Welcome to Cisco Defense Orchestrator
About Cisco Defense Orchestrator
Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that facilitates management of security policies in highly distributed environments to achieve consistent policy implementation.
CDO helps you optimize your security policies by identifying inconsistencies with them and by giving you tools to fix them. CDO gives you ways to share objects and policies, as well as make configuration templates, to promote policy consistency across devices.
Because CDO coexists with local device managers such as the Adaptive Security Device Manager (ASDM), Firepower Device Manager (FDM), and SSH connections, it keeps track of configuration changes made by CDO and by other managers. It then helps you compare changes so you are confident that you are implementing the changes you want.
CDO has an intuitive user interface that allows you to manage a wide range of devices in one place. Advanced users will also find their traditional CLI interface with some new enhancements to make management even more efficient for them.
The CDO Dashboard
The CDO dashboards gives you a quick overview of your tenant.
The Secure Device Connector
CDO communicates with your managed devices using a proxy called Secure Device Connector (SDC). Each tenant has its own dedicated SDC.
The SDC monitors CDO for commands and messages that need to be executed on your managed devices and monitors the managed devices for messages that need to be sent to CDO. SDC executes the commands on behalf of CDO and sends messages to CDO on behalf of the managed devices.
When you onboard a device to CDO, the device's login credentials are encrypted and stored on the SDC. Only the SDC has access to the device credentials, not CDO.
Cloud SDC and On-Premise SDC
When your tenant is first created, either the CDO operations team creates an SDC for you on an AWS instance (in the cloud) or you install an SDC somewhere in your enterprise (on-premise). The on-premise SDC may be installed on an appliance or as a virtual machine on a hypervisor.
The differences between the cloud-SDC and the on-premise SDC are in what features they support. At this time, the on-premise supports logging. The cloud-SDC does not.
Important: Consider carefully the SDC you choose to install. It is possible to switch from one type of SDC to another but you will have to remove all your managed devices to do it.
Getting Started
Initialize your CDO Account
Contact us at cdosales@cisco.com. We ask you to fill out this questionnaire about your network environment, what kind of Secure Device Connector (SDC) is right for you, and what are your primary use cases. We create a tenant in our cloud infrastructure for you and help you create a SDC which enables your devices to communicate with CDO. After that, onboard your devices to CDO and see them all in the Devices & Services page.
If you have any questions about the account initialization process or how to complete our questionnaire, email cdosales@cisco.com.
Onboard Devices
Before you onboard a device, make sure that you have successfully completed the installation wizard and licensed the device. Then use CDO's onboarding wizard to onboard your device. CDO can easily manage large deployments.
Manage your Devices with CDO
Learn how CDO can manage these devices:
- Adaptive Security Appliance (ASA)
- Firepower Threat Defense (FTD)
- Cisco IOS devices
- Meraki devices
- AWS Environment
For a complete list of devices that CDO supports and manages, see Software and Hardware Supported by CDO.
- What's New for Cisco Defense Orchestrator
- Learn about new and updated features in Cisco Defense Orchestrator.
- Signing in to CDO
- Explains the roles of Cisco Secure Sign-On, a SAML 2.0 compliant identity provider (IdP), Duo Security, a multi-factor authenticator, and a CDO user record when signing in to CDO.
- Managing FTD with Cisco Defense Orchestrator
- Provides an overview of all the features that CDO manages for a Firepower Threat Defense (FTD) device.
- Managing Cisco IOS with Cisco Defense Orchestrator
- Describes the methods by which CDO can manage Cisco IOS.
- Managing AWS with Cisco Defense Orchestrator
- CDO can manage AWS VPCs. This article describes that support and provides links to procedures and other conceptual information.
- Managing SSH Devices with Cisco Defense Orchestrator
- Describes the various ways that CDO can manage an SSH device.
- Managing Meraki with Cisco Defense Orchestrator
- Meraki devices can be managed by both the Meraki dashboard and CDO. The following documentation addresses how to onboard and modify policies in CDO.
- Managing FMC with Cisco Defense Orchestrator
- Article describes the level of support CDO offers for FMC appliances.
- SecureX and CDO Integration
- This article describes how SecureX and CDO function as a joint operation.