Activation - NGFW - Zero Trust Microsegmentation – Cisco Activation as a Service

Onboarding Implement Use Engage Adopt

Onboarding

Steps:

Step 1: Familiarize yourself with Cisco Secure Workload solution
- Task 1: Register for a virtual event, available on Cisco Community
- View Sessions
Step 2: Validate pre-requisites and design requirements of Cisco Secure Workload
- Task 2: Review Cisco Secure Workload deployment requirements
- Link
- Watch Video
- Task 3: Review the Quick Start guide for Workload 3.8
- Link
Step 3: Confirm license entitlement
- Task 4: Sign in to the Cisco Secure Workload dashboard
- Log in
- Link
- Task 5: Review the Smart Licensing guide
- Link
Step 4: Gather information on your assets to help create your workload scope
- Task 6: Gather IP addresses and subnets associated with your pre-production environment, data centers, and internal network
- Link

Implement

Steps

Step 1: Learn about agents, scopes, and labels
- Task 1: Watch the video
- Watch Video
Step 2: Learn about inventory and user labels
- Task 2: Upload inventory manually
- Link
- Task 3: Import inventory from external orchestrators and validate inventory count
- Link
Step 3: Install agents for workloads
- Task 4: If you are a first-time user, run the Quick Start Wizard
- Link
- Task 5: Identify the two methods for installing agents
- Link
- Task 6: Install agents on all the scoped workloads
- Link
- Task 7: Start collecting and processing data flows
- Link
- Task 8: Validate the data in the dashboard
- Link
Step 4: Design and implement scope tree
- Task 9: Use the Quick Start Wizard to implement scope tree
- Link
- Task 10: In the navigation bar on the left, click Organize Scopes and Inventory
- Link
Step 5: Explore results of agent installed and scopes
- Task 11: Identify queries for dynamic allocation of sensors to a scope
- Link
- Task 12: Analyze sensors in the default mode and in the defined scope (e.g. number of sensors per layer)
- Link
- Task 13: Analyze scope tree depth and breadth
- Link
- Task 14: Analyze ratio of default tree to scoped tree sensors
- Link
Step 6: Create workspaces
- Task 15: Create a workspace for each scope (e.g. one workspace based on a zone dev/prod, on application, and a workspace for global shared policies)
- Link
Step 7: Create global or common policy manually
- Task 16: Start with a simple global policy creation (eg. only allow the traffic through certain ports from your network to outside your network)
- Link
- Task 17: Enforce a global policy
- Link
Step 8: Validate global policy
- Task 18: Validate and test global policy enforcement in the test environment
- Link

Use

Steps:

Step 1: Learn about automated policy discovery
- Task 1: Register for a virtual event, available on Cisco Community
- View Sessions
Step 2: Automatically discover policies
- Task 2: Review and analyze policies
- Link
Step 3: Modify enforced policies
- Task 3: Set up a process to generate and optimize policies
- Link
Step 4: Configure enforcement
- Task 4: Enable enforcement for applications
- Link
Step 5: Create alerts and monitor
- Task 5: Configure alerts for sensor and cluster health
- Link
Step 6: Configure external orchestrators
- Task 6: Configure Infoblox, DNS, VMware vCenter, Kubernetes, AWS, F5, Citrix orchestrator in the Cisco Secure Workload dashboard
- Link
Step 7: Configure connectors
- Task 7: Configure connectors for flow ingestion, inventory enrichment, integration with cloud services, and endpoint context
- Link

Engage

Steps

Step 1: Learn about Workload Security and Vulnerability Dashboards
- Task 1: View the Security Dashboard
- Link
- Task 2: View the Vulnerability Dashboard
- Link
Step 2: Integrate Secure Workload with other Cisco solutions
- Task 3: Deploy Network Visibility Module on endpoints using either Cisco Secure Firewall Connector (formerly known as "Adaptive Security Appliance") or Cisco Identity Service Engine
- Endpoint Connectors Document
- ISE Connector Document
- Secure Firewall Connector Document
- Task 4: Configure Firewall Management Center in Cisco Secure Workload (for flow data)
- Link
Step 3: Configure real-time forensics
- Task 5: Define rules to specify forensics of interest
- Link
- Task 6: Define trigger actions for forensic events
- Link
- Task 7: Monitor for alerts generated by forensic events
- Link

Adopt

Steps

Step 1: Conduct a Cisco Secure Workload health check
- Task 1: Conduct health checks for operational excellence and optimal data retention
- On-Prem
- SaaS
Step 2: Configure connector for alert notifications
- Task 2: Configure external connector for alerts notification (e.g. Syslog, Email, Slack, Pager Duty, Kinesis)
- Link
- Task 3: Validate alerts are going to external connectors
- Link

Reference Guided Resources

Related articles