Remove a Cloud Service Provider From Multicloud Defense

Use the following procedures to terminate comunications and permissions between Multicloud Defense and your cloud service provider. This action includes removing any gateways or Vnets that have been created within the Multicloud Defense Controller as well as any roles or perissions you have set up within you cloud service provider. You must perform all of the steps for a complete cleanup of every Multicloud Defense instance.

Note that some of these procedures do not occur in the Multicloud Defense Controller and that you may need access to the cloud service provider's dashboard to execute these procedures.

Delete a GCP Project From Multicloud Defense

Use the following procedure to delete a GCP account from the Multicloud Defense Controller and remove all instances of Multicloud Defense from your GCP project. You must delete any subnets, VNets, or gateways created in the Multicloud Defense Controller prior to deleting Multicloud Defense from your account.


Note


This procedure requires you to remove orchestration preparation from both the Multicloud Defense UI and the GCP dashboard.


Procedure


Step 1

Delete any curent gateways or VNets from Multicloud Defense:

  1. In the Multicloud Defense Controller, navigate to Infrastructure > Gateways > Gateways.

  2. Select the gateway associated with the account so its checkbox is checked.

  3. Expand the Actions drop-down menu and select Delete.

  4. Confirm the deletion.

  5. In the Multicloud Defense Controller, navigate to Infrastructure > Gateways > VPCs/VNets.

  6. Select the VPCs associated with the account so the checkbox is checked.

  7. Expand the Actions drop-down menu and select Delete.

  8. Confirm the deletion.

    Note

     

    You do not have to delete any affiliated subnets after you delete the VPC and gateway.

Step 2

Delete the GCP project from Multicloud Defense Controller.

  1. In the Multicloud Defense Controller, navigate to Systems and Accounts > Account > CSP Accounts.

  2. Select the Azure account so the checkbox is checked.

  3. Expand the Actions drop-down menu and select Delete.

  4. Confirm the deletion.

Step 3

Delete the Multicloud Defense Controller service account from GCP.

  1. Log into the GCP dashboard.

  2. Open IAM in your GCP project.

  3. In the navigation pane to the left, click Service Accounts.

  4. Select the project associated with the Multicloud Defense.

  5. Under the View by Principals tab, search for the ciscomcd-controller.

  6. Click the row's checkbox is checked and then click Delete.

Step 4

Delete the Multicloud Defense firewall service account from GCP.

  1. Log into the GCP dashboard.

  2. Open IAM in your GCP project.

  3. In the navigation pane to the left, click Service Accounts.

  4. Select the project associated with the Multicloud Defense.

  5. Under the View by Principals tab, search for the ciscomcd-gateway.

  6. Click the row's checkbox is checked and then click Delete.


Delete an AWS Account From Multicloud Defense

Use the following procedure to completely remove an AWS account from your Multicloud Defense.

After you delete the AWS account, it may take up to 24 hours for the cloud service provider to clean up all objects within the S3 bucket that is associated with your account.

Procedure


Step 1

Log into Security Cloud Control and launch the Multicloud Defense Controller.

Step 2

Navigate the top menu bar to Infrastructure > Gateways > Gateways.

Step 3

Locate the gateway associated with your account and select the checkbox, then click the Actions drop-down menu.

Step 4

Select Disable. This action automatically removes all virutal machines associated with the account.

Step 5

Make sure the gateway's checkbox is still selected and click the Actions drop-down menu again.

Step 6

Select Delete. This action removes the load balancers associated with the AWS account.

Step 7

Navigate to Systems and Accounts > Account > CSP Accounts.

Step 8

Locate the AWS account in the list and select it so the checkbox is check.

Step 9

Click the Actions drop-down menu and select Delete.

Step 10

Confirm you want to delete the account.


Delete an Azure Account From Multicloud Defense

Use the following procedure to remove any and all instances of the Azure account from Multicloud Defense:

Before you begin

You must delete any subnets and VNets created in the Multicloud Defense Controller prior to deleting Multicloud Defense from your Azure account.


Note


This procedure requires you to remove orchestration preparation from both the Multicloud Defense UI and the GCP dashboard.


Procedure


Step 1

Log into Security Cloud Control and launch the Multicloud Defense Controller.

Step 2

If you did not create a user-assigned Managed Identity for the key vault, continue to step 4. If you did create a key for the Azure account, do the following:

  1. Navigate to Policies > Security Policies > Certificates.

  2. Select the certificate associated with the account and then open the Actions drop-down menu.

  3. Select Delete and confirm the deletion of the certificate for the key vault.

Step 3

In the Multicloud Defense Controller, delete any gateways or VNets associated with the account.

  1. Navigate to Infrastructure > Gateways > Gateways to delete any gateways previously created.

  2. Select the gateway associated with the account so its checkbox is checked.

  3. Expand the Actions drop-down menu and select Delete.

  4. Confirm the deletion.

  5. In the Multicloud Defense Controller, navigate to Infrastructure > Gateways > VPCs/VNets to delete any VNets previously created.

  6. Select the VNet associated with the account so the checkbox is checked.

  7. Expand the Actions drop-down menu and select Delete.

  8. Confirm the deletion.

  9. In the Multicloud Defense Controller, navigate to Systems and Accounts > Account > CSP Accounts.

  10. Select the Azure account so the checkbox is checked.

  11. Expand the Actions drop-down menu and select Delete.

  12. Confirm the deletion.

Step 4

Delete the Multicloud Defense Controller role in Azure.

  1. Log into the Azure portal.

  2. Navigate to App Registrations.

  3. Select the Owned Appications tab.

  4. Select the ciscomcd-controller-app application.

  5. Once selected, click Delete at the top of the window.

  6. Confirm the deletion.

  7. Navigate to, or search for, Subscriptions and click Access Control (IAM).

  8. Select the Roles tab at the top of the window.

  9. Search for ciscomcd-controller-role-rw and select it so the chekcbox is checked.

  10. Click Remove at the top of the window.


Delete an OCI Account From Multicloud Defense

Use the following procedure to remove an OCI cloud environment from Multicloud Defense:

Procedure


Step 1

Log into the OCI console.

Step 2

Delete the API key. See the "Deleting API Signing Keys from a Roving Edge Infrastructure Device" chapter in the Oracle Cloud Infastructure Documentation for more information.

Step 3

Delete Multicloud Defense Users. See the "Deleting a User" chapter in the Oracle Cloud Infastructure Documentation for more information.

Note

 

When you remove the user from the OCI account, this does not delete the audit data of the user from when it was valid.

Step 4

Delete the Multicloud Defense Group. See the "Deleting Groups" chapter in the Oracle Cloud Infastructure Documentation for more information.

Step 5

Delete any and all Multicloud Defense access policies. See the "Deleting an Access Policy" chapter in the Oracle Cloud Infastructure Documentation for more information.

Step 6

Delete the OCI account from Multicloud Defense Controller. .

  1. In the Multicloud Defense Controller, navigate to Systems and Accounts > Account > CSP Accounts.

  2. Select the OCI account so the checkbox is checked.

  3. Expand the Actions drop-down menu and select Delete.

  4. Confirm the deletion.