Monitoring
Cisco Secure Email Cloud Gateway
Cloud Email Security (CES) is monitored by the Cisco Operations team and provides proactive monitoring of alarms generated by CES instances.
Status of the CES environment can be seen here: https://status.ces.cisco.com
Status of Email Services (Signature Updates, etc): https://urgentnotices.statuspage.io/
How will I be notified of an issue?
When a customer is on-boarded the technical contact that is provided will be sent notifications of maintenance windows and issues.
❗ Monitoring and alerts do not apply to Beta Appliances in a customer Cloud Gateway instance as these are considered to be non-production allocations.
How do I add email addresses for notifications?
To have new or additional contacts added to the customer notification list, please reach out to Cisco TAC and request an addition to the CES notification list.
Responsibility Matrices
Infrastructure
Description | Cisco | Customer |
---|---|---|
Monitor Datacenter connectivity and issue alerts of the potential impact | x | |
Monitor ESA and SMA instances for availability | x | |
Monitor supporting systems availability (billing, licensing, and provisioning systems) | x | |
Monitor underlying virtual infrastructure | x | |
Monitor storage availability and performance | x |
Capacity
Description | Cisco | Customer |
---|---|---|
Notify of changes to the user counts of the service | x | |
Monitor and address issues with the workqueues | x | |
Monitor downstream mailbox services (Exchange, O365) | x | |
Add additional capacity to existing service | x* |
Note:
If a customer environment changes (additional user counts, higher volume expected) a ticket can be opened to request a capacity review to add capacity. Capacity is measured on a 30 day volume average.
Application
Description | Cisco | Customer |
---|---|---|
Configuration of Policies for Inbound and Outbound Mail | x | |
Upgrade of the vESA and the vSMA | x | |
Backup of Configuration data | x | |
Provide 24x7 break-fix Technical Support via TAC | x | |
Create and maintain secure passwords for the applications | x | |
Monitor and action SLA level alarms | x |
Security
Description | Cisco | Customer |
---|---|---|
Monitor internal user activity for potential compromise | x | |
Ensure configuration is set to effectively block threats using engines available | x | |
Perform penetration and vulnerability tests on the service | x | |
Assess and action on PSIRT notifications | x | |
Monitor and control access to the management environment | x |
What ports are monitored by CES Operations?
- SMTP (25)
- HTTP (443)
- SSH (22)
- SMA: 6025, 7025
What thresholds do the alarms get triggered on?
Counter | Small | Medium | Large |
---|---|---|---|
Active Recipients | 3000 | 6000 | 10000 |
Connections In | 300 | 300 | 300 |
CPU utilization | 95% | 95% | 95% |
Hard Bounced Recipients | 2000 | 3000 | 5000 |
Kb Free | 1,000,000 | 1,000,000 | 1,000,000 |
Msgs in Work Queue | 1200 | 2500 | 5000 |
Oldest Message | 432000s | 432000s | 432000s |
RAM Utilization | 60 | 60 | 60 |
Soft Bounced Events | 2000 | 3000 | 5000 |
Total Utilization | 90% | 90% | 90% |
All rates are shown as the average rate at an event that occurs per hour at the specific point in time the query is made. Rates are calculated for three intervals, the average rate per hour over the past one (1) minute, the past five (5) minutes, and the past fifteen (15) minutes.
For example, if the Cisco appliance receives 100 recipients in a single minute, then the rate for the one (1) minute interval will be 6,000 per hour. The rate for the 5-minute interval will be 1,200 per hour, and the 15-minute rate will be 400 per hour. The rates are calculated to indicate what the average rate for the hour would be if the rate for the one-minute period continued. Therefore, 100 messages each minute would yield a higher rate than 100 messages over 15 minutes.
For questions and clarity on monitoring specific to your CES appliance(s), please open a support case with Cisco TAC.
Updated 6 months ago