On December 7, Cisco published the end of life for its popular Access Control System (ACS) product. ACS has been the de facto standard for device network authentication and device administration for many years. With both RADIUS and TACACS+ authentication services, it served the needs for many customers for a long time.
This raises the question: Is authentication not important to Cisco and the industry anymore? No, that’s not the takeaway at all. If you haven’t been following along, you might have missed that Cisco has been pushing hard to incorporate all of the ACS features into its Identity Services Engine (ISE). ISE has always been a nice upgrade for ACS, adding many features and additional functionality for RADIUS authentication, but TACACS+ wasn’t available until recently.
The writing was on the wall for the future of ACS, starting with the release of ISE version 2.0. This was the first version that included TACACS+. Since that point, every release has continued to close the features gap and Cisco is saying version 2.2 will be at, what I hesitate to call, “features you use” parity with ACS. But there will be a small list of ACS 5 features that are not commonly deployed that will never be ported to ISE.
So, if you are using ACS now, should you drop everything and immediately migrate to ISE? No, not necessarily. ACS will still have software support until August 31, 2020. But ISE does have some good reasons to upgrade, and if you have ISE 2.0 or newer, you can add a license to enable the functionality. Once you move to ISE, you won’t look back.