Monitoring

Cisco Secure Email Cloud Gateway

Cloud Email Security (CES) is monitored by the Cisco Operations team and provides proactive monitoring of alarms generated by CES instances.

📘

Status of the CES environment can be seen here: https://status.ces.cisco.com
Status of Email Services (Signature Updates, etc): https://urgentnotices.statuspage.io/

How will I be notified of an issue?

When a customer is on-boarded the technical contact that is provided will be sent notifications of maintenance windows and issues.

:exclamation: Monitoring and alerts do not apply to Beta Appliances in a customer Cloud Gateway instance as these are considered to be non-production allocations.

How do I add email addresses for notifications?

To have a new or additional contacts added to the customer notification list, please reach out to Cisco TAC and request an addition to the CES notification list.

Responsibility Matrices

Infrastructure

Description

Cisco

Customer

Monitor Datacenter connectivity and issue alerts of potential impact

x

Monitor ESA and SMA instances for availability

x

Monitor supporting-systems availability (billing, licensing and provisioning systems)

x

Monitor underlying virtual infrastructure

x

Monitor storage availability and performance

x

Capacity

Description

Cisco

Customer

Notify of changes to the user counts of the service

x

Monitor and address issues with the workqueues

x

Monitor downstream mailbox services (Exchange, O365)

x

Add additional capacity to existing service

x*

Monitor delivery times of messages (as per SLA)

x

📘

Note:

If a customer environment changes (additional user counts, higher volume expected) a ticket can be opened to request a capacity review to add capacity. Capacity is measured on a 30 day volume average.

Application

Description

Cisco

Customer

Configuration of Policies for Inbound and Outbound Mail

x

Upgrade of the vESA and the vSMA

x

Backup of Configuration data

x

Provide 24x7 break-fix Technical Support via TAC

x

Create and maintain secure passwords to the applications

x

Monitor and action SLA level alarms

x

Security

Description

Cisco

Customer

Monitor internal user activity for potential compromise

x

Ensure configuration is set to effectively block threats using engines available

x

Perform penetration and vulnerability tests on the service

x

Assess and action on PSIRT notifications

x

Monitor and control access to the management environment

x

What ports are monitored by CES Operations?

  • SMTP (25)
  • HTTP (443)
  • SSH (22)
  • SMA: 6025, 7025

What thresholds do the alarms get triggered on?

Counter

Small

Medium

Large

Active Recipients

3000

6000

10000

Connections In

300

300

300

CPU utilization

95%

95%

95%

Hard Bounced Recipients

2000

3000

5000

Kb Free

1,000,000

1,000,000

1,000,000

Msgs in Work Queue

1200

2500

5000

Oldest Message

432000s

432000s

432000s

RAM Utilization

60

60

60

Soft Bounced Events

2000

3000

5000

Total Utilization

90%

90%

90%

All rates are shown as the average rate an event occurs per hour at the specific point in time the query is made. Rates are calculated for three intervals, the average rate per hour over the past one (1) minute, the past five (5) minutes, and the past fifteen (15) minutes.

For example, if the Cisco appliance receives 100 recipients in a single minute, then the rate for the one (1) minute interval will be 6,000 per hour. The rate for the 5-minute interval will be 1,200 per hour, and the 15-minute rate will be 400 per hour. The rates are calculated to indicate what the average rate for the hour would be if the rate for the one minute period continued. Therefore, 100 messages each minute would yield a higher rate than 100 messages over 15 minutes.

For questions and clarity on monitoring specific to your CES appliance(s), please open a support case with Cisco TAC.


Did this page help you?