The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Introduction

What are Virtual Appliances?

Umbrella Virtual Appliances (VAs) are lightweight virtual machines, which are compatible with VMWare ESX/ESXi and Windows Hyper-V hypervisors. When utilized as conditional DNS forwarders on your network, Umbrella VAs record the internal IP address information of DNS requests for usage in Reports, Security Enforcement, and Category Filtering policies in the Umbrella dashboard. Additionally, VAs encrypt and authenticate DNS data for enhanced security.

VAs are also required for Active Directory (AD) integration, which expands on the VAs’ functionality to include AD identify information, in addition to the internal IP address visibility and DNS encryption.

How Do Virtual Appliances Work?

VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers/forwarders, respectively. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address.

The VAs don’t cache DNS records; a DNS record’s TTL set by the authoritative DNS servers is simply respected by the endpoints as normal. The VAs add a seamless and ultra-low latency layer to your local DNS infrastructure.

Why Should I Use Virtual Appliances?

Granular Identity Information. If you’re already pointing DNS to Umbrella, or plan to, all the DNS traffic visible in your Umbrella reports come from a single Network identity. The VAs provide internal IP visibility, allowing you to track down malicious or inappropriate traffic within your network to a specific IP address.

  • Without Virtual Appliances—Security and DNS traffic-related investigations cannot be traced back to an individual computer or IP address.
  • With Virtual Appliances—VAs record the internal IP address of every DNS request. Security and DNS traffic-related investigations allow you to associate traffic to an individual, internal IP address.
  • With AD integration (added as a supplementary feature)—The VAs also record the AD user, group, or computer, depending on Umbrella's policies.

Granular Policy Management—Set different policies for "bring your own device"(BYOD) corporate networks, guest Wi-Fi, server-only networks, and more, by specifying the internal IP or IP range. Granular policy control makes it easy to filter unwanted content and malicious traffic on a per-network basis.

No Endpoint Software—No client-side software required. No OS image to reconfigure.

Lightweight Footprint—A VA only requires one virtual CPU core and 512MB to process millions of DNS queries per day.

Active Directory Integration—VAs are the foundation for AD integration, which provides user, group, or computer name granularity in both reports and policies. If you want the most granularity and visibility into your network's DNS traffic and security, this is the way to go. For more information, see "Active Directory Integration Setup Guide Overview."


Introduction > Prerequisites