In December 2016, Cisco announced the end-of-sale and end-of life dates for their Secure Access Control System 5.5 (ACS).
Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) until August 2018. Customers with active and paid service and support contracts will continue to receive support until then. The last date to extend or renew a service contract for the product occurred in July 2017. All applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions, and all support services for the product are unavailable with hardware, operating system software and application software becoming obsolete.
Cisco communicated with their ACS customers, partners and security consultants that the replacement for the obsolete solution was Cisco’s Identity Services Engine (ISE). Cisco is positioning customers to look beyond network access/TACACS+ and move towards a closer integration with their ISE. A major concern is that ISE migration is complex and expensive to purchase and maintain. Every deployment of ACS is unique and maintaining the existing configuration is difficult and time consuming.
There are many different active versions of ACS deployed throughout the marketplace, and every upgrade path has a unique set of requirements. For example: customers that are in the prior ACS 5.x version must upgrade to ACS 5.5 / 5.6 first before migrating to ISE 2.0. To migrate to ISE 2.1, the customer must be on one of the last 4 releases of ACS (ACS 5.5/ 5.6/ 5.7 or 5.8). If the interim goal is to upgrade to the latest ACS version based on the EOL, the customer is required to upgrade to the latest version of ACS 5.8.
Krontech’s Single Connect solution seamlessly integrates with the most identity databases including Microsoft Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) databases. Policies can be created based on groups or subgroups which are already configured in these identity databases.
With built-in support of internal and external TACACS+ and RADIUS servers to provide AAA (Authentication, Authorization and Accounting) services, Single Connect can enforce user, source address, device type or date&time-based policies. Built-in integration support to NMS and SIEM systems provides advanced audit capabilities.
Single Connect features built-in high availability support, and includes Active-Active or Active-Passive mode support, full database synchronization, and geosite redundancy features. Single Connect supports tremendous volumes of concurrent sessions with no degradation in performance. No additional hardware or complexity (such as Fabric Path) is required to support geographical redundancy.
Single Connect provides more comprehensive functionality than Cisco ACS and ISE. Implementation easily leverages current ACS configurations. The cost model (resources and licenses) for Single Connect is 40-60% less than a traditional ISE upgrade and the time-to-value is significantly reduced.
Many enterprises, have already chosen to replace ACS with Krontech’s Single Connect. You can learn more about this by reading our announcements with GTT and Turkcell.
As the defacto industry standard for device network authentication and administration, Cisco’s Access Control Server (ACS) has been deployed around the world, and with the combination of TACACS+ and RADIUS authentication services, served the needs of many customers for a long time. With the EOL announcement, organizations are taking the opportunity to evaluate alternatives and have found that Krontech’s Single Connect is the only credible alternative in the marketplace.
Contact us to learn how your organization can reduce risks, complexity and costs by replacing ACS with Single Connect, rather than Cisco ISE or other solutions.