Get Started with Virtual Appliances

Cisco Secure Access Virtual Appliances (VAs) are lightweight virtual machines. Virtual Appliances function as conditional DNS forwarders on your network. VAs record the internal IP address information of DNS requests for usage in reports, security enforcement, and category filtering. VAs encrypt and authenticate DNS data for enhanced security.

Table of Contents

• Supported Deployments
• How Secure Access Virtual Appliances Work
• Virtual Appliances and Granular Identity Information
• Configure Granular Rules with Virtual Appliances

Supported Deployments

You can deploy Secure Access VAs with these hypervisors and cloud environments:

• VMWare ESX/ESXi
• Windows Hyper-V
• KVM
• Microsoft Azure
• Google Cloud Platform
• Amazon Web Services
• Nutanix
• Alibaba Cloud

For more information, see Deploy Virtual Appliances.

How Secure Access Virtual Appliances Work

Virtual Appliances act as conditional DNS forwarders in your network. VAs intelligently forward public DNS queries to the Cisco Secure Access global network and local DNS queries to your existing local DNS servers and forwarders. Every public DNS query sent to Secure Access is encrypted, authenticated, and includes the client's internal IP address.

VAs do not cache DNS records. Caching occurs on the Secure Access DNS resolvers. When a VA responds with records to an endpoint's DNS query, any Time-to-Live (TTL) values in the response are equal to the TTLs as set by the authoritative DNS nameserver minus any time a record set has been in the Secure Access resolver cache.

Virtual Appliances and Granular Identity Information

If you already forward DNS requests to Secure Access, all the DNS traffic visible in your Secure Access reports come from Registered Networks. The VAs provide internal IP visibility, allowing you to track down malicious or inappropriate traffic within your network to a specific IP address.

Without Virtual Appliances

You can not research security and DNS traffic for an individual computer or IP address.

With Virtual Appliances

Virtual Appliances record the internal IP address of every DNS request. You can associate DNS traffic to a specific internal IP address.

Active Directory Integration

You can enable the integration of Active Directory (AD) with Secure Access VAs. AD provides user, group, or computer identity information in both reports and access rules. For more information, see the AD Integration with Virtual Appliances.

Configure Granular Rules

Set various access rules in your policy for example, bring your own device (BYOD) corporate networks, guest Wi-Fi, server-only networks, by specifying the internal IP or IP range. Granular rules make it easy to filter unwanted content and malicious traffic on a per-network basis.

Get Started with Virtual Appliances > Prerequisites for Virtual Appliances