You can configure the Carbon Black Cloud Workload appliance to connect to the Carbon Black Cloud with VMware Cloud Services Platform (CSP) identity integration.

Prerequisites

  • Verify that the Carbon Black Cloud Workload appliance VM is powered-on.
  • Retrieve the appliance IP address by logging in to the vCenter Server and opening the VM console.
  • Log in to the VMware Cloud Services console as an organization owner and create an OAuth app to receive client credentials in the form of a client ID, and client secret key. For more details, see Authenticating Your Appliance with OAuth 2.0

Procedure

  1. From your browser, log in to the Carbon Black Cloud Workload appliance at https://<appliance IP address> using the admin credentials.
  2. Go to the Appliance > Registration page.
  3. In the Carbon Black Cloud section, click Edit.
  4. Select a cloud services environment from the CB Cloud Environment drop-down menu.
    The CSP registration page displays. Showing appliance registration in CSP environment.
  5. Populate the fields required for registering your appliance.
    1. Enter a unique name for the appliance in your Carbon Black Cloud organization.
      Important: The appliance name must be UNIQUE for your Carbon Black Cloud organization. One Appliance name is associated with one Carbon Black Cloud organization. You cannot use the same appliance name with a different set of API keys or use a different appliance name for the same set of API keys.
    2. To populate the client ID and client secret fields, generate them from the VMware Cloud services console.
      1. Log in to the VMware Cloud services console and click Create App in the Organization > OAuth Apps tab.
      2. Select the Server to server app option and click Continue.
      3. Populate the App Name field with a unique and meaningful name for the OAuth app.
      4. Select the Organization Owner role under Organization Roles section.
      5. In the Service Roles section, select the CSR role from both CBC Gov West Int and CBC Staging - VDP options.
      6. Click Create. The console displays the App ID and App Secret credentials that you can either copy, or download in a JSON file.

        Use the App ID to populate the Client ID field and App Secret to populate the Client secret key field

      7. Click Continue, then add the OAuth app to the CBC Confer organization.
    3. To populate the Connector ID field, generate it from the Carbon Black Cloud console.
      1. While in the VMware Cloud services console, select the Services page, and click the CBC Gov West Int under My Services section.

        The Carbon Black Cloud console opens.

      2. From the left navigation pane, select the Settings > API Access page and click Add API Key.
      3. Select the OAuth app you already created and click Save.

        The console displays the generated API ID and API Secret Key credentials. The API ID is the Connector ID.

    4. To populate the Org Key, log in to the Carbon Black Cloud console, and navigating to the Settings > API Access > API Keys page.
  6. To apply the changes, click Save.
    A green check mark establishes the appliance registration and its connection with the vCenter Server, and the Carbon Black Cloud in the cloud services environment.