Cisco Defense Orchestrator has two types of secure connectors, the Secure Device Connector (SDC) and the Secure Event Connector (SEC). Each can be deployed and configured from this screen.
Secure Device Connector
All communication between Cisco Defense Orchestrator (CDO) and the devices it manages passes through SDC. CDO and the devices it manages do not communicate directly.
An SDC can be deployed “in the cloud” by the CDO support team or you can deploy the SDC “on-premises.” To identify the deployment model your tenant uses, navigate to the Secure Device Connector page from the User menu.
- Cloud Secure Device Connector. All cloud SDCs are provisioned and managed by the CDO team. See Connect to Cisco Defense Orchestrator using Secure Device Connector for establishing communication with the remote device or service.
- On-Premises Secure Device Connector. The on-premises SDC is a virtual appliance installed on a hypervisor in your network. You can create your on-premises SDC by using an image provided by Cisco or you can create your own VM and install the SDC on it. The on-premises SDC virtual appliance includes a CentOS operating system and runs on a Docker container. We recommended that you have 8GB memory and 10GB disk space assigned for the SDC virtual appliance.
Both SDC deployment models use secure communication messages signed and encrypted using AES-128-GCM over HTTPS (TLS 1.2) to communicate with CDO. All credentials for onboarded devices and services are encrypted directly from the browser to the device connector as well as encrypted at rest using AES-128-GCM. Only the SDC, whether cloud or on-premises, has access to the device credentials. No other CDO service has access to the credentials.
At any time, customers can choose to leverage either the Cisco-managed cloud deployed SDC or the customer-managed, on-premises, SDC. All requests can be completed by contacting your Cisco account manager or opening a support case from the Contact Support page.
For desired CDO-managed devices that are non-perimeter based, do not have a public IP address, or an open port to the outside interface, we recommended you use the on-premises SDC which enables onboarding, accessing, reading, and writing to those devices using internal IP addresses.
Click here to troubleshoot your SDC.
Secure Event Connector
The Secure Event Connector (SEC) receives events from ASA and FTD devices and forwards them to the Cisco cloud. CDO displays the events on the Event Logging page so that administrators can analyze them there or by using Cisco Stealthwatch Cloud, depending on their licensing.
SECs can be installed on a tenant with a cloud or on-premises SDC. If you have an on-premises Secure Device Connector, your first SEC is installed on the same VM as that SDC. If you have a cloud SDC, your first SEC is installed on an on-premises VM that you maintain in your own private cloud. In either the cloud SDC case or the on-premises SDC case, your second, third, or subsequent SEC is installed on a VM that you maintain in your own private cloud.
Click here to troubleshoot your SEC.
The SEC ID is a detail that is displayed on the Secure Connectors page. From the user menu, select Secure Connectors and then click on the SEC you wish to identify. The SEC ID is the ID listed above the tenant ID. This information may be needed by Cisco Technical Assistance Center (TAC) or other CDO Support.
- Connect Cisco Defense Orchestrator to the Secure Device Connector
- Deploy an On-Premises Secure Device Connector Using CDO's VM Image
- Deploy an On-Premises Secure Device Connector on your own VM
- Troubleshoot an On-Premise Secure Device Connector
- Update your On-Premises Secure Device Connector
- Cisco Security Analytics and Logging for ASA Devices
- Cisco Security Analytics and Logging for FTD Devices
- Remove an On-Premises Secure Device Connector
- Switch Between Cloud SDC and On-Premises SDC
- Install the Secure Event Connector on an On-Premises SDC Virtual Machine
- Install Multiple SECs for Your Tenant Using a CDO VM Image
- Install Multiple SECs for Your Tenant Using a VM Image you Create
- Remove the Secure Event Connector
- Deprovisioning Cisco Security Analytics and Logging (SaaS)