Deploy Secure Device Connector and Secure Event Connector on Ubuntu Virtual Machine

When using device credentials to connect CDO to a device, it is a best practice to download and deploy a Secure Device Connector (SDC) in your network to manage the communication between CDO and the device. Typically, these devices are non-perimeter based, do not have a public IP address, or have an open port to the outside interface. Adaptive Security Appliances (ASAs), FDM-managed devices, and Firepower Management Centers (FMCs) devices can all be onboarded to CDO using device credentials.

The SDC monitors CDO for commands that must be executed on your managed devices, and messages that must be sent to your managed devices. The SDC executes the commands on behalf of CDO, sends messages to CDO on behalf of the managed devices, and returns replies from the managed devices to CDO.

The Secure Event Connector (SEC) forwards events from ASA and FTD to the Cisco cloud so that you can view them on the Event Logging page and investigate them with Secure Cloud Analytics, depending on your licensing.

After deploying the SDC, adding an SEC container becomes a simple task. The SEC service is designed to receive syslog messages from ASA, Cisco IOS and FDM-managed devices, and send them securely to the Cisco cloud. This allows eventing services like CDO Analytics and Cisco XDR to store, augment, and analyze the log messages with ease.

You can execute the scripts that are provided on the CiscoDevNet site to install the SDC and SEC on Linux Ubuntu systems.

Before you begin

  • CDO requires strict certificate checking and does not support a Web/Content Proxy between the SDCand the Internet.

  • The SDC must have full outbound access to the Internet on TCP port 443.

  • Review Connect to Cisco Defense Orchestrator using Secure Device Connector for networking guidelines.

  • VMware ESXi host that is installed with vCenter web client or ESXi web client.

    Note

    We do not support installation using the vSphere desktop client.

  • ESXi 5.1 hypervisor.

  • Ubuntu operating system version 20.04 or above is installed on the virtual machine.

    SDC:

    • CPU: 2 Cores

    • RAM: Minimum of 2 GB

    SDC and SEC:

    • CPU: 4 Cores

    • RAM: Minimum of 8 GB

  • The Ubuntu machine running the SDC must have network access to the management interfaces of the ASAs and Cisco IOS devices.

Procedure

Step 1

Log on to the CDO tenant you are creating the SDC for.

Step 2

Choose Tools & Services > Secure Connectors.

Step 3

On the Services page, select the Secure Connectors tab, click the , and select Secure Device Connector.

Step 4

Copy the bootstrap data in step 2 on the window to a notepad.

Step 5

Open CiscoDevNet to Deploy SDC.

Step 6

Click Code and copy the URL in the HTTPS tab.

Step 7

On the Ubuntu system. press Ctrl+Alt+T to quickly open the terminal window.

Step 8

In the terminal, type git and paste the HTTPS URL copied earlier. 

[sdc@vm]:~$ git https://github.com/CiscoDevNet/cdo-deploy-sdc.git
Resolving deltas: 100% (22/22). done.

Step 9

Go to the "cdo-deploy-sdc" directory.

[sdc@vm]:~$ cd cdo-deploy-sdc.

Step 10

Execute ls -la to see the files and scripts.

  • delete_sdc.sh: Deletes SDC previously installed on your system.

  • deploy_sdc.sh: Deploys SDC on your system.

  • install_docker.sh: Deploys the recommended version of docker on your system.

Step 11

Run the script to install the docker.

[sdc@vm]:~/cdo-deploy-sdc$ ./install_docker.sh
Remove docker docker.io docker-compose docker-compose-v2 docker-doc podmand-docker {y/n] n
Active: active (running) since date time UTC; 32s ago
Adding the current user to the docker permmissions group
Done!

Step 12

Run the script to deploy SDC.

Enter ./deploy_sdc.sh and paste the bootstrap data that is copied from the CDO UI.

[sdc@vm]:~/cdo-deploy-sdc$ ./deploy_sdc.sh <bootstap data>.
If the docker container is up and running, the status of the SDC should go to 'ACtive' in the CDO Event Connectors panel.
The Secure Device Connector must now show "Active" in CDO.

What to do next