To ensure a successful installation of the Sensor Gateway appliance, you must perform some required tasks and pre-checks before running the installer.

  • Provision an SSL signed certificate. Choose between:
    • Certificate authority (CA) signed certificate. This certificate is the preferred choice. For more information, see Sensor Gateway Certificates.
    • Self-signed certificate. This certificate requires pushing these certificates into the trust store of each sensor workload. For more information, see Sensor Gateway Certificates.
    Note: You need the private key for the certificate you are using.
  • If you have a CA-signed certificate or an internal certificate that has an Online Certificate Status Protocol (OCSP) responder, you might have to provision the entire certificate chain. The Sensor Gateway uses the certificate and its chain to get the OCSP response and staple it with every request. This ensures that the sensors do not reach out to the OCSP responders directly.

    Generate the Certificate Chain file by using any online service that offers a certificate chain composition. For more information, see Create a Certificate Chain File.

  • Acquire a Static IP for each Sensor Gateway server.
  • Reserve a DNS entry. For example, sensorgateway.company.com

    To install the Sensor Gateway in your environment, map its DNS to the IP that you previously allocated to the server.

    Use the DNS mapping to IP if you plan to configure your Sensor Gateway with its FQDN.
    Note: You can use just an IP and create the certificates with the IP being the same as the CN.
  • If you use the proxy feature of the Sensor Gateway and there is a proxy server that sits between the Sensor Gateway and Carbon Black Cloud, you must ensure that the Carbon Black Cloud URLs are accessible through the proxy.
  • Set up a local mirror server for signature updates and configure your policy so that sensors download updates from the local server. See Signature Mirror Instructions. If you set up mirrors for the Update servers, verify that they are reachable through the proxy.