Onboard an On-Prem Management Center to CDO

CDO provides the following methods to onboard on-prem management centers:

Note

CDO complements FMC by allowing you to:

Drive consistent policy through shared object management with FMCs.

For more information, see the Objects section on Managing On-Prem Firewall Management Center with Cisco Defense Orchestrator.
Enable zero-touch provisioning of Threat Defense devices.

For more information, see Onboard a Device to On-Prem Management Center with Zero-Touch Provisioning.
Get a centralised view of Inventory.

For more information, see Device and Service Management.
Leverage cloud CSDC and cdFMC.

For more information, see Cisco Secure Dynamic Attributes Connector.

Limitations and Guidelines

These are the limitations applicable to onboarding an on-prem management center:

Onboarding an on-prem management center also onboards all of the devices registered to the on-prem management center. Be aware that if a managed device is disabled, or unreachable, CDO may display the device in the Inventory page, but cannot successfully send requests or view device information.
We recommend creating a new user on the on-prem management center specifically for CDO communication that has administrator-level permissions. If you onboard an on-prem management center and then simultaneously log into that on-prem management center with the same login credentials, onboarding fails.
If you create a new user on the on-prem management center for CDO communication, the Maximum Number of Failed Logins for the user configuration must be set to "0".
For On-Prem Management Centers running version 7.4 and older, if you experience a switchover and the FMC is no longer connected to the cloud, try disabling SecureX and then re-enabling it.