Skip to main content



Cisco Defense Orchestrator

Secure Connectors

Cisco Defense Orchestrator has two types of secure connectors, the Secure Device Connector (SDC) and the Secure Event Connector (SEC). Each can be deployed and configured from this screen.

Secure Device Connector

All communication between Cisco Defense Orchestrator (CDO) and the devices it manages passes through SDC. CDO and the devices it manages do not communicate directly. 

An SDC can be deployed “in the cloud” by the CDO support team or you can deploy the SDC “on-premises.” To identify the deployment model your tenant uses, navigate to the Secure Device Connector page from the User menu.

  • Cloud Secure Device Connector. All cloud SDCs are provisioned and managed by the CDO team. See Connect to Cisco Defense Orchestrator using Secure Device Connector for establishing communication with the remote device or service.
  • On-Premises Secure Device Connector. The on-premises SDC is a virtual appliance installed on a hypervisor in your network. You can create your on-premises SDC by using an image provided by Cisco or you can create your own VM and install the SDC on it. The on-premises SDC virtual appliance includes a CentOS operating system and runs on a Docker container. We recommended that you have 8GB memory and 10GB disk space assigned for the SDC virtual appliance.

Both SDC deployment models use secure communication messages signed and encrypted using AES-128-GCM over HTTPS (TLS 1.2) to communicate with CDO. All credentials for onboarded devices and services are encrypted directly from the browser to the device connector as well as encrypted at rest using AES-128-GCM. Only the SDC, whether cloud or on-premises, has access to the device credentials. No other CDO service has access to the credentials.

At any time, customers can choose to leverage either the Cisco-managed cloud deployed SDC or the customer-managed, on-premises, SDC. All requests can be completed by contacting your Cisco account manager or opening a support case from the Contact Support page.

For desired CDO-managed devices that are non-perimeter based, do not have a public IP address, or an open port to the outside interface, we recommended you use the on-premises SDC which enables onboarding, accessing, reading, and writing to those devices using internal IP addresses.

Click here to troubleshoot your SDC

Secure Event Connector

The Secure Event Connector (SEC) receives events from ASA and FTD devices and forwards them to the Cisco cloud. CDO displays the events on the Event Logging page so that administrators can analyze them there or by using Cisco Stealthwatch Cloud, depending on their licensing.

SECs can be installed on a tenant with a cloud or on-premises SDC. If you have an on-premises Secure Device Connector, your first SEC is installed on the same VM as that SDC. If you have a cloud SDC, your first SEC is installed on an on-premises VM that you maintain in your own private cloud. In either the cloud SDC case or the on-premises SDC case, your second, third, or subsequent SEC is installed on a VM that you maintain in your own private cloud. 

Click here to troubleshoot your SEC