About Multicloud Defense

Multicloud Defense (MCD) is a comprehensive security solution consisting of two primary components: the Multicloud Defense Controller and Multicloud Defense Gateway. These components collaborate to establish a secure multicloud environment

Multicloud Defense currently supports Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and Oracle OCI cloud accounts.

In essence, Multicloud Defense offers a sophisticated and streamlined security framework, harmonizing controller orchestration, gateway communication, and optimized datapath processing for a robust and efficient multicloud protection mechanism.

The Multicloud Defense Controller

Multicloud Defense Controller is launched from Cisco Defense Orchestrator. If you are new to Cisco Defense Orchestrator and the Multicloud Defense Solution, contact your sales team to establish an Multicloud Defense orchestration for your CDO tenant.

The Multicloud Defense SaaS controller manages the Gateway stack. The MCD Controller, equipped with various microservices, includes an API Server facilitating orchestration of CSP LBs and Gateway Instances. This enables dynamic scaling through instance additions and removals from the load balancer's "target pool," monitored by the load balancer itself.

The Multicloud Defense Gateway

The Multicloud Defense Gateway serves as an autoscaling self-healing Platform-as-a-Service (SaaS), functioning as inline network-based security enforcement nodes. Unlike traditional firewalls, Multicloud Defense eliminates the need for customers to construct virtual firewalls, configure high-availability setups, or manage software installations.

The Multicloud Defense Gateway is composed of two core elements: a CSP-native load balancer (LB) and Multicloud Defense Gateway Instances, forming a cohesive Multicloud Defense Gateway "stack." Multicloud Defense orchestrates the native load-balancers of the cloud service providers mentioned above, aligning their capabilities.

Multicloud Defense Gateway instances operate on highly optimized software, incorporating a single pass datapath pipeline for efficient traffic processing and advanced security enforcement. Each gateway instance comprises three core processes: a "worker" process responsible for policy enforcement, a "distributor" process for traffic distribution and session management, and an "agent" process communicating with the controller. Instances can seamlessly transition "in service" for a "datapath restart," enabling smooth updates without disrupting traffic flow.

Multicloud Defense Gateway implement granular security profiles within the single pass datapath pipeline, catering to evolving traffic needs. You have the flexibility to enable or disable advanced security profiles as required. The pipeline's single pass architecture negates the need for traffic offloading to third-party engines. For example, full TLS Decryption is selectively triggered within the pipeline, ensuring efficient handling without unnecessary data transfers.

This documentation has been prepared for practitioners who have a basic understanding of public cloud networking and security concepts, and participate in various functional teams, including:

  • Cloud Network Security Operations (NetSecOps)

  • Development Operations (DevOps and DevSecOps)

  • Security Operation Centers (SOCs)

  • Cloud Center of Excellence (CCoEs)

You can read the full Multicloud Defense Controller User Guide for more information.