Host Information
|
Hostname*
|
Hostname |
Name of the Cisco Crosswork Data Gateway VM specified as a fully qualified domain name (FQDN).
Note
|
In larger systems you are likely to have more than one Cisco Crosswork Data Gateway VM. The hostname must, therefore, be unique and created in a way that makes identifying a specific VM easy.
|
|
|
Description*
|
Description |
A detailed description of the Cisco Crosswork Data Gateway.
|
|
Label
|
Label |
Label used by Cisco Crosswork Cloud to categorize and group multiple Cisco Crosswork Data Gateways.
|
|
Deployment
|
Deployment
|
Parameter that conveys the controller type. Specify the value as Crosswork Cloud .
|
|
Active vNICs*
|
ActiveVnics |
Number of vNICs to use for sending traffic.
|
You can choose to use either 1, 2 or 3 interfaces as per your network requirements.
For information on how you can route traffic, see Interfaces in the VM Requirements table.
|
AllowRFC8190 * |
AllowRFC8190 |
Automatically allow addresses in an RFC 8190 range. Options are yes , no or ask , where the initial configuration script prompts for confirmation. The default value is yes .
|
|
Private Key URI
|
DGCertKey |
URI to private key file for session key signing. You can retrieve this using SCP (user@host:path/to/file).
|
Crosswork Cloud uses self-signed certificates for handshake with Cisco Crosswork Data Gateway. These certificates are generated at installation.
However, if you want to use third-party or your own certificate files enter these three parameters.
Certificate chains override any preset or generated certificates in the Cisco Crosswork Data Gateway VM and are given as an
SCP URI (user:host:/path/to/file).
Note
|
The host with the URI files must be reachable on the network (from the vNIC0 interface via SCP) and files must be present
at the time of install.
|
|
Certificate File URI
|
DGCertChain |
URI to PEM formatted signing certificate chain for this VM. You can retrieve this using SCP (user@host:path/to/file).
|
Certificate File and Key Passphrase
|
DGCertChainPwd |
SCP user passphrase to retrieve the Cisco Crosswork Data Gateway PEM formatted certificate file and private key.
|
Data Disk Size
|
DGAppdataDisk |
Size in GB of a second data disk. The minimum size is 24GB.
|
|
Passphrases
|
dg-admin Passphrase*
|
dg-adminPassword |
The password you have chosen for the dg-admin user.
Password must be 8-64 characters.
|
|
dg-oper Passphrase*
|
dg-operPassword |
The password you have chosen for the dg-oper user.
Password must be 8-64 characters.
|
Interfaces
Note
|
You must select either an IPv4 or IPv6 address. Selecting None in the vNIC IPv4 Method and the vNICx IPv6 Method fields will result in a non-functional deployment.
|
|
vNIC IPv4 Address (vNIC0, vNIC1 and vNIC2 based on the number of interfaces you choose to use)
|
vNIC IPv4 Method*
|
Vnic0IPv4Method
Vnic1IPv4Method
Vnic2IPv4Method
|
None or Static or DHCP.
The default value for Method is None.
|
If you have selected Method as:
-
None: Skip the rest of the fields for IPv4 address. Enter information in the vNIC IPv6 Address parameters.
-
Static: Enter information in Address, Netmask, Skip Gateway, and Gateway fields
-
DHCP: Leave all the Vnic IPv4 Address parameters to their default values. These values are assigned automatically.
|
vNIC IPv4 Address
|
Vnic0IPv4Address
Vnic0IPv4Address
Vnic0IPv4Address
|
IPv4 address of the interface.
|
vNIC IPv4 Netmask
|
Vnic0IPv4Netmask
Vnic0IPv4Netmask
Vnic0IPv4Netmask
|
IPv4 netmask of the interface in dotted quad format.
|
vNIC IPv4 Skip Gateway
|
Vnic0IPv4SkipGateway
Vnic1IPv4SkipGateway
Vnic2IPv4SkipGateway
|
Options are True or False .
The default value is False .
Selecting True skips configuring a gateway for the interface.
|
vNIC IPv4 Gateway
|
Vnic0IPv4Gateway
Vnic1IPv4Gateway
Vnic2IPv4Gateway
|
IPv4 address of the interface gateway.
|
vNIC IPv6 Address (vNIC0, vNIC1, and vNIC2 based on the number of interfaces you choose to use)
|
vNIC IPv6 Method*
|
Vnic0IPv6Method
Vnic1IPv6Method
Vnic2IPv6Method
|
None or Static or DHCP.
The default value for Method is None.
|
If you have selected Method as:
-
None: Skip the rest of the fields for IPv6 address. Enter information in the vNIC IPv4 Address parameters.
-
Static: Enter information in Address, Netmask, Skip Gateway, and Gateway fields
-
DHCP: Leave all the Vnicx IPv6 Address parameters as is to their default values. These value are assigned automatically.
|
vNIC IPv6 Address
|
Vnic0IPv6Address
Vnic1IPv6Address
Vnic2IPv6Address
|
IPv6 address of the interface.
|
vNIC IPv6 Netmask
|
Vnic0IPv6Netmask
Vnic1IPv6Netmask
Vnic2IPv6Netmask
|
IPv6 prefix of the interface.
|
vNIC IPv6 Skip Gateway
|
Vnic0IPv6SkipGateway
Vnic1IPv6SkipGateway
Vnic2IPv6SkipGateway
|
Options are True or False .
The default value is False .
Selecting True skips configuring a gateway for the interface.
|
vNIC IPv6 Gateway
|
Vnic0IPv6Gateway
Vnic1IPv6Gateway
Vnic2IPv6Gateway
|
IPv6 address of the interface gateway.
|
DNS Servers
|
DNS Address*
|
DNS |
Space-delimited list of IPv4 or IPv6 addresses of the DNS server accessible from the management interface.
|
|
DNS Search Domain*
|
Domain |
DNS search domain
|
|
DNS Security Extensions * |
DNSSEC |
Options are False, True, Allow-Downgrade. Select True to use DNS security extensions. By default, this parameter is False.
|
|
DNS over TLS*
|
DNSTLS |
Options are False, True, and Opportunistic. Select True to use DNS over TLS. By default, this parameter is False.
|
|
Multicast DNS*
|
mDNS |
Options are False, True and Resolve. Select True to use multicast DNS. By default, this parameter is False.
|
|
Link-Local Multicast Name Resolution*
|
LLMNR |
Options are False, True, Opportunistic and Resolve. Select True to use link-local multicast name resolution. By default, this
parameter is False.
|
|
NTPv4 Servers
|
NTPv4 Servers*
|
NTP |
NTPv4 server list. Enter space-delimited list of IPv4 or IPv6 addresses or hostnames of the NTPv4 servers accessible from
the management interface.
|
You must enter a value here, such as pool.ntp.org. NTP server is critical for time synchronization between Cisco Crosswork Data Gateway, Crosswork Cloud, and devices. Using a non-functional or dummy address may cause issues when Crosswork Cloud and Cisco Crosswork Data Gateway try to communicate with each other.
|
Use NTPv4 Authentication
|
NTPAuth |
Select Yes to use NTPv4 authentication. The default value is No.
|
|
NTPv4 Keys
|
NTPKey |
Key IDs to map to the server list. Enter space-delimited list of Key IDs.
|
|
NTPv4 Key File URI
|
NTPKeyFile |
SCP URI to the chrony key file.
|
|
NTPv4 Key File Passphrase
|
NTPKeyFilePwd |
Password of SCP URI to the chrony key file.
|
|
Remote Syslog Server
|
Use Remote Syslog Server* |
UseRemoteSyslog |
Select Yes to send syslog messages to a remote host. The default value is No. |
Configuring an external syslog server sends service events to the external syslog server. Otherwise, they are logged only
to the Cisco Crosswork Data Gateway VM.
If you want to use an external syslog server, you must specify the following settings:
-
Use Remote Syslog Server
-
Syslog Server Address
-
Syslog Server Port
-
Syslog Server Protocol
Note
|
The host with the URI files must be reachable on the network (from vNIC0 interface via SCP) and files must be present at the
time of install.
|
|
Syslog Server Address
|
SyslogAddress
|
IPv4 or IPv6 address of a syslog server accessible from the management interface.
Note
|
If you are using an IPv6 address, surround it with square brackets ([1::1]).
|
|
Syslog Server Port
|
SyslogPort |
Port number of the optional syslog server. The port value can range between 1 and 65535. By default, this value is set to
514.
|
Syslog Server Protocol
|
SyslogProtocol |
Use UDP or TCP when sending syslog. Default value is UDP.
|
Use Syslog over TLS?
|
SyslogTLS |
Select Yes to use TLS to encrypt syslog traffic. By default, this parameter is set to No.
|
Syslog TLS Peer Name
|
SyslogPeerName |
The syslog server hostname exactly as entered in the server certificate SubjectAltName or subject common name.
|
Syslog Root Certificate File URI
|
SyslogCertChain
|
URI to the PEM formatted root cert of syslog server retrieved using SCP.
|
Syslog Certificate File Passphrase
|
SyslogCertChainPwd
|
Password of SCP user to retrieve Syslog certificate chain.
|
Remote Auditd Server
|
Use Remote Auditd Server*
|
UseRemoteAuditd |
Select Yes to send Auditd message to a remote host
|
Configure the Crosswork Data Gateway VM to send auditd messages to a remote server.
Specify these three settings to forward auditd messages to an external Auditd server.
|
Auditd Server Address
|
AuditdAddress |
Hostname, IPv4, or IPv6 address of an optional Auditd server
|
Auditd Server Port
|
AuditdPort |
Port number of an optional Auditd server.
|
Controller and Proxy Settings
|
Proxy Server URL
|
ProxyURL
|
URL of an optional management network proxy server.
|
In Cloud deployment, Cisco Crosswork Data Gateway must connect to the Internet via TLS.
If you use a proxy server, specify these parameters.
|
Proxy Server Bypass List
|
ProxyBypass |
Comma separated list of addresses and hostnames that will not use the proxy
|
Authenticated Proxy Username
|
ProxyUsername |
Username for authenticated proxy servers.
|
Authenticated Proxy Passphrase
|
ProxyPassphrase |
Passphrase for authenticated proxy servers.
|
HTTPS Proxy SSL/TLS Certificate File URI
|
ProxyCertChain |
HTTPS proxy PEM formatted SSL/TLS certificate file retrieved using SCP.
|
HTTPS Proxy SSL/TLS Certificate File Passphrase
|
ProxyCertChainPwd |
Password of SCP user to retrieve proxy certificate chain.
|
Auto Enrollment Package Transfer
|
Enrollment Destination Host and Path**
|
EnrollmentURI |
SCP host and path to transfer the enrollment package using SCP (user@host:/path/to/file ).
|
Cisco Crosswork Data Gateway requires the Enrollment package to enroll with Crosswork Cloud. If you specify these parameters during the installation,
the enrollment package is automatically transferred to the local host once Cisco Crosswork Data Gateway boots up for the first time.
If you do not specify these parameters during installation, then export enrollment package manually by following the procedure
Export Enrollment Package.
|
Enrollment Passphrase**
|
EnrollmentPassphrase |
SCP user passphrase to transfer enrollment package.
|