Ciscoworks on same server as ACS/WCS

Answered Question
Mar 8th, 2007
User Badges:

Anyone see a problem with CiscoWorks LMS, ACS 4.1, and WCS cohabiting on the same server? It is a Windows 2003 server with dual 3.8GHz Xeon processors, 3 1/2 GB of RAM and 100GB of free hard drive space.

Correct Answer by Joe Clarke about 10 years 2 months ago

Yes. For one, LMS itself requires at least 2 GB of physical RAM and 4 GB of swap just to start. Second, having your AAA server co-located with other applications invites more network down time (e.g. a patch for LMS requires you to reboot your ACS) and opens you up to more potential security problems (e.g. someone uses a bug in LMS to compromise the server, and they now have all of your usernames and passwords as well). And while LMS cannot integrate with ACS 4.1 yet, when it does, the two applications will contend for available TCP ports (and will most likely exhaust them).


You should give each application a dedicated server to let them do their jobs to the best of their abilities. Your ACS server should be locked away in a room with limited physical access, and no dedicated monitor and keyboard just to aid with security.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Joe Clarke Thu, 03/08/2007 - 11:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes. For one, LMS itself requires at least 2 GB of physical RAM and 4 GB of swap just to start. Second, having your AAA server co-located with other applications invites more network down time (e.g. a patch for LMS requires you to reboot your ACS) and opens you up to more potential security problems (e.g. someone uses a bug in LMS to compromise the server, and they now have all of your usernames and passwords as well). And while LMS cannot integrate with ACS 4.1 yet, when it does, the two applications will contend for available TCP ports (and will most likely exhaust them).


You should give each application a dedicated server to let them do their jobs to the best of their abilities. Your ACS server should be locked away in a room with limited physical access, and no dedicated monitor and keyboard just to aid with security.

davidwickert Thu, 03/08/2007 - 11:25
User Badges:

Thank you for your advice. I thought it may not be a great idea, but I thought I would ask anyway.

Actions

This Discussion