Cisco Secure ACS Appliance

Cisco Secure ACS Solution Engine (ACS SE) is a highly scalable appliance, 1U rack-mountable dedicated platform that serves as a high-performance access control server supporting centralized RADIUS and TACACS+ security protocols.

ACS SE offers the same set of functions and features as the Cisco Secure ACS software for Windows (the software product discussed earlier) in dedicated, security hardened, application-specific appliance packaging.

The underlying operating system on the ACS SE appliance is a customized and minimized version of the Windows 2000 operating system. The fact that the underlying operating system is robust Windows ensures absolute protection. ACS SE achieves this by implementing the following attributes:

• Runs only selective services required to perform the ACS core functions

• Removes all extraneous services

• Blocks all unused ports

• Does not support a keyboard or monitor

• Does not provide access to its file system

• Does not allow arbitrary applications to run

• Prevents all other access to the ACS server system

• Allows TCP/IP connections only via the ports necessary for its own operations

ACS SE includes some additional features specific to operating and managing the ACS appliance. These system administrative functions can be administered using the command-line application (shell) that operates the CLI via the serial console connection that is available on ACS SE appliance. For all other ACS SE configuration and administrative tasks, use the ACS web interface in the software described earlier. Some of these system-specific functions are as follows:

• Resetting the administrator username/password

• Resetting the system database password

• Reconfiguring the IP address

• Setting system timeouts

• Setting the system date/time/hostname/domain

• Patching rollback (removing installed patches)

• Recovering from loss of administrator credentials (password recovery)

• Reimaging the hard drive