What is Umbrella VA and how it works? 🤔

Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms. When utilized as conditional DNS forwarders on your network, Umbrella VAs record the internal IP address information of DNS requests for usage in reports, security enforcement, and category filtering policies. Additionally, VAs encrypt and authenticate DNS data for enhanced security.

VAs also enable Active Directory (AD) integration, which expands on the VAs’ functionality to include AD identify information in addition to internal IP address visibility and DNS encryption.

Umbrella Virtual Appliances (VAs) run on the Ubuntu operating system, which is a Linux distribution based on Debian. Not all commands normally available in Linux are available to clients from the VA's "Configuration Mode" command line. Instead, VAs use a restricted shell environment that provides a series of troubleshooting/diagnostic commands as well as configuration commands to change the relevant settings on the VAs.

Note: Two virtual appliances (VAs) are required per Umbrella site. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.

VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers and forwarders. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address.

The VAs don’t cache DNS records; a DNS record’s TTL set by the authoritative DNS servers is simply respected by the endpoints as normal. The VAs add a seamless and ultra-low latency layer to your local DNS infrastructure.