The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find our comprehensive guides designed to help you use with Cisco Umbrella.

Get Started    

Introduction

What are Umbrella Virtual Appliances?

Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms. When utilized as conditional DNS forwarders on your network, Umbrella VAs record the internal IP address information of DNS requests for usage in reports, security enforcement, and category filtering policies. Additionally, VAs encrypt and authenticate DNS data for enhanced security.

VAs also enable Active Directory (AD) integration, which expands on the VAs’ functionality to include AD identify information in addition to internal IP address visibility and DNS encryption.

How Do Umbrella Virtual Appliances Work?

VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers/forwarders, respectively. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address.

The VAs don’t cache DNS records; a DNS record’s TTL set by the authoritative DNS servers is simply respected by the endpoints as normal. The VAs add a seamless and ultra-low latency layer to your local DNS infrastructure.

Why Should I Use Virtual Appliances?

Granular Identity Information—If you’re already pointing DNS to Umbrella, or plan to, all the DNS traffic visible in your Umbrella reports come from a single Network identity. The VAs provide internal IP visibility, allowing you to track down malicious or inappropriate traffic within your network to a specific IP address.

Without Virtual Appliances—Security and DNS traffic-related investigations cannot be traced back to an individual computer or IP address.

With Virtual Appliances—VAs record the internal IP address of every DNS request. Security and DNS traffic-related investigations allow you to associate traffic to an individual, internal IP address.

With AD integration (added as a supplementary feature)—The VAs also record the AD user, group, or computer, depending on Umbrella's policies.

Granular Policy Management—Set different policies for "bring your own device" (BYOD) corporate networks, guest Wi-Fi, server-only networks, and more, by specifying the internal IP or IP range. Granular policy control makes it easy to filter unwanted content and malicious traffic on a per-network basis.

No Endpoint Software—No client-side software required. No OS image to reconfigure.

Lightweight Footprint—A VA only requires a minimum of one virtual CPU core and 512MB to process millions of DNS queries per day.

Active Directory Integration—VAs enable AD integration, which provides user, group, or computer name granularity in both reports and policies. For more information, see Active Directory Integration Setup Guide Overview.


Introduction > Prerequisites

Updated 2 months ago

Introduction


What are Umbrella Virtual Appliances?

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.