How It Works

Network constructs such as IP address are not reliable in virtual, cloud and container environments due to the dynamic nature of the workloads and the inevitability of IP address overlap. Customers require policy rules to be defined based on non-network constructs such as VM name or security group, so that firewall policy is persistent even when the IP address or VLAN changes.

The following figure shows how the system functions at a high level.

"The Cisco Secure Dynamic Attributes Connector queries cloud services such as Microsoft Outlook 365 and provides information such as VLANs, networks, and tags to the secure management center to use as selection criteria in access control rules. This way, you don't have to constantly update network objects when IP address information (for example) in your cloud systems change"

The system supports certain public cloud providers.

This topic discusses supported connectors (which are the connections to those providers).
The dynamic attributes connector is provided with Security Cloud Control; it includes a Cloud-delivered Firewall Management Center adapter and you can connect to an On-Prem Firewall Management Center using the Secure Device Connector.

For more information about the Secure Device Connector, see Secure Device Connector (SDC).
The adapter defined by the dynamic attributes connector receives those dynamic attributes filters as dynamic objects and enables you to use them in access control rules.

You can create the following types of adapters:
- On-Prem Firewall Management Center for an on-premises device.
  
  This type of device might be managed by Security Cloud Control or it might be a standalone.
- Cloud-delivered Firewall Management Center for devices managed by Security Cloud Control.