Deploy Secure Device Connector and Secure Event Connector on Ubuntu Virtual Machine
When using device credentials to connect CDO to a device, it is a best practice to download and deploy a Secure Device Connector (SDC) in your network to manage the communication between CDO and the device. Typically, these devices are non-perimeter based, do not have a public IP address, or have an open port to the outside interface. Adaptive Security Appliances (ASAs), FDM-managed devices, and Firepower Management Centers (FMCs) devices can all be onboarded to CDO using device credentials.
The SDC monitors CDO for commands that must be executed on your managed devices, and messages that must be sent to your managed devices. The SDC executes the commands on behalf of CDO, sends messages to CDO on behalf of the managed devices, and returns replies from the managed devices to CDO.
The Secure Event Connector (SEC) forwards events from ASA and FTD to the Cisco cloud so that you can view them on the Event Logging page and investigate them with Secure Cloud Analytics, depending on your licensing.
After deploying the SDC, adding an SEC container becomes a simple task. The SEC service is designed to receive syslog messages from ASA, Cisco IOS and FDM-managed devices, and send them securely to the Cisco cloud. This allows eventing services like CDO Analytics and Cisco XDR to store, augment, and analyze the log messages with ease.
You can execute the scripts that are provided on the CiscoDevNet site to install the SDC and SEC on Linux Ubuntu systems.
Before you begin
-
CDO requires strict certificate checking and does not support a Web/Content Proxy between the SDCand the Internet.
-
The SDC must have full outbound access to the Internet on TCP port 443.
-
Review Connect to Cisco Defense Orchestrator using Secure Device Connector for networking guidelines.
-
VMware ESXi host that is installed with vCenter web client or ESXi web client.
NoteWe do not support installation using the vSphere desktop client.
-
ESXi 5.1 hypervisor.
-
Ubuntu operating system version 20.04 or above is installed on the virtual machine.
SDC:
-
CPU: 2 Cores
-
RAM: Minimum of 2 GB
SDC and SEC:
-
CPU: 4 Cores
-
RAM: Minimum of 8 GB
-
-
The Ubuntu machine running the SDC must have network access to the management interfaces of the ASAs and Cisco IOS devices.
Procedure
Step 1 | Log on to the CDO tenant you are creating the SDC for. |
Step 2 | Choose . |
Step 3 | On the Services page, select the Secure Connectors tab, click the , and select Secure Device Connector. |
Step 4 | Copy the bootstrap data in step 2 on the window to a notepad. |
Step 5 | |
Step 6 | Click Code and copy the URL in the HTTPS tab. |
Step 7 | On the Ubuntu system. press Ctrl+Alt+T to quickly open the terminal window. |
Step 8 | In the terminal, type git and paste the HTTPS URL copied earlier.
|
Step 9 | Go to the "cdo-deploy-sdc" directory.
|
Step 10 | Execute ls -la to see the files and scripts.
|
Step 11 | Run the script to install the docker.
|
Step 12 | Run the script to deploy SDC. Enter ./deploy_sdc.sh and paste the bootstrap data that is copied from the CDO UI.
The Secure Device Connector must now show "Active" in CDO. |
What to do next
-
Onboard the devices you want to manage with CDO.
-
Go to Deploy Secure Event Connector on Ubuntu Virtual Machine to install a Secure Event Connector.