Create Deployment

Note: Only users with an Administrator role can create deployments.

You use the Create Deployment page to add a new Secure Client deployment in Secure Client Cloud Management. Once the deployment is created, it is displayed on the Deployments page.

Each Version Control drop-down list typically includes these options:

Note: The options are subject to change at any time and don’t have to be consistent across the different products.

• Latest – The most recent version of the connector. It is automatically updated each time a new version is released.

• Recommended – The version with the largest user base that has been available for a while without any major issues.

• Specific release versions

  Note: When a specific release version is deprecated, the module will automatically be disabled, and the version will appear as "N/A" on the Deployment Management page. If you have selected a specific release version that has been deprecated, you will need to edit the deployment and manually update the release version.

To create a new deployment:

1. Click Create New on the Deployments page.

2. Choose the operating system and architecture for the deployment, then click Create New. If you choose Linux, choose a Distribution from the drop-down list.

   

   Note: The following steps may vary depending on the selected operating system and architecture. For supported modules on the selected operating system and architecture, see the Operating System and Architecture Support section.

3. Enter a deployment name, then click Next.

4. Choose the version and profile for the Cloud Management module from the drop-down lists. If you need to add a new Cloud Management profile, click the (Add) icon to create or upload a new profile. Then click the (Refresh) icon to update the profile drop-down list. Click Next.

   Note: If you do not specify a Cloud Management profile when creating a deployment, a profile will be generated and applied at the time of installation, in which default Cloud Management settings are used. This profile cannot be viewed or edited and is subject to change. If this is not desirable, we recommend that you create a unique Cloud Management profile to assign to deployments that don't already have one. For details on creating a Cloud Management profile, see the Profile Configuration help topic.

   The Cloud Management module will connect to these regional API endpoints:

   • North America (NAM)

     • admin.prod.nam.csc.cisco.com

     • identify.prod.nam.csc.cisco.com

     • pacman.prod.nam.csc.cisco.com

     • cisco-ucb-nam-pass-repo.s3.us-east-1.amazonaws.com

     • cisco-ucb-nam-catalog-repo.s3.us-east-1.amazonaws.com

   • Europe (EU)

     • admin.prod.eu.csc.cisco.com

     • identify.prod.eu.csc.cisco.com

     • pacman.prod.eu.csc.cisco.com

     • cisco-ucb-eu-pass-repo.s3.eu-west-1.amazonaws.com

     • cisco-ucb-eu-catalog-repo.s3.eu-west-1.amazonaws.com

   • Asia, Pacific, Japan, China (APJC)

     • admin.prod.apjc.csc.cisco.com

     • identify.prod.apjc.csc.cisco.com

     • pacman.prod.apjc.csc.cisco.com

     • cisco-ucb-apjc-pass-repo.s3.ap-northeast-1.amazonaws.com

     • cisco-ucb-apjc-catalog-repo.s3.ap-northeast-1.amazonaws.com

   Note: There is not an option to configure a proxy for the Cloud Management module.

5. Configure the optional modules that are available for the selected operating system and architecture. For each module that you want to include, click the toggle, choose the required version, profile, instance, group, or settings from the available drop-down lists and controls, and then click Next. Leave the toggle off for any module that you do not want to include.

   • Secure Endpoint - Choose the version, Secure Endpoint Instance, and Secure Endpoint Group. If you have integrated more than one Secure Endpoint organization with Secure Client Cloud Management, they’ll be listed in the Secure Endpoint Instance drop-down list. See Groups in the Secure Endpoint User Guide for information about creating and configuring a group. To edit the Secure Endpoint instance or group, click Replace Bootstrap Profile.

   • Endpoint Data Loss Prevention - Choose the version and profile from the drop-down lists. Cisco Endpoint Data Loss Prevention (Endpoint DLP) helps protect sensitive data on endpoints by controlling what data is transferred to external devices. For more information, see the Manage Endpoint Data Loss Prevention Using Cisco Secure Client documentation in the Cisco Secure Access Help. To add a new profile, click the (Add) icon to upload a new profile. Then click the (Refresh) icon to update the profile drop-down list.

   • Secure Client AnyConnect VPN - Choose the version and profile from the drop-down lists. To add a new AnyConnect VPN profile, click the (Add) icon to create or upload a new profile. Then click the (Refresh) icon to update the profile drop-down list. For details on creating a VPN profile, see the Profile Configuration help topic.

     Note: By default, a VPN profile will be deployed with the name CloudManaged.xml on the device. To specify the name, append .xml to the profile name (for example, VPN_TEST.xml).

   • Secure Client settings - Depending on the operating system and module versions you chose, you can enable the Start Before Logon toggle and choose optional settings such as Umbrella, Diagnostics and Reporting Tool, ISE Posture, Secure Firewall Posture, Network Access Manager, and Network Visibility Module. For modules that require profiles, use the (Add) icon and (Refresh) icon to add or update profiles in the drop-down lists.

     Note: Secure Client update traffic must be excluded from Umbrella SSL Decryption, as decryption may cause certificate validation and package integrity failures.

   • Secure Client Socket Filter - Choose a version from the drop-down list. Secure Client Socket Filter offers network monitoring and interception capabilities, and is required for the Zero Trust Access module on Linux deployments.

   • Secure Access Root Certificate - Choose a version from the drop-down list. The module installs the Cisco Secure Access Root Certificate into the host computer's certificate store. A Certificate Authority (CA) signed root certificate is required where Cisco Secure Access must proxy and decrypt HTTPS traffic that requests a web resource.

   • Zero Trust Access - If you chose AnyConnect VPN version 5.1.3.62 or later, you can enable Zero Trust Access. Zero Trust Access reduces the attack surface by hiding applications and expands your level of knowing, understanding, and controlling who and what is on your network. For more information, see the Zero Trust Access Module documentation in the Cisco Secure Client (including AnyConnect) Administrator Guide. Choose the version and profile from the drop-down lists. To add a new Zero Trust Access profile, click the (Add) icon to upload a new profile. Then click the (Refresh) icon to update the profile drop-down list.

   • ThousandEyes - Choose a version from the drop-down list. ThousandEyes delivers visibility into network and application performance across the internet and cloud. For more information, see the Endpoint Agents and System Requirements topics in the ThousandEyes documentation.

6. When you have configured the available modules, click Save.

Once you click Save, the Deployment Management page opens, the installers are generated automatically, and you can download a full or network installer. For more information, see the Deployment Management topic.

Note: A maximum of 47 deployments can share the same profile. If you try to create a 48th deployment that uses the same profile, the deployment creation will fail with a notification that the limit was reached. We recommend that you use multiple profiles as needed.