Connect Cloud Account
The first step is to onboard a set of one or more coud accounts. This allows the Multicloud Defense Controller to interact with each account by discovering inventory, enabling traffic and logs, orchestrating security deployment, and creating and managing policy.
Use the following procedures to connect you cloud service provider account to Multicloud Defense Controller.
Connect AWS Account
Use the following procedure to connect to an AWS subscription through Multicloud Defense's easy setup wizard.
Before you begin
-
You must have an active Amazon Web Services (AWS) account.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
![]() Note |
Multicloud Defense Controller version 23.10 defaults to IMDSv2 in the AWS EC2 instance when using Multicloud Defense Gateway version 23.04 or newer. For more information about the difference beween IMDSv1 and IMDSv2, see AWS documentation. |
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the AWS icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. The account is onboarded to the Multicloud Defense Controller. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect Azure Account
Use the following procedure to connect to an Azure subscription through Multicloud Defense Controller's easy setup wizard:
Before you begin
-
You must have an active Azure subscription.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the Azure icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect Google Cloud Platform Account
Use the following procedure to use the Multicloud Defense Controller's easy setup wizard to onboard a GCP project as an account:
Before you begin
-
You must have an active Google Cloud Platform (GCP) project.
-
You must have the necessary permissions to create VPCs, subnets, and a service account withint your GCP project. See GCP doucmentation for more information.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the GCP icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.
Connect to an OCI Account
Read through the following procedures and prepare your OCI account before you connect it to Multicloud Defense.
Prepare Your OCI Account
This procedure automates the connection between Multicloud Defense and your OCI account; it also directs you to create a policy with the correct permissions. Without all of the permissions listed as part of the procedure, some features are unavailable.
Execute the following procedure to connect to an Oracle Cloud (OCI) account with Multicloud Defense's setup wizard:
Procedure
Step 1 |
Log into your OCI tenant. |
Step 2 |
Navigate to . |
Step 3 |
Click Create Group. |
Step 4 |
Enter the following:
|
Step 5 |
Click Create. |
Step 6 |
Create a Network Firewall Policy in OCI. See OCI documentation for information but include the following information when creating the policy;
|
Step 7 |
Create a User in OCI. See OCI documentation for more information, but provide the following configuration information when creating a user:
|
Step 8 |
Create an API Key. See OCI documentation for more information. Be sure to download both the private key and the public key before you add the API Key. |
Step 9 |
Accept the Terms and Conditions for an OCI account. See OCI documentation for more information, and be sure to access the Change image section of the UI to add the following "community image" information specific to Multicloud Defense: |
Connect Oracle Account
Use the following procedure to connect to an OCI account through Multicloud Defense Controller's easy setup wizard:
Before you begin
-
You must have an existing Oracle Cloud (OCI) account.
-
You must have the prerequisites for you OCI account completed prior to onboarding. See Prepare Your OCI Account for more information.
-
You must have an Admin or Super Admin user role in your CDO tenant.
-
You must have Multicloud Defense enabled for your CDO tenant.
Procedure
Step 1 |
In the CDO dashboard, click the Multicloud Defense tab located in the left naviation pane. |
Step 2 |
Click Multicloud Defense Controller located in the upper right window. |
Step 3 |
From the Multicloud Defense Controller dashboard, click Setup located to the left of the window. |
Step 4 |
Select Connect Account. |
Step 5 |
Select the OCI icon. |
Step 6 |
Enter the following information in the modal:
|
Step 7 |
Click Next. |
What to do next
Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.