Configure CylanceON-PREM Skip Navigation

Configure
CylanceON-PREM

This task is for all
CylanceON-PREM
instances, either DHCP or Static IP. This example uses
VMware vSphere
.
  1. Start the
    CylanceON-PREM
    virtual appliance. In
    VMware vSphere
    , click the Power On icon, or select
    Actions > Power > Power On
    .
  2. Open a web browser and go to https://<
    fqdn
    >. Replace <
    fqdn
    > with the fully qualified domain name (FQDN) from the DNS entry, such as https://login.onprem.com. For a web browser, use a system that can communicate with the
    CylanceON-PREM
    virtual appliance.
  3. Fill out the form to generate a CSR from
    CylanceON-PREM
    to submit to a CA to use with the
    CylanceON-PREM
    virtual appliance and click
    Generate CSR
    This creates a
    cert_request.csr
    file in  the downloads folder that can be sent to a Certificate Authority (CA) to receive an SSL certificate. If you click
    Generate CSR
    again, a new private key will be generated and you will need to provide the latest CSR to the Certificate Authority. If you are using an SSL certificate and key generated on a computer other than
    CylanceON-PREM
    , continue to step 4.
    Item
    Description
    Common Name
    The common name is derived from the fully qualified domain name (FQDN) for the virtual appliance. For example, if the FQDN is https://onprem.cylance.com, then the common name is onprem.cylance.com.
    Subject Alternative Name
    Enter any alternative names to use for the virtual appliance, such as onprem-alt.cylance.com. The Common Name will be added automatically as a Subject Alternative Name. Click
    Add
    after typing an alternative name to add it.
    Organization Name
    Enter the legal name of the organization.
    Organizational Unit
    This could be a department name.
    City
    Enter the city where the organization is located.
    State/ Province
    Enter the state of province where the organization is located. Do not use an abbreviation.
    Country
    Enter the two letter ISO abbreviation for the country.
  4. Click
    Upload Cert and Key
    . The Webserver Configuration page is displayed. For more information on certificate guidelines, refer to the Certificate Guidelines.
  5. In the
    Hostname
    field, enter the FQDN (Common Name) or Subject Alternative Name for the virtual appliance. The FQDN must match the DNS entry. For example, the FQDN/ Common name could be
    login.onprem.com
    or
    onprem.com
    .
  6. Drag the SSL Certificate to the
    Upload Certificate
    box or click
    Browse for a file
    and select the certificate. If you generated the CSR using
    CylanceON-PREM
    , you do not have to upload a private key and skip the remaining steps below and continue to Step 7. If you generated a CSR on a different computer, upload a Private Key.
    1. Enable the
      Upload Private Key
      toggle.
    2. Drag the private key to the
      Upload Key
      box or click
      Browse for a file
      and select the private key. If your CA provides you a .pfx file (combined site certificate and private key), the CA will need to separate it into two separate files. In addition, the private key file cannot be password protected.
  7. Click
    Save and Continue
    . SSL is configured on the virtual appliance.
  8. Choose a database option. Setting up, maintaining, and troubleshooting an external database is not supported. Organizations must have a dedicated database administrator (DBA) for configuring and maintaining their database.
    Item
    Configuration
    Database connection settings disabled
    No configuration required
    Database connection settings are enabled
    1. Enter the hostname or IP address for the external database (for example,
      database.com
      or
      123.45.67.89
      )
    2. Enter the port number for the external database (for example,
      5432
      )
    3. Enter the database user name and password (this database user must be able to add tables to the database)
    4. Enable TLS/SSL to use an SSL connection to the external database. If TLS/SSL is enabled, you can also specify the following:
      • Enable Verify Peer Mode to authenticate the external Postgres DB server certificate, and the communications channel is encrypted. Verify Peer Mode=disabled means
        CylanceON-PREM
        will not authenticate the external Postgres DB server certificate but the communications is still encrypted.
        • Click
          Install Postgres SSL Certificate
          , then drag the certificate file to the Install Postgres SSL Certificate dialog box or click
          Browse for a file
          and select the certificate.
        • Click
          Install Certificate
          .
    5. Click
      Test Connection
      to ensure the virtual appliance can communicate with the database.
    6. Click
      Save and Continue
      .
  9. Type in your login information, then click
    Save and Finish
    . This user will be added as an Administrator in your
    CylanceON-PREM
    Console. The login screen displays.