Cisco Secure Email Gateway Virtual (AMI)

Request AMI Provisioning

You can use an Amazon Machine Image (AMI) to create a virtual machine instance inside EC2. AMIs for Secure Web Appliance and Secure Email and Web Manager are available in the AWS marketplace. Secure Email Gateway is not available in the AWS marketplace, contact your Cisco sales representative with your AWS account details (username and region) to provision an AMI image.

📘

Note

Secure Email Gateway is not available in the AWS marketplace, contact your Cisco sales representative with your AWS account details (username and region) to provision an AMI image.

Information needed for provisioning:

Info NeededExample
AWS IDYour AWS 12 digit ID
AWS Region/Availability Zoneus-east-2
ESA modelC100V or C300v or C600v
AsyncOS release14.0.0-692

🚧

Note

AMI deployments start at AsyncOS 14.0.0-692. Versions older than 14.0.0-692 are not available for AMI.

Once you have received notification that provisioning is complete, see AMI Image Deployment to aid you with how to deploy the AMI.

AMI Sizing

The EC2 Instance Type details for Virtual Secure Email Gateway are as shown below:

AsyncOS VersionModelEC2 Instance TypevCPUvRAMvNIC (*)Minimum Disk Size
14.0.0-692c100vc4.xlarge47.51200GB
14.0.0-692c300vc4.2xlarge8151500GB
14.0.0-692c600vc4.4xlarge16301500GB

(*) Single NIC will be presented by default but the customer is allowed to create an additional interface at the time of initiating the instance.

Below is screengrab of Amazon EC2 deployment with the recommended instance types:

Deploying on AWS

Please see the following prior to starting your AMI deployment: AMI Image Deployment

The virtual appliance User Guide has been updated to include all AWS/AMI information:
Deploying Cisco Secure Email Gateway, Secure Web, and Secure Email and Web Manager Virtual Appliances on Amazon Elastic Compute Cloud on Amazon Web Services

Please see the following sections to get started:

FAQ

Can a deployment utilize c5.X or m5.X instance types?
It is recommended to deploy as shown, using the c4.X instance types, based on the ESA model provided.

After AMI deployment, can additional vCPU, vRAM, and disk size be utilized?
Currently this is not advised. Cisco has this noted and this is under discussion.

What versions of AsyncOS are available for AMI deployments?
The image that is provisioned and made available for AMI is AsyncOS 14.0.0-692. This is the base AMI image. Customers will need to deploy and then upgrade, as needed, to get an updated version of 14.x.

Are AMI deployed ESA covered by TAC/Cisco Support?
Yes. Please see Getting Support for Virtual Appliances.

Can I migrate my existing Cisco Secure Email Gateway (ESA) configuration for use with my AMI deployment?
Yes. You will need to have like for like versions running. I.e., ESA 14.0.0-692 > ESA (AMI) 14.0.0-692. More information regarding migrating configuration:

Can I cluster an existing on-premises ESA or virtual ESA with my AMI deployment?
Cisco Secure Email Gateway on-premise appliances are not supported on Cisco Secure Email and
Web Manager appliance deployments on AWS.

Can I cluster an existing Cloud ESA (Cisco Secure Email Cloud Gateway) with my AMI deployment?
No. Due to CES infrastructure and network security, this is not permissible.

How does licensing and feature keys work for my AMI deployment?
You can use your existing Secure Email Gateway, Secure Web, or Secure Email and Web Manager
appliance license for deployments in Amazon AWS. After you deploy and launch the instance, you can
install the license. You will be required to pay only the AWS infrastructure charges.

If you are an existing customer, see the Obtain a Virtual License (VLN) topic in the Best Practices for
Virtual ESA, Virtual WSA, or Virtual SMA Licenses
tech notes. If you are a new customer, contact your
nearest Cisco partner to obtain a license.


Did this page help you?