Welcome to Cisco Defense Orchestrator
About Cisco Defense Orchestrator
Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that facilitates management of security policies in highly distributed environments to achieve consistent policy implementation.
CDO helps you optimize your security policies by identifying inconsistencies with them and by giving you tools to fix them. CDO gives you ways to share objects and policies, as well as make configuration templates, to promote policy consistency across devices.
Because CDO coexists with local device managers such as the Adaptive Security Device Manager (ASDM), Firepower Device Manager (FDM), and SSH connections, it keeps track of configuration changes made by CDO and by other managers. It then helps you compare changes so you are confident that you are implementing the changes you want.
CDO has an intuitive user interface that allows you to manage a wide range of devices in one place. Advanced users will also find their traditional CLI interface with some new enhancements to make management even more efficient for them.
The CDO Dashboard
The CDO dashboards gives you a quick overview of your tenant.
The Secure Device Connector
CDO communicates with your managed devices using a proxy called Secure Device Connector (SDC). Each tenant is provisioned with a cloud SDC and customers can choose to add an additional 4 on-premises SDC. These SDCs are not shared between tenants, they are dedicated to a single tenant.
The SDC monitors CDO for commands and messages that need to be executed on your managed devices and monitors the managed devices for messages that need to be sent to CDO. SDC executes the commands on behalf of CDO and sends messages to CDO on behalf of the managed devices.
When you onboard a device to CDO, the device's login credentials are encrypted and stored on the SDC. Only the SDC has access to the device credentials, not CDO.
Cloud SDC and On-Premises SDC
When your tenant is first created, the CDO operations team creates an SDC for you on an AWS instance (in the cloud) or you install an SDC somewhere in your enterprise (on-premises). The on-premises SDC may be installed on an appliance or as a virtual machine on a hypervisor.
The cloud SDC does not require any customer maintenance. The on-premises SDC is setup by the customer, it requires an on-premises VM infrastructure, and the SDC must have full outbound access to the Internet on TCP port 443. Otherwise, their is no functional difference between a cloud SDC and an on-premises SDC.
Getting Started
Initialize your CDO Account
Contact us at cdosales@cisco.com. We ask you to fill out this questionnaire about your network environment, what kind of Secure Device Connector (SDC) is right for you, and what are your primary use cases. We create a tenant in our cloud infrastructure for you and help you create a SDC which enables your devices to communicate with CDO. After that, onboard your devices to CDO and see them all in the Devices & Services page.
If you have any questions about the account initialization process or how to complete our questionnaire, email cdosales@cisco.com.
Onboard Devices
Before you onboard a device, make sure that you have successfully completed the installation wizard and licensed the device. Then use CDO's onboarding wizard to onboard your device. CDO can easily manage large deployments.
Manage your Devices with CDO
Learn how CDO can manage these devices:
- Adaptive Security Appliance (ASA)
- Firepower Threat Defense (FTD)
- Cisco IOS devices
- Meraki devices
- AWS Environment
For a complete list of devices that CDO supports and manages, see Software and Hardware Supported by CDO.
- What's New for Cisco Defense Orchestrator
- Learn about new and updated features in Cisco Defense Orchestrator.
- Signing in to CDO
- Explains the roles of Cisco Secure Sign-On, a SAML 2.0 compliant identity provider (IdP), Duo Security, a multi-factor authenticator, and a CDO user record when signing in to CDO.
- Managing ASA with Cisco Defense Orchestrator
- Provide customers new to Cisco Defense Orchestrator (CDO) with an outline of activities you can use to standardize objects and policies, upgrade managed devices, and manage VPN policies on your ASA.
- Managing FTD with Cisco Defense Orchestrator
- Provides an overview of all the features that CDO manages for a Firepower Threat Defense (FTD) device.
- Managing Cisco IOS with Cisco Defense Orchestrator
- Describes the methods by which CDO can manage Cisco IOS.
- Managing AWS with Cisco Defense Orchestrator
- CDO can manage AWS VPCs. This article describes that support and provides links to procedures and other conceptual information.
- Managing SSH Devices with Cisco Defense Orchestrator
- Describes the various ways that CDO can manage an SSH device.
- Managing Meraki with Cisco Defense Orchestrator
- Meraki devices can be managed by both the Meraki dashboard and CDO. The following documentation addresses how to onboard and modify policies in CDO.
- Managing FMC with Cisco Defense Orchestrator
- Article describes the level of support CDO offers for FMC appliances.
- SecureX and CDO Integration
- This article describes how SecureX and CDO function as a joint operation.
Cisco Online Privacy Statement
Cisco Systems, Inc. and its subsidiaries (collectively "Cisco") are committed to protecting your privacy and providing you with a positive experience on our websites and while using our products and services ("Solutions"). Please read Cisco Online Privacy Statement carefully to get a clear understanding of how we collect, use, share, and protect your personal information.