思科ACS的性能总结

ACS Performance & Scale

思科ACS目前还能支持的可能就是ACS5.8版本了,该版本也将于2020年停止支持,关于ACS信息会逐步退出大家的视野。该文档是Cisco论坛thomas在2016年总结的。个人感觉非常有用。

ACS Deployment Scale & Limits

Attribute

System Maximum / Limits

ACS Instances

22

Hosts

200,000 for 35xx appliance

150,000 for other appliances

Users

400,000 for 35xx appliance

300,000 for other appliances

Identity Groups 1,000
Active Directory Group Retrieval 1,500

Network Devices

150,000 on 35xx appliance

100,000 on other appliances

Network Device Groups (NDGs) Unique, Top-Levels

12

Network Device Group Hierarchical Levels

6

Network Device Group Locations 10,000
Network Device Group Device Types 350
Services 25
Authorization Rules 320
Conditions 8
Authorization Profile 600
Service Selection Policy (SSP) 50
Network Conditions (NARs) 3,000
ACS Admins

50

9 static roles

dACLs 600 dACL with 100 ACEs each

 

ACS Hardware Platforms

VMs must have the equivalent of the hardware platforms or better.

VM resources must be dedicated to ACS and not shared with other VMs.

 

Hardware Platform              

ACS  

Processor

RAM 

Hard Disk

RAID

Ethernet NIC

EoS

Cisco SNS 3595 5.8.1 Dual socket Intel Xeon E5-2640 v3 series CPU @ 2.60GHz, 8 total cores, 8*2 total threads 64GB

4 x 600-GB 10k SAS HDDs

(1200 GB total)

RAID 10 6 x Integrated Gigabit NICs -

Cisco SNS 3515

5.8.1

Single socket Intel Xeon E5-2620 v3 series CPU @ 2.40GHz, 6 total cores, 6*2 total threads 16GB

1 x 600-GB 10k SAS HDD

(600 GB total)

No 6 x Integrated Gigabit NICs -

Cisco SNS-3495

(Large UCS)

5.8.x

5.7.x

5.6.x

5.5.x

Cisco UCS C220 M3

2 x Quad-Core

Intel Xeon CPU E5-2609

@ 2.40 GHz, 8 total cores, 8 total threads

32 GB 2 x 600-GB disks RAID 0+1 4 GE network interfaces 07-Oct-2016

Cisco SNS-3415

(Small UCS)

5.8.x

5.7.x

5.6.x

5.5.x

5.4.x

Cisco UCS C220 M3

Single socket Intel E5-2609 2.4Ghz CPU 4 total cores, 4 total threads

16 GB 1 x 600-GB disk Embedded Software RAID 0 4 GE network interfaces 07-Oct-2016

Cisco 1121 Secure Access Control System Hardware (CSACS-1121)

5.8.x

5.7.x

5.6.x

5.5.x

5.4.x

5.3.x

5.2.x

5.1.x

Intel Core 2 Duo 2.4-GHz processor with an 800-MHz front side bus (FSB) and 2 MB of Layer 2 cache. 4GB SDRAM 2 x 250-GB SATA disks - 4 x 1 GB network interface 27-Aug-2013
Cisco 1120 Secure Access Control System Hardware (CSACS-1120)

5.3.x

5.2.x

5.1.x

5.0.x

4.2

? ? ? ? ? ?

Cisco Secure ACS-VM (VMware)

 

Supported Virtual Environments.

5.8.1

5.8.x

5.7.x

5.6.x

5.5.x

5.4.x

5.3.x

5.2.x

5.1.x

Minimum:

2 CPUs (dual CPU, Xeon, Core2 Duo or 2 single CPUs)

4GB minimum

64 GB maximum

60GB minimum

1.2TB maximum

  NIC—1 GB NIC interface required (You can install up to 4 NICs.) ?

 

ACS TACACS+ Performance

SNS-34xx and 35xx appliance performance was done with ACS 5.8 patch 1 as a dedicated authentication node.

Recommend dedicating resources for VM performance equivalent to hardware.

 

Authorization

Method

Identity

Store

Cisco SNS-3415

(Auth/Second)

Cisco SNS-3495

(Auth/Second)

Cisco SNS-3515

(Auth/Second)

Cisco SNS-3595

(Auth/Second)

T+ PAP

Internal

1114

1869

2215

2563

T+ CHAP

Internal

1116

1872

2328

2472

Accounting

 

1234

1226

1646

1956

Authorization(session)

 

900

1961

2726

2710

Ms-chap

 

1138

1972

2456

2580

 

ACS RADIUS Performance

SNS-34xx and 35xx appliance performance was done with ACS 5.8 patch 1 as a dedicated authentication node.

Recommend dedicating resources for VM performance equivalent to hardware.

Authentication

      Method

Identity

Store

Cisco SNS-3415

(Auth / second)

Cisco SNS-3495

(Auth/ second)

Cisco SNS-3515

(Auth/ second)

Cisco SNS-3595

(Auth / second)

PEAP (MSCHAPv2)

Internal

1214

1876

1203

3869

PEAP (MSCHAPv2)

Active Directory

162

241

201

354

PAP

Internal

1310

1911

2857

3891

PAP

Active Directory

549

574

622

784

EAP-TLS

Internal

935

1024

963

1998

EAP-FAST (MSCHAPv2)

Internal

1011

1263

1773

2435

EAP-FAST (MSCHAPv2)

Active Directory

224

368

433

586

EAP-FAST (GTC)

Internal

1001

1223

1689

2345

EAP-FAST (GTC)

Active Directory

221

376

414

510

原文链接:https://community.cisco.com/t5/security-documents/acs-performance-scale/ta-p/3617787

posted @ 2019-11-20 21:06  剪刀石头布Cheers  阅读(1069)  评论(0编辑  收藏  举报