Host Information
|
Hostname*
|
Hostname |
Name of the Cisco Crosswork Data Gateway VM specified as a fully qualified domain name (FQDN).
Note
|
In larger systems you are likely to have more than one Cisco Crosswork Data Gateway VM. The hostname must, therefore, be unique and created in a way that makes identifying a specific VM easy.
|
|
|
Description*
|
Description |
A detailed description of the Cisco Crosswork Data Gateway.
|
|
Label
|
Label |
Label used by Cisco Crosswork Cloud to categorize and group multiple Cisco Crosswork Data Gateways.
|
|
Deployment
|
Deployment
|
Parameter that conveys the controller type. Specify the value as cloud for Cloud deployment.
|
This paramter is pre-defined for CSP installation. You will need to specify this parameter only in case of VMware or OVF tool
installation.
|
Active vNICs*
|
ActiveVnics |
Number of vNICs to use for sending traffic.
|
You can choose to use either 1, 2 or 3 interfaces as per your network requirements.
For information on how you can route traffic, see Interfaces in the VM Requirements table.
|
AllowRFC8190 * |
AllowRFC8190 |
Automatically allow addresses in an RFC 8190 range. Options are yes , no or ask , where the initial configuration script prompts for confirmation. The default value is yes .
|
|
Private Key URI
|
DGCertKey |
URI to private key file for session key signing. You can retrieve this using SCP (user@host:path/to/file).
|
Crosswork Cloud uses self-signed certificates for handshake with Cisco Crosswork Data Gateway. These certificates are generated at installation.
However, if you want to use third-party or your own certificate files enter these three parameters.
Certificate chains override any preset or generated certificates in the Cisco Crosswork Data Gateway VM and are given as an
SCP URI (user:host:/path/to/file).
Note
|
The host with the URI files must be reachable on the network (from the vNIC0 interface via SCP) and files must be present
at the time of install.
|
|
Certificate File URI
|
DGCertChain |
URI to PEM formatted signing certificate chain for this VM. You can retrieve this using SCP (user@host:path/to/file).
|
Certificate File and Key Passphrase
|
DGCertChainPwd |
SCP user passphrase to retrieve the Cisco Crosswork Data Gateway PEM formatted certificate file and private key.
|
Data Disk Size
|
DGAppdataDisk |
Size in GB of a second data disk. The default size is 20GB.
|
|
Passphrases
|
dg-admin Passphrase*
|
dg-adminPassword |
The password you have chosen for the dg-admin user.
Password must be 8-64 characters.
|
|
dg-oper Passphrase*
|
dg-operPassword |
The password you have chosen for the dg-oper user.
Password must be 8-64 characters.
|
Interfaces
Note
|
You must select either an IPv4 or IPv6 address. Selecting None in both vNICx IPv4 Method field and vNICx IPv6 Method field will result in a non-functional deployment.
|
|
vNICx IPv4 Address (vNIC0, vNIC1 and vNIC2 based on the number of interfaces you choose to use)
|
vNICx IPv4 Method*
For example, the parameter name for vNIC0 is vNIC0 IPv4 Method.
|
VnicxIPv4Method For example, the parameter name for vNIC0 is Vnic0IPv4Method .
|
None orStatic
The default value for Method is None.
To use IPv4 address, select Method as Static and select the vNICx IPv6 Method as None.
|
If you have selected Method as Static, enter information in Address, Netmask, Skip Gateway, and Gateway fields.
|
vNICx IPv4 Address
|
VnicxIPv4Address |
IPv4 address of the vNICx interface.
|
vNICx IPv4 Netmask
|
VnicxIPv4Netmask |
IPv4 netmask of the vNICx interface in dotted quad format.
|
vNICx IPv4 Skip Gateway
|
VnicxIPv4SkipGateway |
Options are yes or no .
Selecting yes skips configuring a gateway.
|
vNICx IPv4 Gateway
|
VnicxIPv4Gateway |
IPv4 address of the vNICx gateway.
|
vNICx IPv6 Address (VNIC0, VNIC1, and VNIC2 based on the number of interfaces you choose to use)
|
vNICx IPv6 Method*
For example, the parameter for vNIC0 is vNIC0 IPv6 Method.
|
VnicxIPv6Method For example, the parameter for vNIC0 is Vnic0IPv6Method .
|
None orStatic
The default value for Method is None.
To use IPv6 address, select Method as Static and select the vNICx IPv4 Method as None.
|
If you choose to use IPv6 address, enter information in Address, Netmask, Skip Gateway, and Gateway fields.
|
vNICx IPv6 Address
|
VnicxIPv6Address |
IPv6 address of the vNICx interface.
|
vNICx IPv6 Netmask
|
VnicxIPv6Netmask |
IPv6 prefix of the vNICx interface.
|
vNICx IPv6 Skip Gateway
|
VnicxIPv6SkipGateway |
Options are yes or no .
Selecting yes skips configuring a gateway.
|
vNICx IPv6 Gateway
|
VnicxIPv6Gateway |
IPv6 address of the vNICx gateway.
|
DNS Servers
|
DNS Address*
|
DNS |
Space-delimited list of IPv4/IPv6 addresses of the DNS server accessible from the management interface.
|
|
DNS Search Domain*
|
Domain |
DNS search domain
|
|
DNS Security Extensions * |
DNSSEC |
Options are False, True, Allow-Downgrade. Select True to use DNS security extensions. By default, this parameter is False.
|
|
DNS over TLS*
|
DNSTLS |
Options are False, True, and Opportunistic. Select True to use DNS over TLS. By default, this parameter is False.
|
|
Multicast DNS*
|
mDNS |
Options are False, True and Resolve. Select True to use multicast DNS. By default, this parameter is False.
|
|
Link-Local Multicast Name Resolution*
|
LLMNR |
Options are False, True, Opportunistic and Resolve. Select True to use link-local multicast name resolution. By default, this
parameter is False.
|
|
NTPv4 Servers
|
NTPv4 Servers*
|
NTP |
NTPv4 server list. Enter space-delimited list of IPv4/IPv6 addresses or hostnames of the NTPv4 servers accessible from the
management interface.
|
You must enter a value here, such as pool.ntp.org. NTP server is critical for time synchronization between Cisco Crosswork Data Gateway, Crosswork Cloud, and devices. Using a non-functional or dummy address may cause issues when Crosswork Cloud and Cisco Crosswork Data Gateway try to communicate with each other. If you are not using an NTP server, ensure that time gap between Cisco Crosswork Data Gateway and Crosswork Cloud is not more than 24 hours. Else, Cisco Crosswork Data Gateway will fail to connect.
|
Use NTPv4 Authentication
|
NTPAuth |
Select Yes to use NTPv4 authentication. The default value is No.
|
|
NTPv4 Keys
|
NTPKey |
Key IDs to map to the server list. Enter space-delimited list of Key IDs.
|
|
NTPv4 Key File URI
|
NTPKeyFile |
SCP URI to the chrony key file.
|
|
NTPv4 Key File Passphrase
|
NTPKeyFilePwd |
Password of SCP URI to the chrony key file.
|
|
Remote Syslog Servers
|
Use Remote Syslog Server* |
UseRemoteSyslog |
Select Yes to send syslog messages to a remote host. The default value is No. |
Configuring an external syslog server sends service events to the external syslog server. Otherwise, they are logged only
to the Cisco Crosswork Data Gateway VM.
If you want to use an external syslog server, you must specify these seven settings.
Note
|
The host with the URI files must be reachable on the network (from vNIC0 interface via SCP) and files must be present at the
time of install.
|
|
Syslog Server Address
|
SyslogAddress
|
IPv4 or IPv6 address of a syslog server accessible from the management interface.
Note
|
If you are using an IPv6 address, surround it with square brackets ([1::1]).
|
|
Syslog Server Port
|
SyslogPort |
Port number of the optional syslog server. The port value can range between 1 and 65535. By default, this value is set to
514.
|
Syslog Server Protocol
|
SyslogProtocol |
Use UDP or TCP when sending syslog. Default value is UDP.
|
Use Syslog over TLS?
|
SyslogTLS |
Select Yes to use TLS to encrypt syslog traffic. By default, this parameter is set to No.
|
Syslog TLS Peer Name
|
SyslogPeerName |
The syslog server hostname exactly as entered in the server certificate SubjectAltName or subject common name.
|
Syslog Root Certificate File URI
|
SyslogCertChain
|
URI to the PEM formatted root cert of syslog server retrieved using SCP.
|
Syslog Certificate File Passphrase
|
SyslogCertChainPwd
|
Password of SCP user to retrieve Syslog certificate chain.
|
Remote Auditd Servers
|
Use Remote Auditd Server*
|
UseRemoteAuditd |
Select Yes to send Auditd message to a remote host
|
Configure Crosswork Data Gateway to send auditd messages to a remote server.
Specify these three settings to use an external Auditd server.
|
Auditd Server Address
|
AuditdAddress |
Hostname, IPv4, or IPv6 address of an optional Auditd server
|
Auditd Server Port
|
AuditdPort |
Port number of an optional Auditd server.
|
Controller and Proxy Settings
|
Proxy Server URL
|
ProxyURL
|
URL of an optional management network proxy server.
|
In Cloud deployment, Cisco Crosswork Data Gateway must connect to the Internet via TLS.
If you use a proxy server, specify these parameters.
|
Proxy Server Bypass List
|
ProxyBypass |
Comma separated list of addresses and hostnames that will not use the proxy
|
Authenticated Proxy Username
|
ProxyUsername |
Username for authenticated proxy servers.
|
Authenticated Proxy Passphrase
|
ProxyPassphrase |
Passphrase for authenticated proxy servers.
|
HTTPS Proxy SSL/TLS Certificate File URI
|
ProxyCertChain |
HTTPS proxy PEM formatted SSL/TLS certificate file retrieved using SCP.
|
HTTPS Proxy SSL/TLS Certificate File Passphrase
|
ProxyCertChainPwd |
Password of SCP user to retrieve proxy certificate chain.
|
Auto Enrollment Package Transfer
|
Enrollment Destination Host and Path**
|
EnrollmentURI |
SCP host and path to transfer the enrollment package using SCP (user@host:/path/to/file ).
|
Cisco Crosswork Data Gateway requires the Enrollment package to enroll with Crosswork Cloud. If you specify these parameters during the installation,
the enrollment package is automatically transferred to the local host once Cisco Crosswork Data Gateway boots up for the first time.
If you do not specify these parameters during installation, then export enrollment package manually by following the procedure
Export Enrollment Package.
|
Enrollment Passphrase**
|
EnrollmentPassphrase |
SCP user passphrase to transfer enrollment package.
|