Installing an on-premises connector for system services

CASB provides a unified on-premises connector that can be used with multiple services, including SIEM, log agents, and EDLP. The following sections provide specifications and instructions for installing the on-premises connector. 

  • Specifications

  • Downloading the connector

  • Pre-installation steps

  • Installing the connector

  • Restarting and uninstalling the connector 

  • Additional notes 

Note

Remote upgrades are supported only for agents running on CentOS.

If you are using connector version 22.03 and planning to migrate to version 22.10.90, you can upgrade the SIEM, EDLP, and Log Agents using the manual upgrade procedure. For more information, see the Manually upgrading the SIEM, EDLP, and Log Agents section.

Specifications

The following specifications are required for installation of the on-premises connector.

Operating systems and software

  • For SIEM, EDLP, and Log Agent: Red Hat Enterprise, CentOS 8, Ubuntu 20.04.5 LTS (Focal Fossa)

  • Java version 11

  • bzip2 1.0.6

  • RPM version 4.11.3

Firewall settings

  • Allow outbound HTTPS traffic

  • Allow the following outbound WSS connections:

  • Based on the location of your tenant, provide the Node Management URL. 

  • For Europe Central-1 [euc1]

    wss://nm.euc1.lkt.cloud:443/nodeManagement

  • For United States West-2  [usw2]:  

    wss://nm.usw2.lkt.cloud:443/nodeManagement

    Note You can identify the Node Management URL from your Management Console URL as follows:

    If your Management Console URL is

    https://maxonz-ms.euc1.lkt.cloud/account/index.html#login

    Then your Node Management URL is

    euc1.lkt.cloud

  • wsg.ciphercloud.io (applies to SIEM, LOG, and EDLP agents)

    Note This URL is required only for legacy packages. For the on-premises enterprise connector package, you are not required to specify this URL manually.

Minimum requirements for VM configurations 

Here are the deployment options and minimum hardware requirements. The Base Package contains the NS-Agent and upgrade service.

Log agent, SIEM, and EDLP services

  • 8 GB RAM

  • 4 vCPUs

  • 100 GB disk space

Downloading the connector

  1. Go to Administration > System Settings > Downloads.

  2. Select On-premise Connector and click the download icon.

    P2288#yIS1

  3. Save the RPM file for installation on the appropriate VM.

Pre-installation steps

Step 1 – Create an agent for the service

  1. Go to Administration > Enterprise Integration and select the agent to configure.

  2. Perform the following steps to configure the agent.

Step 2 – Create an environment

Perform these basic steps to create an environment.

  1. Go to Administration > Environment Management and click New.

  2. Enter a Name and a Description for the environment. 

  3. Select On-premise Connector as the environment Type.

  4. Enter an IP address for the location where you want to install the connector.

  5. Enable the agent and select a service.

  6. Save the environment.

Step 3 – Create a node

Perform these basic steps to create a node.

  1. Go to Administration > Node Management and click New

  2. Enter a Name and a Description for the node. 

  3. Select Connector as the node Type

  4. Select the environment you created in the previous step.

  5. Select the service. 

  6. Save the node.

Perform the steps in the following sections to install the on-premises connector.

Installing the connector (SIEM, EDLP, and Log Agent)

Perform the following steps to install the on-premises connector. In the script, the term Node Server refers to the connector. In the next sections, the term node server refers to the connector.

Run the following command to start the installation:

[root@localhost home]# rpm -ivh enterprise-connector-21.01.0-105.x86_64.rpm

Preparing...                          ################################# [100%]

/usr/sbin/useradd -r -g ccns-c ${USER_DESCRIPTION} -s /bin/nologin ccns 

Updating / installing...

1:enterprise-connector-0:21.01.0-10################################# [100%]

CipherCloud node server has been successfully installed in /opt/ciphercloud/node-server.

Adding [Systemd] service support

Reloading Systemd daemon

Systemd service node-server has been installed

Please use 'sudo systemctl start node-server' to start the service manually

==========================IMPORTANT=========================================

Please run 'sudo /opt/ciphercloud/node-server/install.sh' to configure the node server before starting it for the first time.

============================================================================

Run the following command to change to the directory in which to install the connector.

[root@localhost ~]# cd /opt/ciphercloud/node-server/ 

Run the following command to perform the installation.

[root@localhost node-server]# ./install.sh 

Initializing node-server install script. Please wait..

Please enter Management Server endpoint [wss://nm:443/nodeManagement]:

Based on the location of your tenant, provide the Node Management URL:

For Europe Central-1 [euc1]:
wss://nm.euc1.lkt.cloud:443/nodeManagement

For United States West-2  [usw2]: 
wss://nm.usw2.lkt.cloud:443/nodeManagement

Note: You can identify the Node Management URL from your Management Console URL as follows:

If your Management Console URL is https://maxonz-ms.euc1.lkt.cloud/account/index.html#login

Then your Node Management URL is
euc1.lkt.cloud

Enter the default option shown or enter the URL for this installation.

Management Server endpoint: <Node Management endpoint URL>

Enter ID for this tenant.

Input Tenant Id: <tenant name>

Enter the unique name for the Node Server.

Input Node Server Unique Name: <node_name

Enter the API token (click the API Token button in the Configuration tab).

Input Node Server Token: <Node API token

There are 3 NICS assigned to this host.

1) NIC_n

2) NIC_n

3) <NIC_n>

Please select an option from the above list

Select an NIC option.

NIC option (1 to 3): <n>

Selected NIC is <NIC_n>

Adding new property ms.endpoint.

Adding new property node.name.

Adding new property node.token.plain.

Adding new property node.nic.

Updating property logging.config

Updating property logging.config

Updating property logging.config

Updating property logging.config

Node server installation is done. Start node server using ‘sudo service node-server start’. 

======================================================

Starting the connector

Run the following command:

sudo service node-server start

Restarting and uninstalling the connector

Restarting

Run the following command:

[root@localhost node-server]#sudo systemctl restart node-server

Uninstalling

Run the following command:

rpm -ev enterprise-connector

Additional configuration notes for SIEM

  • WSG configurations are based on the installing region. 

  • For SIEM, the spooling directory path should be under /opt/ciphercloud/node-server. The directory does not need to be created manually. In the SIEM configuration, provide the directory path and name — for example, /opt/ciphercloud/node-server/siempooldir.

Additional configuration notes for log agents

Connecting to a different server

KACS and WSG configuration are provided by default. If you need to connect to a different server, use the following commands to override the server and port information.

[root@localhost log-agent]# cat /opt/ciphercloud/node-server/config/log-agent/log-agent.conf

JAVA_OPTS=-Xms7682m -Xmx7682m -Dkacs.host=kacs.devqa.ciphercloud.in -Dkacs.port=8987 -Dwsg.host=wsg.devqa.ciphercloud.in -Dwsg.port=8980

Write permissions

If needed, provide the ccns user with write permissions for the spooling directories.

Additional configuration notes for EDLP

KACS and WSG configurations are based on the installing region.