Install a CDO Connector, to Support a Secure Event Connector, Using a CDO VM Image

Before you begin

  • Purchase the Cisco Security and Analytics Logging, Logging and Troubleshooting license, you may also purchase the Logging Analytics and Detection and Total Network Analytics and Monitoring licenses to apply Secure Cloud Analytics to the events.

    If you would rather, you can request a trial version of Security Analytics and Logging by logging in to CDO, and on the main navigation bar, choose Analytics > Event Logging and click Request Trial.

  • CDO requires strict certificate checking and does not support Web/Content Proxy inspection between the CDO Connector and the Internet. If using a proxy server, disable inspection for traffic between the CDO Connector and CDO.

  • The CDO Connector installed in this process must have full outbound access to the Internet on TCP port 443.

  • Review Connect to Cisco Defense Orchestrator using Secure Device Connector to ensure proper network access for the CDO Connector.

  • CDO supports installing its CDO Connector VM OVF image using the vSphere web client or the ESXi web client.

  • CDO does not support installing the CDO Connector VM OVF image using the VM vSphere desktop client.

  • ESXi 5.1 hypervisor.

  • System requirements for a VM intended to host only a CDO Connector and an SEC:

    • VMware ESXi host needs 4 vCPU.

    • VMware ESXi host needs a minimum of 8 GB of memory.

    • VMware ESXi requires 64GB disk space to support the virtual machine depending on your provisioning choice.

  • Gather this information before you begin the installation:

    • Static IP address you want to use for your CDO Connector VM.

    • Passwords for the root and cdo users that you create during the installation process.

    • The IP address of the DNS server your organization uses.

    • The gateway IP address of the network the SDC address is on.

    • The FQDN or IP address of your time server.

  • The CDO Connector virtual machine is configured to install security patches on a regular basis and in order to do this, opening port 80 outbound is required.

Procedure

Step 1

Log on to the CDO tenant you are creating the CDO Connector for.

Step 2

From the CDO menu, choose Tools & Services > Secure Connectors.

Step 3

Click the blue plus button and click Secure Event Connector.

Step 4

In Step 1, click Download the CDO Connector VM image. This is a special image that you install the SEC on. Always download the CDO Connector VM to ensure that you are using the latest image.

Step 5

Extract all the files from the .zip file. They will look similar to these:

  • CDO-SDC-VM-ddd50fa.ovf

  • CDO-SDC-VM-ddd50fa.mf

  • CDO-SDC-VM-ddd50fa-disk1.vmdk

Step 6

Log on to your VMware server as an administrator using the vSphere Web Client.

Note

Do not use the VM vSphere desktop client.

Step 7

Deploy the on-premises CDO Connector virtual machine from the OVF template by following the prompts. (You will need the .ovf, .mf, and .vdk files to deploy the template.)

Step 8

When the setup is complete, power on the VM.

Step 9

Open the console for your new CDO Connector VM.

Step 10

Login as the cdo user. The default password is adm123.

Step 11

At the prompt type sudo sdc-onboard setup

[cdo@localhost ~]$ sudo sdc-onboard setup

Step 12

When prompted, enter the default password for the cdo user: adm123.

Step 13

Follow the prompts to create a new password for the root user.

Step 14

Follow the prompts to create a new password for the cdo user.

Step 15

Follow the prompts to enter your Cisco Defense Orchestrator domain information.

Step 16

Enter the static IP address you want to use for the CDO Connector VM.

Step 17

Enter the gateway IP address for the network on which the CDO Connector VM is installed.

Step 18

Enter the NTP server address or FQDN for the CDO Connector.

Step 19

When prompted, enter the information for the Docker bridge or leave it blank if it is not applicable and press <Enter>.

Step 20

Confirm your entries.

Step 21

When prompted "Would you like to setup the SDC now?" enter n.

Step 22

Create an SSH connection to the CDO Connector by logging in as the cdo user.

Step 23

At the prompt type sudo sdc-onboard bootstrap

[cdo@localhost ~]$ sudo sdc-onboard bootstrap

Step 24

When prompted, enter the cdo user's password.

Step 25

When prompted, return to CDO and copy the CDO bootstrap data, then paste it into your SSH session. To copy the CDO bootstrap data:

  1. Log into CDO.

  2. From the CDO menu, choose Tools & Services > Secure Connectors.

  3. Select the Secure Event Connector which you started to onboard. The status should show, "Onboarding."

  4. In the Actions pane, click Deploy an On-Premises Secure Event Connector.

  5. Copy the CDO Bootstrap Data in step 1 of the dialog box.

Step 26

When prompted, Would you like to update these settings? enter n.

Step 27

Return to the Deploy an On-Premises Secure Event Connector dialog in CDO and click OK. On the Secure Connectors page, you see your Secure Event Connector is in the yellow Onboarding state.

What to do next

Continue to Install the Secure Event Connector on the CDO Connector VM.