (NFS)
• 22 Secure Shell (SSH) Protocol
• 25 Simple Mail Transfer Protocol (SMTP)
• 53 Domain Name Service (DNS)
Q. How is data collected from ACS servers in ACS View?
A. ACS logs are primarily collected by ACS View using real-time syslog information and through the package.cab file. The package.cab file includes the CSV logs and ACS configuration. The logs retrieved through package.cab are used to initially load the database and to update database data if syslog collection as been interrupted. ACS View server will process and store the syslogs only from its registered ACS servers.
Q. How does ACS View work if ACS logging is centralized?
A. Cisco Secure ACS for Windows can be configured to forward log information to a remote, centralized logging server. In this deployment scenario, ACS View needs only to receive syslog messages from the central logging server. If Cisco Secure ACS Solution Engine is being used, each ACS Solution Engine must be configured to send syslog data to ACS View-ACS View is not able to receive data from the ACS Solution Engine remote agent.
Q. How do I patch the appliance with newer operating system releases or patches?
A. Cisco will provide any required OS updates and patches along with ACS View patches and updates.
Q. How well does ACS View scale?
A. ACS View can receive data from any number of ACS servers. A single ACS View server can receive up to 2 million records per day from ACS servers. Volume beyond this may affect performance, and it may be necessary to deploy additional ACS View servers with each ACS View receiving data from a subset of the ACS servers in the deployment.
Q. Does ACS View have a way to archive data and retrieve it for future use?
A. ACS View has a data purging feature that purges the older entries to make room for the incoming data when disk space is low. This data purging feature can be automatic, or users can initiate an on-demand purge through the UI. This feature has a configurable option for backup before data purging, and this backup data can be restored into ACS View or to another ACS View server for offline report generation. Restore overwrites the existing data and is not incremental to the data.
Q. What is the maximum number of ACS servers supported by ACS View?
A. There is no limit on the number of ACS servers that ACS View can support.
Q. How do I order ACS View?
A. The part numbers are:
• CSACS4.0-VIEW-K9 ACS View 4.0 Appliance
• CSACS4.0-VIEWLIC ACS View license for managing one additional ACS server
CSACS4.0-VIEW-K9 for Cisco Secure ACS View 4.0 Appliance includes a license for managing two ACS servers. CSACS4.0-VIEWLIC can be purchased for the quantity of additional ACS servers that need to be managed.
Q. How is ACS View licensed?
A. A Product Activation Key (PAK) is provided with the ACS View 4.0 appliance and when additional licenses are purchased. This PAK must be registered with Cisco to obtain an associated license file that is then installed in ACS View. The license files control the number of ACS servers that can provide data to ACS View.
Q. Why does one need to specify the unique device identifier (UDI) information to register the PAK?
A. ACS View uses a node-locking mechanism that associates licenses with a specific ACS View appliance. This mechanism is based on the UDI for the appliance.
Q. How do you obtain the UDI information from the server?
A. Execute the show udi command in the command-line interface (CLI), as shown in the following example: