Transcription
Secure Connect Gateway — Virtual EditionPre-Site Checklist—Centralized SolutionFebruary 2022Rev. A03
Notes, cautions, and warningsNOTE: A NOTE indicates important information that helps you make better use of your product.CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoidthe problem.WARNING: A WARNING indicates a potential for property damage, personal injury, or death. 2021 – 2022 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.Other trademarks may be trademarks of their respective owners.
ContentsChapter 1: Before you begin. 4Document purpose. 4Chapter 2: Best practices.5Chapter 3: Download Secure Connect Gateway. 6Chapter 4: Customer information. 7Chapter 5: Secure Connect Gateway configuration choices.8Secure Connect Gateway and Policy Manager details.8Proxy network and SMTP server details. 9Proxy network. 9SMTP server. 10Chapter 6: Set up the network. 11Chapter 7: Install Policy Manager for Secure Connect Gateway. 12Chapter 8: Am I ready to deploy Secure Connect Gateway?. 13Chapter 9: Deploy Secure Connect Gateway. 14Chapter 10: Configure Secure Connect Gateway. 15Chapter 11: Add devices to Secure Connect Gateway. 16Devices to be monitored using Secure Connect Gateway. 16Chapter 12: Final steps. 18Chapter 13: Notes and comments.19Contents3
1Before you beginSecure connect gateway — Virtual Edition is an appliance that can be deployed using this checklist and the supportingdocumentation. We strongly recommend the involvement of: The customer lead to define the devices that will be monitored using secure connect gateway The customer IP networking team to define how the devices will securely connect to the backend.If you are a customer, you can also request the Dell Field services team to deploy secure connect gateway and add the devicesat no additional cost. For steps to create a service request, click here.The following table describes the conventions that are used in this document:Table 1. Conventions used in the documentConventionDescriptionIndicates a step that can be performed by the customer, Dellpartner, or a Dell technical support agent.Indicates a step that can be performed only by the customer.Document purposeThis document helps you deploy secure connect gateway — virtual edition in your environment. It also helps you gather theinformation and make the decisions to ensure success with the guidance of your Dell technical support agent.In this document, the term local system refers to the secure connect gateway virtual appliance.4Before you begin
2Best practicesStep 1 – Planning Download the secure connect gateway deployment package and documentation. Plan and prepare to deploy secure connect gateway and its networking access to Dell. Plan the devices that must be monitored by secure connect gateway. You can also prepare the devices when you performStep 3. Complete the checklist details.Step 2 - Deployment Deploy secure connect gateway. Optionally, install Policy Manager for Secure Connect Gateway on a different server.Step 3 - Deploying Prepare the environment and network for your devices to connect to secure connect gateway.Register your deployed products with Dell Support.Add devices to secure connect gateway.Configure the remote support and alert delivery services.Best practices5
3Download Secure Connect GatewayRun security checks on the secure connect gateway deployment package in accordance with your security policy.The following table provides links to download secure connect gateway deployment package, documents, and Policy Managerfor Secure Connect Gateway application:Table 2. Related linksSoftware or documentLinksSecure connect gateway deployment packageGo to https://www.dell.com/SCG-VE Drivers &Downloads tab.Secure connect gateway documentationhttps://www.dell.com/SCG-VE-docs.Host and IP address information for Dell Global access andenterprise serverSee the network requirements section in the Support Matrixavailable at https://www.dell.com/SCG-VE-docs.Policy Manager for Secure Connect GatewayGo to https://www.dell.com/SCG-VE Drivers &Downloads tab.6Download Secure Connect Gateway
4Customer informationCustomer informationTable 3. Customer informationItemCompany namePrimary Manager Name for this projectPrimary contact phone number and email addressSecure connect gateway deployment service request number,if applicableRequested install datePS Project Number (optional)Site location (UCID, PartyID number, or SiteID number)informationThe site location information is also available at Company Administration.Table 4. Site location (UCID, PartyID number, or SiteID number ) informationFunctionNameSite location (UCID, PartyIDnumber, or SiteID number )LocationsPrimarySecondary (ifapplicable)Customer technical contactsTable 5. Customer technical contactsType *NameTitle/RolePhone numberEmail addressPrimaryTechnical* You can also enter the primary and technical contacts during secure connect gateway registration.Customer information7
5Secure Connect Gateway configurationchoicesSelect the required secure connect gateway configuration and note the number of virtual appliances that are required for theselected configuration.Some Dell devices have integrated (onboard) secure connect gateway solutions. For customers with fewer Dell devices thesemay be preferable.Table 6. Configuration choicesConfiguration choiceSingle secure connect gateway*, no Policy ManagerSingle secure connect gateway* and Standalone Policy ManagerDual secure connect gateway (High-Availability)**, no Policy ManagerDual secure connect gateway (High-Availability)**, and stand-alone Policy Manager* Do not place secure connect gateway or storage files on Dell devices that are managed by secure connect gateway.** Each HA secure connect gateway should run in separate virtual environments.Go to Company Administration to view the devices that are installed or pending installation. Choose andlist devices to be deployed in the Devices to be monitored using Secure Connect Gateway section.Some devices need an extra workstation with specific software to enable those products to sendalert data to Dell. Workstations are customer-provided. Switch management software is customer installable and may incur aseparate cost.Table 7. Device monitoring solutionDevice monitoring solutionSelect if mustbe installedSelect if it isalreadyinstalledSelect if it isnot requiredAdditional Connectrix Manager Workstation for Brocade SwitchMonitoringAdditional Fabric Manager Workstation for Cisco Switch MonitoringAdditional Collectors for CloudIQSecure Connect Gateway and Policy Manager detailsPlan the various resources required to deploy secure connect gateway. For more information about the minimum systemand network requirements, see the secure connect gateway — virtual edition User's Guide available at https://www.dell.com/SCG-VE-docs.8Secure Connect Gateway configuration choices
Secure Connect Gateway - Appliance 1Table 8. Appliance 1ItemItemName or IP addressVM or Hyper-VVMNEnable failover FTPS (Y/N)*NEnable failover Email (Y/N)*Policy Manager enabled? (Y/N)NPolicy Manager name or IP address* It is recommended to configure failover methods to send Call Home data from devices to the backend using FTPS when theconnectivity between the local system and the backend is lost.Secure Connect Gateway - Appliance 2 (HA partner of appliance 1)Table 9. Appliance 2ItemItemName or IP addressVM or Hyper-VHyper-VNEnable failover FTPS (Y/N)NEnable failover Email (Y/N)*Policy Manager enabled? (Y/N)NPolicy Manager name or IP addressPolicy ManagerTable 10. Policy ManagerItemItemName or IP addressDefault policy for Remote Support(allow/ask/refuse)refusePolicy Manager port numberPolicy Manager SSL (Y/N)NProxy network and SMTP server detailsProvide details of the supporting resources needed before deploying secure connect gateway.Proxy networkA proxy network can be used for the connectivity between the local system and the following:1. Internet2. Server on which Policy Manager is installedTable 11. Proxy networkProxy name or IPaddressProxy functions (1and or 2)Port numberProxy type (Auto,HTTP, or SOCKS)Username andpassword available (Yor N)NSecure Connect Gateway configuration choices9
Table 11. Proxy network (continued)Proxy name or IPaddressProxy functions (1and or 2)Port numberProxy type (Auto,HTTP, or SOCKS)Username andpassword available (Yor N)NSMTP serverProvide your SMTP server details to receive email notifications from secure connect gateway. For information about the emailmessages that are sent by secure connect gateway, see the secure connect gateway — virtual edition User's Guide available athttps://www.dell.com/SCG-VE-docs or click here.Table 12. SMTP server detailsSMTP server name or Email functionsIP addressSender emailSecure connectgateway to internalSecure connectgateway to external(Call Home failover optional)Policy Manager tointernal10Secure Connect Gateway configuration choicesNotification email to
6Set up the networkFor information about the minimum network requirements to deploy secure connect gateway and port requirements for thedevices, see the secure connect gateway — virtual edition Support Matrix available at https://www.dell.com/SCG-VE-docs.Table 13. Network preparationTaskPrepare Firewalls for Customer External Communication.Configure the external firewall rules to enable the local system to connect to the Global access andEnterprise servers on outbound ports 443 and 8443. For more information, see the secure connect gateway —virtual edition Support Matrix or User's Guide available at https://www.dell.com/SCG-VE-docs.To ensure communication integrity, proxy servers and devices outside your DMZ must not perform SSLchecking on outbound or inbound traffic for secure connect gateway. SSL checking causes connectivity lossto the backend. If SSL checking is performed on outbound communications by customer firewalls, proxies, webtraffic filtering appliances or applications, web traffic shaping/load balancing, certificate verification or proxying,or Intrusion Detection Services (IDS), there will be loss of connectivity to the backend.Prepare firewalls for secure connect gateway.Configure internal firewall rules to enable the local system to connect to the SMTP server to send notifications.Optionally, configure internal firewall rules to enable the Policy Manager to connect to the SMTP server to sendnotifications.Configure internal firewall rules to enable customer to connect to secure connect gateway on port 9443 for UIManagement and port 22 for CLI.Optionally, configure internal firewall rules to enable communication between secure connect gateway and thePolicy Manager on ports 8090 and/or 8443.Configure internal firewall rules to enable communication between secure connect gateway and the device asdefined in secure connect gateway — virtual edition Support Matrix available at https://www.dell.com/SCGVE-docs.NOTE: This step can be deferred until you Add devices to Secure Connect Gateway.Set up the network11
7Install Policy Manager for Secure ConnectGatewayFor information about installing Policy Manager, go to https://www.dell.com/SCG-VE-docs. To download Policy Manager, go tohttps://www.dell.com/SCG-VE Drivers & Downloads tab.Table 14. Install Policy Manager for Secure Connect GatewayTaskBuild Policy Manager server hardware or virtual machine with a compatible operating system.Download the latest version of Policy Manager for Secure Connect Gateway.Install Policy Manager for Secure Connect Gateway.12Install Policy Manager for Secure Connect Gateway
8Am I ready to deploy Secure ConnectGateway?For more information about the checks that must be performed, go to le 15. Preparation to deploy secure connect gatewayTaskCredential checkIf you are a customer, you must have a business account. For information about creating a business account,see the secure connect gateway — virtual edition User's Guide available at https://www.dell.com/SCG-VEdocs.If you are a Dell employee and a service enabled partner, you must have an active RSA Soft Fob.If you are a non-servicing partner, the customer must enter their credentials, or raise a Dell Service Requestwith details of the Site location (UCID, PartyID number, or SiteID number ) and devices to be deployed.Installer checkClick Manage Sites and search for the Site location (UCID, PartyID number, or SiteID number ). Click the Sitelocation (UCID, PartyID number, or SiteID number) and then Contacts. Select Web Support Enabled tofilter the list.If you are a customer, you must be listed as an authorized contact. If you are not listed, contactsupport@emc.com.If you are a partner, you must be listed as a support partner. If you are not listed, contactGSP SSC ESRS@emc.com.Site location (UCID, PartyID number, or SiteID number)CheckClick View Sites to view your Company Site location (UCID, PartyID number, or SiteID number ) and the devicesinstalled. You can deploy secure connect gateway only if the devices are supported by secure connect gateway.For the list of supported devices, see secure connect gateway — virtual edition Support Matrix available athttps://www.dell.com/SCG-VE-docs.If the devices are not supported, use a different Site location (UCID, PartyID number, or SiteID number ), orcontact Dell technical support.Am I ready to deploy Secure Connect Gateway?13
9Deploy Secure Connect GatewayTable 16. Deploy secure connect gatewayTaskDeploy secure connect gateway. For information about deploying secure connect gateway, see the secureconnect gateway — virtual edition User's Guide available at https://www.dell.com/SCG-VE-docs.NOTE: Create a root password at this step. Weaker passwords may be accepted but will not function in thenext step. It is recommended to have a complex root password. The password must have a minimum eightcharacters with at least one uppercase letter, one lowercase letter, one number, and one special character.The default keyboard in secure connect gateway is set to US-English.14Deploy Secure Connect Gateway
10Configure Secure Connect GatewayTo access the secure connect gateway user interface, go to https:// IP address or hostname of the localsystem :5700.Registering secure connect gateway ensures connectivity with the backend. For information about signing into secure connectgateway and registration, see the secure connect gateway — virtual edition User's Guide available at https://www.dell.com/SCG-VE-docs.Table 17. Configure Secure Connect GatewayTaskSign in to secure connect gateway. If you are unable to sign in, ensure if the keyboard layout is set toUS-English.Register secure connect gateway.If you are a customer and you are building a secure connect gateway High-Availability cluster, create a DellService Request and provide the secure connect gateway serial numbers, for example ELMDKZW7RJSWDN andSHTESTREDSRZJK. You can view the serial number in the About page on the secure connect gateway userinterface.If you are a partner or Dell employee, create the High-Availability cluster at https://connectivityhub.dell.com/.Configure Secure Connect Gateway15
11Add devices to Secure Connect GatewayAdd the devices using the table on the next page as a reference. Some devices must only be added to secure connect gatewayfrom the device user interface using the RESTful protocol. For more information, see the device configuration documentation.For information about the devices that must be added using the RESTful protocol, see the secure connect gateway — virtualedition User's Guide available at https://www.dell.com/SCG-VE-docs.Table 18. Add devices to secure connect gatewayTaskPrepare the environment and network for your devices to connect to secure connect gateway. For informationabout the network requirements, see the secure connect gateway — virtual edition User's Guide available athttps://www.dell.com/SCG-VE-docs.Add the devices to secure connect gateway. For information about adding devices, see the secure connectgateway — virtual edition User's Guide available at https://www.dell.com/SCG-VE-docs.Register each device with Dell: If you are a Dell employee, use AEON. If you are a partner, click here. If you are a customer, create a Dell service request.For each serial number, include the product login and password to be used by Dell for remote support, and ifremote support and alert delivery settings are enabled (default).If you are a Dell employee or a partner, verify if remote support to the devices is successful.Perform the following steps to verify that the remote alert from the device to the backend is successful:1. Trigger a test alert from the device. For steps to trigger the session, see the product documentation.2. If you are a Dell employee, use CLM to check if the test alert was received in the backend.3. If you are partner or a customer, use port/serialnumber/ My serial number /overview to check if the test alert was received inthe backend.NOTE: Though, the alert is processed immediately by Dell technical support, it may take approximately fourhours to appear in the reporting systems mentioned above. You can also check the status on the device userinterface or in the Alert Delivery and File Transfer audit pages in secure connect gateway user interface.If the alert information is not displayed, create a service request.Devices to be monitored using Secure ConnectGatewayTable 19. DevicesDevice type16SerialnumberSite location(UCID,PartyIDnumber, orSiteIDnumber )ConfigureRemotesupportAdd devices to Secure Connect GatewayConfigureAlertDevice IPaddressDevice portsopen innetworkDeviceaddition andconnectivitycheck date
Table 19. Devices (continued)Device typeSerialnumberSite location(UCID,PartyIDnumber, orSiteIDnumber )ConfigureRemotesupportConfigureAlertDevice IPaddressDevice portsopen innetworkDeviceaddition andconnectivitycheck dateAdd devices to Secure Connect Gateway17
12Final stepsCheck the secure connect gateway user interface for any updates and install the updates.Table 20. Final stepsTaskIf you are using the Policy Manager for Secure Connect Gateway, to ensure that the Windows Task Scheduler isrunning and unrestricted, so that Policy Manager backups can occur.18Final steps
13Notes and commentsTable 21. Notes and commentsTaskNotes and comments19
Dual secure connect gateway (High-Availability)**, no Policy Manager Dual secure connect gateway (High-Availability)**, and stand-alone Policy Manager * Do not place secure connect gateway or storage files on Dell devices that are managed by secure connect gateway. ** Each HA secure connect gateway should run in separate virtual environments.
