Configure CylanceHYBRID
CylanceHYBRID
- Log in to the Cylance console and copy your Installation Token. The token is on the Application page (Settings > Application).
- Start theCylanceHYBRIDfile (OVA). In VMware vSphere, click the Power On icon, or selectActions > Power > Power On.It is recommended to take a snapshot of the virtual appliance in the event configuration fails, including invalid SSL certificate uploads. This will allow reverting back to the snapshot instead of reimporting the appliance.
- Open a web browser and go to the following URL. Replace<fqdn>with the fully qualified domain name (FQDN) from the DNS entry. Example:https://login.hybrid-cylance.com/configui/config. For a web browser, use a system that can communicate with theCylanceHYBRIDvirtual appliance.
- https://<fqdn>/configui/config
- From the welcome screen, clickLet’s Get Started. The Secure Your Connection page displays with Generate a CSR enabled by default.
- To generate a certificate signing request (CSR) that will be submitted to a certificate authority (CA) to use with theCylanceHYBRIDvirtual appliance:To use an SSL certificate and key generated on a computer other thanCylanceHYBRID, go to step 6.
- Fill out the form.
- Common Name:Derived from the fully qualified domain name (FQDN) for the virtual appliance. For example, if the FQDN ishttps://hybrid.cylance.com, then the common name ishybrid.cylance.com.
- Subject Alternative Name:Any alternative names to use for the virtual appliance, such ashybrid-alt.cylance.com. Please note that the Common Name will be added automatically as a Subject Alternative Name. ClickAddafter typing an alternative name to add it.
- Organization Name:Enter the legal name of the organization.
- Organizational Unit:This could be a department name.
- City:Enter the city where the organization is located.
- State / Province:Enter the state or province where the organization is located. Do not use an abbreviation.
- Country:Enter the two letter ISO abbreviation for the country.
- ClickGenerate CSR. This creates acert_request.csrfile in the Downloads folder. Send this to your CA who should then send back an SSL certificate.Example:hybrid.cylance.crt.After you generate the CSR, the text at the top of the page changes to a pending status and includes a link where you can re-download the CSR and Step 2 displays at the bottom of the page.If you click Generate CSR again, a new private key will be generated, and you will need to provide the latest CSR to the CA.
- Upload the SSL certificate to theStep 2: Upload certificate from CAbox.
- Continue to step 7.
- To upload an SSL certificate and key generated on a computer other thanCylanceHYBRID, turn off theGenerate a CSRtoggle.To generate a certificate signing request (CSR), go to step 5.
- Drag the certificate to theUpload certificatebox or clickBrowse for a fileand select the certificate.
- Drag the key to theUpload keybox or clickBrowse for a fileand select the key.
- ClickSave & Continue. The Active Directory Integration page displays.
- To add Active Directory/LDAP Integration, enter your AD information.To disable Active Directory Integration, click theUse Active Directorytoggle (green = enabled, grey = disabled). If needed, you can configure Active Directory after initial setup of the virtual appliance. For more information, see CylanceHYBRID Status page.
- Active Directory Host:Active Directory configuration requires the FQDN due to a TLS requirement. Using an IP address for LDAP server configuration will fail. The FQDN must be configured on the Domain Server.
- Port:The port number of the LDAP server.
- Base DN:The base distinguished name (DN) used as a base for the LDAP search to look for the user DN.
- Group DN:The group DN used to perform an LDAP search to check if the user is a member of the group DN.
- Upload certificate to enable TLS:The secure socket layer (SSL) certificate used to perform a transport layer security (TLS) connection when binding to the LDAP server. The certificate must be Base64 encoded.
- ClickTest Connection. A Test Active Directory Connection dialog displays.
- Enter a username and password in the fields, then clickTest Connection. A message displays informing you that the connection was successful. If the connection failed, use the red text that appears on the dialog to troubleshoot and resolve the issue. A description of common configuration error messages and their meaning is available on the Knowledge Base at CylanceHybrid Active Directory Configuration Error Messages.To test the connection, use either the UPN Login or SAM Account Login:UPN Login Example:username@domainname.com (hadmin@onprem-cylance.com)SAM Account Login Example:domain\username(onprem-cylance\hadmin)
- ClickSave & Continue. The Set a password to accessCylanceHYBRIDpage displays.
- Type and confirm your new password, then clickSave & Continue. Follow the password requirements. The Configuration Step 1 of 2: EnterCylanceHYBRIDInfo page displays.
- Type or paste your Installation Token.
- Type a Device Name. This name will appear in the console as a device. Allowed characters include letters, numbers, -, _, ., !, @, #, $, %, ^, &, *, (, ), {, }, [, ], +, $.
- Type in a fully qualified domain name (FQDN) for theCylanceHYBRID. The FQDN must match the one in the DNS entry. For example, a fully qualified domain name could belogin.hybrid.comorhybrid.com.
- To include a proxy server, click theConnect Appliance to Proxytoggle to enable it. Enter the proxy server information, including a proxy username and password.CylanceHYBRIDuses Tinyproxy for the web proxy server. Tinyproxy only supports lowercase letters, numbers, periods, dashes, and underscores for the proxy username and password.
- ClickSave & Continue. The Configuration Step 2 of 2: Confirm Info page displays.
- If yourCylanceHYBRIDsetup information is correct, clickConfirm & Finish. TheCylanceHYBRIDSetup Complete page displays.
- ClickGo to Status Page. You are automatically logged in to theCylanceHYBRIDStatus page. For future log ins, theCylanceHYBRIDusername iscylance.
When configuring the
CylanceHYBRID
virtual appliance is complete, it will appear in your console, under Devices, with the Device Name you assigned in step 12.