Configure CylanceON-PREM
CylanceON-PREM
- Refer to Import the OVA and configure a static IP address if you are using a static IP address.
- Refer to External database overview if you are using an external database.
This task is for all
CylanceON-PREM
instances, either DHCP or Static IP. This example uses VMware vSphere
.- Start theCylanceON-PREMvirtual appliance. InVMware vSphere, click the Power On icon, or selectActions > Power > Power On.
- Open a web browser and go to https://<fqdn>. Replace <fqdn> with the fully qualified domain name (FQDN) from the DNS entry, such as https://login.onprem.com. For a web browser, use a system that can communicate with theCylanceON-PREMvirtual appliance.
- Fill out the form to generate a CSR fromCylanceON-PREMto submit to a CA to use with theCylanceON-PREMvirtual appliance and clickGenerate CSRThis creates acert_request.csrfile in the downloads folder that can be sent to a Certificate Authority (CA) to receive an SSL certificate. If you clickGenerate CSRagain, a new private key will be generated and you will need to provide the latest CSR to the Certificate Authority. If you are using an SSL certificate and key generated on a computer other thanCylanceON-PREM, continue to step 4.ItemDescriptionCommon NameThe common name is derived from the fully qualified domain name (FQDN) for the virtual appliance. For example, if the FQDN is https://onprem.cylance.com, then the common name is onprem.cylance.com.Subject Alternative NameEnter any alternative names to use for the virtual appliance, such as onprem-alt.cylance.com. The Common Name will be added automatically as a Subject Alternative Name. ClickAddafter typing an alternative name to add it.Organization NameEnter the legal name of the organization.Organizational UnitThis could be a department name.CityEnter the city where the organization is located.State/ ProvinceEnter the state of province where the organization is located. Do not use an abbreviation.CountryEnter the two letter ISO abbreviation for the country.
- ClickUpload Cert and Key. The Webserver Configuration page is displayed. For more information on certificate guidelines, refer to the Certificate Guidelines.
- In theHostnamefield, enter the FQDN (Common Name) or Subject Alternative Name for the virtual appliance. The FQDN must match the DNS entry. For example, the FQDN/ Common name could belogin.onprem.comoronprem.com.
- Drag the SSL Certificate to theUpload Certificatebox or clickBrowse for a fileand select the certificate. If you generated the CSR usingCylanceON-PREM, you do not have to upload a private key and skip the remaining steps below and continue to Step 7. If you generated a CSR on a different computer, upload a Private Key.
- Enable theUpload Private Keytoggle.
- Drag the private key to theUpload Keybox or clickBrowse for a fileand select the private key. If your CA provides you a .pfx file (combined site certificate and private key), the CA will need to separate it into two separate files. In addition, the private key file cannot be password protected.
- ClickSave and Continue. SSL is configured on the virtual appliance.
- Choose a database option. Setting up, maintaining, and troubleshooting an external database is not supported. Organizations must have a dedicated database administrator (DBA) for configuring and maintaining their database.ItemConfigurationDatabase connection settings disabledNo configuration requiredDatabase connection settings are enabled
- Enter the hostname or IP address for the external database (for example,database.comor123.45.67.89)
- Enter the port number for the external database (for example,5432)
- Enter the database user name and password (this database user must be able to add tables to the database)
- Enable TLS/SSL to use an SSL connection to the external database. If TLS/SSL is enabled, you can also specify the following:
- Enable Verify Peer Mode to authenticate the external Postgres DB server certificate, and the communications channel is encrypted. Verify Peer Mode=disabled meansCylanceON-PREMwill not authenticate the external Postgres DB server certificate but the communications is still encrypted.
- ClickInstall Postgres SSL Certificate, then drag the certificate file to the Install Postgres SSL Certificate dialog box or clickBrowse for a fileand select the certificate.
- ClickInstall Certificate.
- ClickTest Connectionto ensure the virtual appliance can communicate with the database.
- ClickSave and Continue.
- Type in your login information, then clickSave and Finish. This user will be added as an Administrator in yourCylanceON-PREMConsole. The login screen displays.