Cisco RADKit.
From NetOps to DevOps.

RADKit is “CSDL approved” - CSDL is a Cisco process that reviews software for security risks, data privacy and 3rd party licensing compliance. RADKit underwent stringent security review: code quality and dependencies are analyzed throughout the development process; our services are constantly monitored. More details are available here.

All data at rest or in transit is protected by industry standard algorithms (AES, RSA, SHA-2, ECDH…) and protocols (2-way authenticated TLS1.3, SSH) with industry-recommended parameters.

RADKit is vetted for Data Privacy and complies with GDPR and other laws. When used in collaboration with the TAC, RADKit facilitates or expedites the transfer of information you would normally share with your support engineer. When used for your own needs, the data remains yours and Cisco does not keep any copy of it.

Everything is stored in an encrypted DB on your system. The encryption key is protected by the superadmin password you configure. Keys and passphrases are never escrowed.

With a mix of Single-Sign-On (SSO) authentication and X.509 certificates. All identities are trackable and revokable.

It is the user's choice. RADKit can be stopped when not in use; there is a user interface button for that. Some people prefer it always-on; others like to stop it when not in use.

No. RADKit relies exclusively on egress connections and traverses most proxies.

No - only to the equipment you explicitly authorize.

No. RADKit relies on message passing and does not establish IP connectivity between the RADKit components. In particular, there is no IP connectivity between your network and Cisco. Everything remains strictly isolated.

RADKit connects to prod.radkit-cloud.cisco.com, which is a load-balanced service hosted on AWS.

Yes. There is a “wipe-out” button in the user interface, and you can also delete the configuration files manually should you prefer (everything is self contained so it is easy and foolproof). Uninstalling and removing RADKit is also easy; we do not install a mess on your system.

No. Nothing. RADKit only facilitates data transfer but nothing is collected nor stored by RADKit. It is just an efficient way for you to collect data and a more secure way to exchange data with your support engineer than sending emails or manually uploading to an SR. The only exception to this rule is the audit trail that we generate for your security, that is owned by you and that never leaves your system.

RADKit keeps a complete audit trail of the engineer's actions. Every request (even failed attempts), every command, every output is logged in real time. The audit trail is stored on your system and is inalterable by a remote TAC engineer. The audit trail is in raw format for you to process in any way you see fit. When working with the TAC, the TAC engineer will also share their screen on request (we encourage doing so).

No - only the engineers you explicitly authorize and for the duration you specify. Access rights can be revoked instantaneously, at any moment, at the click of a button. There is no backdoor for anyone.

RADKit is much more efficient for troubleshooting or managing systems. RADKit does not require to control your computer. RADKit also preserves a human- and machine—consumable audit trail which is much more effective than a session recording. If anything, RADKit is a safer way to work on a network and nicely complements Webex.

We provide you with a way to decrypt all config files and databases (we can't) for you to verify their content. You can access and decode every piece of data stored by RADKit on your system. The installed files are either in a self-contained directory or installed at well-known locations on your OS - this can be verified by you at any time.