Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
6
Replies

Cisco Hybrid Secure Email

Go to solution
pemasirid
Level 1
Level 1

‎01-11-2023 09:15 AM

Hi,
I'm looking for more information about on-prem and cloud CES (hybrid) document/urls,  so far was able to find this url (https://www.cisco.com/c/dam/en/us/td/docs/security/ces/overview_guide/Cisco_Cloud_Hybrid_Email_Security_Overview_Guide.pdf)   which does not have much information about integration, management, licensing etc. 

We already have the on-prem device ready to configure but still want to know how this going to integrate with CES, Management, licensing and also how will be the mail flow preference etc.?

Can someone please provide me any document which can explain about hybrid deployment, integration, management, licensing etc.?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to pemasirid

‎01-12-2023 08:38 AM

Considering their installed base, so adding the cloud later is probably what happens most often. Once in hybrid their model is for you to hit the cloud first... all of the newest spam/phish/etc. detection is happening there, which is why you'll want it to get filtered there first (once you're in hybrid mode).
I imagine that all of the licensing is SmartLicensing, so maybe you'll get other keys added to your Virtual Account, and then you'll point the CES instance at your VA? That's a sales question... ask a sales guy.
SMA is NOT management for ESAs yet... SMA is for centralized logging and centralized quarantines. If you're using a SEIM you can get away without it, but having multiple quarantines (a set on each ESA) is a nightmare... and CES just comes with an SMA instance.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Ken Stieers
VIP
VIP

‎01-11-2023 10:00 AM

The first paragraph of the overview basically says inbound hits cloud devices first, outbound hits on-prem first.
Cisco Hybrid Secure Email is a unique service offering that combines a cloud-based email security deployment with an appliance-based email security deployment (on premises) to provide maximum choice and control for your organization. The cloud-based infrastructure is typically used for inbound email cleansing, while the on-premises appliances provide granular control-protecting sensitive information with data loss prevention (DLP) and encryption technologies
On page 1-6 there's a diagram and the description of mail flow, and where reporting and quarantine happens (cloud), and that its clustered with the on-prem devices.
They discuss how to do SMTP call ahead from the cloud, which you'd point at your on-prem ESAs which can do LDAP lookup against your internal directory...
The only thing they didn't cover was licensing... I'd be they throw in the on-prem ESA (as VMs) for a nominal cost... but ask a sales guy for that.

0 Helpful

Go to solution
pemasirid
Level 1
Level 1
In response to Ken Stieers

‎01-12-2023 08:23 AM

Hi Ken,
Thanks for your response. Well what we want to do is that deploy the On-Prem ESA appliance first and have MX record priority for that and later add the cloud one (CES) and make the cluster etc. Is that is something possible? as per above it seems like CES hit first for the inbound mails.?

Also we already assigned all the licenses to on-prem ESA using smart licensing, how this will update/change if we going to use hybrid model.?

How about the the management, if that both will be on the same cluster, do we really need SMA or can it be without SMA.?

Appreciate if you can provide more information on the above points please..

Thank you so much...! 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to pemasirid

‎01-12-2023 08:38 AM

Considering their installed base, so adding the cloud later is probably what happens most often. Once in hybrid their model is for you to hit the cloud first... all of the newest spam/phish/etc. detection is happening there, which is why you'll want it to get filtered there first (once you're in hybrid mode).
I imagine that all of the licensing is SmartLicensing, so maybe you'll get other keys added to your Virtual Account, and then you'll point the CES instance at your VA? That's a sales question... ask a sales guy.
SMA is NOT management for ESAs yet... SMA is for centralized logging and centralized quarantines. If you're using a SEIM you can get away without it, but having multiple quarantines (a set on each ESA) is a nightmare... and CES just comes with an SMA instance.
0 Helpful

Go to solution
pemasirid
Level 1
Level 1
In response to Ken Stieers

‎01-12-2023 08:46 AM

H Ken,

Thank you so much for your quick response..

Does it  sounds that we can go ahead with on-prem appliance first and add the Cloud one (CES) anytime later to the deployment.?

Thank you..

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to pemasirid

‎01-12-2023 08:50 AM

Yes. I'd be willing to bet that most of their Hybrid customers are starting from on-prem installs first...

0 Helpful

Go to solution
pemasirid
Level 1
Level 1
In response to Ken Stieers

‎01-12-2023 09:02 AM

Great.. thank you so much for your all inputs.. I will have to check Sales with licensing and other stuff and let you know if I have any further questions... thank again..!

0 Helpful
Customers Also Viewed These Support Documents