Basic Center configuration
This step will allow you to configure the Center network settings before using it with the user interface.
Required information:
-
Local NTP and DNS IP addresses.
-
The Collection interface network address (n/a for a Global Center or a Center using a single interface).
In the case of manual Administration network interface configuration:
-
Its IP address.
-
Its netmask (in a two-number format, e.g. 192.168.1.0/24).
-
Its default gateway (to reach devices located outside the local network).
Access the basic Center configuration
The Center wizard is displayed on your screen as you power on the Center. Enter Start to start configuring the Center.
Accept the End User License Agreement
Select the language to match your keyboard
Note |
By default, the system is configured to work with a US QWERTY keyboard. |
Select the Center type
During this procedure you will choose which type of Center to install. There are three types of Centers:
-
A Center receives metadata from sensors and store them into an internal database (Postrgresql). This Center (could be standalone or with synchronization with Global Center), is similar to a standalone Center from a functionality point of view, except for the link to a Global Center. You must install Centers with sync after the Global Center. This will enable your system to start enrollment and start push events to it.
-
A Global Center introduces a centralized architecture which collects all industrial insights and events from Centers with Global Center and aggregates it on a single global point of view. It will also allow you to manage the knowledge database (KDB) and upgrade the whole platform.
Select the type of Center you want to install.
Center
If installing a Center, select the first option.
Then you will have the opportunity to set the Center id. It can be used in case of Center restoration to reuse the same id previously set in the Global Center. Thus, some data can be retrieved.
If you're installing the Center for the first time, this id will be automatically generated. Select No. You will be directed to the next step.
If you're reinstalling the Center and want to restore it, select Yes.
Use the following command from the Global Center's CLI to get a list of all Center's id:
sbs-db exec "select name, id from center"
Type the id into the basic Center configuration UUID field.
Click OK. You will be direct to the next step.
Global Center
If installing a Global Center, select the second option.
As this step does not apply to a Global Center, select No.
You will be directed to the next step.
Configure the Center's Administration Network Interface
The Center uses a dedicated sub-network on the Administration interface. It is possible to change it if the default one doesn't fit the environment on which the Center will be connected.
The Administration network interface configuration can be done either:
-
Using a DHCP server, if there is one available on the network.
In this case, enter OK. Settings will be adjusted automatically, and you will be directed to the next step.
-
Manually:
Enter the Administration network interface's IP address, netmask (in a two-number format), and gateway.
Set interfaces (dual or single)
This step is not applicable to a Global Center. Select No.
Concerning a Center, it is possible to:
-
Set the Administration and Collection Network Interfaces on two distinct interfaces (recommended for security). In this case, select Yes.
-
Use a single interface. In this case, select No.
If you choose to set a dual interfaces, you will be directed to the following screens in the Configure the Center's Collection network interface subsection.
Configure the Center's DNS
Type a DNS server address and optional fallbacks.
Synchronize the Center and the sensors to NTP servers
Enter IP addresses of local or remote NTP servers (gateway configuration needed) to synchronize the Center and the sensors with a clock reference. Each address must be separated by a space.
Optionally, add a key ID and an AES A28 CMAC key value separated by a semicolon with the corresponding NTP server.
The synchronization takes a few seconds.
Check that the time is correct, or set the time manually.
Note |
The time is set in the UTC standard. |
Give the Center a name
Note |
This name will be used in the Center certificate. |
Enter the Center name provided by your administrator or type 'Default' which is a secure value.
Note |
This name must match the DNS name you will use to access the Center through SSH or a browser. |
Set the Center's password
The administrator account (cv-admin) password of the Center must be set for security reasons. It is hidden for confidentiality reasons.
Confirm the password.
Configure the Center's Collection network interface
Erase the network address suggested into the field to disable the DHCP server and enter OK to proceed to the next step.
Type the IP address of the Industrial network interface:
Configure the sensors' password
As this step does not apply when installing a Global Center, the following screens won't be displayed. Instead, you'll be directed to Authorize networks.
Although, if you're installing a Center, proceed as below.
The sensors' root password must be set for security reasons.
This password will be assigned once you will have enrolled the sensors on the Center. You will need this password for troubleshooting, diagnostics, and updates.
Confirm the password.
Authorize networks
This step allows you to restrict IP addresses that can connect to the Administration interface. If no IP is entered, all networks are authorized by default.
Complete the basic Center configuration
Next is the last screen of the basic Center configuration. It reminds you the addresses set to be used to download the CA certificate and access Cisco Cyber Vision. Save these addresses somewhere, you will need them later to access the user interface.
Enter OK to finish the basic Center configuration.
Note |
A major change regarding the Center command line (CLI) access through serial console or SSH was made in Cisco Cyber Vision version 4.1.0. The user root is no more usable to establish the connection. A new user called ‘cv-admin’ must be used. This user has limited rights and many CLI commands will require permission elevation:
|
Close the Center configuration window before proceeding with the next steps of Cisco Cyber Vision configuration.
To proceed with the Cisco Cyber Vision configuration, open your browser and go to the URL previously indicated to access the user interface.
Note |
Each Cisco Cyber Vision Center includes its own PKI (Public Key Infrastructure), with a CA (Certification Authority), that will be used to establish the TLS connection with the sensors and to clients. The CA must be installed on each client browser (see the following chapters). |