Skip to main content

 

 

Cisco Defense Orchestrator

Secure Device Connector (SDC)

Cisco Defense Orchestrator (CDO) enables communication between supported devices and services to CDO via the Secure Device Connector (SDC). The SDC enables this communication by acting as a proxy between a remote location and CDO cloud services.

You can use a "Cloud SDC" created by the CDO team, or install an SDC "on-premises." To identify which model is currently associated and active with the account, navigate to the Secure Device Connector page from the User Account details. The account can be configured for either a cloud or on-premises SDC.

  • Cloud Secure Device Connector. All cloud SDCs are provisioned automatically and managed by the CDO team. See Connect to Cisco Defense Orchestrator using Secure Device Connector below for establishing communication with the remote device or service.
  • On-Premises Secure Device Connector. On-premises SDC is a pre-configured, virtual appliance dedicated to the requested account. The on-premises SDC virtual appliance includes a CentOS operating system and the SDC running on a Docker container. We recommended that you have 2GB memory and 10GB disk space assigned for the SDC virtual appliance.

Both SDC deployment models use secure communication messages signed and encrypted using AES-128-GCM over HTTPS (TLS 1.2) to communicate with CDO. All credentials for onboarded devices and services are encrypted using RSA-2048 directly from the browser to the device connector as well as encrypted at rest using AES-128-GCM. Only the SDC, whether cloud or on-premises, has access to the device credentials. No other CDO service has access to the credentials.

At any time, customers can choose to leverage either the Cisco-managed cloud deployment or the customer-managed on-premises SDC. All requests can be completed by contacting your Cisco account manager, filing a support ticket within the CDO application, or emailing cdo.support@cisco.com.

For desired CDO-managed devices that are non-perimeter based, do not have a public IP address, or an open port to the outside interface, we recommended you use the on-premises SDC which enables onboarding, accessing, reading, and writing to those devices using internal IP addresses.

  • Was this article helpful?