Skip to main content



Cisco Defense Orchestrator

Welcome to Cisco Defense Orchestrator

About Cisco Defense Orchestrator

Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that facilitates management of security policies in highly distributed environments to achieve consistent policy implementation. 

CDO helps you optimize your security policies by identifying inconsistencies with them and by giving you tools to fix them. CDO gives you ways to share objects and policies, as well as make configuration templates, to promote policy consistency across devices. 

Because CDO coexists with local device managers such as the Adaptive Security Device Manager (ASDM), Firepower Device Manager (FDM), and SSH connections, it keeps track of configuration changes made by CDO and by other managers. It then helps you compare changes so you are confident that you are implementing the changes you want. 

CDO has an intuitive user interface that allows you to manage a wide range of devices in one place. Advanced users will also find their traditional CLI interface with some new enhancements to make management even more efficient for them. 

The CDO Dashboard

The CDO dashboards gives you a quick overview of your tenant.


The Secure Device Connector

CDO communicates with your managed devices using a proxy called Secure Device Connector (SDC). Each tenant is provisioned with a cloud SDC and customers can choose to add an additional 4 on-premises SDC. These SDCs are not shared between tenants, they are dedicated to a single tenant. 

The SDC monitors CDO for commands and messages that need to be executed on your managed devices and monitors the managed devices for messages that need to be sent to CDO. SDC executes the commands on behalf of CDO and sends messages to CDO on behalf of the managed devices. 

When you onboard a device to CDO, the device's login credentials are encrypted and stored on the SDC. Only the SDC has access to the device credentials, not CDO. 

Cloud SDC and On-Premises SDC

When your tenant is first created, the CDO operations team creates an SDC for you on an AWS instance (in the cloud) or you install an SDC somewhere in your enterprise (on-premises). The on-premises SDC may be installed on an appliance or as a virtual machine on a hypervisor.

The cloud SDC does not require any customer maintenance. The on-premises SDC is setup by the customer, it requires an on-premises VM infrastructure, and the SDC must have full outbound access to the Internet on TCP port 443. Otherwise, their is no functional difference between a cloud SDC and an on-premises SDC.

Getting Started

Initialize your CDO Account

Contact us at We ask you to fill out this questionnaire about your network environment, what kind of Secure Device Connector (SDC) is right for you, and what are your primary use cases. We create a tenant in our cloud infrastructure for you and help you create a SDC which enables your devices to communicate with CDO. After that, onboard your devices to CDO and see them all in the Devices & Services page. 

If you have any questions about the account initialization process or how to complete our questionnaire, email

Onboard Devices

Before you onboard a device, make sure that you have successfully completed the installation wizard and licensed the device. Then use CDO's onboarding wizard to onboard your device. CDO can easily manage large deployments.


Manage your Devices with CDO

Learn how CDO can manage these devices: 

For a complete list of devices that CDO supports and manages, see Software and Hardware Supported by CDO.

Cisco Online Privacy Statement

Cisco Systems, Inc. and its subsidiaries (collectively "Cisco") are committed to protecting your privacy and providing you with a positive experience on our websites and while using our products and services ("Solutions"). Please read Cisco Online Privacy Statement carefully to get a clear understanding of how we collect, use, share, and protect your personal information.

  • Was this article helpful?