top of page

Umbrella VA

What is Umbrella VA and how it works? šŸ¤”

Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms. When utilized as conditional DNS forwarders on your network, Umbrella VAs record the internal IP address information of DNS requests for usage in reports, security enforcement, and category filtering policies. Additionally, VAs encrypt and authenticate DNS data for enhanced security.

VAs also enable Active Directory (AD) integration, which expands on the VAsā€™ functionality to include AD identify information in addition to internal IP address visibility and DNS encryption.


Umbrella Virtual Appliances (VAs) run on the Ubuntu operating system, which is a Linux distribution based on Debian. Not all commands normally available in Linux are available to clients from the VA's "Configuration Mode" command line. Instead, VAs use a restricted shell environment that provides a series of troubleshooting/diagnostic commands as well as configuration commands to change the relevant settings on the VAs.


Note: Two virtual appliances (VAs) are required per Umbrella site. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.


VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers and forwarders. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address.


The VAs donā€™t cache DNS records; a DNS recordā€™s TTL set by the authoritative DNS servers is simply respected by the endpoints as normal. The VAs add a seamless and ultra-low latency layer to your local DNS infrastructure.


gif

132 views0 comments

Recent Posts

See All

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr

ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes: āž› Backup and Restore of ISE Configuration and Operational data; āž› Upgrade of ISE nodes;

Secure Unlock Client mechanism provides root shell access on Cisco ISE Command Line Interface (CLI) for a certain period of time. As soon as the session is closed or exited, the root access is also re

bottom of page