Change Impact (Cisco)
Change Impact
Cisco Defense Orchestrator

Network Layer Security Policies
Network layer security policies are composed of rules for handling inbound and outbound traffic. Rule are structured as (permit | deny) <protocols> traffic from <sources> to <destinations> where values wrapped in <> are either primitive values or references to user-defined variables. Variables are either named primitive values or a named collection of other variables with compatible types.

Policies for Cisco ASA and ISR security appliances are defined as access groups. Rules are defined as access lists. Variables are defined as either object-groups or objects.

Managing Network Layer Security Policies with CDO
Traditionally, network layer security policies were redefined for every security appliance within a customers' network. There was no single source of truth, no central governance, and no easy way to deploy policy changes consistently across all devices.

With CDO, policies are centrally managed. Whenever a user modifies a policy, the changes are automatically staged to all affected security appliances by default. This ensures a consistent policy across the entire network, something nearly impossible to achieve before CDO.

Selectively Staging Changes
Policy changes are often staged and deployed to a single security appliance before rolling out to all devices. This use case prompted the need for a user to be able to selectively choose the devices for which the changes should be applied. 

Originally, the user was presented a read-only list of the devices, access-groups, and object-groups which would be affected when modifying a policy.
Our solution builds on this model by allowing the user to select those affected devices for which the change should be staged.
The user may scope the impact of policy changes by clicking "Choose Devices..."
User-editable list of impacted devices
Clicking "Remove All"  clears the list of devices, helpful for when the change should only be scoped to a single device
The user receives feedback about their search query when there are no matching results
Devices in the search result set that are already included in the impact list are communicated visually through the use of a darker background color
Concept Sketch
Change Impact (Cisco)
2
77
0
Published:

Change Impact (Cisco)

UX for Enterprise IT Management SaaS Tools [place meme photo here] Yea, it's kind of like that.
2
77
0
Published:

Tools

Creative Fields