Host Information
|
Hostname*
|
Hostname |
Name of the Cisco Crosswork Data Gateway VM specified as a fully qualified domain name (FQDN).
In larger systems, you are likely to have more than one Cisco Crosswork Data Gateway VM. The hostname must, therefore, be unique and created in a way that makes identifying a specific VM easy.
|
|
Description*
|
Description |
A detailed description of the Cisco Crosswork Data Gateway.
|
|
Label
|
Label |
Label used by Cisco Crosswork Cloud to categorize and group multiple Cisco Crosswork Data Gateways.
|
|
AllowRFC8190*
|
AllowRFC8190 |
Automatically allow addresses in an RFC 8190 range. Options are No , Yes , or Ask , where the initial configuration script prompts for confirmation. The default value is Yes .
|
|
Private Key URI
|
DGCertKey |
URI to private key file for session key signing. You can retrieve this using SCP (user@host:path/to/file ).
|
Crosswork Cloud uses self-signed certificates for handshake with Cisco Crosswork Data Gateway. These certificates are generated at installation.
However, if you want to use third party or your own certificate files enter these parameters.
Certificate chains override any preset or generated certificates in the Cisco Crosswork Data Gateway VM and are given as an
SCP URI (user:host:/path/to/file). The host with the URI files must be reachable on the network (in the vNIC0 interface via
SCP) and files must be present at the time of install.
|
Certificate File and Key Passphrase
|
DGCertChainPwd |
SCP user passphrase to retrieve the Cisco Crosswork Data Gateway PEM formatted certificate file and private key.
|
Data Disk Size
|
DGAppdataDisk |
Size in GB of a second data disk.
The default size is 24GB. Do not change the default value without consulting a Cisco representative.
|
|
AwsIamRole
|
AwsIamRole |
AWS IAM role name for EC2 installation.
|
A role created in Identity and Access Management (IAM) in the AWS environment with relevant permissions.
|
Passphrases
|
dg-admin Passphrase*
|
dg-adminPassword |
The password you have chosen for the dg-admin user.
Password must be 8–64 characters.
|
|
dg-oper Passphrase*
|
dg-operPassword |
The password you have chosen for the dg-oper user.
Password must be 8-64 characters.
|
Interfaces
Note
|
To install Crosswork Data Gateway properly, either IPv4 or IPv6 addresses must be configured to static or DHCP. The protocol
that you do not want to use should be set to None.
|
|
vNIC Role Assignment
|
NicDefaultGateway*
|
NicDefaultGateway
|
Interface used as the Default Gateway for processing the DNS and NTP traffic.
Traffic that is not assigned to any other interface is defaulted to this interface.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
You can configure the number of interfaces based on the vNIC model that you chose to deploy Crosswork Data Gateway. For example,
if you deployed Crosswork Data Gateway on 2 active vNICs, the roles must be configured to use the eth0 and eth1 interfaces.
-
The NicControl, NicNBExternalData, and NicSBData roles map to eth1.
-
The NicControl, NicNBExternalData, NicSBData roles map to eth1 .
-
The NicSBData role maps to eth2 .
-
The NicControl, and NicNBExternalData roles map to eth1 .
|
NicAdministration*
|
NicAdministration
|
Interface used to route the traffic associated with the administration of the Crosswork Data Gateway. The interface uses SSH
protocol through the configured port.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
NicExternalLogging*
|
NicExternalLogging
|
Interface used to send logs to Crosswork Cloud.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
NicManagement*
|
NicManagement
|
Interface used to send the enrollment and other management traffic.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
NicControl*
|
NicControl
|
Interface used for sending the destination, device, and collection configuration.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
NicNBSystemData*
|
NicNBSystemData
|
Interface used to send the collected data to the system destination.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
NicNBExternalData*
|
NicNBExternalData
|
Interface used to send collection data to Crosswork Cloud.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
NicSBData*
|
NicSBData
|
Interface used to collect data from all devices.
Options are eth0 , eth1 , eth2 , or eth3 . The default value is eth0 .
|
vNIC IPv4 Address (vNIC0, vNIC1, and vNIC2 based on the number of interfaces you choose to use)
|
vNIC IPv4 Method*
|
Vnic0IPv4Method
Vnic1IPv4Method
Vnic2IPv4Method
|
Options are None , Static , or DHCP .
Note
|
DHCP support is enabled only for deployments performed using the QCOW2 images.
|
To use IPv4 address, select Method as Static or DHCP , and select the vNICxIPv6 Method as None .
The default value for Method is None .
|
If you have selected Method as:
-
None: Skip the rest of the fields for IPv4 address. Enter information in the vNIC IPv6 Address parameters.
-
Static: Enter information in Address, Netmask, Skip Gateway, and Gateway fields
-
DHCP: Values for the vNIC IPv4 Address parameters are assigned automatically.
Do not change the default values.
|
vNIC IPv4 Address
|
Vnic0IPv4Address
Vnic1IPv4Address
Vnic2IPv4Address
|
IPv4 address of the interface.
|
vNIC IPv4 Netmask
|
Vnic0IPv4Netmask
Vnic1IPv4Netmask
Vnic2IPv4Netmask
|
IPv4 netmask of the interface in dotted quad format.
|
vNIC IPv4 Skip Gateway
|
Vnic0IPv4SkipGateway
Vnic1IPv4SkipGateway
Vnic2IPv4SkipGateway
|
Options are True or False .
Selecting True skips configuring a gateway.
The default value is False .
|
vNIC IPv4 Gateway
|
Vnic0IPv4Gateway
Vnic1IPv4Gateway
Vnic2IPv4Gateway
|
IPv4 address of the vNIC gateway.
|
vNIC IPv6 Address (vNIC0, vNIC1, and vNIC2 based on the number of interfaces you choose to use)
|
vNIC IPv6 Method*
|
Vnic0IPv6Method
Vnic1IPv6Method
Vnic2IPv6Method
|
Options are None , Static , DHCP or SLAAC (QCOW2 only) .
The default value for Method is None .
Note
|
DHCP support is enabled only for deployments performed using the QCOW2 images.
|
|
If you have selected Method as:
-
None: Skip the rest of the fields for IPv6 address. Enter information in the vNICx IPv4 Address parameters.
-
Static: Enter information in Address, Netmask, Skip Gateway, and Gateway fields
-
DHCP: Values for the vNIC IPv6 Address parameters are assigned automatically.
Do not change the VnicxIPv6Address default values.
|
vNIC IPv6 Address
|
Vnic0IPv6Address
Vnic1IPv6Address
Vnic2IPv6Address
|
IPv6 address of the interface.
|
vNIC IPv6 Netmask
|
Vnic0IPv6Netmask
Vnic1IPv6Netmask
Vnic2IPv6Netmask
|
IPv6 prefix of the interface.
|
vNIC IPv6 Skip Gateway
|
Vnic0IPv6SkipGateway
Vnic1IPv6SkipGateway
Vnic2IPv6SkipGateway
|
Options are True or False .
Selecting True skips configuring a gateway.
The default value is False .
|
vNIC IPv6 Gateway
|
Vnic0IPv6Gateway
Vnic1IPv6Gateway
Vnic2IPv6Gateway
|
IPv6 address of the vNIC gateway.
|
DNS Servers |
DNS Address*
|
DNS |
Space-delimited list of IPv4 or IPv6 addresses of the DNS server accessible in the management interface.
|
|
DNS Search Domain
|
Domain |
DNS search domain.
The default value is localdomain .
|
|
DNS Security Extensions
|
DNSSEC |
Options are False , True , or Allow-Downgrade . Select True to use DNS security extensions.
The default value is False .
|
|
DNS over TLS
|
DNSTLS |
Options are False , True , or Opportunistic . Select True to use DNS over TLS.
The default value is False .
|
|
Multicast DNS
|
mDNS |
Options are False , True , or Resolve . Select True to use multicast DNS.
The default value is False .
|
|
Link-Local Multicast Name Resolution
|
LLMNR |
Options are False , True , Opportunistic , or Resolve . Select True to use link-local multicast name resolution.
The default value is False .
|
|
NTP Servers
|
NTPv4 Servers*
|
NTP |
NTPv4 server list. Enter space-delimited list of IPv4, IPv6 addresses, or hostnames of the NTPv4 servers accessible in the
management interface.
|
You must enter a value here, such as <sample>.ntp.org. NTP server is critical for time synchronization between Cisco Crosswork Data Gateway, Crosswork Cloud, and devices. Using a nonfunctional or dummy address may cause issues when Crosswork Cloud and Cisco Crosswork Data Gateway try to communicate with each other.
|
Use NTPv4 Authentication
|
NTPAuth |
Select True to use NTPv4 authentication. The default value is False .
|
The NTPKey , NTPKeyFile , and NTPKeyFilePwd can be configured only when the NTPAuth is set to True .
|
NTPv4 Keys
|
NTPKey |
Key IDs to map to the server list. Enter space-delimited list of Key IDs.
|
NTPv4 Key File URI
|
NTPKeyFile |
SCP URI to the chrony key file.
|
NTPv4 Key File Passphrase
|
NTPKeyFilePwd |
Password of SCP URI to the chrony key file.
|
Remote Syslog Server
|
Use Remote Syslog Server* |
UseRemoteSyslog |
Select True to send syslog messages to a remote host. The default value is False . |
Configuring an external syslog server sends service events to the external syslog server. Otherwise, they are logged only
to the Cisco Crosswork Data Gateway VM.
If you want to use an external syslog server, you must specify these seven settings.
Note
|
The host with the URI files must be reachable on the network (from vNIC0 interface via SCP) and files must be present at the
time of install.
|
|
Syslog Server Address
|
SyslogAddress
|
IPv4 or IPv6 address of a syslog server accessible in the management interface.
Note
|
If you are using an IPv6 address, surround it with square brackets ([1::1]).
|
|
Syslog Server Port
|
SyslogPort |
Port number of the optional syslog server. The port value can range 1–65535. By default, this value is set to 514.
|
Syslog Server Protocol
|
SyslogProtocol |
Options are UDP , TCP , or RELP to send the syslog. The default value is UDP .
|
Syslog Multiserver Mode
|
SyslogMultiserverMode
|
Multiple servers in the failover or simultaneous mode. This parameter is applicable when the protocol is non-UDP (UDP must
use Simultaneous).
Options are Simultaneous or Failover .
The default value is Simultaneous .
|
Use Syslog over TLS
|
SyslogTLS |
Select True to use TLS to encrypt syslog traffic.
The default value is False .
|
Syslog TLS Peer Name
|
SyslogPeerName |
The syslog server hostname exactly as entered in the server certificate SubjectAltName or subject common name.
|
Syslog Root Certificate File URI
|
SyslogCertChain
|
URI to the PEM formatted root cert of syslog server retrieved using SCP.
|
Syslog Certificate File Passphrase
|
SyslogCertChainPwd
|
Password of SCP user to retrieve Syslog certificate chain.
|
Remote Auditd Server
|
Use Remote Auditd Server*
|
UseRemoteAuditd |
Select True to send Auditd message to a remote host.
The default value is False .
|
Configure the Crosswork Data Gateway VM to send auditd messages to a remote server.
Specify these three settings to forward auditd messages to an external Auditd server.
|
Auditd Server Address
|
AuditdAddress |
Hostname, IPv4, or IPv6 address of an optional Auditd server.
|
Auditd Server Port
|
AuditdPort |
Port number of an optional Auditd server.
The default port number is 60 .
|
Controller and Proxy Settings
|
Proxy Server URL
|
ProxyURL
|
URL of an optional HTTP proxy server.
|
In Cloud deployment, Cisco Crosswork Data Gateway must connect to the Internet via TLS.
If you use a proxy server, specify these parameters.
|
Proxy Server Bypass List
|
ProxyBypass |
Comma-separated list of addresses and hostnames that will not use the proxy.
|
Authenticated Proxy Username
|
ProxyUsername |
Username for authenticated proxy servers.
|
Authenticated Proxy Passphrase
|
ProxyPassphrase |
Passphrase for authenticated proxy servers.
|
HTTPS Proxy SSL/TLS Certificate File URI
|
ProxyCertChain |
HTTPS proxy PEM formatted SSL/TLS certificate file retrieved using SCP.
|
HTTPS Proxy SSL/TLS Certificate File Passphrase
|
ProxyCertChainPwd |
Password of SCP user to retrieve proxy certificate chain.
|
Enrollment Package Transfer
|
Autoenrollment token
|
CloudEnrollmentToken |
The unique enrollment token retrieved from Crosswork Cloud. Crosswork Data Gateway uses this token to automatically enroll
with Crosswork Cloud.
Configure the number of permitted number of autoenrollment requests and the expiry date of the token.
The default values are:
-
Number of uses: 5
-
Expiry: 30 days
The maximum accepted values:
-
Number of uses: 50
-
Expiry: 366 days
|
|
Enrollment Destination Host and Path**
|
EnrollmentURI |
SCP host and path to transfer the enrollment package using SCP (user@host:/path/to/file ).
|
Cisco Crosswork Data Gateway requires the Enrollment package to enroll with Crosswork Cloud. If you specify these parameters during the installation,
the enrollment package is automatically transferred to the local host once Cisco Crosswork Data Gateway boots up for the first time.
If you do not specify these parameters during installation, then export enrollment package manually by following the procedure
Obtain the Enrollment Package.
|
Enrollment Passphrase**
|
EnrollmentPassphrase |
SCP user passphrase to transfer enrollment package.
|