When Elisity provisions Cloud Control Center for a new customer all the infrastructure, security, and high availability are already set up.
Quick Links:
Cloud Control Center Access and User Management
Cloud Control Center Security Settings
Support Alerting Configuration
Microsoft Active Directory Integration
However, there are some customer-specific configurations that should be made to ensure all Elisity features, and functionalities are fully operational. All deprecated Cloud Control Center settings are omitted from this guide.
NOTE:
Elisity selects the latest stable version of Cloud Control Center for new deployments. If a different version of Cloud Control Center is required, please contact Elisity support.
TIP:
For the best user experience, Elisity recommends using Google Chrome as your web browser when accessing Cloud Control Center.
1. Cloud Control Center Access and User Management
Login with the user credentials provided to you by your Elisity representative and Cloud Control Center will force a password change.
(Click to enlarge)
After logging in, navigate to the Administration section of Cloud Control Center and select User Management. Here you can add new Cloud Control Center users to the local login database.
(Click to enlarge)
Select Add User to create a new user. A user can have one of two roles: Tenant Admin and Tenant User. The Tenant Admin role has read and write privileges while the Tenant User role has read-only privileges.
(Click to enlarge)
Note that you can also enable Single Sign On (SSO) using your provider of choice. Click here for integration guides.
2. Cloud Control Center Security Settings
First review the Cloud Control Center security settings located at Administration > Settings > Security > Settings.
(Click to enlarge)
The first setting that can be toggled on or off is Explicit Trust. When this setting is enabled, all access by users, devices, and applications is denied by default until a policy explicitly allows it (default deny rule). This mode is typically enabled during a greenfield deployment.
When this setting is disabled, all access is allowed by default until a policy explicitly denies it (default allow rule). Explicit Trust is typically disabled for brownfield deployments, and it's disabled by default on new deployments.
(Click to enlarge)
The next setting is called "Global Policy Push." When this is enabled, IP/Group mappings are distributed to every policy enforcement node onboarded with Elisity. When the setting is disabled (default), IP/Group mappings and Policy Objects are dynamically distributed to only the appropriate switches. High-scale environments concerned with network and switch limitations may choose to refrain from Global Policy Object distribution.
3. Support Alerting Configuration
This setting will configure Cloud Control Center to send email alerts for major events such as an Elisity Edge policy enforcement node losing connection to Cloud Control Center. Multiple individuals can be configured to receive these alerts.
(Click to enlarge)
Here is an example of an alert sent via Cloud Control Center after this feature was configured.
(Click to enlarge)
4. Elisity Edge Configuration
Before an Elisity Virtual Edge can join the Elisity fabric, the Elisity Edge Subnet must be configured. This configuration tells Cloud Control Center what Elisity Edge IP Identifier range to use when issuing internal management IPs for newly registered Virtual Edges. Any IP range can be used but it is recommended to use one that is private or owned by the enterprise. You can also enter the default switch admin username and password if you have a standardized login credential you will use for your Elisity deployment. Note that this setting can be overwritten per switch.
(Click to enlarge)
5. Logo Configuration
The last configuration option on the Cloud Control Center administration page is the Cloud Control Center logo. This logo appears on the top left of the Cloud Control Center user interface and allows a user to customize the Cloud Control Center UI with an organization-specific logo.
(Click to enlarge)
6. Microsoft Active Directory Integration
To integrate Cloud Control Center with Microsoft Active Directory, please follow the instructions here.
7. Claroty Integration
To integrate Cloud Control Center with Claroty, please follow the instructions here.
8. Medigate Integration
To integrate Cloud Control Center with Medigate, please follow the instructions here.
9. ServiceNow CMDB Integration
To integrate Cloud Control Center with ServiceNow CMDB, please follow the instructions here.