Install Crosswork Data Gateway

Install Crosswork Data Gateway

Crosswork Data Gateway is required for Crosswork Cloud Traffic Analysis and Crosswork Cloud Trust Insights only. It is not required for Crosswork Cloud Network Insights.

Prior to Crosswork Data Gateway installation, review the steps outlined in one of the following topics:


Note
For Crosswork Data Gateway 6.0.1 and later, you have the option to create an enrollment token within Crosswork Cloud and then install a Crosswork Data Gateway. For earlier Crosswork Data Gateway versions, you must install a Crosswork Data Gateway first and manually enter the Data Gateway information in Crosswork Cloud.

Procedure

Install a Crosswork Data Gateway as explained in the Cisco Crosswork Data Gateway Installation and Configuration Guide for Cloud Applications.

Add Crosswork Data Gateway Information

As part of the Data Gateway deployment process, an enrollment token (a unique registration file) must be created to enroll the Crosswork Data Gateway into Crosswork Cloud.

Starting with Crosswork Data Gateway 6.0.1, an enrollment token can be created in the Crosswork Cloud UI and then embedded during VM installation. The .json registration file contains unique digital certificates that are used to enroll the Crosswork Data Gateway into Crosswork Cloud. This method automatically enrolls a Crosswork Data Gateway in Crosswork Cloud and is less prone to potential problems than the older method.

For Crosswork Data Gateway versions earlier that 6.0.1, you must first install Crosswork Data Gateway, generate an enrollment token from the Crosswork Data Gateway interactive console, and then manually enter Crosswork Data Gateway information in Crosswork Cloud.

Note

  • While the procedure documented here describes the steps to use the newer method (if you are using Crosswork Data Gateway 6.0.1 or later), you have the option to use the older method (see Manually Add Crosswork Data Gateway Information).

  • If you use a firewall on your Data Gateway egress traffic, ensure that your firewall configuration allows cdg.crosswork.cisco.com and crosswork.cisco.com.

Procedure

Step 1

From the main window, navigate to Crosswork Cloud Traffic Analysis icon or Crosswork Cloud Trust Insights > Configure > Data Gateways and then click Add Data Gateway.

Step 2

Choose to do one of the following:

  • For Crosswork Data Gateway 6.0.1 and later, continue to Step 3.

  • For earlier Crosswork Data Gateway versions, click Registration File and go to Manually Add Crosswork Data Gateway Information.

  • If you need to download the latest supported Crosswork Data Gateway version, click Download CDG Image.

Step 3

Click Use Enrollment Token.

Step 4

You can create a new token or use an existing one. Do one of the following:

  • Create a new token

    1. Click Create Enrollment Token.

    2. Enter the following:

      • Token Name: Specify a unique name to the token that you are creating.

      • Description: Enter a detailed description of the token.

      • Number of Uses: Specify the permissible number of token uses. The maximum token usage limit is 50.

      • Valid Until: Specify the validity period for the token. The maximum duration is 366.

    3. Click Create.

  • Use an existing token

    1. Select the row corresponding to the token that you intend to use.

      When selecting an existing token, consider its expiration date. If the Data Gateway will not be installed and registered prior to the expiration date, Cisco recommends you avoid using that token.

      You can review the Valid Until column on the Add Crosswork Data Gateway page to determine the expiration information.

    2. Click View Enrollment Token.

      • Token Name: Specify a unique name to the token that you are creating.

      • Description: Enter a detailed description of the token.

      • Number of Uses: Specify the permissible number of token uses. The maximum token usage limit is 50.

      • Valid Until: Specify the validity period for the token. The maximum duration is 366.

    3. Click Create.

Step 5

Click Copy to copy the token. Paste the content in a local file. During Crosswork Data Gateway installation, you will need to paste the enrollment token in the following platforms:

  • VMware

    • vCenter vSphere Client—Paste the token text into the Auto Enrollment Package Transfer > Enrollment Token UI field

    • OVF Tool—Locate the script and under the ## Enrollment Token for Crosswork Cloud section, paste the token text after CloudEnrollmentToken=

  • OpenStack—Locate the config.txt file and under the ## Enrollment Token for Crosswork Cloud section, paste the token text after CloudEnrollmentToken=

  • Amazon EC2—Paste the token in the CloudFormation template or as part of the user data after CloudEnrollmentToken=

Step 6

Install Crosswork Data Gateway.

Step 7

After Crosswork Data Gateway is installed, navigate back to Crosswork Cloud Trust Insights > Data Gateways > Use Enrollment Token.

Step 8

Click Next. The newly installed Crosswork Data Gateway should appear with the Enrollment State as Pending.

Step 9

Click Allow to authorize the Crosswork Data Gateway access.

Step 10

Click Next after reviewing the Device information.

Step 11

Click Accept after reviewing the Network information.

Step 12

After a few minutes, verify that your Crosswork Data Gateway is successfully connected. Click Data Gateways, click on the name of the Crosswork Data Gateway, and verify the following values for the Crosswork Data Gateway you added:

  • Connectivity: Session Up

  • Admin State: Enabled

  • Container Image: Matched

You may need to refresh the page to see the changes.