Cisco Secure Equipment Access Quick Start Guide for Industrial Routers

Cisco Secure Equipment Access service

A Cisco Secure Equipment Access service is a remote access solution that

provides secure, managed connectivity to industrial IoT devices,
integrates hybrid-cloud control through Cisco IoT Operations Dashboard, and
enables customers and partners to perform maintenance on OT assets at remote sites.

The on-premises component runs on supported industrial network devices and is deployed at remote sites to facilitate operational technology access.

You must meet the following prerequisites before enabling SEA on industrial routers:

Ensure you have a valid IoT Operations Dashboard (IoT OD) organization (cloud tenant). If you don’t have one, send a request to mailto:iotod-account-request@cisco.com.
Confirm you have both Application Manager and SEA System Admin roles in the organization. For details, see SEA roles and permissions.
Verify that the IR routers are running Cisco IOS XE version 17.15.1 or later.
Ensure the IR routers have an active Internet connection to us.ciscoiot.com or eu.ciscoiot.com, depending on the IoT OD cluster used.

Enabling SEA services involves multiple stages. The key components or participants involved in the process are:

Network administrator: Configures and manages the industrial routers.
Industrial routers: The device that is prepared and configured for enabling SEA service.
Application Manager service: Handles onboarding and device management.
SEA agent: An IOx application that runs on the device.

These are the stages for enabling SEA service on your industrial routers:

Onboard the required Industrial routers through the Application Manager service on IoT OD.
Configure the Industrial routers to establish a secure tunnel to the IoT OD for application management.
Install the SEA agent on Industrial routers and configure a remote session through SEA for the target OT asset.

The Industrial routers is enabled with SEA service, allowing secure remote access for operational tasks.