beautypg.com

Cisco 3.3 User Manual

Page 97

background image

2-21

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 2 Deployment Considerations

Suggested Deployment Sequence

Along with the decision to implement an external user database (or
databases), you should have detailed plans that specify your requirements for
Cisco Secure ACS database replication, backup, and synchronization. These
aspects of configuring CiscoSecure user database management are detailed in

Chapter 8, “System Configuration: Basic”

.

Configure Shared Profile Components—With most aspects of network
configuration already established and before configuring user groups, you
should configure your Shared Profile Components. When you set up and
name the network access restrictions and command authorization sets you
intend to employ, you lay out an efficient basis for specifying user group and
single user access privileges. For more information about Shared Profile
Components, see

Chapter 5, “Shared Profile Components”

.

Configure Groups—Having previously configured any external user
databases you intend to employ, and before configuring your user groups, you
should decide how to implement two other Cisco Secure ACS features related
to external user databases: unknown user processing and database group
mapping. For more information, see

About Unknown User Authentication,

page 15-4

and

Chapter 16, “User Group Mapping and Specification”

. Then,

you can configure your user groups with a complete plan of how Cisco Secure
ACS is to implement authorization and authentication. For more information,
see

Chapter 6, “User Group Management”

.

Configure Users—With groups established, you can establish user accounts.
Remember that a particular user can belong to only one user group, and that
settings made at the user level override settings made at the group level. For
more information, see

Chapter 7, “User Management”

.

Configure Reports—Using the Reports and Activities section of the
Cisco Secure ACS HTML interface, you can specify the nature and scope of
logging that Cisco Secure ACS performs. For more information, see

Chapter 1, “Overview”

.