Cisco® Secure Access Control System (ACS) is a centralized identity and access policy solution that ties together an enterprise's network access policy and identity strategy. Cisco Secure ACS 5.2 is a next-generation platform that delivers major capabilities, including:
• A powerful, attribute-driven rules-based policy model that addresses complex policy needs in a flexible manner
• A lightweight, web-based graphical user interface (GUI) with intuitive navigation and workflow
• Integrated advanced monitoring, reporting, and troubleshooting capabilities for maximum control and visibility
• Improved integration with external identity and policy databases, including Windows Active Directory and Lightweight Directory Access Protocol (LDAP)-accessible databases, simplifying policy configuration and maintenance
• A new distributed architecture for large-scale deployments
Cisco Secure ACS 5.2 is currently orderable. Customers interested in purchasing this product can place orders through their normal sales channels.
Cisco Secure ACS 5.2 is offered as three different options:
• The Cisco 1121 Access Control System appliance
• Software upgrade for existing Cisco 1120 Access Control System appliances
• Software appliance available for installing as a virtual machine into VMware ESX
All versions of Cisco Secure ACS 5.2 run the same software image and support the same features. For system specifications, please view the Cisco Secure ACS 5.2 data sheet at http://www.cisco.com/go/acs.
The appliance and VMware versions each include a Base license. The Base license is required for each Cisco Secure ACS 5.2 appliance or software instance in a network.
With the Base license, Cisco Secure ACS 5.2 appliances or software virtual machines can support deployments of up to 500 network devices (authentication, authorization, and accounting [AAA] clients). The number of network devices is based on how many unique IP addresses are configured. This is not a limit for each individual appliance or instance, but a deployment-wide limit that applies to a set of ACS instances (primary and secondary) that are configured for replication.
The optional Large Deployment add-on license allows a deployment to support more than 500 network devices. Only one Large Deployment license is required per deployment as it is shared by all instances.
The optional Security Group Access System license is required to enable Security Group Access (SGA) and 802.1ae (also known as MACSec) functionality. Only one Security Group Access System license is required per deployment as it is shared by all instances.
To order Cisco Secure ACS 5.2 you must order one of the Base product part numbers shown in Table 1. If you are upgrading an existing ACS deployment, you will need to order a product part number from Table 3 or Table 4.
Table 1. Cisco Secure ACS 5.2 Part Numbers for New Orders
ACS 1121 Access Control System Appliance with 5.2 Software and Base License
ACS 5.2 VMware Software and Base License
ACS 5.2 VMware Software and Base License (Electronic Delivery)
If you require any additional licenses, such as the Large Deployment license to support more than 500 devices, you will need to order one of the product part numbers shown in Table 2.
Table 2. Cisco Secure ACS 5.2 Part Numbers for Additional Licenses
ACS 5.x Large Deployment Add-On License
ACS 5.x Large Deployment Add-On License (Electronic Delivery)
ACS 5.x Security Group Access System License
ACS 5.x Security Group Access System License (Electronic Delivery)
Upgrades and Migration
Customers can upgrade from any previous version of Cisco Secure ACS to the 5.2 release. Cisco Secure ACS 5.2 includes software utilities to migrate data from ACS 4.x and previous versions. These utilities are included in the upgrade package. Please see Migration Guide for the Cisco Secure Access Control System 5.2 or more details on data migration.
To upgrade from Cisco Secure ACS 4.2 or earlier, please choose the relevant part number from Table 3.
Table 3. Cisco Secure ACS 5.2 Upgrade Part Numbers for Releases 4.2 and Earlier
ACS 1121 Access Control System Appliance and 5.2 Software Upgrade for Previous Versions
ACS 5.2 VMware Software and Base License Upgrade for Previous Versions
To upgrade from the Cisco 1120 Access Control System Appliance running Cisco Secure ACS 5.0, the Cisco 1121 Access Control System Appliance running Cisco Secure ACS 5.1, or a VMware product, please choose the relevant part numbers from Table 4. Note: You should select the relevant part number based on whether you have an existing Software Application Support (SAS) contract or not.
Table 4. Cisco Secure ACS 5.2 Upgrade Part Numbers for 5.x Installations
ACS 5.2 Minor Upgrade for Customers without SAS
ACS 5.2 Minor Upgrade for Customers with SAS
Electronic Delivery is available for VMware software appliance versions of Cisco Secure ACS 5.2 and additional license options, such as the Large Deployment license.
When ordering one of the Electronic Delivery part numbers, you will receive the details on how to download the software and obtain a license via email after the order has been placed. This allows you to get the software without having to wait for delivery of physical media and licenses packages.
Electronic Delivery is only available for the software and license part numbers shown in Table 5.
Table 5. Cisco Secure ACS 5.2 Electronic Delivery Part Numbers
ACS 5.2 VMware Software and Base License (Electronic Delivery)
ACS 5 Large Deployment License (Electronic Delivery)
ACS 5 Security Group Access System License (Electronic Delivery)
Software and Hardware Support
Cisco Secure ACS 5.2 requires the purchase of two support service options (SMARTnet® and Software Application Support [SAS]) in order for customers to be eligible for Cisco ACS support on both hardware and software. SMARTnet entitles customers to hardware support with replacement coverage while SAS entitles customers to ACS software maintenance and minor updates, as well as access to online resources and support services.
Special Ordering Instructions
When ordering CSACS-1121-K9 or CSACS-1121-UP-K9ACS, you must order both SMARTnet and SAS support services.
Quoting an order with two services for one product can only be done in the Multi-line Configurator (MLC) tool. To correctly configure an order, set services for the major and minor line items using the "Set Service Options" tab. On the first line, SMARTnet comes up as the line item for the appliance. SAS is added after making the software version selection for ACS; it will show as line item 1.1.
An example of a complete order with correct service options is shown in Figure 1.
Figure 1. Ordering Example
Summary: Requires uses of MLC tool. SMARTnet is set on Line 1; SAS is set on Line 1.1 by using the "Set Service Options" capability.