Connect Cloud Account
The first step is to onboard a set of one or more coud accounts. This allows the Multicloud Defense Controller to interact with each account by discovering inventory, enabling traffic and logs, orchestrating security deployment, and creating and managing policy.
Use the following procedures to connect you cloud service provider account to Multicloud Defense Controller.
Connect AWS Account
Use the following procedure to connect to an AWS subscription through Multicloud Defense's easy setup wizard.
Before you begin
-
You must have an active Amazon Web Services (AWS) account.
-
You must have an Admin or Super Admin user role in your Security Cloud Control tenant.
-
You must have Multicloud Defense enabled for your Security Cloud Control tenant.
Note |
Multicloud Defense Controller version 23.10 defaults to IMDSv2 in the AWS EC2 instance when using Multicloud Defense Gateway version 23.04 or newer. For more information about the difference beween IMDSv1 and IMDSv2, see AWS documentation. |
Procedure
Step 1 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 2 |
Select Connect Account. |
Step 3 |
Select the AWS icon. |
Step 4 |
Enter the following information in the modal:
|
Step 5 |
Click Next. The account is onboarded to the Multicloud Defense Controller. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect Azure Account
Use the following procedure to connect to an Azure subscription through Multicloud Defense Controller's easy setup wizard:
Before you begin
-
You must have an active Azure subscription.
-
You must have an Admin or Super Admin user role in your Security Cloud Control tenant.
-
You must have Multicloud Defense enabled for your Security Cloud Control tenant.
Procedure
Step 1 |
In the Security Cloud Control dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the Azure icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect Google Cloud Platform Account
Use the following procedure to use the Multicloud Defense Controller's easy setup wizard to onboard a singular GCP project as an account:
Before you begin
-
You must have an active Google Cloud Platform (GCP) project.
-
You must have the necessary permissions to create VPCs, subnets, and a service account withint your GCP project. See GCP doucmentation for more information.
-
You must have an Admin or Super Admin user role in your Security Cloud Control tenant.
-
You must have Multicloud Defense enabled for your Security Cloud Control tenant.
Procedure
Step 1 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 2 |
Select Connect Account. |
Step 3 |
Select the GCP icon. |
Step 4 |
Click the Cloud Platform Cloud Shell to launch the Cloud Shell. Alternatively, log into your GCP account and launch the Cloud Shell from the project you want to connect to Multicloud Defense; note that the script automatically modifies the project name to the name of the project you launch the cloud shell from.
Note that if the GCP project you are connecting to Multicloud Defense has been previously onboarded, you may get an error about the GCP could storage bucket already existing. If that is not amenable, create a new storage bucket in your GCP account to handle the flow logs on this project afer it is connected to Multicloud Defense. |
Step 5 |
Enter the following information in the setup modal:
|
Step 6 |
Click Next. |
What to do next
GCP does not automatically include the regions your project is confugred for. After your project is connected to Multicloud Defense we strongly recommend going to to manually modify and add any and all appropriate regions.
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect to an OCI Account
Read through the following procedures and prepare your OCI account before you connect it to Multicloud Defense.
Prepare Your OCI Account
This procedure automates the connection between Multicloud Defense and your OCI account; it also directs you to create a policy with the correct permissions. Without all of the permissions listed as part of the procedure, some features are unavailable.
Execute the following procedure to connect to an Oracle Cloud (OCI) account with Multicloud Defense's setup wizard:
Procedure
Step 1 |
Log into your OCI tenant. |
Step 2 |
Navigate to . |
Step 3 |
Click Create Group. |
Step 4 |
Enter the following:
|
Step 5 |
Click Create. |
Step 6 |
Create a Network Firewall Policy in OCI. See OCI documentation for information but include the following information when creating the policy;
|
Step 7 |
Create a User in OCI. See OCI documentation for more information, but provide the following configuration information when creating a user:
|
Step 8 |
Create an API Key. See OCI documentation for more information. Be sure to download both the private key and the public key before you add the API Key. |
Step 9 |
Accept the Terms and Conditions for an OCI account. See OCI documentation for more information, and be sure to access the Change image section of the UI to add the following "community image" information specific to Multicloud Defense: |
Connect Oracle Account
Use the following procedure to connect to an OCI account through Multicloud Defense Controller's easy setup wizard:
Before you begin
-
You must have an existing Oracle Cloud (OCI) account.
-
You must have the prerequisites for you OCI account completed prior to onboarding. See Prepare Your OCI Account for more information.
-
You must have an Admin or Super Admin user role in your Security Cloud Control tenant.
-
You must have Multicloud Defense enabled for your Security Cloud Control tenant.
Procedure
Step 1 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 2 |
Select Connect Account. |
Step 3 |
Select the OCI icon. |
Step 4 |
Click Oracle Cloud Shell to launch the native shell prompt. |
Step 5 |
Copy the command provided in the Multicloud Defense Setup wizard and paste it into your cloud shell. Execute the command. This command automates the process of creating an IAM policy, OCI group, and an OCI user that facilitate the communication between your OCI account and the Multicloud Defense. |
Step 6 |
Enter the following information in the setup modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.