Ciscoworks on same server as ACS/WCS

Answered Question
Mar 8th, 2007

Anyone see a problem with CiscoWorks LMS, ACS 4.1, and WCS cohabiting on the same server? It is a Windows 2003 server with dual 3.8GHz Xeon processors, 3 1/2 GB of RAM and 100GB of free hard drive space.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 9 years 10 months ago

Yes. For one, LMS itself requires at least 2 GB of physical RAM and 4 GB of swap just to start. Second, having your AAA server co-located with other applications invites more network down time (e.g. a patch for LMS requires you to reboot your ACS) and opens you up to more potential security problems (e.g. someone uses a bug in LMS to compromise the server, and they now have all of your usernames and passwords as well). And while LMS cannot integrate with ACS 4.1 yet, when it does, the two applications will contend for available TCP ports (and will most likely exhaust them).

You should give each application a dedicated server to let them do their jobs to the best of their abilities. Your ACS server should be locked away in a room with limited physical access, and no dedicated monitor and keyboard just to aid with security.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Joe Clarke Thu, 03/08/2007 - 11:24

Yes. For one, LMS itself requires at least 2 GB of physical RAM and 4 GB of swap just to start. Second, having your AAA server co-located with other applications invites more network down time (e.g. a patch for LMS requires you to reboot your ACS) and opens you up to more potential security problems (e.g. someone uses a bug in LMS to compromise the server, and they now have all of your usernames and passwords as well). And while LMS cannot integrate with ACS 4.1 yet, when it does, the two applications will contend for available TCP ports (and will most likely exhaust them).

You should give each application a dedicated server to let them do their jobs to the best of their abilities. Your ACS server should be locked away in a room with limited physical access, and no dedicated monitor and keyboard just to aid with security.

davidwickert Thu, 03/08/2007 - 11:25

Thank you for your advice. I thought it may not be a great idea, but I thought I would ask anyway.

Actions

This Discussion