Features

CSACS has several features that are worth noting. These features help with the administration, maintenance, and operation of CSACS.

Administrative Features

As mentioned earlier, you configure CSACS via a GUI-based Web browser. Also, if you want to use CSACS's internal database without the hassle of re-creating user records, there is hope. CSACS has an import function so you can import user records. CSACS can write accounting records to a CSV log file or Open Database Connectivity (ODBC) database, and the accounting files are separate for TACACS+ and RADIUS.

Distributed System Features

CSACS would not be much good to a organization if it supported only a single server. With CSACS, you can have multiple ACSs that function as primary, backup, client, or peer systems. Therefore, you can ensure redundancy with CSACS as well as load-balance across multiple ACSs.

Some of the additional distributed system features follow:

• Proxy (authentication forwarding) ” One ACS can forward an authentication request to another ACS for processing.

• Fallback on failed connection ” If the connection to the first ACS fails, you can configure the order in which additional ACSs are queried.

• Database replication ” You can replicate the ACS database to other ACSs.

• Remote and centralized logging ” You can store accounting records from multiple ACSs on a central ACS.

External Database Features

In addition to the previously mentioned external databases, CSACS also supports the following databases:

• Generic LDAP

• Novell NetWare Directory Services (NDS)

• ODBC-compliant relational databases

Know all the external databases that CSACS supports.

Database Management Features

All the information that can be entered and maintained by CSACS needs to be stored somewhere, and that somewhere is a database. Several features within CSACS allow for database management. Obviously, some of the database-management tools that CSACS supports are database replication and synchronization.

You use the database-replication feature in fault-tolerant environments. When you are using multiple CSACS servers, it replicates the database among the various ACSs that you are using.

The RDBMS synchronization feature consists of two components , the CSDBSync service and the accountActions table. The RDBMS synchronization feature allows you to update the CSACS user database from an ODBC-compliant data source. Figure 5.7 displays the System Configuration options. Using this menu, you can select RDBMS synchronization to configure database synchronization.

CSUtil.exe is a command-line application that does CSACS database backups and database restores . Neither of the other two database-management features provide for backup or restore functionality.

TACACS+ Support

TACACS+ support includes the ARA, Link Control Protocol (LCP), PPP, SLIP, and EXEC shell. Figure 5.8 displays the predefined protocols that you can use with the CSACS server running TACACS+.

RADIUS Support

CSACS supports a number of RADIUS features, including Internet Engineering Task Force (IETF) RADIUS, custom RADIUS AV pairs, and, of course, Cisco RADIUS AV pairs.