Cisco Defense Orchestrator (CDO) enables communication between supported devices and services to CDO via the Secure Device Connector (SDC). The SDC enables this communication by acting as a proxy between a remote location and CDO cloud services.
This procedure describes how to create an SDC for CDO, installed on-premise, using CDO's VM image. This is the preferred, easiest, and most reliable way to create an SDC. If you need to create the SDC using a VM that you create, follow Deploy an On-Premise SDC on a Virtual Machine you Create.
- CDO requires strict certificate checking and does not support a Web/Content Proxy between the SDC and the Internet.
- We require allowing the SDC full outbound access to the Internet on TCP port 443.
- Review Connect to Cisco Defense Orchestrator using Secure Device Connector to ensure proper network access.
- CDO only supports installing its SDC VM OVF image using the vSphere web client.
- CDO does not support installing the SDC VM OVF image using the vSphere desktop client.
- CDO does not support installing the SDC VM OVF image using the ESXi web client.
- ESXi 5.1 hypervisor.
- Cent OS 7 guest operating system.
- VMware ESXi host needs 2 vCPU.
- VMware ESXi host needs a minimum of 2 GB of memory.
- VMware ESXi requires 64GB disk space to support the virtual machine depending on your provisioning choice.
- Gather this information before you begin the installation:
- Static IP address you want to use for your SDC.
- Passwords for the root and cdo users that you create during the installation process.
- The IP address of the DNS server your organization uses.
- The gateway IP address of the network the SDC address is on.
- The FQDN or IP address of your time server.
- The on-premise SDC virtual machine is configured to install security patches on a regular basis and in order to do this, opening port 80 outbound is required.
- Log on to the CDO Tenant you are creating the SDC for.
- Click the Account menu and select Secure Connectors.
- Click Deploy an On-Premises Secure Device Connector.
- In Step 1, click Download the SDC VM image.
- Extract all the files from the .zip file. They will look similar to these:
6. Log on to your VMware server as an administrator using the vSphere Web Client.
Note: Do not use the ESXi Web Client use the vSphere Web Client from vCenter.
- Deploy the on-premise Secure Device Connector virtual machine from the OVF template by following the prompts.
- When the setup is complete, power on the SDC VM.
- Open the console for your new SDC VM.
- Login as the cdo user. The default password is adm123.
- At the prompt type sudo sdc-onboard setup
[cdo@localhost ~]$ sudo sdc-onboard setup
- When prompted, enter the default password for the cdo user: adm123
- Follow the prompts to create a new password for the root user.
- Follow the prompts to create a new password for the cdo user.
- Follow the prompts to enter your Cisco Defense Orchestrator domain information.
- Enter the static IP address you want to use for the SDC VM.
- Enter the gateway IP address for the network on which the SDC VM is installed.
- Enter the NTP server address or FQDN for the SDC VM.
- When prompted, enter the information for the Docker bridge or leave it blank if it is not applicable and press <Enter>.
- Confirm your entries.
- Log out of the VM console session by typing n when prompted, "Would you like to setup the SDC now."
- Create an SSH connection to the SDC by logging in as the cdo user.
- At the prompt type sudo sdc-onboard bootstrap
[cdo@localhost ~]$ sudo sdc-onboard bootstrap
- When prompted, enter the cdo password you created in step 11.
- When prompted, return to CDO and copy the bootstrap data, then paste it into your SSH session.
To copy the bootstrap data:
- Log into CDO.
- From the user menu, select Secure Connectors.
- In the Actions pane, click Deploy an On-Premises Secure Device Connector.
- Copy the bootstrap data in step 2.
- When you are satisfied with the bootstrap settings, enter n when prompted if you want to update the settings.
- Return to the Secure Device Connector page. Refresh the screen until you see the status of your new SDC change to Active.