About Multicloud Defense
Multicloud Defense is a comprehensive security solution consisting of two primary components: the Multicloud Defense Controller and Multicloud Defense Gateway. These components collaborate to establish a secure multicloud environment
Multicloud Defense currently supports Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and Oracle OCI cloud accounts. The range of support for these platforms varies.
In essence, Multicloud Defense offers a sophisticated and streamlined security framework, harmonizing controller orchestration, gateway communication, and optimized datapath processing for a robust and efficient multicloud protection mechanism.
Multicloud Defense Naming Conventions
Multicloud Defense interacts with a variety of cloud service providers and in order to provide a universal experience across the platforms,
limits the character count when you create gateways and objects. Gateways and objects that exist outside of Multicloud Defense have ciscomcd
prepended to the name, which may cause issues if the original gateway or object name is too long.
Consider the following character limitations when naming your gateways or objects, both inside and outside of Multicloud Defense:
Multicloud Defense Feature |
Character Limit |
---|---|
Gateway Instance |
55 |
Object Name |
63 |
![]() Note |
The values above indicate the character limit for names without the prepended Multicloud Defense tag. You are not responsible for including the tag when you name the gateway or object. |
Supported Regions
At this time we support all regions for any commercial cloud service provider region for AWS, Azure, GCP and OCI. See your cloud service provider support documentation for more specific information.
If a region appears to not be supported, or a new region is established that is not yet supported, please contact Cisco Support to add support for the region.
Recommended Versions of Multicloud Defense Components
We recommend keeping your components up to date with the latest upgrades and updates for enhancements and new features, as well as bug fixes. For more information on what updates and upgrades are available, and what each package addresses, see the Cisco Multicloud Defense Release Notes.
Third Party Product Support and Versioning
Multicloud Defense utlilizes additional products and functions. For optimal operations, consider using the appropriate versions listed.
Internet Browsers
At this time Multicloud Defense supports and recommends using a Chrome browser when viewing the controller dashboard.
Instance Metadata Service For AWS
The Instance Metadata Service (IMDS) is used to access instance metadata from an Amazon EC2 instance. The Multicloud Defense Controller version 23.10 sets up IMDSv2 to be Required or Optional depending on the corresponding Multicloud Defense Gateway version.
We strongly recommend upgrading to a Multicloud Defense Gateway version that specifically supports IMDSv2 in the Required mode for optimal security with Amazon EC2 instances.
![]() Note |
The Multicloud Defense Controller version 23.10 forces Multicloud Defense Gateway versions 23.04 and later to default to IMDSv2 for EC2 instances. |
Use the table below to determine which IMDS version will be setup inside the EC2 instance for your environment:
Multicloud Defense Gateway Version |
Required IMDS Version |
---|---|
23.08 |
IMDSv2 (required) |
23.06 |
IMDSv2 (required) |
23.04 |
IMDSv2 (required) |
23.02 |
IMDSv1 IMDSv2 (optional) |
22.12 |
IMDSv1 IMDSv2 (optional) |
For more information on IMDS versions and how to migrate to the version of your choice, see AWS documentation.
Supported Disk Size
Consider the following disk size support for the appropriate gateway versions:
Gateway Version |
Supported Disk Size |
---|---|
23.12 and later |
128GB |
up to 23.10 |
256GB |
Cloud Service Provider Instance Type Support
The recommended instance types for the supported cloud service providers are as follows:
CSP |
Instance Type |
Max Memory Usage (KB) |
Max Bandwidth Usage (Proxy) |
Max Bandwidth Usage (Forwarding) |
---|---|---|---|---|
AWS |
m5.2xlarge |
32,000,000 |
4,400,000,000 |
9,000,000,000 |
m5.xlarge |
9,000,000 |
2,400,000,000 |
4,800,000,000 |
|
m5.large |
4,500,000 |
1,200,000,000 |
2,400,000,000 |
|
m7i |
4,500,000 |
1,200,000,000 |
2,400,000,000 |
|
Azure |
Standard_D8s_v3 & Standard_D8s_v5 |
32,000,000 |
2,800,000,000 |
4,000,000,000 |
Standard_D4s_v3 & Standard_D4s_v5 |
9,000,000 |
1,200,000,000 |
2,400,000,000 |
|
Standard_D2s_v3 & Standard_D2s_v5 |
4,500,000 |
1,000,000,000 |
1,500,000,000 |
|
GCP |
e2-standard-8 |
32,000,000 |
2,500,000,000 |
8,000,000,000 |
e2-standard-4 |
9,000,000 |
1,600,000,000 |
4,000,000,000 |
|
e2-standard-2 |
4,500,000 |
1,200,000,000 |
2,000,000,000 |
|
OCI |
VM.Standard.E3.Flex |
32,000,000 |
2,500,000,000 |
: 8,000,000,000 |
Multicloud Defense in Cisco Security Cloud Control
Multicloud Defense is now hosted in Cisco Security Cloud Control. Security Cloud Control is a platform that allows you to manage your security products and achieve security outcomes from a single integrated interface. From Security Cloud Control platform, you can manage Multicloud Defense along with other Security products.
When you enroll in a Multicloud Defense, Security Cloud Control creates an account for your tenancy by default to better manage your enterprises across the board. The Security Cloud enterprise supports the following cases: if you have purchased a license and already have a Multicloud Defense account, and if you have purchased a license but currently do not have a Multicloud Defense account.
New customers or users of Multicloud Defense can complete the following steps in Security Cloud Control.
-
Create an organization. For details, see the Create an Organization topic in the Organizations and Regions section of the Getting Started Guide for New Customers of Security Cloud Control.
-
Buy a subscription license. Once you purchase the license, you or the designated system administrator receives an email with a subscription claim code. Do not lose this email.
-
Claim the subscription. Enter the claim code in the Claim Subscription section of Security Cloud Control application and claim the product. You will receive a confirmation email that Multicloud Defense has been activated on Security Cloud Control. For details, see the Claim Your Product Subscriptions section in the Getting Started Guide for New Customers of Security Cloud Control.
Multicloud Defense is provisioned and is available on the default landing page of Security Cloud Control. The navigation pane on Security Cloud Control contains the organization details and menu elements, and the central area contains the dashboard widgets.
![]() Note |
Customers who provision Multicloud Defense after August 6, 2025 and want to use Object Sharing will need to contact Cisco Technical Assistance Center (Cisco TAC) to enable this feature. |
For existing users of Multicloud Defense migrating to Security Cloud Control, see Getting Started Guide for Existing Customers of Security Cloud Control.