Connect Cloud Account
The first step is to onboard a set of one or more coud accounts. This allows the Multicloud Defense Controller to interact with each account by discovering inventory, enabling traffic and logs, orchestrating security deployment, and creating and managing policy.
Use the following procedures to connect you cloud service provider account to Multicloud Defense Controller.
Connect AWS Account
Use the following procedure to connect to an AWS subscription through Multicloud Defense's easy setup wizard.
Before you begin
-
You must have an active Amazon Web Services (AWS) account.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
Note |
Multicloud Defense Controller version 23.10 defaults to IMDSv2 in the AWS EC2 instance when using Multicloud Defense Gateway version 23.04 or newer. For more information about the difference beween IMDSv1 and IMDSv2, see AWS documentation. |
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the AWS icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. The account is onboarded to the Multicloud Defense Controller. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect Azure Account
Use the following procedure to connect to an Azure subscription through Multicloud Defense Controller's easy setup wizard:
Before you begin
-
You must have an active Azure subscription.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the Azure icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect Google Cloud Platform Account
Use the following procedure to use the Multicloud Defense Controller's easy setup wizard to onboard a GCP project as an account:
Before you begin
-
You must have an active Google Cloud Platform (GCP) project.
-
You must have the necessary permissions to create VPCs, subnets, and a service account withint your GCP project. See GCP doucmentation for more information.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the GCP icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect OCI
You must execute the following prerequisites prior to onboarding an Oracle Cloud (OCI) account.
Login to OCI
-
Login to your OCI tenant.
Create Group
Procedure
Step 1 |
Navigate to . |
Step 2 |
Click Create Group. |
Step 3 |
Specify the following:
|
Step 4 |
Click Create. |
Create Policy
When creating an OCI account with Multicloud Defense you need to create and apply a firewall policy. Use the following procedure and recommendations to create a policy:
Procedure
Step 1 |
Navigate to . |
||
Step 2 |
Select the Compartment root . |
||
Step 3 |
Click Create Policy. |
||
Step 4 |
Specify the following:
|
||
Step 5 |
Under Policy Builder enable Show manual editor. |
||
Step 6 |
Modify and paste the following policy:
|
||
Step 7 |
Click Create. |
Create User
Procedure
Step 1 |
Navigate to . |
Step 2 |
Click Create User. |
Step 3 |
Specify the following:
|
Step 4 |
Click Create. |
Create API Key
Procedure
Step 1 |
From the User Details view for the User, select API Keys. |
Step 2 |
Click Add API Key. |
Step 3 |
Select Download Private Key and retain the Private Key for future use. |
Step 4 |
Select Download Public Key and retain the Public Key for future use. |
Step 5 |
Click Add. |
Accept Terms and Conditions
Use the following procedure to acceot the Terms and Conditions for an OCI account:
Procedure
Step 1 |
Select . |
Step 2 |
Choose the desired Compartment. |
Step 3 |
Click Create instance. |
Step 4 |
Under Image and shape, select Change image. |
Step 5 |
Under Image source, select Community images. |
Step 6 |
Search for Multicloud Defense. |
Step 7 |
Check the box for Multicloud Defense. |
Step 8 |
Check the box for I have reviewed and accept the Publishers terms of use, Oracle Terms of Use, and the Oracle General Privacy Policy. |
Step 9 |
Click Select image. |
Step 10 |
Exit out (do not deploy the image). Repeat the steps for each Compartment you plan to deploy a Multicloud Defense Gateway. |
Connect Oracle Account
Use the following procedure to connect to an OCI account through Multicloud Defense Controller's easy setup wizard:
Before you begin
-
You must have an existing Oracle Cloud (OCI) account.
-
You must have the prerequisites for you OCI account completed prior to onboarding. See Connect OCI for more information.
-
You must have a CDO tenant.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the OCI icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.