Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
590
Views
0
Helpful
0
Comments

Umbrella Directory Update: Cisco Secure Client 5.1.8 (Win/macOS)

adaswani
Cisco Employee
Cisco Employee

on ‎03-28-2025 08:26 AM

Cisco has implemented support for multiple deployments of Cisco Secure Access to address the needs of our multinational customers. The main deployment, also known as the Global deployment, is distinct and isolated from other deployments, such as the one in China, that meets local operational needs. For example, the China-specific deployment does not provide DNS protection, but does provide Secure Web Gateway (SWG) protection.

Client support for multiple deployments is included starting from Cisco Secure Client 5.1.8 (Windows and macOS), allowing roaming users to connect to the correct Secure Access deployment depending on where they are at the time.  

To ensure a seamless experience when roaming between different Secure Access deployments, such as transitioning from the Global deployment to one in China or vice versa, it is essential for IT staff to properly provision the Cisco Secure Client installation. As a result, starting with CSC 5.1.8, Umbrella module now supports multiple OrgInfo.json files. These files contain the necessary configuration that enables the client to register and connect seamlessly to various Secure Access deployments. By doing so, users can maintain consistent and reliable connectivity protection no matter where they are, enhancing productivity and minimizing disruptions.

 

What has changed with OrgInfo.json?

  1. Primary OrgInfo.json file: Umbrella module still expects a main OrgInfo.json file in the Umbrella runtime directory.
  • For Windows, the directory is: %ProgramData%\Cisco\Cisco Secure Client\Umbrella
  • For macOS, the directory is: /opt/cisco/secureaccess/umbrella.

  1. Additional OrgInfo.json files: Umbrella module now accepts additional OrgInfo.json files from other Secure Access deployments to the same directory. Only one OrgInfo.json file is supported per deployment.
  • The file name must follow the format OrgInfo.<custom_name>.json, where the custom name can include letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-), for example, OrgInfo.global_org_55.json and OrgInfo.china_org_11.json.

  • Each OrgInfo.json file must include a "region" tag to identify its originating Secure Access deployment. Supported regions are "global" and "china." Any unrecognized region defaults to "global." If the "region" tag is missing, it is assumed to be "global" for backwards compatibility purposes. 

  • Upon startup for a new installation of CSC 5.1.8 or later, the client examines the Umbrella runtime directory to locate and process any OrgInfo.json files. These files are then copied into directories corresponding to each deployment, as identified by their "region" tags. The Umbrella/data/regionaldata/<region_name> directory stores the files and relevant runtime data. Note: OrgInfo.json files in the Umbrella directory are ignored after the initial setup.
    • Once the files have been copied, the OrgInfo.json file is only consumed from the Umbrella/data/regionaldata/<region_name> directory.
    • The old runtime directory for OrgInfo.json i.e. Umbrella/data/ is no longer used.  
    • Note: In the case of a FedRAMP Umbrella deployment, the OrgInfo.json file is copied from Umbrella to Umbrella/data/regionaldata/fedramp

  • Upon upgrade of an existing installation to CSC 5.1.8 or later, the OrgInfo.json and related files are moved from the directory Umbrella/data to Umbrella/data/regionaldata/global.
    • Once the files have been moved, the OrgInfo.json file is only consumed from the Umbrella/data/regionaldata/<region_name> directory.
    • After the move, the old runtime directory for OrgInfo.json i.e. Umbrella/data is no longer used.
    • Note: In the case of a FedRAMP Umbrella deployment, the OrgInfo.json file is moved from Umbrella/data to Umbrella/data/regionaldata/fedramp

  • Note: Cisco does not officially support creation of OrgInfo.json via scripts.
    • The encoding of OrgInfo.json must be ASCII or UTF-8.
    • The OrgInfo.json in the Umbrella/data/regionaldata/<region_name> directory must have a “region” tag whose value matches the region name in the directory.

 

  • Cisco has implemented a location detection service that uses DNS to determine the current “region”. The service returns a text record indicating the region name. Currently “global” and “china” are the only supported regions. Once the location has been obtained, the client uses the matching OrgInfo.json going forward. This mechanism has been designed to be forward-looking, with support for future deployments.
    • Note: in case of FedRAMP Umbrella deployments, location detection does not apply.

Adhering to these guidelines ensures that organizations can configure their Cisco Secure Client for multi deployment support, enabling efficient roaming and protection across different Secure Access deployments.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents