Install Sensor Gateway on a Linux Server

You can host the Sensor Gateway on a Linux server as a container image. The Linux server must have a container running capability. To install more than one Sensor Gateway server, you must repeat the following steps for every Sensor Gateway server.

Prerequisites

Verify that port 443 is open on the Sensor Gateway.
To have the Sensor Gateway running behind a proxy, configure the Docker client to use proxy. See Configure Docker to use a proxy server.

Procedure

Install Docker.
For information about installing a Docker engine on a Sensor Gateway-supported the Linux distribution, see Install Docker Engine on CentOS, Install Docker Engine on RHEL, or Install Docker Engine on Ubuntu.
To make the installation script executable, run the following command:
```
chmod +x sensor_gw_install.sh
```
Run the installation script.
```
./sensor_gw_install.sh
```

Provide the following input:


Option	Description	Example
API ID	The API ID and API Secret Key generated in the Carbon Black Cloud console allow an authenticated communication between the Sensor Gateway and the Carbon Black Cloud. Both the API ID and API Secret Key are generated in a pair. If there is a mismatch, the Carbon Black Cloud will reject any communication from the Sensor Gateway. Note: You must generate new API ID and API Secret Key for every Sensor Gateway.	9Z5QY2ZDAN
API Secret Key		8UE3SHE475T2LZLJNJ2M98TK
Carbon Black Cloud URL	This URL represents the environment where your services are hosted. Carbon Black Cloud is hosted in several regions. For a list of Carbon Black Cloud environments, see Carbon Black Cloud API Access.	https://defense-prod05.conferdeploy.net Note: The value must begin with https://.
Sensor Gateway entry point URL (https://<sensor-gateway-node-fqdn>)	An entry point defines how the sensors address the Sensor Gateway. The entry point must match the following: If you use a CA-signed or self-signed certificate, this value should be the same as the CN given to the certificate. The IP address or the FQDN of the machine must be the same as the CN of the certificate.	https://sensorgateway.`example`.com This example assumes that the CN of the certificate is sensorgateway.example.com. Note: Because the Sensor Gateway services are hosted using SSL, the value must begin with https://.
Proxy type	`None`: This is the default option. `HTTPS` or `HTTP`: Choose one of the following options: Proxy Host: Provide the FQDN or IP address of the Proxy Host. Proxy Port: Provide the port where the Proxy server receives requests.	`HTTP`
Optional: Volume mount directory	The Sensor Gateway uses a fixed directory to look for certificates and to store logs. If you do not provide a value, the default location is a /data directory. To store your certificates or logs in a different directory, provide an absolute path. If you have a different folder, create certs and logs folders in this path. Make sure that the certificate, private key, and optional certificate chain are stored in the certs folder before you proceed. Because the install script executes with root permissions, by default these directories have root permissions as owner and group.	/data
Optional: Port where Sensor Gateway runs	By default the Sensor Gateway services are hosted over SSL on port 443. You can specify a different port.	By default, Sensor Gateway runs on port 443.
Optional: Certificate private key passphrase	We recommend that you provide a password when you generate a certificate to protect the private key. When prompted during the Sensor Gateway installation, provide this password. The Sensor Gateway uses the same password to use the certificate and encrypt the communication between the sensor and itself.	Provide a password if your sgw_key.pem is password-protected.

Results

After the registration completes, the Sensor Gateway displays as connected in the Settings > API Access > Sensor Gateways page of the Carbon Black Cloud console.

The Sensor Gateway name comes from the API key.