Umbrella VA

What is Umbrella VA and how it works? šŸ¤”

Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms. When utilized as conditional DNS forwarders on your network, Umbrella VAs record the internal IP address information of DNS requests for usage in reports, security enforcement, and category filtering policies. Additionally, VAs encrypt and authenticate DNS data for enhanced security.

VAs also enable Active Directory (AD) integration, which expands on the VAsā€™ functionality to include AD identify information in addition to internal IP address visibility and DNS encryption.

Umbrella Virtual Appliances (VAs) run on the Ubuntu operating system, which is a Linux distribution based on Debian. Not all commands normally available in Linux are available to clients from the VA's "Configuration Mode" command line. Instead, VAs use a restricted shell environment that provides a series of troubleshooting/diagnostic commands as well as configuration commands to change the relevant settings on the VAs.

Note: Two virtual appliances (VAs) are required per Umbrella site. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.

VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers and forwarders. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address.

The VAs donā€™t cache DNS records; a DNS recordā€™s TTL set by the authoritative DNS servers is simply respected by the endpoints as normal. The VAs add a seamless and ultra-low latency layer to your local DNS infrastructure.


87 views0 comments

Recent Posts

See All

The Cisco Integrated Management Interface (CIMC) permits monitoring of the server inventory, health, and system event logs using the built-in Cisco Integrated Management Controller (CIMC) GUI or CLI i

Cisco ISE Upgrade Readiness Tool (URT) helps detect and fix any data upgrade issues before you start the upgrade process. Most of the upgrade failures occur because of data upgrade/corruption issues.

When you try to back up the ISE configuration, the backup process fails even though there is enough disk space available. Follow some steps to fix this issue: ise/admin# show backup status %% Configur