On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Virtual Appliance Setup

Once you create a remote in SecureX orchestration, you can deploy the virtual appliance OVA and apply the configuration you downloaded. Here’s a summary of this process:

  1. Download the latest version of the SecureX orchestration remote OVA.
  2. Generate an SSH key pair and console password.
  3. Deploy the OVF template.
  4. Verify remote connectivity.
  5. (Optional) Define NTP servers.

Remote Overview

Note that the virutal machine's configuration cannot be easily modified after it is deployed. You can SSH or console into the Ubuntu host operating system, however, we do not support or document how to make configuration changes to the VM directly (with the exception of configuring NTP servers).

Download the OVA

  1. In SecureX orchestration, navigate to the Remote Configuration page (under the Admin section).
  2. Click the Download Appliance link next to the New Remote button:

If you want to verify the file hash of the OVA, please refer to the following table:

File Name File Size SHA256 Hash
sxo-remote-1.6.ova 1.6 GB 2cc3ffc5cb753d20ffc438598f1246b44dca7e1145cbfcb48da68fc9daa193c3

Deploying the VM

  1. In your VMware vCenter client, right click on the folder you want to deploy the remote in and select Deploy OVF Template:

  2. Select the Local file option, select the remote OVA you downloaded, and click Next:

  3. Give the virtual appliance a unique name, confirm the machine’s location, and click Next:

  4. Select the compute resource to deploy the virtual appliance on and click Next:

  5. Review the details of the deployment and click Next.
  6. Select the datastore you want to use for the virtual appliance and click Next.
    • Note: We recommend a minimum of 30 GB of disk space be available for an orchestration remote.
  7. Select the network you want to deploy the virtual appliance on and click Next:

  8. On the customize template screen, you’ll need to provide some information:
    • Provide a unique ID and hostname for the virtual appliance:

    • (Optional) Provide an SSH public key for SSH access (see these instructions).
    • Set Encoded user-data to the contents of remoteconfig.txt (from the remotePackage.zip you downloaded during remote creation).
    • Provide a password for the virtual appliance for console access (the username will be ubuntu).

    • Click Next.
  9. Review all of the virtual appliance’s details and, if everything looks correct, click Finish.

Once the virtual appliance finishes deploying, be sure to power it on! Once online, the remote’s status should change from Not Connected to Connected on the remotes list in SecureX orchestration. Note that a newly deployed remote can take up to 10 minutes to show as connected!

(Optional) Define NTP Servers

After deploying your SecureX orchestration remote, you can configure the virtual appliance to use custom NTP servers using these steps:

  1. Log in to your virtual appliance by either:
    • Opening a console to the VM in vCenter and logging in with your password; or
    • SSHing to the VM using the key pair you created during setup.
  2. Open the file /etc/chrony/chrony.conf and change the NTP servers to your preferred servers.
  3. Save and close the file.
  4. Run the following command to restart the NTP service and check that the time is correct: systemctl restart chronyd ; watch chronyc tracking.

Generating an SSH Key Pair

If you want to be able to SSH to your remote appliance, you’ll need to generate a key pair for authentication. You can use any key pair you want, as long as it’s valid for a standard Ubuntu authorized_hosts file. Below, we give examples of how to generate a default RSA key pair.


  1. Open a terminal.
  2. Execute the command: ssh-keygen -t rsa -b 4096 -f /path/to/output/keypair (for a 4096-bit RSA key).
  3. If you want to use a passphrase, provide it and then confirm it. If not, press enter twice.
  4. A public and private key will be generated at the path you provided. In this example:
    • keypair will contain the private key.
    • keypair.pub will contain the public key.


One of the easiest ways to generate a key pair on Windows is by using the PuTTygen utility:

  1. Download PuTTygen from this page (look for puttygen.exe under Alternative binary files).
  2. Run puttygen.exe.
  3. If you want a passphrase on your key pair, provide it in Key passphrase and Confirm passphrase.
  4. Select the type of key and key length at the bottom of the window (we recommend at least a 2048-bit RSA key).
  5. Click the Generate button.
  6. Use the Save public key and Save private key buttons to export the keys.

Next Steps

Now that you’ve deployed the orchestration remote virtual appliance, you can configure your on-premises targets to use it!

Target Configuration