[Archive: SSEDOCS-610]Multi Deployment Support
<Cisco supports multiple deployments of Cisco Secure Access to address the requirements of our multinational customers. While the foundational mechanisms remain consistent, each deployment comprises dashboards and connection endpoints configured to meet the specific requirements of each deployment. The main deployment, known as the Global deployment, is distinct and isolated from other regional deployments, such as the one in China, which meets local operational needs. For instance, the China-specific deployment does not offer Domain Name System (DNS) protection but does provide Secure Web Gateway (SWG) protection.
Client support for multiple deployments is available from Cisco Secure Client Release 5.1.8 on Windows and macOS. This enables roaming users to connect to the appropriate Secure Access deployment based on their current location.
To ensure a seamless experience when roaming between different Secure Access deployments—such as transitioning from Global deployment to one in China or vice versa—IT staff must properly provision the Cisco Secure Client installation. This involves configuring the client with multiple OrgInfo.json files, which contain the necessary configurations for the client to register and connect seamlessly to various Secure Access deployments. By provisioning clients in this manner, users can maintain consistent and reliable connectivity protection, regardless of their location, enhancing productivity and minimizing disruptions.
Activate DNS and SWG Protection
Follow these instructions to activate DNS and SWG protection across multiple regions:
- Primary OrgInfo.json file: Ensure that there is a main OrgInfo.json file in the Umbrella runtime directory.
- For Windows, you can find the Primary OrgInfo.json file in: %ProgramData%\Cisco\Cisco Secure Client\Umbrella.
- For macOS, you can find the Primary OrgInfo.json file in: /opt/cisco/secureaccess/umbrella.
- Additional OrgInfo.json files: Add OrgInfo.json files from other Secure Access regional deployments to the same directory. The file name must follow the format OrgInfo._<customname>.json, where custom name can include letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-), for example, OrgInfo.global_org_55.json and OrgInfo.china_org_11.json.
Name and Deployment Identification
The following information outlines the requirements and process for naming and identifying deployments using OrgInfo.json files. These steps ensure accurate identification and processing of Secure Access deployments across supported regions:
- Each OrgInfo.json file must include a "region" tag to identify its originating Secure Access deployment.
- Supported regions are "global" and "china." Any unrecognized region defaults to "global."
- Only one OrgInfo.json file is supported per region.
- After starting the Cisco Secure client, the client examines the Umbrella runtime directory to locate and process the OrgInfo.json files. These files are then organized into directories corresponding to each deployment, as identified by their "region" tags.
Note: OrgInfo.json files in the Umbrella directory are ignored by the Secure Client after the initial setup is complete. - Cisco has implemented a location detection service that uses DNS to determine the current "region." The service returns a text record indicating the region name. Currently, "global" and "china" are the only supported regions.
- After the location is obtained, the client uses the matching OrgInfo.json going forward. This mechanism is designed to be forward-looking, with support for future deployments.
File Management
This section explains how files and runtime data are stored and managed in the directory structure and provides instructions for updating the OrgInfo.json file in case of a deployment key change.
- The Umbrella/data/regionaldata/region_name directory stores the files and relevant runtime data.
- To update an OrgInfo.json file because of a deployment key change, replace the OrgInfo.json file in the Umbrella/data/regionaldata/region_name directory while the Secure Client is not running. Ensure the client is stopped before making any changes to avoid conflicts or unexpected behavior. For more information on deployment key change, see Manage Deployment Key Compromise.
Adhering to these guidelines ensures that organizations can configure their Cisco Secure Client for multi deployment support, enabling efficient roaming and protection across different Secure Access deployments.
Remote Monitoring and Management Deployment Tutorials < Multi Deployment Support > Manage Device Deployment
Updated about 1 month ago