System Performance

Cisco Secure ACS’s performance capabilities, like most server services, are largely dependent on the resources of the Windows server it’s installed on. Other factors include network topology, network management, and the selection of user authentication databases. Common sense would rightly indicate that a faster processor, increased memory, and high-speed connectivity will increase both the speed and volume of authentications per second.

The following items are general indicators of system performance, but the actual Cisco Secure ACS performance on a particular network could vary based on the environment and AAA configuration.

• Maximum users supported Technically, no limit exists to the number of users the Cisco Secure ACS user database can support if disk space is available. Cisco has successfully tested Cisco Secure ACS with databases greater than 100,000 users. While a single Cisco Secure ACS server using multiple databases might be able to support 300,000 to 500,000 users, using replicated multiple Cisco Secure ACS servers would increase that number substantially.

• Transaction processing A single minimal ACS server with a 10,000 user database might be able to process 80 RADIUS logins, plus approximately 40 TACACS+ logins per second. Increasing memory and/or the number and size of the processors would increase these numbers, while increasing the size of the database will reduce performance.

• Maximum number of AAA client devices Approximately 2,000 network devices running any AAA client.