Installation Tasks

This section contains the following topics:

Install Cisco Crosswork Data Gateway

Cisco Crosswork Data Gateway is initially deployed as just a standalone VM called Base VM (containing only enough software to register itself with Crosswork Cloud) and can be geographically separate from the controller running inside Crosswork Cloud. This Base VM is capable of connecting to the controller and enable data collection from the network.

Crosswork Cloud orchestrates the collection from the distributed Cisco Crosswork Data Gateway VM instances.

The Cisco Crosswork Data Gateway VM is delivered as an OVA file and the additional functional/collection images are delivered as Docker images from the controller running inside Crosswork Cloud.

Before installing Cisco Crosswork Data Gateway, it helpful to be familiar with Cisco Crosswork Data Gateway OVF Parameters and Deployment Scenarios.

You can use either of the following two ways to install Cisco Crosswork Data Gateway:

Base VM Contents

The Base VM (OVA) is pre-packaged with basic functionality required to reach the controller.

The Cisco Crosswork Data Gateway VM (OVA) contains the following pre-packaged contents:

  • Cisco hardened Ubuntu distribution of Linux

  • Cisco Crosswork Data Gateway services:

    • Vitals Monitor - Monitors the start and stop status of the container services running on the Cisco Crosswork Data Gateway VM.

    • Controller Gateway – Establishes trusted connection with the controller application via the Controller Gateway and downloads functional images and configuration files.

    • Image Manager – Coordinates between the Cisco Crosswork Data Gateway and the controller application to download functional images and configuration files.

    • Route Manager – Allows functional/collection images to program routes, so the traffic to devices can directed on different south-bound network.

    • Docker IPv6nat - Programs IPv6 routes for docker containers.

Cisco Crosswork Data Gateway OVF Parameters and Deployment Scenarios

Before you begin installing Cisco Crosswork Data Gateway, we recommend you read about OVF parameters and possible deployment scenarios.


Note

Mandatory parameters are denoted by an *. Others are optional. You might choose them based on the kind of deployment scenrio you require. Deployment scenarios are explained wherever applicable.

OVF Parameter

Description

Deployment Scenario

Host Information

Hostname*

Hostname of the server specified as a fully qualified domain name (FQDN).

Description*

User-friendly description to be displayed in the controller i.e., Crosswork.

Note 

This need not be unique.

Label

Label used by Crosswork to categorize and group multiple Cisco Crosswork Data Gateway instances.

Labels are used to allocate workloads to Cisco Crosswork Data Gateway instances in Crosswork Cloud. They can be changed later in the Crosswork Cloud UI.

Note 

This need not be unique.

Private Key URI

SCP URI to private key file for session key signing. You can retrieve this using SCP (user@host:path/to/file).

Crosswork uses self-signed certificates for handshake with Cisco Crosswork Data Gateway. These certificates are generated upon installation.

However, if you want to use third-party or your own certificate files, then you must input these three parameters.

Certificate File URI

SCP URI to PEM formatted signing certificate chain for this VM. You can retrieve this using SCP (user@host:path/to/file).

Certificate File and Key Passphrase

SCP user passphrase to retrieve the Cisco Crosswork Data Gateway PEM formatted certificate file and private key.

Passphrases

dg-admin Password*

Password of the dg-admin user.
Note 

Keep a note of these usernames and passwords as they will be required to login.

dg-oper Password*

Password of the dg-oper user.

1Management IPv4 Address

Management IPv4 Method*

How the management interface gets its IPv4 address.

You must select Static as selecting None will result in a non-functional deployment.

Management IPv4 Address

IPv4 address of the management interface.

Management IPv4 Netmask

IPv4 netmask of the management interface in dotted quad format.

Management IPv4 Gateway

IPv4 address of the management gateway.

1Management IPv6 Address

Management IPv6 Method*

How the Management interface gets its IPv6 address.

You must select Static as selecting None will result in a non-functional deployment.

Management IPv6 Address

IPv6 address of the management interface.

Management IPv6 Netmask

IPv6 prefix of the management interface.

Management IPv6 Gateway

IPv6 address of the management gateway.

1Southbound Data IPv4 Address

Southbound Data IPv4 Method

How the southbound data interface gets its IPv4 address.

You must select Static as selecting None will result in a non-functional deployment.

Note 

This interface can be optionally used by Cloud deployment, in which case all devices in the network are expected to be in the same subnet as that of Southbound interface subnet.

Southbound Data IPv4 Address

IPv4 address of the southbound data interface.

Southbound Data IPv4 Netmask

IPv4 netmask of the southbound data interface in dotted quad format.

Southbound Data IPv4 Gateway

IPv4 address of the southbound Cisco Crosswork Data Gateway.

1Southbound Data IPv6 Address

Southbound Data IPv6 Method

How the southbound data interface gets its IPv6 address.

You must select Static as selecting None will result in a non-functional deployment.

Note 

This interface can be optionally used by Cloud deployment, in which case all devices in the network are expected to be in the same subnet as that of Southbound interface subnet.

Southbound Data IPv6 Address

IPv6 address of the southbound data interface.

Southbound Data IPv6 Netmask

IPv6 netmask of the southbound data interface in dotted quad format.

Southbound Data IPv6 Gateway

IPv6 address of the southbound data gateway.

Northbound Data IPv4 Address

Note 

Northbound interface is not applicable to Cloud Deployment.

Northbound Data IPv4 Method

How the Northbound data interface gets its IPv4 address.

You must select Static as selecting None will result in a non-functional deployment.

Northbound Data IPv4 Address

IPv4 address of the Northbound data interface.

Northbound Data IPv4 Netmask

IPv4 netmask of the Northbound data interface in dotted quad format.

Northbound Data IPv4 Gateway

IPv4 address of the Northbound data gateway.

Northbound Data IPv6 Address

Note 

Northbound interface is not applicable to Cloud Deployment.

Northbound Data IPv6 Method

How the Northbound data interface gets its IPv6 address.

You must select Static as selecting None will result in a non-functional deployment.

Northbound Data IPv6 Address

IPv6 address of the Northbound data interface.

Northbound Data IPv6 Netmask

IPv6 netmask of the Northbound data interface in dotted quad format.

Northbound Data IPv6 Gateway

IPv6 address of the Northbound data gateway.

DNS, NTP, and SCP

DNS Address*

Space-delimited list of IPv4/IPv6 addresses of the DNS server accesible from the management interface.

DNS Search Domain*

DNS search domain

NTP Servers*

Space-delimited list of IPv4/IPv6 addresses or hostnames of the NTP servers accessible from the management interface.

You must enter a value here, such as pool.ntp.org. NTP server is important for time synchronization between Cisco Crosswork Data Gateway VM and Crosswork Cloud. Using a non-functional or dummy address may cause issues when Crosswork Cloud and Cisco Crosswork Data Gateway try to communicate with each other. If you are not using an NTP server, ensure that time gap between Cisco Crosswork Data Gateway and Crosswork Cloud is not more than 24 hours. Else, Cisco Crosswork Data Gateway will fail to pull images.

Syslog Servers

Server Address

IPv4 or IPv6 address of a syslog server accessible from the management interface.

Note 

If you are using an IPv6 addres, it must be surrounded by square brackets ([1::1]).

If you want to use an external syslog server, you must specify these 7 settings.

Note 

If you have configured an external syslog server, the service (CLI/MDT/SNMP) events are sent to that external syslog server. Otherwise, they are logged in /optdg/log in Cisco Crosswork Data Gateway VM.

Syslog Port

Port number of the syslog server.

Syslog Protocol

Use UDP, TCP, or RELP when sending syslog.

Use Syslog over TLS?

Use TLS to encrypt syslog traffic.

Note 

If you are setting this paramter to "No", then the following three parameters are not required:

  • TLS Peer Name

  • Syslog Root Certificate File URI

  • Syslog Certificate File Passphrase

TLS Peer Name

Syslog server's hostname exactly as entered in the server certificate SubjectAltName or subject common name.

Syslog Root Certificate File URI

PEM formatted root cert of syslog server retrieved using SCP.

Syslog Certificate File Passphrase

Password of SCP user to retrieve Syslog certificate chain.

Controller Settings

Proxy Server URL

URL of management network proxy server.

If you want to use a proxy server, you must specify these parameters.

In Cloud deployment, Cisco Crosswork Data Gateway must connect to the Internet via TLS, and a proxy server may be required if present in your environment.

A symptom of missing proxy server is that the Cisco Crosswork Data Gateway will fail to connect to Crosswork Cloud correctly.

If a proxy server is required, then additional configuration may be required and will vary based on the environment.

Proxy Server Bypass List

Space-delimited list of subnets and domains that will not be sent to the proxy server.

Authenticated Proxy Username

Username for authenticated proxy servers.

Authenticated Proxy Passphrase

Passphrase for authenticated proxy servers.

HTTPS Proxy SSL/TLS Certificate File URI

HTTPS proxy PEM formatted SSL/TLS certificate file retrieved using SCP.

HTTPS Proxy SSL/TLS Certificate File passphrase

Password of SCP user to retrieve proxy certificate chain.

Auto Enrollment Package

Enrollment Destination Host and Path

SCP host and path to transfer the enrollment package using SCP (user@host:/path/to/file ).

Although required for the Cisco Crosswork Data Gateway enrollment with Crosswork Cloud, this step is optional here and can be run directly from the Cisco Crosswork Data Gateway's interactive menu at a later time, but anyway before the enrollment takes place.

Specifying these parameters will cause the enrollment package to be transferred when the Cisco Crosswork Data Gateway boots up for the first time.

If you do not specify these parameters during installation, then you must export enrollment package manually following the procedure Export Enrollment Package.

Note:

Enrollment Passphrase

SCP user passphrase to transfer enrollment package.

1Either an IPv4 or IPv6 address must be specified. Selecting None for both will result in a non-functional deployment.

Install Cisco Crosswork Data Gateway Via vCenter

Before you begin

Ensure the following:

  • You are using vSphere Web Client (FLEX). vSphere Client (HTML) is not recommended.

  • You are creating the Cisco Crosswork Data Gateway VM on a recommended VMware version (See Virtual Machine (VM) Requirements for supported versions). To know which vCenter build you have, check on the vSphere web client under Help menu.

  • The Cisco Crosswork Data Gateway VM has allocated to it a minimum of 32 GB of RAM, 8 vCPUs, and 50 GB of hard drive space.

  • You have a public/private IPv4/IPv6 address to assign to the Cisco Crosswork Data Gateway VM's management network virtual interface. The DNS servers, NTP servers, and the Crosswork application must be reachable via this IP address.

  • (Optional) You have a public or private IPv4/IPv6 addresses to assign to the Cisco Crosswork Data Gateway VM's Southbound data network virtual interfaces. Your managed devices must be reachable via the Southbound data network interface.

During installation, Cisco Crosswork Data Gateway creates two default accounts:

  1. A Cisco Crosswork Data Gateway administrator, with the username dg-admin and password set during installation. The product administrator uses this ID to log in to and troubleshoot the Cisco Crosswork Data Gateway.

  2. A Cisco Crosswork Data Gateway operator, with the username dg-oper and password set during installation. This is a read-only user and has permissions to perform all ‘read’ operations and some limited ‘action’ commands. To know what operations can an operator perform, see Table Permissions Per Role in Chapter Manage Users.


Note

These two pre-defined usernames are reserved and cannot be changed.

Change of password would be allowed from the console for both the accounts.

In case of lost or forgotten passwords, there is no way to reset the password. You would have to create a new VM and delete the current VM.

Procedure

Step 1

Download the Cisco Crosswork Data Gateway 1.1.1 image file (*.ova) from the link below.

https://software.cisco.com/download/specialrelease/0c7d04e88f7b294cd1eeb6aae9cb553f

Note 

If you have trouble downloading the software, please reach out to your Cisco representative.
Warning 

The default VMware vSphere deployment timeout is 15 minutes. If the time taken to fill the OVF template exceeds 15 minutes, vCenter times out and you will have to start over again. To prevent this, Cisco recommends that you set the vCenter deployment timeout to a much longer period (such as one hour). Refer your vCenter guide.

Step 2

Connect to vSphere Web Client (FLEX). Then select Actions > Deploy OVF Template, as shown in the following figure:



Step 3

The VMware Deploy OVF Template wizard appears and highlights the first step, 1 Select template, as shown in the following figure.



  1. Click Browse to navigate to the location where you downloaded the OVA image file and select it.

    Once selected, the filename is displayed in the window.
Step 4

Click Next to go to 2 Select name and location, as shown in the following figure.

  1. Enter a name for the Cisco Crosswork Data Gateway VM you are creating.

  2. In the Select a location for the virtual machine list, choose the datacenter under which the Cisco Crosswork Data Gateway VM will reside.



Step 5

Click Next to go to 3 Select a resource, as shown in the following figure. Choose the VM’s host.



Step 6

Click Next. The VMware vCenter Server validates the OVA. Network speed will determine how long validation takes. When the validation is complete, the wizard moves to 4 Review details, as shown in the following figure. Review the OVA’s information and then click Next.

Take a moment to review the OVF template you are deploying.

Note 

This information is gathered from the OVF and cannot be modified.


Step 7

Click Next to go to 5 accept license agreements. Review the End User License Agreement and click Accept.



Step 8

Click Next to go to 6 Select configuration, as shown in the following figure. To install Cisco Crosswork Data Gateway for Crosswork Cloud, you must select Crosswork Cloud from the Configuration dropdown.



Step 9

Click Next to go to 7 Select storage, as shown in the following figure.

  1. Cisco recommends that you select Thick provision lazy zeroed from the Select virtual disk format drop-down list.

  2. From the Datastores table, choose the datastore you want to use and review its properties to ensure there is enough available storage.



Step 10

Click Next to go to 8 Select networks, as shown in the following figure. In the dropdown table at the top of the page, choose the appropriate destination network for the source Management Network, Northbound Data Network, and Southbound Data Network respectively.

Note 

  • This interface can be optionally used by Cloud deployment, in which case all devices in the network are expected to be in the same subnet as that of Southbound interface subnet.

  • Northbound interface is not applicable to Cloud Deployment.


Step 11

Click Next to go to 9 Customize template, with the Host Information Settings already expanded. As per the deployment scenario chosen by you in Section: Cisco Crosswork Data Gateway OVF Parameters and Deployment Scenarios, enter the information for the parameters:

Note 

  • Certificate chains override any preset or generated certificates in the VM and are given as an SCP URI (user:host:/path/to/file).

  1. Host Information

    • Hostname: Hostname of the server specified as a fully qualified domain name (FQDN).

      Note 

      Even though the DNS enforces uniqueness of the hostname, it's recommended that hostnames be unique for better management in Crosswork UI.

    • Description: User-friendly description to be displayed in the controller i.e., Crosswork.

    • Label: Label used by Crosswork to categorize and group multiple Cisco Crosswork Data Gateway instances.

    • Private Key URI: SCP URI to private key file for session key signing. You can retrieve this using SCP (user@host:path/to/file).

    • Certificate File URI: SCP URI to PEM formatted signing certificate chain for this VM. You can retrieve this using SCP (user@host:path/to/file).

    • Certificate File and Key Passphrase: SCP user passphrase to retrieve the Cisco Crosswork Data Gateway PEM formatted certificate file and private key.

  2. Passphrases

    • dg-admin Password: Password of the dg-admin user.

    • dg-oper Password: Password of the dg-oper user.

  3. Management IPv4 Address

    • Management IPv4 Method: How the Management interface gets its IPv4 address.

      Note 

      Either IPv4 or IPv6 must be Static. However, selecting both as Static is optional. Selecting None will result in a non-functional deployment.

    • Management IPv4 Address: IPv4 address of the Management interface.

    • Management IPv4 Netmask: IPv4 netmask of the Management interface in dotted quad format.

    • Management IPv4 Gateway: IPv4 address of the Management gateway.

  4. Management IPv6 Address

    • Management IPv6 Method: How the Management interface gets its IPv6 address.

      Note 

      Either IPv4 or IPv6 must be Static. However, selecting both as Static is optional. Selecting None will result in a non-functional deployment.

    • Management IPv6 Address: IPv6 address of the Management interface.

    • Management IPv6 Netmask: IPv6 netmask of the Management interface in dotted quad format.

    • Management IPv6 Gateway: IPv6 address of the Management gateway.

  5. Southbound Data IPv4 Address

    • Southbound Data IPv4 Method: How the Southbound data interface gets its IPv4 address.

      Note 

      Either IPv4 or IPv6 must be Static. However, selecting both as Static is optional. Selecting None will result in a non-functional deployment.

    • Southbound Data IPv4 Address: IPv4 address of the Southbound data interface.

    • Southbound Data IPv4 Netmask: IPv4 netmask of the Southbound data interface in dotted quad format.

    • Southbound Data IPv4 Gateway: IPv4 address of the Southbound data gateway.

  6. Southbound Data IPv6 Address

    • Southbound Data IPv6 Method: How the Southbound data interface gets its IPv6 address.

      Note 

      Either IPv4 or IPv6 must be Static. However, selecting both as Static is optional. Selecting None will result in a non-functional deployment.

    • Southbound Data IPv6 Address: IPv6 address of the Southbound data interface.

    • Southbound Data IPv6 Netmask: IPv6 netmask of the Southbound data interface in dotted quad format.

    • Southbound Data IPv6 Gateway: IPv6 address of the Southbound data gateway.

  7. DNS, NTP, and SCP

    • DNS Address: Space-delimited list of IPv4/IPv6 addresses of the DNS server accesible from the management interface.

    • DNS Search Domain: DNS search domain

    • NTP Servers: Space-delimited list of IPv4/IPv6 addresses or hostnames of the NTP servers accessible from the management interface.

      Note 

      You must enter a value here, such as pool.ntp.org. NTP server is important for time synchronization between Cisco Crosswork Data Gateway VM and Crosswork Cloud. Using a non-functional or dummy address may cause issues when Crosswork and Cisco Crosswork Data Gateway try to communicate with each other. If you are not using an NTP server, ensure that time gap between Cisco Crosswork Data Gateway and Crosswork Cloud is not more than 24 hours. Else, Cisco Crosswork Data Gateway will fail to pull images.

  8. Syslog Servers

    • Server Address: IPv4 or IPv6 address of a syslog server accessible from the management interface.

      Note 

      If you are using an IPv6 addres, it must be surrounded by square brackets ([1::1]).

    • Syslog Port: Port number of the syslog server.

    • Syslog Protocol: Use UDP, TCP, or RELP when sending syslog.

    • Use Syslog over TLS?: Use TLS to encrypt syslog traffic.

    • TLS Peer Name: Syslog server's hostname exactly as entered in the server certificate SubjectAltName or subject common name.

    • Syslog Root Certificate File URI: PEM formatted root cert of syslog server retrieved using SCP.

    • Syslog Certificate File Passphrase: Password of SCP user to retrieve Syslog certificate chain.

  9. Controller Settings

    • Proxy Server URL: URL of management network proxy server.

    • Proxy Server Bypass List: Space-delimited list of subnets and domains that will not be sent to the proxy server.

    • Authenticated Proxy Username: Username for authenticated proxy servers.

    • Authenticated Proxy Passphrase: Passphrase for authenticated proxy servers.

    • HTTPS Proxy SSL/TLS Certificate File URI: HTTPS proxy PEM formatted SSL/TLS certificate file retrieved using SCP.

    • HTTPS Proxy SSL/TLS Certificate File passphrase: Password of SCP user to retrieve proxy certificate chain.

  10. Auto Enrollment Package

    • Enrollment Passphrase: SCP user passphrase to transfer enrollment package.

    • Enrollment Destination Host and Path: SCP host and path to transfer the enrollment package using SCP (user@host:/path/to/file ).

Step 12

Click Next to go to 10 Ready to complete, as shown in the following figure. Review your settings and then click Finish if you are ready to begin deployment.







Step 13

Wait for the deployment to finish before continuing. To check the deployment status:

  1. Open the vCenter vSphere client.

  2. In the Recent Tasks tab for the host VM, view the status for the Deploy OVF template and Import OVF package jobs, as shown in the following figure:



Wait for the deployment status to become 100%.

Note 

If you are deploying Cisco Crosswork Data Gateway on VCenter 6.7U1 and above, you also need to set boot option to EFI before powering on the VM. Follow these steps:

  1. On the host VM Summary tab, below the VM Hardware table, click Edit Settings.

  2. On the Edit Settings page, click the VM Options tab.

  3. Expand the Boot Options dropdown list and change the Firmware setting to EFI, if it not set by default. When you are finished, click OK. You may want to take a snapshot of the VM at this point.

You can now proceed to power on the VM.
Step 14

Once the deployment status is 100%, power on the VM to complete the deployment process. Expand the host’s entry so you can click the VM and then choose Actions > Power > Power On, as shown in the following figure:



Wait for at least 5 minutes for the Cisco Crosswork Data Gateway VM to come up and then login via vCenter or SSH as explained in the Section Log In and Log Out.

Install Cisco Crosswork Data Gateway Via OVF Tool

This is an alternative way to install Cisco Crosswork Data Gateway. You can modify mandatory/optional parameters in the script as per your requirement and run the OVF Tool.

Below is a sample script for installing using this method:

#!/usr/bin/env bash

# robot.ova path
DG_OVA_PATH="<mention the orchestrator path>"

# Download robot.ova
# Change the path to a convenient location for download
ova_path=<mention the ova path>

mkdir -p $ova_path

echo "Delete ova image if exists"
rm -rf $ova_path/*.ova

# Download robot.ova
cd $ova_path
echo "Downloading ova image"
wget -d --proxy=off -r -l1 -H -t1 -nd -N -np -A.ova -erobots=off ${DG_OVA_PATH}

filename=`find $ova_path -name \*.ova`

VM_NAME="dg-42"
DM="thin"
Deployment="cloud"


Hostname="Hostname"
ManagementIPv4Address="<management_ipv4_address>"
ManagementIPv4Gateway="<management_ipv4_gateway>"
ManagementIPv4Netmask="<management_ipv4_netmask>"
ManagementIPv4Method="Static"
SouthDataIPv4Address="<southdata_ipv4_address>"
SouthDataIPv4Gateway="<southdata_ipv4_gateway>"
SouthDataIPv4Netmask="<southdata_ipv4_netmask>"
SouthDataIPv4Method="Static"

DNS="<DNS_ip_address>"
NTP="<NTP Server>"
Domain="cisco.com"

Description="Description for Cisco Crosswork Data Gateway for 42"
Label="Label for Cisco Crosswork Data Gateway dg-42"

dg_adminPassword="<dg-admin_password>"
dg_operPassword="<dg-oper_password>"

EnrollmentURI="<enrollment_package_URI>"
EnrollmentPassphrase="<password>"

# Please replace this information according to your vcenter setup

VCENTER_LOGIN="<vCenter login details>"
VCENTER_PATH="<vCenter path>"
DS="<DS details>"

ovftool --acceptAllEulas --X:injectOvfEnv --skipManifestCheck --overwrite --noSSLVerify --powerOffTarget --powerOn \
--allowExtraConfig --extraConfig:firmware=efi --extraConfig:uefi.secureBoot.enabled=true \
--datastore="$DS" --diskMode="$DM" \
--name=$VM_NAME \
--net:"Management=VM Network" \
--net:"SouthData=DPortGroupVC-1" \
--net:"NorthData=DPortGroupVC-2" \
--deploymentOption=$Deployment \
--prop:"EnrollmentURI=$EnrollmentURI" \
--prop:"EnrollmentPassphrase=$EnrollmentPassphrase" \
--prop:"Hostname=$Hostname" \
--prop:"Description=$Description" \
--prop:"Label=$Label" \
--prop:"ManagementIPv4Address=$ManagementIPv4Address" \
--prop:"ManagementIPv4Gateway=$ManagementIPv4Gateway" \
--prop:"ManagementIPv4Netmask=$ManagementIPv4Netmask" \
--prop:"ManagementIPv4Method=$ManagementIPv4Method" \
--prop:"SouthDataIPv4Address=$SouthDataIPv4Address" \
--prop:"SouthDataIPv4Gateway=$SouthDataIPv4Gateway" \
--prop:"SouthDataIPv4Netmask=$SouthDataIPv4Netmask" \
--prop:"SouthDataIPv4Method=$SouthDataIPv4Method" \
--prop:"DNS=$DNS" \
--prop:"NTP=$NTP" \
--prop:"dg-adminPassword=$dg_adminPassword" \
--prop:"dg-operPassword=$dg_operPassword" \
--prop:"Domain=$Domain" $ROBOT_OVA_PATH "vi://$VCENTER_LOGIN/$VCENTER_PATH"

Procedure

Step 1

Open a command prompt.
Step 2

Navigate to the location where you installed the OVF Tool.

Step 3

Run the OVF Tool using the following command:

The command contains the location of the source OVF file and location of the vmx file that will be created as a result of executing the command:

ovftool <location_of_source_ovf_file> <location_of_vmx_file>

For example,

root@cxcloudctrl:/opt# ./cdgovfdeployVM197

Post-installation Tasks

Once the Cisco Crosswork Data Gateway is installed, complete the following tasks in the order of their listing:

Log In and Log Out

You can use either of the following two ways to access Cisco Crosswork Data Gateway:

Access Cisco Crosswork Data Gateway Through vCenter

Follow these steps to log in via vCenter:

Procedure
Step 1

Locate the VM in vCenter and then right click and select Open Console.

The Cisco Crosswork Data Gateway flash screen comes up.

Step 2

Enter username (dg-admin or dg-oper as per the role assigned to you) and the corresponding password (the one that you created during installation process) and press Enter.



Access Cisco Crosswork Data Gateway Via SSH

Follow these steps to login via SSH.

Procedure
Step 1

Run the following command:

ssh <username>@<ManagementNetworkIP>

where ManagementNetworkIP is the management network IP address.

For example,

To login as adminstrator user: ssh dg-admin@<ManagementNetworkIP>

To login as operator user: ssh dg-oper@<ManagementNetworkIP>

The following Cisco Crosswork Data Gateway flash screen opens prompting for password:



Step 2

Input the corresponding password (the one that you created during installation process) and press Enter.) and press Enter.

Log Out

To log out, select option l Logout from the Main Menu and press Enter or click OK.



This image is not available in preview/cisco.com

Generate Enrollment Package

Every Cisco Crosswork Data Gateway instance needs to be identified by the Crosswork application by means of an immutable identifier. For this purpose, the Base VM bootstrap procedure involves generating a Cisco Crosswork Data Gateway Enrollment Package. However, the enrollment package is generated on demand when user wants to enroll the Cisco Crosswork Data Gateway VM. User can request for it to be generated by supplying OVF parameters during installation or by using Export Enrollment Package option from the interactive menu.

The enrollment package is a JSON document created from the information obtained through the OVF template populated by the user during installation. It includes the all necessary information about Cisco Crosswork Data Gateway required for registering, such as Certificate, UUID of the Cisco Crosswork Data Gateway instance, and metadata like Cisco Crosswork Data Gateway instance name, Creation Time, version info, etc.

You must export it before using it to enroll Cisco Crosswork Data Gateway with Crosswork. The steps to do so are desribed in Section Export Enrollment Package.

A sample enrollment package JSON is shown below:

{
  "name": "dg116.cisco.com",
  "description": "CDG Base VM for Automation",
  "profile": {
    "cpu": 8,
    "memory": 31,
    "nics": 3
  },
  "interfaces": [
    {
      "name": "eth0",
      "mac": "00:50:56:9e:09:7a",
      "ipv4Address": "<ip_address>/24"
    },
    {
      "name": "eth1",
      "mac": "00:50:56:9e:67:c3",
      "ipv4Address": "<ip_address>/16"
    },
    {
      "name": "eth2",
      "mac": "00:50:56:9e:83:83",
      "ipv4Address": "<ip_address>/16"
    }
  ],
  "certChain": [
    "MIIFezCCA2OgAwIBAgIJAIP1aTyDBd/MMA0GCSqGSIb3DQEBDQUAMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTERMA8GA1UEBwwIU2FuIEpvc2UxCzAJBgNVBAoMAkRHMRgwFgYDVQQDDA9kZzExNi5jaXNjby5jb20wHhcNMTkxMDI4MTQwMDE0WhcNMzkxMDIzMTQwMDE0WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMQswCQYDVQQKDAJERzEYMBYGA1UEAwwPZGcxMTYuY2lzY28uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuizEa5R/BERI5G7mc0XD23NKFg6y8YzL1IFn7r1xUwP13mmOZq1WjNowhCecVSV9X+a2Ozcs69S2zJe6lsV8hV9g7+maTiE1KPrsyO6oAGvyA5RE/BfbR2LgR5mnsYK/GqInfqnR0/W6C038Godp2gRo6V+C3cgdtcGBaTegQuHpDqzQFLOxmV25+XFAyWlorb6PLDXU1nihs1kOYZbAZrqsBod+CVBVaj9ne809T6SfaiFiOiZ7pPDMotcDnivfQl+/n2/JvqS0SRcFbua5yirwKqCdRoK1JRnMZS1TR6aA9eex24Dc/xzKK+PBI+vNstX1u3JyoisNayc3GgFBgHXP/TqmEF2+EhuxnonY0FG37eYz0AWjbzc57VApeZuHd4pC2jwwe7ln8NxnVqnGqHUSa3Lsz6/NLsCKs89qyvg+0GqMiB8bjWdjP+/I7LOCpaUFK+NaiIoDrHGy2JtbbpHtWqPWH80TM1hYbd8osznr4+CvAeHp3xB69alBrM/QNYHP7wmI8z7Ok4sAFIcprLS9Vhw9dT+EYL2jTfADA/g2vhUKc4Ip9NTdaQfMUyDhMp85Rliu4XvCOS6EjYfB92VouYnKRtA/vAgImTYkCVxifZ2CKPfyaI1SA6VaHDx2APVLFC9TjEWTkAvYU6tIAsIj0JMAPaWFZiBdsym4aN8CAwEAAaNQME4wHQYDVR0OBBYEFBTwQocZxTkwKsMrdrotzAk/ztZgMB8GA1UdIwQYMBaAFBTwQocZxTkwKsMrdrotzAk/ztZgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBACRJEeEO6zpbpV16O/pEDBmxz6KmM1XTLyNtnJrhtJ7EVcWDPWut6NgxsuETVDT+0BSr+/br2IVK1Gz8mi2PcGSuJKG3pATeg8XrdCYcnyWN2f7U3WXBQrX9a4GYNE0NPTjLmcm0+1zahQi2mNE6UHcf7R+CTP/CJYspcwWGqT127m2kWYyWBZX544dI+tX/InWnkMNP0AAXAOTJrGyNV+DRqoLD8/gjl1Zu+J6tkajenJv/RuS8FBqdXBUlCmPeaHgATsROYI+ZtFeBZC3051xNnSDFY+M4/6h+h2c6KTrQERLVZx15yRCZHZ/B3q/SLPiaMOkVuwn1SwMXvR+V67x2cxbmM1lgeKmAcyKeP4RMJmcpvZYQEaCJxKSoLh9Fp03wxLJbJS18w2J8l+hi7eYQ3PMKKhCGEepZslRCKRvW/ecIvV37EPI1g9Ecr1ea9q5tmrjqpdXbD0OMms057HY0/UQggLd939BuwWE1ryy6QDEc7I1edfvmovE9Sw+vdGGvikWONfsI4vCbBd6QCRl+f5pbOwYanln5YUnI3fRhVQ5OsrhstVkCzAMtQxr88Q4junWrduzFyHn36cE7qDBk7A1umeh04Pv1jZMrduBT2J9mD2A4VyGo2YE0VWvrd/m8R7QsLPBYfRZzYKJNSBeLlxl3V4j37aGGblL7uZFD"
  ],
  "version": "1.1.1 (branch dg111 - build number 14)",
  "duuid": "d58fe482-fdca-468b-a7ad-dfbfa916e58b"
}

Export Enrollment Package


Note

This is needed only if you have not specified Auto Enrollment Package Transfer settings in the OVF template. Otherwise, the file will be at the SCP URI destination after the VM boots.

Also, even if you have specified Auto Enrollment Package Transfer settings in the OVF template, you must perform Step 5 of this task.

Before enrolling Cisco Crosswork Data Gateway with Crosswork Cloud, you must export the enrollment package.

Follow these steps:

Procedure

Step 1

Log in to the Cisco Crosswork Data Gateway Base VM as explained in Section Log In and Log Out.

Step 2

From the Main Menu, select 1 Export Enrollment Package and click OK.



Step 3

Enter SCP URI for exporting the enrollment package when prompted and click OK.

Note 

  • The host must run SCP server.

  • If you are not using the default port 22, you can specify the port as a part of the SCP command. For example, to export the enrollment package to another host that has SCP server listening on port 4000, you can give the following command:

    -P4000 admin@<ip_address>:/home/admin


Step 4

Enter the SCP passphrase (the SCP user password) when prompted and click OK.



The enrollment package is exported.
Step 5

Manually copy the enrollment package from the above SCP server to your local computer (used to access Crosswork Web UI) to be used to enroll Cisco Crosswork Data Gateway with Crosswork Cloud.

Note 

For procedure to enroll Cisco Crosswork Data Gateway with Crosswork Cloud, refer Section: Add Crosswork Data Gateway Information in Cisco Crosswork Trust Insights User Guide.