Guest

Customer File Uploads to Cisco Technical Assistance Center

Customer File Uploads to Cisco Technical Assistance Center

Overview

Customers are of prime importance to Cisco, which is why we like to address and resolve customers' problems in a timely manner. One way a customer can assist the process is by providing the relevant files to the Cisco Technical Assistance Center (TAC) for review. The TAC customer support engineers use these files to help resolve customer issues and Cisco provides multiple options for uploading information to the Cisco TAC to match a customer's requirements. Some of these options are less secure, leading to certain inherent risks, and each option has limitations that customers should consider before deciding on an appropriate upload option. The following table summarizes the available upload options with details on file encryption capabilities, recommended files size limits, and other relevant information.

Available Option
(In Order of Preference)
Files are Encrypted in Transit Files are Encrypted at Rest Recommended File Size Limit
Support Case Manager (SCM) 4.x
Yes
Yes
250 GB
Cisco HTML 5 Upload Tool
Yes
Yes
250 GB
Email to attach@cisco.com
No**
Yes
20 MB or less based on customer mail server limits
File Transfer Protocol over SSL (FTPS)
Yes
No*
No limit

*Customer must encrypt prior to transit.
**Customer must encrypt prior to transit. Transmission from the customer’s network/email provider may or may not be encrypted
in transit. Secure transit is guaranteed only from the point where the email/attachment reaches the Cisco network.

Support Case Manager 4.x File Upload

The Support Case Manager (SCM) 4.x file upload method is the preferred and most secure option for uploading files to service requests. Files transferred by using this option are encrypted in transit and constrained to a size of 250 GB. The communication channel between the customer’s computing device and Cisco is encrypted. Files uploaded through SCM are immediately linked to the associated Service Request and stored in an encrypted format.

Uploading a File While Creating a Service Request

Follow these steps after you arrive at the Describe Problem screen. For more detailed instructions on how to create or manage a service request on Support Case Manager, see Support Case Manager Help.

Step 1   In the Case Title and Case Description fields, enter a name and description for the case (Figure 1). The Case Title field accepts a maximum of 80 characters.

Figure 1. SCM: Describe Problem Screen (Title and Description)

Fig 1 SCM Attach to new case

Step 2   In the Technology field, click Browse to open the Select Technology window. Locate the technology for this case by searching or by browsing and expanding the list of technology categories. Click the technology to highlight it and then click Select (Figure 2).

Figure 2. SCM: Describe Problem Screen (Technology Selection)

Fig 2 SCM Description Problem Screen

Step 3   Click in the Problem Area field. Point to the general category and then select a specific problem area from the sublist (Figure 3).

Figure 3. SCM: Describe Problem Screen (Technology and Problem Area)

Fig 3 SCM Describe Problem Screen Technology and Problem Area

Step 4   For troubleshooting-related cases, click the calendar button beside the Problem Occurred On field and use the calendar widget to choose a date. Enter a time in the Time field. Enter information about troubleshooting steps already taken and environment changes in the fields provided (Figure 4).

Figure 4. SCM: Describe Problem Screen (Troubleshooting)

Fig 4 SCM Describe Problem Screen Troubleshooting

Step 5   Optionally, click Additional Case Details to expand the Additional Case Details area. Enter the available information (Figure 5).

Figure 5. SCM: Describe Problem Screen (Additional Case Details)

Fig 5 SCM Describe Problem Screen Additional Case Details

Step 6   To upload files such as error logs that might help diagnose the problem more quickly, click Upload Files (Figure 6). The Attach Files window opens. Click Choose File and browse to the file, choose it, and then click Open. Choose the type of file from the drop-down menu in the Type field. Enter a description of the file in the Description field and then click Attach.

Figure 6. SCM: Upload Files

Fig 6 SCM Upload Files

Step 7   Click Submit to submit the case and return to the case list. To review the information first, click Review. The Review and Submit page appears.

Step 8   Review the summary information for your case. If you need to change any information, click Edit to return to that tab.

Step 9   When you are ready to create the new case, click Submit. When the case is submitted, a confirmation message appears and displays the case number (Figure 7). Click OK to return to the main page. The new case appears at the top of the case list.

Figure 7. SCM: Case Submitted Dialog Box

Fig 7 SCM Case Submitted

Uploading a File to an Existing Service Request

After a case is submitted, you can update it to add or change the information.

Step 1   Use the following link to log in to Support Case Manager: https://mycase.cloudapps.cisco.com/case.

Step 2   To open and edit a case, click the case number or case title in the list. The case details page opens.

Step 3   At the top of the case details page, there are three tabs: Summary, Notes, and Attachments. Beside the tabs is a set of toolbar buttons: Attach Files, Add Note, and Actions. Click Attach Files to select a file and upload it as an attachment to the case (Figure 8).

Figure 8. SCM Attachments Screen

Fig 8 SCM Attachments Screen

Return to Top

Cisco HTML 5 Upload

Another secure method of uploading files to a service request is HTML5. The Cisco HTML 5 File Upload Tool is similar to Support Case Manager in that files transferred by using this option are encrypted in transit and constrained to a size of 250 GB. The communication channel between the customer's computing device and Cisco is encrypted. Files uploaded through the Cisco HTML 5 File Upload Tool are immediately linked to the associated Service Request and stored in an encrypted format. Complete the following steps to attach a file by using this tool.

Step 1   Use the following link to log in to the HTML 5 File Upload Tool: https://cway.cisco.com/csc.

Step 2   Enter your Case Number in the provided field (Figure 9).

Figure 9. HTML 5: Case Number Input Screen

Fig 9 Case Number Input Screen

Step 3   Press Enter.

Step 4   A new screen appears where you can add any descriptions to the file(s) you are uploading (Figure 10).

Step 5   When choosing a file to attach, either drag and drop or click inside the dash-edged box to select the file to upload (Figure 10).

Figure 10. HTML 5: File Drag and Drop Screen

Fig 10 File Drag and Drop Screen

Step 6   After choosing a file, if you chose to specify a description, a new screen appears (Figure 11). The Category and Description fields enable you to add more information about the file:

  • Use the Category field to select an attachment type.
  • Use the Description field to provide a brief description of the file.

Figure 11. HTML 5: Select Category Screen

Fig 11 Select Category Screen

Step 7   Click Next to upload the file.

Step 8   The next screen shows the status of the file. After the file uploads, click add new file (Figure 12) or repeat steps 4 through 7 to upload any additional attachments.

Figure 12. HTML 5: Upload Status Screen

Fig 12 Upload Status Screen

Return to Top

File Transfer Protocol over SSL (FTPS)

If neither the Support Case Manager nor the Cisco HTML 5 File Upload Tool can be used, another option customers have is to upload the file via secure File Transfer Protocol over SSL (FTPS) to ftp.cisco.com/incoming/TAC. There is no size limit for this option.

FTPS secures the communication channel between the customer's computing device and Cisco; however, the information is not stored securely until it is attached to the customer's Service Request. If a customer uses this option, it is strongly advised that the customer encrypts their files before transit. For more information, see Encrypting Files. The customer should employ a strong password and communicate the password to the Service Request Customer Support Engineer owner out-of-band, such as by telephone or SCM case update.

Uploading Files Using the FileZilla FTP Client

For this option, customers must use an FTP client that supports TLS/SSL. FTP clients are designed specifically for file transfers and, more importantly, are the only method that currently supports TLS/SSL encryption. SSL encryption is required to ensure that the user ID, password, and data are encrypted in transit.

There are many FTP clients available, but this example uses FileZilla because it is widely used and freely available. The FileZilla FTP client can be downloaded from https://filezilla-project.org/download.php and is available for Cisco employees on Softracker.

Step 1   Download and install the FTP FileZilla client.

Step 2   Start a new FileZilla FTP session as shown in Figure 13.

Figure 13. FileZilla FTP Session

Fig 13 FileZilla FTP Session

Step 3   Select Port 990 as the SSL port. This port must be used to transfer sensitive data to ftp.cisco.com.

Step 4   From the File menu, choose Site Manager to connect to ftp.cisco.com and perform the file transfer.

Figure 14. Connecting to Cisco Using Site Manager

Fig 14 Connecting to Cisco Using Site Manager

Step 5   In the Site Manager screen, click the Advanced tab to specify the following details:

  • Host Name = ftp.cisco.com
  • Port = 990
  • Protocol = FTP - File Transfer Protocol
  • Encryption method = Require explicit FTP over TLS
  • Select one Logon Type:
    Anonymous = anonymous log in
    Normal = log in by using a CCO cisco.com User ID and password

Figure 15. Selecting a Log In Type

Fig 15 Selecing a Logon Type

Step 6   Accept the certificates when presented with the pop-up.

Note: If a mismatched certificate warning displays, you may ignore it if the host that you connect to is within the *.cisco.com domain. The warning message appears because the certificate presented to the client is for the global virtual Cisco Download site. However, the connection is made to a host in a server farm with a different name than the one on the certificate.

Figure 16. Mismatched Certificate Warning

Fig 16 Mismatched Certificate Warning

Note: Anonymous users and users logging in with a CCO account are unable to list the contents of the /incoming directory. However, you can still change to the /incoming/TAC directory to upload a file.

Remember the following when uploading files:

  • The only directory an Anonymous user or CCO user can see is the public directory /pub.
  • Anonymous users cannot list the contents of the /incoming directory or any of its subdirectories, including /incoming/TAC.
  • Anonymous and CCO users can change to the /incoming/TAC directory and upload a file there.

The following screen shots provide more details about the preceding steps:

Figure 17. Logging in as an Anonymous User

Fig 17 Logging In As An Anonymous User

Figure 18. The only directory an Anonymous user or CCO user can see is the public directory /pub

Fig 18 Anonymous CCO users can only see public directory /pub

Figure 19. Anonymous users cannot list the contents of the /incoming directory or any of its subdirectories, including /incoming/TAC

Fig 19 Anonymous users cannot list contents of incoming directory

Figure 20. Anonymous and CCO users can change into the /incoming/TAC directory and upload a file

Fig 20 Anonymous and CCO Users Can Change to the /incoming/TAC Directory and Upload a File

Fig 21 Anonymous and CCO Users Can Change to the /incoming/TAC Directory and Upload a File

Uploading Files Using the Command-Line Interface LFTP Client

Neither the Mac OS X command-line interface (CLI) FTP client nor the Windows CLI FTP client support FTP TLS/SSL. Connections to FTP SSL port 990 that use these clients are not encrypted. For this reason they should not be used. An alternative CLI client is LFTP. LFTP supports FTP over SSL. If you can't use LFTP then you must use an FTP client such as FileZilla, which supports FTP over SSL and ensures that the user ID, passwords, and data are secured in transit. LFTP is included in Mac OS and Linux distributions. If you are using Windows, you can use LFTP by installing Cygwin.

LFTP Command-Line Interface on Windows

To install LFTP on a Windows computer, first install Cygwin.

Step 1   Install Cygwin on a Windows machine:

  1. Go to https://www.cygwin.com/.
  2. Install Cygwin by running setup-x86.exe (32-bit installation) or setup-x86_64.exe (64-bit installation).
  3. Run the Cygwin Net Release Setup Program. Click Next.
  4. Choose a Download Source. Select the Install from Internet option.
  5. Select Root Install Directory (C:\cygwin)
    Install For   ->    All Users (RECOMMENDED)
    Default Text File Type -> Unix/binary (RECOMMENDED)
  6. Click Next.
  7. Select Local Package Directory. Click Next.
  8. Select Your Internet Connection. Choose the Direct Connection option.
  9. Progress.
  10. Choose a Download Site.
  11. Select Packages. You should select lftp, openssl, openssh packages under Category Net.
  12. Create an icon on the Desktop.

Step 2   Connect to ftps by using lftp:

  1. In Windows, create your user's lftp config (.lftprc) file in C:\Cygwin\home\username\.

    Fig 19 Create Your User's lftp Config File
  2. Copy the following contents to the .lftprc file:

    set ftp:ssl-allow true
    set ftp:ssl-force yes
    set ftp:ssl-protect-data yes
    set ftp:ssl-protect-fxp yes
    set ftp:ssl-protect-list yes
    set ssl:verify-certificate yes
    set cmd:verbose yes
    set cmd:trace yes

Step 3   Connect by using LFTP CLI: 

  • Open Cygwin Terminal and run the following commands: lftp ftp.cisco.com:990/incoming/TAC -u <username>

LFTP Command-Line Interface on Linux or Mac OS

  1. Create the .lftprc file in your home directory: $ vi .lftprc
  2. Add the following to the contents of the .lftprc file:

    Fig 20 Add to .lftprc
  3. Change to the /incoming/TAC directory and upload or download files: lftp ftp.cisco.com:990/incoming/TAC -u

    Fig 21 Change to /incoming/TAC directory and upload or download files

Return to Top

Email File Attachment Uploads

If neither the Support Case Manager (SCM) nor the Cisco HTML 5 File Upload Tool works for you, another alternate file upload method is email file attachment upload, in addition to the FTP over SSL option described in the preceding section. Note that this method is fundamentally insecure and does not encrypt the file or the communication session used to transport the file between the customer and Cisco. It is incumbent upon the customer to explicitly encrypt files before the files are uploaded through email file attachments. As an additional security best practice, any sensitive information such as passwords should be obfuscated or removed from any configuration file or log that is sent over an unsecure channel. For more information, see Encrypting Files.

After the files are encrypted, upload additional information and files to the Service Request by sending the information via an email message to attach@cisco.com with the Service Request number in the subject line of the message, for example, subject = SR xxxxxxxxx.

Attachments are limited to 20 MB per email update. Attachments submitted by using email messages are not encrypted in transit, but are immediately linked to the specified Service Request and stored in an encrypted format.

Attach the file to an email message and send the message to attach@cisco.com as shown in Figure 21.

Figure 21. Send the File

Fig 22 Send the File

The previous screen shot shows a Microsoft Outlook email that has an encrypted ZIP file attachment, the correct To address, and a properly formatted Subject. Other email clients should provide the same functionality and perform just as well as Microsoft Outlook.

Return to Top

Encrypting Files

The following examples show how to encrypt files by using three of the many available options such as WinZip, Linux tar and openssl commands, and Linux Gzip and GnuPG. A strong encryption cipher such as AES-128 should be used to properly protect the data. If you are using ZIP, an application that supports AES encryption must be used. Older versions of ZIP applications support a symmetric encryption system that is not secure and should not be used.

Encrypting Files Using WinZip

This section shows how to encrypt files by using the WinZip application. Other applications should provide the same functionality and perform as well as WinZip.

Step 1  Create a ZIP archive file as shown in Figure 22. In the WinZip GUI, click New and follow the menu prompts to create an appropriately named, new ZIP archive file. The newly created ZIP archive file appears.

Figure 22. Creating a ZIP Archive

Fig 22 Creating a Zip File

Step 2   Add the file(s) to be uploaded to the ZIP archive file and select the Encrypt added files option as shown in Figure 23. From the main WinZip window, click Add and then select the file(s) to upload. The Encrypt added files option must be selected.

Figure 23. Encrypt Added Files

Fig 23 Encrypt Added Files

Step 3   Encrypt the file by using the AES encryption cipher and a strong password as shown in Figure 24:

  1. Click Add in the file selection window to open the Encrypt window.
  2. In the Encrypt window, create an appropriately strong password. The password is shared with the Service Request Customer Support Engineer owner, as discussed in Communicating the Password to the TAC Customer Support Engineer
  3. Choose one of the AES Encryption methods.
  4. Click OK to encrypt the file(s) and display the main WinZip window.

Figure 24. Encrypt the File

Fig 24 Encrypt the File

Step 4   Verify that the file is encrypted as shown in Figure 25. Encrypted files are marked with an asterisk following the file name or a lock icon in the Encryption column.

Figure 25. Verify Encryption

Fig 25 Verify Encryption

Return to Top

Encrypting Files Using Tar and OpenSSL

This section shows how to encrypt files by using the Linux command-line tar and openssl commands. Other archive and encryption commands should provide the same functionality and perform just as well under Linux or Unix.

Step 1   Create a tar archive of the file and encrypt it through OpenSSL using the AES cipher and a strong password as shown in the following example. The command output shows the combined tar and openssl command syntax to encrypt the file(s) using the AES cipher.

[user@linux ~]$ tar cvzf - Data_for_TAC.dat | openssl aes-128-cbc -k
Str0ng_passWo5D |
      dd of=Data_for_TAC.aes128 Data_for_TAC.dat
60+1 records in
60+1 records out

Encrypting Files Using Gzip and GnuPG

This section shows how to encrypt files by using the Linux command-line Gzip and GnuPG commands. Other archive and encryption commands should provide the same functionality and perform just as well under Linux or Unix. The command output shows how to use the gzip and gpg command syntax to encrypt the file(s) using the AES cipher.

Step 1   Compress the file by using Gzip:

[user@linux ~]$ gzip -9 Data_for_TAC.dat

Step 2   Encrypt the file through GnuPG using the AES cipher and a strong password:

user@linux ~]$ gpg –cipher-algo AES –armor –output Data_for_TAC.dat.gz.asc –symmetric Data_for_TAC.dat.gz

Step 3   Enter and confirm the strong password at the passphrase prompt:

Enter passphrase:
Repeat passphrase:

Return to Top

Communicating the Password to the TAC Customer Support Engineer

When encrypting attachments, share the encrypting password with the Service Request Customer Support Engineer owner. As a best practice, use a method other than the one used to upload the file. If you used an email message or FTPS to upload the file, communicate the password out-of-band such as by telephone or SCM case update.

Customer File Retention

For the duration that a Service Request is open and for a period up to 18 months following final closure of a Service Request, all files are instantly accessible from within the Service Request tracking system to authorized Cisco personnel. After a period of 18 months from final closure, the files may be moved to an archival storage instance to conserve space, but they are not purged (deleted) from the Service Request history.

At any time, an authorized customer contact can expressly request that a specific file be purged from a Service Request. Cisco can then delete that file and add a case note to document the party who deleted the file, the time and date stamp, and the name of the deleted file. After a file is purged in this manner, it cannot be recovered.

Files uploaded to the TAC FTP folder are retained for four days. The Service Request Customer Support Engineer owner needs to be informed when a file is uploaded to this folder. The Customer Support Engineer should back up the files within four days by attaching them to the service request.

Return to Top

Summary

Multiple options exist for uploading information to Cisco TAC to help them resolve Service Requests. Some of these options are less secure, leading to certain inherent risks. Each option has limitations that should be considered before deciding on an appropriate upload option.

  1. The preferred and most secure option is to use the Support Case Manager 4.x file upload method. Files transferred by using this option are encrypted in transit and constrained to a size of 250 GB. The communication channel between your computing device and Cisco is encrypted. Files uploaded through SCM are immediately linked to the associated Service Request and stored in an encrypted format.
  2. Another secure option is the Cisco HTML 5 File Upload Tool, which is similar to Support Case Manager in that files transferred by using this method are encrypted in transit and constrained to a size of 250 GB. The communication channel between your computing device and Cisco remains encrypted and the information is immediately linked to the associated Service Request and stored in an encrypted format.
  3. If you cannot use Support Case Manager or Cisco HTML 5 File Upload Tool as your file upload method, the least preferred file upload options are FTP over SSL (FTPS) or an email message sent to attach@cisco.com. If you use either of these options, it is strongly advised that that you encrypt your files before transit. For more information, see Encrypting Files. You should employ a strong password and communicate the password to the Service Request Customer Support Engineer out-of-band such as by telephone or SCM case update.
    • Unlike other file upload methods, FTP over SSL (FTPS) has no file size limit. In addition, FTPS secures the communication channel between your computing device and Cisco; however, the information will not be stored securely until it is attached to your Service Request.
    • When uploading files to a service request via email to attach@cisco.com, attachments are limited to 20 MB per email update. Attachments submitted by using email messages are not encrypted in transit, but are immediately linked to the Service Request and stored in an encrypted format.
  4. For the duration that a Service Request is open and for a period up to 18 months following final closure of a Service Request, all files are instantly accessible from within the Service Request tracking system to authorized Cisco personnel.
    • After 18 months the files may be moved to archival storage.
    • At any time, an authorized customer contact can expressly request that a specific file be purged from a Service Request.
    • Files in the FTP folder are retained for only four days.

Additional Information

Accessing Cisco Technical Services
Cisco Worldwide Support Contacts
Cisco Technical Services Resource Guide
Cisco Security Blog - NCSAM Tip #3: What You Should Consider to be a Secure Password
Cisco Conferencing Products
The GNU Privacy Guard
The OpenSSL Project
WinZip

This document is part of Cisco Security Intelligence Operations.

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.

Return to Top

Cisco Security Intelligence Operations