The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Crosswork Cloud Trust Insights™is a software-as-a-service, cloud solution that provides operational intelligence on integrity and security posture of Cisco IOS® XR devices. The solution combines Cisco’s Knowledge and Trust Anchor technologies with customer devices to provide a holistic view of the trustworthy status of their network assets.
Network infrastructure drives mission-critical services. And operators need the ability to not only understand the complex hardware and software required to maintain and operate devices, but also, validate the integrity of software that supports these services. A trustworthy network ensures performance, reduces management costs, and reduces downtime caused by malicious or noncompliant changes.
However, the tools for tracking and testing the integrity of the software on these devices is inadequate, and often limited to simple tools that only query device OS versions and configurations.
Cisco Crosswork Trust Insights provides intuitive visualization, rich analytics, and alerts on actionable device integrity events. It empowers you with deep visibility to assess the integrity and affirm trust in your network routing infrastructure.
An IOS XR network device monitoring solution for complex enterprise and service provider networks, Trust Insights captures, enriches, and analyzes trustworthy network equipment status to help service providers, web companies, and enterprises validate the integrity of their network infrastructure assets.
Trust Insights aggregates hardware and software signature information from your network devices and gathers evidence to validate if the hardware is authentic and running software maps to published Known Good Values (KGVs). The solution helps you take maximum advantage of trustworthy technologies baked into Cisco platforms, so you can implement operational best practices to collect and validate changes in system integrity information.
How does it work?
Crosswork Cloud Trust Insights is Cisco’s first cloud-based service that presents continuous and verifiable network device integrity information. It uses secure data exchange protocols in combination with a cloud-native architecture to continuously monitor changes to device trust posture. In addition, the service takes advantage of its deeper knowledge of Cisco network devices to provide a comprehensive view of device inventory and changes in system integrity measurements.
Cisco is committed to continually enhance the security and resilience of our networking solutions. Trust Insights uniquely leverages the built-in trust technologies. For example, it utilizes the cryptographic identity as part of a trust anchor for the validation of information collected from the device. In addition, the service provides an independent and secure offsite repository of system integrity information.
Trust Insights delivers the critical consumer experience component as part of the Cisco Trust Anchor technology evolution.
Accelerate time to know
Trust Insights helps detect and analyze any change in system integrity measurements, significantly reducing the Mean Time to Know (MTTK) when a security event occurs. The solution is built to communicate and alert operators on issues using new collaboration media platforms and legacy methods such as email. These collaborative tools help network operation teams efficiently coordinate their efforts to resolve issues.
The framework integrates with third-party plug-ins to facilitate collaboration and optimizes efficiency through with alarms that trigger automation playbooks to implement remediation or accessibility actions.
Accelerate Time to Action
Crosswork Cloud Trust Insights leverages the robust Cisco Cloud Service Infrastructure.
Cisco Crosswork Trust Insights isa flexible, resilient, and secure solution designed to cost-effectively manage very large-scale data sets. The architecture can track millions of signature value pairs while maintaining their historical information. Trust Insights is ideal for anyone who needs to understand the trust posture of their network routers and track and analyze changes that may potentially expose the attack surface. The solution will continue to evolve, providing organizations with robust capabilities to protect and monitor the trust posture of their network assets.
Trust Insights Benefits
● Collect, analyze, and report on the integrity and trustworthiness of Cisco IOS XR–based routing platforms
● Hardware and software inventory management and reporting
● Continuous compliance checking on Runtime software KGV by 365x24x7
● Reliable audit trail of platform integrity and inventory with history
● Track observed changes to hardware and software inventory and major operational events
● Flexible traffic dashboards and reporting functions
Trust Insights use cases
Crosswork Cloud Trust Insights Use Cases
IOS XR inventory and integrity analytics
Trust Insights provides an operational timeline for all events captured within the trust dossier (such as reboot or configuration rollback events), as well as dossier collection, and also observed changes between dossiers. This is designed to provide a unique historical view into changes observed in systems, which is intended to support root-cause analysis of known network issues, or to prove that scheduled hardware or software maintenance has been completed as planned.
Track changes and events with Trust dossier
Integrity measurement and KGVs
Trust Insights works by leveraging the “trust dossier” feature within IOS XR 7 systems. This cryptographically signed dossier contains data on the hardware and software inventory of the router, as well as unique measurements of hardware and runtime software within each IOS XR device. These runtime signatures are compared to KGVs, which are collected as part of the IOS XR build and release process as part of the Trust Insights service. With Trust Insights, you can not only understand the current and previous hardware and software running on your production systems, but you can also get a unique view into the integrity of all hardware and software running in your mission-critical production network devices.
Integrity measurement and Known Good Values and Continuous Runtime verification
Forensic reporting on observed software signatures
Trust Insights highlights critical new security capabilities of modern Cisco routers and can provide insights into new capabilities enabled by upgrading to newer software versions of the IOS XR operating system. The integrity reporting capabilities can validate IOS XR software packages, detect runtime changes to file contents on production systems, and file signatures across monitored devices within your environment. Trust Insights leverages key capabilities in the IOS XR operating system to track and report on the integrity and runtime changes to individual software packages as well as at-rest and in-use file fingerprints.
Integrity reporting capabilities
Trust capability assessment
Trust Insights provides unique insights into security capabilities of your IOS XR fleet. This feature helps you audit the security capabilities of already-deployed IOS XR systems to identify opportunities to mitigate risks through upgrades.
Audit security capabilities with Trust Insights
Historical audit of operational changes
Trust Insights provides a historical audit trail of measured systems and can track and report on observed changes to hardware and running software over time. This is a critical capability to ensure compliance with approved software releases and patch (SMU) standards, as well as forensic capabilities to report on exact software state and observed changes during previous operational events.
Historical audit trail
Secure remote collection and storage
Crosswork Cloud delivers a robust solution for cloud-to-ground connectivity through the Crosswork Data Gateway. Deployed as a virtual machine, the Crosswork Data Gateway provides a scalable and easy-to-manage solution to enable secure collection of integrity measurements from on-premises IOS XR devices.
The Data Gateway is designed for simple and repeatable deployment and includes tools to easily validate and troubleshoot connectivity. Once deployed, it is fully cloud managed and does not require any ongoing maintenance. This enables Trust Insights to provide a scalable cloud-based solution to audit the inventory and software of your IOS XR devices, with minimal investment in ongoing software maintenance or infrastructure.
Crosswork Data Gateway
Table 1. Features and benefits of the Cisco Crosswork Cloud Trust Insights module
Feature |
Benefit |
Cloud delivered |
Reduce time to value with easy ordering, provisioning, and setup. Adopt new releases and innovation in an effortless manner. Facilitate integration with other systems through open APIs. |
Software as a Service (SaaS) |
Build and maintain confidence with “always-on” monitoring. Reduce technical and operational overhead required to set up, operate, and maintain servers and software. Leverage seamless flexibility to add capacity, scale, and features, securely and reliably, to align with your business objectives. |
Cryptographically secured evidence of system integrity and changes |
Affirm trust in network infrastructure by gathering evidence to verify if the hardware is authentic and running software maps to published KGVs. Track changes to system integrity measurements. |
Intuitive dashboard |
Get a glance into observed hardware and software changes; contextually navigate deeper to analyze the behavior and assess the impact. |
System integrity evidence analysis |
Validate trust posture for network devices by regularly observing any system hardware and software changes and validating if the changes were as planned and conform to manufacturer guidelines. Analyze run-time software changes to investigate what they are, when they happened, and which devices were affected. Expedite resolution by assessing the change behavior such as if similar change was observed in the past or if the change occurred concurrently across multiple devices. |
Historical archive of system changes |
Establish traceability for forensic and causal analysis. |
Notification of observed system changes |
Accelerate mean time to know by subscribing to system change notifications. Mechanisms include Email, SMS, and Structured Syslog to Cloud File Storage. |
Immutable secure storage of evidence |
Ease compliance check while safe-guarding against evidence tampering. |
Secure connection from network devices to the cloud |
Establish secure cloud tether using a Cisco Crosswork Data Gateway deployed on-premises in your network. |
Subscription pricing |
Flexibility of payments, with 12- to 60-month terms and annual renewals Lower upfront CapEx and overall Total Cost of Ownership (TCO) Ability to add capacity or term as needed to meet business requirements The current subscription tiers are: Essentials Subscription tiers are based on the number of configured devices to be monitored. |
Multitenant |
Role-based access controls Cisco.com Federated One Identity for easy access to multiple customer tenancies Enterprise Single Sign-On with Federated Identity to reduce user support and onboarding |
Network automation integration |
Trigger software upgrades and compliance audits with operational awareness Integrated Options with Cisco Crosswork Portfolio solutions like Network Controller, Work Flow Manager, WAE and NSO. |
Product subscription tiers
All Cisco Crosswork Cloud subscription tiers can be used independently or in combination with each other. Crosswork Cloud Trust Insights module integrates the information and features of the Trust Anchor Module embedded in the Cisco IOS XR hardware as well as the signature information found in the Trust Inventory Dossier that is collected from the router.
Customers familiar with the Crosswork Cloud can integrate any existing service offering of Cisco Crosswork Cloud or create a separate tenancy as required. Customers will be able to mix and match license types based on allocation of licenses to specific organizational tenancies. License compliance is flexible and reported within the user interface.
Cisco Crosswork Trust Insights subscription tiers
The Cisco Crosswork Cloud Trust Insights application is delivered via a Software-as-a-Service (SaaS) offer and does not have any specific system requirements to operate the software itself. Users of Cisco Crosswork Cloud products require one of the following browsers in order to access the SaaS application.
Table 2. Cisco Crosswork Cloud system requirements
Feature |
Description |
Web Browser |
Google Chrome 70 or later |
Mozilla Firefox 62 or later |
The Trust Insights features require the use of the Cisco Crosswork Data Gateway to aggregate device data and transmit this to the cloud service as a form of network telemetry. The following system requirements are a guide to a base collector Virtual Machine (VM) specification. The Cisco Crosswork Cloud application may require multiple CDG instances depending on the number of devices to be associated with the service and the amount of redundancy required from the collection framework.
For Cisco Crosswork Cloud applications, Cisco Crosswork Data Gateway software is included in your application cost. The Cisco Crosswork Data Gateway is prevented from being used for other on-premises Cisco Crosswork applications.
Table 3. Cisco Crosswork Data Gateway system requirements
Feature |
Description |
Hypervisor |
VMware
● VMware vCenter server 6.7, ESXi 6.5
● VMware vCenter Server 7.0, ESXi 6.5 and 6.7
OpenStack
● OpenStack OSP16
Amazon
● Amazon Elastic Cloud Compute
|
Memory |
32 GB minimum |
Disk Space |
74 GB - Boot Disk 50GB + Data Disk 24GB(optional requirement) |
vCPU |
8 vCPU |
Network Interfaces |
Up to three virtual interfaces depending on requirements*
● One interface for management access, including SSH and GUI access to the VM. The DNS and NTP servers, and the default gateway, must be reachable via this interface.
● One interface for southbound device access. Associated devices must be reachable via this interface (routable).
● One interface for northbound cloud access. The data destination must be reachable via this interface (routable).
*Interfaces can be consolidated subject to deployment requirements.
|
For more information about the Cisco Crosswork Data Gateway, please see the Crosswork Data Gateway Data Sheet.
Cisco Crosswork Cloud Trust Insights is available. To order, please visit the Cisco Ordering Home Page.
Trust Insights feature tiers can be ordered in one-year, three-year, and five-year subscription periods. In addition, volume and term discounts are available for customers ordering higher numbers of monitored routers at the same time. All current subscriptions are offered at the Essentials level. The SaaS software is accessible via crosswork.cisco.com.
Cisco Smart Accounts and Smart Licensing are supported for Trust Insights. In addition, Cisco Connection Online (CCO) user accounts are mandatory in order to use the Cisco Crosswork Cloud user interface.
Table 4. Ordering information – paid subscriptions
Product Description |
Entitlement Model |
Trust Insights Subscription |
Per Subscription |
Trust Insights Essentials - Device RTM |
Per Device Right to Manage |
A Trust Insights subscription must be purchased to enable Trust Insights functionality within a Crosswork Cloud account. Trust Insights device Right-to-Manage licenses (including embedded vouchers) cannot be claimed until a minimum Trust Insights subscription product ID is purchased that contains a Cisco Support Contract.
Crosswork Trust Insights vouchers are embedded in numerous IOS XR device orders automatically using am embedded product ID. The Crosswork Trust Insights RTM Voucher SKUs can be consumed based on a single device per IOS XR license subscription. Each voucher is equivalent to a paid Trust Insights Essentials RTM for a fixed term of 36 months.
Table 5. Ordering information – voucher subscriptions
Product Description |
Entitlement Model |
Trust Insights Essentials - Device RTM Voucher |
Per Device Right to Manage |
Cisco environmental sustainability
Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.
Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:
Sustainability topic |
Reference |
Information on product material content laws and regulations |
|
Information on electronic waste laws and regulations, including products, batteries, and packaging |
Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.
Cisco offers a wide range of services to help accelerate your success in connecting to Cisco Crosswork Cloud. The innovative Cisco Services offerings are delivered through a unique combination of people, processes, tools, and partners and are focused on helping you increase operational efficiency and improve your network control. Cisco Advanced Services use an architecture-led approach to help you align your network infrastructure with your business goals and achieve long-term value. Cisco Crosswork products can be combined with the Cisco SMARTnet® service to help you resolve mission-critical problems with direct access at any time to Cisco network experts and award-winning resources. Spanning the entire network lifecycle, Cisco Services offerings help increase investment protection, optimize network operations, support migration operations, and strengthen your IT expertise. For more information, please visit www.cisco.com/go/services.
Flexible payment solutions to help you achieve your objectives
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation, and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services, and complementary third-party equipment in easy, predictable payments. Learn more.
For more information on Cisco's network automation portfolio for service providers, please visit www.cisco.com/go/crosswork. To learn more about Cisco Crosswork Cloud or to schedule a demonstration, contact your Cisco sales representative.
New or Revised Topic |
Described In |
Date |
General Availability |
November 03, 2021 |
|
General Availability |
November 03, 2021 |
|
General Availability |
November 03, 2021 |
|
General Availability |
November 03, 2021 |
|
General Availability |
November 03, 2021 |