Cisco Secure ACS 4.2 on VMware ESX 4.0.

Answered Question
Correct Answer
Jennifer Halim Tue, 05/11/2010 - 03:37
User Badges:
  • Cisco Employee,
Mike Bailey Fri, 09/17/2010 - 16:55
User Badges:

Does anyone know if/when ACS 4.2 will be 'supported' on ESX 4.0?


If not has anyone else been sucessful?


We need to upgrade our ACS 4.1 platform and ACS 5.x is not suitable as it still doesn't feature many of the necessary components (e.g. CiscoWorks LMS integration) so will need to go to 4.2.


I'm not buying new hardware just for ACS so it will have to go on our VMware ESXi 4.0 farm.


Assuming that as ACS 4.2 has been tested/supported on ESX 3.0 and is 'supported' on 3.5 that 4.0 support is just a timing issue?


Thanks
Mike

Mike Bailey Wed, 10/06/2010 - 05:51
User Badges:

Does anyone from Cisco know if support for ACS 4.2 on VMware ESX 4.0 is in the pipeline?

Vinay Sharma Wed, 10/06/2010 - 06:08
User Badges:
  • Gold, 750 points or more
Hi,

As of today ACS 4.2 is not supported on VMWare ESX 4.0 and there are no plans to test/certify ACS 4.2 for this version. 
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/device/guide/sdt42.html#wp37898
The following versions of VMWare ESX are supported:
ESX 3.0.x (tested)
ESX 3.5.x (not tested)
ESX 3.5i (not tested)"

ACS 4.2 will probably run on ESX 4.0, but if there are issues, TAC/Dev won't  we able to provide support.
ACS 5.1 is supported on ESX 4.0.

Let me know if i answer your query.

thanks,
Vinay
Mike Bailey Wed, 10/06/2010 - 10:23
User Badges:

Vinay,


Many thanks for the response I have now escalated this through my Cisco Account Manager.


The problem I face is that as detailed in the Cisco ACS 5.x FAQ below:


http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/ps9915/qa_c67-504496.html


Cisco Secure ACS 5.x does not yet provide all the functionality of ACS 4.x that we use (namely CiscoWorks LMS and CSM integration from what I've read).


The FAQ clearly states:


Q. Does Cisco Secure ACS 5.0 replace Cisco Secure ACS 4.2?

A. No. ACS 4.2 is a proven, feature-rich product that meets today's complex identity and access policy needs of enterprises, and Cisco will continue to sell, maintain, and support ACS 4.2. Cisco Secure ACS 5.0 is the initial release of Cisco's next-generation network identity and access solution and is suitable for many deployments today that require support for device administration and wireless and wired 802.1x scenarios. In time, ACS 5.x will incorporate other key 4.x features to allow the broader customer base to upgrade to the next-generation ACS platform.


So therefore in my opinion Cisco needs to support and develop ACS 4.2 until such time as all functionality is available within 5.x.


VMware ESX/ESXi 4.x was released in mid 2009 so for Cisco to not support ACS 4.2 a product which the FAQ commits to "sell, maintain, and support" on this newer platform isn't really acceptable in my opinion.


Cisco cannot expect its customers to remain on or deploy old technology (e.g. ESX 3.x) just because ACS 5.x is lacking in features.


I notice that with ACS 4.2.1 support for Windows Server 2008 was introduced (as Windows 2003 is already now end of mainstream support with Microsoft), so in the same vain I would expect a product roadmap for ACS 4.2 which includes the support and testing of other key technologies.


Thanks anyway

Michael

RICH FRUEH Wed, 10/06/2010 - 13:18
User Badges:

Interesting - same problem here.  We're switching to 2008R2, and Cisco says it's not supported.  And the only thing that supports AD for R2 is apparently 5.2, which means a paid upgrade, to a new, immature product.

Mike Bailey Thu, 10/07/2010 - 12:44
User Badges:

Interesting comment as we are looking to upgrade our servers and domain to 2008 R2.


I noticed that the 4.2.1 documentation lists support for Windows 2008 but not 2008 R2, was assuming this was just the host operating system, hence we would simply run ACS 4.2 on Windows 2008 within a 2008 R2 domain.


Our ACS 4.1 platform is authenticating to RSA SecurID which is domain integrated (e.g. use domain username with RSA token) as well as integration to LMS and CSM.


Are you suggesting that ACS 4.2 won't work in a 2008 R2 domain?

Vinay Sharma Fri, 10/08/2010 - 00:06
User Badges:
  • Gold, 750 points or more

Hi Mike,


TAC has already opened new enhancement request for ACS 4.2 support with 2008 R2. I Development is working on it and we should get an update in some time.


Latest filed enhancement is CSCta35271 which is internal for the time being but other one which was filed earlier is avilable to view i.e. CSCtd56660:-


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCta35271


thanks,

Vinay




Do Rate, it helps other customers

Vinay Sharma Fri, 10/08/2010 - 00:06
User Badges:
  • Gold, 750 points or more

Hi Rich,


TAC has already opened new enhancement  request for ACS 4.2 support with 2008 R2. I Development is working on it  and we should get an update in some time.


Latest filed  enhancement is CSCta35271 which is internal for the time being but  other one which was filed earlier is avilable to view i.e. CSCtd56660:-


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCta35271


thanks,

Vinay




Do Rate, it helps other customer

sansarav720e Thu, 01/19/2012 - 06:56
User Badges:

Dear Vinay ,

          Is there any TAC case opened for ACS 4.2 support on VMWARE 4.0 on windows 2003 R2 platform  , we are finding issue on ACS services starting automatically during operating system restart , Please suggest thank you

Actions

This Discussion