Full LMS-ACS Integration Vs Loose LMS-ACS Integration
If you are a enterprise and not a service provider it seems to me that FULL LMS-ACS integration just over complicates LMS deployments especially when you have multiple LMS and ACS deployments from various companies you acquired over the years but never fully integrated.
In the past all the enterprises I worked at deployed LMS with only user authentification via ACS. Now I am at a company where we have multiple LMS-ACS deployments and there seems to be more pain because of this.
Our eventual goal is to get down to two fully redundant multi-sever deployments of LMS for the entire enterprise and a fully integrated ACS.
If you are an enterprise using LMS with a consolidated network engineering group, and not a service provider, what does Cisco recommend in regards to ACS integration -- full LMS-ACS integration or loose integration for only user authentification to LMS ?
Any opinions on this topic would be most appreciated. Thx.
Re: Full LMS-ACS Integration Vs Loose LMS-ACS Integration
I don't think we offer an official recommendation in either case (SP vs. enterprise). However, we have many "true enterprise" customers running with full ACS integration. Besides centralizing passwords and roles for multi-server deployments, ACS integration offers the unique features of being able to do role customization and device access filtering. The latter is probably more important to MSPs, but we do have quite a few enterprise customers filtering devices on a department basis.
When I present to customers on LMS, I recommend full ACS deployment across all nodes in a multi-server LMS environment, period. Why bother with trying to manually synchronize users and roles across servers? Let ACS hold all of that information. It makes user management much easier, and there is a less chance of a security issue.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...