1. Help Center
  2. Getting Started

How to setup Elisity Cloud Control Center

When Elisity provisions Cloud Control Center for a new customer all the infrastructure, security, and high availability are already set up.

However, there are some customer-specific configurations that should be made to ensure all Elisity features, and functionalities are fully operational.

NOTE: Elisity selects the latest stable version of Cloud Control Center for new deployments. If a different version of Cloud Control Center is required, please contact Elisity support.

1. Cloud Control Center Access and User Management

New customers will receive an onboarding email from support@elisity.com with a username and one-time password.

(Click to enlarge)

Login with these details and Cloud Control Center will force a password change.

(Click to enlarge)

After logging in, navigate to the Administration section of Cloud Control Center and select Cloud Center Admin. Here you can add new Cloud Control Center users to the local login database.

(Click to enlarge)

Select Add User to create a new user. A user can have one of two roles: Tenant Admin and Tenant User. The Tenant Admin role has read and write privileges while the Tenant User role has read-only privileges.

(Click to enlarge)

2. Cloud Control Center Security Settings

First review the Cloud Control Center security settings located at Administration > Settings > Security.

(Click to enlarge)

The first setting that can be toggled on or off is Explicit Trust. When this setting is enabled, all access by users, devices, and applications is denied by default until a policy explicitly allows it (default deny rule). This mode is typically enabled during a greenfield deployment. This mode is enabled by default pre 9.0.1 code.

When this setting is disabled, all access is allowed by default until a policy explicitly denies it (default allow rule). This mode is typically enabled during a greenfield deployment. This mode is disabled by default in 9.0.1 code and beyond.

(Click to enlarge)

The second security setting that can be toggled on or off is Encryption. When this setting is enabled, data sent from users, applications, and devices is encrypted. To avoid double encryption, only data that is detected to be in clear text is encrypted. When this setting is disabled, clear text data is not encrypted. This is only relevant if Elisity data plane tunnels are being leveraged to transport traffic. This setting is enabled by default.

(Click to enlarge)

The last security setting that can be toggled on or off is Inspect Internet Traffic. When this setting is enabled, internet-bound data from users, devices, and applications is inspected and access policies for Internet and SaaS applications can be applied. When this setting is disabled, policies for Internet-bound and SaaS application access cannot be applied. This feature is only relevant to users connecting to the network via Elisity Connect Client. This feature is enabled by default.

 

(Click to enlarge)

3. Cloud Control Center Elisity Access Service Configuration

This setting controls the backend IP schema for Elisity Access Service in the cloud. This setting is configured by default with no additional configuration required. However, if an IP conflict between the customer network and the Elisity backend network exists, a different subnet can be configured. This is a major change and requires a customer outage window since EAS goes down during reconfiguration and Elisity Edges need to be re-added to the network.  

 

(Click to enlarge)

4. Cloud Control Center EDR Configuration

This setting allows Cloud Control Center to monitor EDR status on a client endpoint. EDR status (not installed, enabled, disabled) can be leveraged as match criteria in Elisity Policy. To enable this functionality on a per OS basis, select the EDR solution in the left window and select the right-pointing arrow to move it to the right window. This feature is disabled by default.

(Click to enlarge)

NOTE: Once this feature is enabled, Cloud Control Center will signal to the Elisity Connect client to monitor the EDR status and report it back to Cloud Control Center. No action is taken unless a policy is configured to match on the status of EDR.

5. Cloud Control Center Elisity Connect Configuration

This setting is required for Elisity Connect to operate correctly. This setting configures the private IP address range for Elisity Connect endpoints. For example, if a user connects to the network via Elisity Connect, their endpoint will receive a tunnel IP address in this range. This subnet needs to be an internal subnet, unique and reachable, and large enough for the end-state user count. Optionally, an internal DNS server IP can be set if desired.

(Click to enlarge)

6. Cloud Control Center Technical Support Configuration

This setting will configure Cloud Control Center to send email alerts for major events such as an Elisity Edge down event. Multiple individuals can be configured to receive these alerts.

 

(Click to enlarge)

Here is an example of an alert sent via Cloud Control Center after this feature was configured.

 

(Click to enlarge)

7. Cloud Control Center Elisity Edge Configuration

Before an Elisity Edge can join the Elisity fabric, the Elisity Edge Subnet must be configured. This configuration tells Cloud Control Center what Elisity Edge IP Identifier range to use when issuing IPs for newly registered Elisity Edges. Any IP range can be used but it is recommended to use one that is private or owned by the enterprise.

(Click to enlarge)

8. Cloud Control Center Logo Configuration

The last configuration option on the Cloud Control Center administration page is the Cloud Control Center logo. This logo appears on the top left of the Cloud Control Center user interface and allows a user to customize the Cloud Control Center UI with an organization-specific logo.

(Click to enlarge)

9. Cloud Control Center Microsoft Active Directory Integration

To integrate Cloud Control Center with Microsoft Active Directory, please follow the instructions here.

10. Cloud Control Center Azure Active Directory Integration as an IDP

To integrate Cloud Control Center with Azure Active Directory as an IDP, please follow the instructions here.

11. Cloud Control Center Okta IDP Integration

To integrate Cloud Control Center with Okta as an IDP, please follow the instructions here.

12. Cloud Control Center Claroty Integration

To integrate Cloud Control Center with Claroty, please follow the instructions here.