Host Information
|
Hostname*
|
Hostname |
Name of the Cisco Crosswork Data Gateway VM specified as a fully qualified domain name (FQDN).
Note
|
For larger systems it is likely that you will have more than one Cisco Crosswork Data Gateway VM. The hostname must, therefore, be unique and created in a way that makes identifying a specific VM easy.
|
|
|
Description*
|
Description |
A detailed description of the Cisco Crosswork Data Gateway.
|
|
Label
|
Label |
Label used by Cisco Crosswork Cloud to categorize and group multiple Cisco Crosswork Data Gateways.
|
|
Active vNICs
|
ActiveVnics |
Number of vNICs to use for sending traffic.
|
You can choose to use either 1,2 or 3 interfaces as per your network requirements.
For information on how you can route traffic, see Interfaces in the VM Requirements table.
|
AllowRFC8190
|
AllowRFC8190 |
Allow interface address that falls in a usable RFC 8190 range. Select yes , no or ask . The default value is yes .
|
|
Private Key URI
|
DGCertKey |
SCP URI to private key file for session key signing. You can retrieve this using SCP (user@host:path/to/file).
|
Certificate chains override any preset or generated certificates in the Cisco Crosswork Data Gateway VM and are given as an
SCP URI (user:host:/path/to/file).
Crosswork Cloud uses self-signed certificates for handshake with Cisco Crosswork Data Gateway. These certificates are generated at installation.
However, if you want to use third-party or your own certificate files, then you must input these three parameters.
Note
|
The host with the URI files must be reachable on the network (from the vNIC0 interface via SCP) and files must be present
at the time of install.
|
|
Certificate File URI
|
DGCertChain |
SCP URI to PEM formatted signing certificate chain for this VM. You can retrieve this using SCP (user@host:path/to/file).
|
Certificate File and Key Passphrase
|
DGCertChainPwd |
SCP user passphrase to retrieve the Cisco Crosswork Data Gateway PEM formatted certificate file and private key.
|
Data Disk Size
|
DGAppdataDisk |
Size in GB of a separate data disk. The default and minimum value is 20GB. Enter a value upto 70 GB.
|
|
Passphrases
|
dg-admin Passphrase*
|
dg-adminPassword |
The password you have chosen for the dg-admin user.
Password must be 8-64 characters.
|
|
dg-oper Passphrase*
|
dg-operPassword |
The password you have chosen for the dg-oper user.
Password must be 8-64 characters.
|
Interfaces
Note
|
You must select either an IPv4 or IPv6 address. Selecting None in both vNICx IPv4 Method field and vNICx IPv6 Method field will result in a non-functional deployment.
|
|
vNICx IPv4 Address (VNIC0, VNIC1 and VNIC2 based on the number of interfaces you chooose to use)
|
vNICx IPv4 Method*
For example, the parameter name for vNIC0 is vNIC0 IPv4 Method.
|
VnicxIPv4Method For example, the parameter name for vNIC0 is Vnic0IPv4Method .
|
How the vNICx interface gets its IPv4 address.
|
The default value for Method is None.
If you choose to use IPv4 address, select Method as Static and enter information in Address, Netmask, Skip Gateway, and Gateway fields.
|
vNICx IPv4 Address
|
VnicxIPv4Address |
IPv4 address of the vNICx interface.
|
vNICx IPv4 Netmask
|
VnicxIPv4Netmask |
IPv4 netmask of the vNICx interface in dotted quad format.
|
vNICx IPv4 Skip Gateway
|
VnicxIPv4SkipGateway |
Options are yes or no .
Selecting yes skips configuring a gateway.
|
vNICx IPv4 Gateway
|
VnicxIPv4Gateway |
IPv4 address of the vNICx gateway.
|
vNICx IPv6 Address (VNIC0, VNIC1 and VNIC2 based on the number of interfaces you chooose to use)
|
vNICx IPv6 Method*
For example, the parameter for vNIC0 is vNIC0 IPv6 Method.
|
VnicxIPv6Method For example, the parameter for vNIC0 is Vnic0IPv6Method .
|
How the vNICx interface gets its IPv6 address.
|
The default value for Method is None.
If you choose to use IPv6 address, select Method as Static and enter information in Address, Netmask, Skip Gateway, and Gateway fields.
|
vNICx IPv6 Address
|
VnicxIPv6Address |
IPv6 address of the vNICx interface.
|
vNICx IPv6 Netmask
|
VnicxIPv6Netmask |
IPv6 prefix of the vNICx interface.
|
vNICx IPv6 Skip Gateway
|
VnicxIPv6SkipGateway |
Options are yes or no .
Selecting yes skips configuring a gateway.
|
vNICx IPv6 Gateway
|
VnicxIPv6Gateway |
IPv6 address of the vNICx gateway.
|
DNS Servers
|
DNS Address*
|
DNS |
Space-delimited list of IPv4/IPv6 addresses of the DNS server accessible from the management interface.
|
|
DNS Search Domain*
|
Domain |
DNS search domain
|
|
DNS Security Extensions
|
DNSSEC |
Use DNS security extensions?
|
|
DNS over TLS
|
DNSTLS |
Use DNS over TLS?
|
|
Multicast DNS
|
mDNS |
Use multicast DNS?
|
|
Link-Local Multicast Name Resolution
|
LLMNR |
Use link-local multicast name resolution?
|
|
NTPv4 Servers
|
NTPv4 Servers*
|
NTP |
Space-delimited list of IPv4/IPv6 addresses or hostnames of the NTPv4 servers accessible from the management interface.
|
You must enter a value here, such as pool.ntp.org. NTP server is critical for time synchronization between Cisco Crosswork Data Gateway, Crosswork Cloud, and devices. Using a non-functional or dummy address may cause issues when Crosswork Cloud and Cisco Crosswork Data Gateway try to communicate with each other. If you are not using an NTP server, ensure that time gap between Cisco Crosswork Data Gateway and Crosswork Cloud is not more than 24 hours. Else, Cisco Crosswork Data Gateway will fail to connect.
|
Use NTPv4 Authentication
|
NTPAuth |
Use NTPv4 authentication?
|
|
NTPv4 Keys
|
NTPKey |
Space delimited Key IDs to map to server list.
|
|
NTPv4 Key File URI
|
NTPKeyFile |
SCP URI to the chrony key file.
|
|
NTPv4 Key File Passphrase
|
NTPKeyFilePwd |
Password of SCP URI to the chrony key file.
|
|
Remote Syslog Servers
|
Use Remote Syslog Server? |
UseRemoteSyslog |
Send syslog messages to a remote host? |
Configuring an external syslog server will send service events to the external syslog server. Otherwise, they are logged
only to the Cisco Crosswork Data Gateway VM.
If you want to use an external syslog server, you must specify these seven settings.
Note
|
The host with the URI files must be reachable on the network (from vNIC0 interface via SCP) and files must be present at the
time of install.
|
|
Syslog Server Address
|
SyslogAddress
|
IPv4 or IPv6 address of a syslog server accessible from the management interface.
Note
|
If you are using an IPv6 addres, it must be surrounded by square brackets ([1::1]).
|
|
Syslog Server Port
|
SyslogPort |
Port number of the syslog server.
|
Syslog Server Protocol
|
SyslogProtocol |
Use UDP, TCP, or RELP when sending syslog.
|
Use Syslog over TLS?
|
SyslogTLS |
Use TLS to encrypt syslog traffic.
|
Syslog TLS Peer Name
|
SyslogPeerName |
Syslog server's hostname exactly as entered in the server certificate SubjectAltName or subject common name.
|
Syslog Root Certificate File URI
|
SyslogCertChain
|
PEM formatted root cert of syslog server retrieved using SCP.
|
Syslog Certificate File Passphrase
|
SyslogCertChainPwd
|
Password of SCP user to retrieve Syslog certificate chain.
|
Remote Auditd Servers
|
Use Remote Auditd Server?
|
UseRemoteAuditd |
Send Auditd message to a remote host?
|
If desired, you can configure an external remote auditd server to send change audit notifications when changes are made to
the Cisco Crosswork Data Gateway VM.
Specify these three settings to use an external Auditd server.
|
Auditd Server Address
|
AuditdAddress |
Hostname, IPv4, or IPv6 address of an optional Auditd server
|
Auditd Server Port
|
AuditdPort |
Port number of an optional Auditd server.
|
Controller Settings
|
Proxy Server URL
|
ProxyURL
|
URL of management network proxy server.
|
In Cloud deployment, Cisco Crosswork Data Gateway must connect to the Internet via TLS, and a proxy server may be required
if it is not present in your environment.
If you want to use a proxy server, you must specify these parameters.
|
Proxy Server Bypass List
|
ProxyBypass |
Space-delimited list of subnets and domains that will not be sent to the proxy server.
|
Authenticated Proxy Username
|
ProxyUsername |
Username for authenticated proxy servers.
|
Authenticated Proxy Passphrase
|
ProxyPassphrase |
Passphrase for authenticated proxy servers.
|
HTTPS Proxy SSL/TLS Certificate File URI
|
ProxyCertChain |
HTTPS proxy PEM formatted SSL/TLS certificate file retrieved using SCP.
|
HTTPS Proxy SSL/TLS Certificate File Passphrase
|
ProxyCertChainPwd |
Password of SCP user to retrieve proxy certificate chain.
|
Auto Enrollment Package Transfer
|
Enrollment Destination Host and Path**
|
EnrollmentURI |
SCP host and path to transfer the enrollment package using SCP (user@host:/path/to/file ).
|
Enrollment package is required for enrolling Cisco Crosswork Data Gateway with Crosswork Cloud. If you specify these parameters during the installation, the enrollment package is automatically transferred
to the local host once Cisco Crosswork Data Gateway boots up for the first time.
If you do not specify these parameters during installation, then you must export enrollment package manually by following
the procedure Export Enrollment Package.
|
Enrollment Passphrase**
|
EnrollmentPassphrase |
SCP user passphrase to transfer enrollment package.
|