CBA: Provision a Cloud Gateway

Document created by RSA Information Design and Development on Mar 15, 2018Last modified by RSA Information Design and Development on Sep 11, 2018
Version 4Show Document
  • View in full screen mode

RSA Cloud Gateway Server services must be provisioned before using them for Cloud Behavioral Analytics. This is a one-time procedure per gateway service.

You can install the Cloud Gateway service on any NetWitness Platform host. RSA recommends using a dedicated host that you provision for your Cloud Gateway, but it is not required. The following list shows the preferred locations for the Cloud Gateway in order of preference:

  • Provision your own dedicated host
  • ESA Host
  • NetWitness Server Host

Follow these instructions to install a Cloud Gateway and create a Certificate Signing Request (CSR) for the Cloud Gateway. You must provide the CSR and the Gateway ID to the RSA Cloud Administrator. The RSA Cloud Administrator will provide you with a signed certificate to install in your Cloud Gateway service.

  1. To install the Cloud Gateway, log in to NetWitness Platform and go to ADMIN > Hosts.
  2. In the Hosts view, select the NetWitness host where you want to install the Cloud Gateway Server service and click Install.
    Admin Hosts view showing the Install icon
  3. In the Install Services dialog, in the Host Type field, select Cloud Gateway.
    Install Services dialog with Cloud Gateway selected
  4. Click Install to install the Cloud Gateway Server on the selected host.
  5. To verify the installation, in the Hosts view, click the box in the Services column of the selected host.
    Host view showing Cloud Gateway Server in the Services drop-down list
    You should see the Cloud Gateway Server service in the services list for that host.
  6. Click the Cloud Gateway Server service in the list to go to the Services view (ADMIN > Services).
  7. To get the CSR for the gateway:
    1. In the Services view, select the Cloud Gateway Server service and then select actions icon > View > Config.
      In the Services Config view, the Gateway ID is listed.
      Gateway Server Config View before signed certificate is uploaded
    2. Click Export Certificate Signing Request.
      The service creates and downloads the CSR file for you.

    Caution: Do not generate multiple Certificate Signing Requests. The signed certificate file received in step 8 must match the CSR generated in this step. If there is a mismatch, the uploading of the signed certificate file fails.

  8. Send the CSR file and Gateway ID to the RSA Cloud Administrator, who will provide you with a signed certificate file.
  9. Caution: Do not rename the Gateway CSR file. The name of the file must be the Gateway ID.

  10. Copy the signed certificate file to the NetWitness Platform host where the Cloud Gateway Server service is installed.
  11. To install the signed certificate in your Cloud Gateway Server service:
    1. In the Services Config view, click Upload Signed Certificate.
    2. In the Upload Signed Certificate dialog, select your signed certificate and click Upload.
      Upload Signed Certificate dialog
      The following figure shows the results of setting the signed certificate on the Cloud Gateway.
      Gateway Server Config View showing Certificate Information
      After a signed certificate file is properly uploaded to the Cloud Gateway, the Self-Signed field shows as false, which indicates that the installed certificate is now properly signed by Netwitness-CBA.


You are here
Table of Contents > Provision a Cloud Gateway