Install a Sensor Gateway on a Windows virtual machine either from a vSphere Client or directly on an ESXi host by using its Web client interface. You can install an OVA file or an OVF file.

As an alternative to the following procedure, you can deploy the Sensor Gateway appliance directly on the ESXi host. To do so, log in to the ESXi Web Client interface (https://ESXi_host_IP_address_or_hostname), right-click Virtual Machines, and click Create/Register VM. Select Deploy a virtual machine from an OVF or OVA file and then proceed with the installation wizard starting with Step 4.

Prerequisites

  • Verify that you have API access credentials available. See Provision Sensor Gateway API Key.
  • Verify that your environment is configured using the required network settings. See Configure a Firewall.
  • Verify that the firewall setup on your virtual machine does not block sensor-gateway.packages.broadcom.com on port 443.

Procedure

  1. Log in to your vCenter Server by using the vSphere Client.
    1. Open a Web browser and enter the URL for the vCenter Server instance: https://vcenter_server_ip_address_or_fqdn.
    2. If a warning message displays regarding a potential security risk, select the option to continue to the website.
    3. On the vSphere Welcome page, select Launch vSphere Client (HTML5).
    4. Enter the credentials of a user who has permissions on vCenter Server and click Login.
      The vSphere Client connects to all the vCenter Server systems on which the specified user has permissions. You can view and manage the vSphere inventory.
  2. To retrieve the Sensor Gateway appliance installer, go to the Broadcom Support Portal page. Select the latest version and download the installer.
  3. Navigate to a cluster in your data center, right-click an ESXi host, and click Deploy OVF Template.

    Sensor Gateway OVA and OVF files location

    The Deploy OVF Template wizard opens.

  4. Select a template and click Next.
    • To use the copied OVA link address, select URL and paste the address.
    • To use a locally saved OVA file, select Local file and upload the OVA. If you upload an OVF file, you must also upload all VMDK files that relate to the OVF.
  5. Enter a unique name identifier and select the location for your deployed Sensor Gateway virtual machine.
  6. Select the compute resource to use for your deployed Sensor Gateway and click Next.
    Verify that the appliance is compatible with the selected resource.
  7. Review and verify the details for the virtual appliance and click Next.
  8. Read and accept the end-user license agreement and click Next.
  9. Select a virtual disk format and storage location:
    Virtual Disk Format Advantages Disadvantages
    Thin Provisioned
    • Fastest to provision
    • Allows disk space to be over-committed to VMs
    • Slowest performance due to metadata allocation overhead and additional overhead during initial write operations
    • Over-commitment of storage can lead to application disruption or downtime if resources are actually used
    • Does not support clustering features
    Thick Provisioned Lazy Zeroed
    • Faster to provision than Thick Provisioned Eager Zeroed
    • Better performance than Thin Provisioned
    • Slightly slower to provision than Thin Provisioned
    • Slower performance than Thick Provisioned Eager Zero
    • Does not support clustering features
    Thick Provisioned Eager Zeroed
    • Best performance
    • Overwriting allocated disk space with zeros reduces possible security risks
    • Supports clustering features such as Microsoft Cluster Server (MSCS) and VMware Fault Tolerance
    		 Longest time to provision
  10. Select a destination network for each source network and click Next.
  11. Configure the deployment settings for the Sensor Gateway virtual machine:
    Option Action Example
    Initial root password Enter a password for the root user account.
    Initial admin password Enter a password for the admin user account.
    CBC URL Enter the Carbon Black Cloud URL that represents the environment where your services are hosted. Carbon Black Cloud is hosted in several regions. For a list of Carbon Black Cloud environments, see Carbon Black Cloud API Access. https://defense-prod05.conferdeploy.net
    Note: The value must begin with https://
    API ID To allow authenticated communication between a Sensor Gateway and the Carbon Black Cloud, enter the Carbon Black Cloud API ID and API Secret Key. You generate them in pairs in the Carbon Black Cloud console. If there is a mismatch, Carbon Black Cloud rejects any communication coming from the Sensor Gateway.
    Note: Due to the sensitivity of the data, the vSphere Client prompts for a confirmation twice and hides the value.
    		9Z5QY2ZDAN
    API Secret Key 8UE3SHE470T2LZLJZJ2M98TY
    Important: You must generate a new API ID and API Secret Key for every Sensor Gateway instance.
    Sensor Gateway Entry Point

    (https://<sensor-gateway-node-fqdn>)

    		 To define how the sensors address the Sensor Gateway, enter a Sensor Gateway entry point. The entry point must match the following:
    • If you use a CA-signed or self-signed certificate, the value must be the same as the common name (CN) given to the certificate.
    • The IP address or the FQDN of the machine must be the same as the CN of the certificate.
    		 https://sensorgateway.example.com

    This example assumes that the CN of the certificate is sensorgateway.example.com

    Note: Because the Sensor Gateway hosts its services by using SSL, the value must begin with https://.
    Sensor Gateway Certificate Paste the content, including BEGIN and END lines, of the Sensor Gateway certificate file. It allows the Carbon Black sensor to talk to the Sensor Gateway.
    Sensor Gateway Certificate Private Key Paste the content, including BEGIN and END lines, of the Sensor Gateway certificate private key file in the Password field.
    Note: Due to the sensitivity of the data, the vSphere Client prompts for a confirmation twice and hides the value.
    Sensor Gateway Certificate Chain Paste the content, including BEGIN and END lines, of the Sensor Gateway certificate chain file.
    Sensor Gateway Certificate Passphrase Use the same password you created at the time of certificate generation to protect the private key. The Sensor Gateway uses this password to encrypt its communication with the Carbon Black sensor.
    Note: Due to the sensitivity of the data, the vSphere Client prompts for a confirmation twice and hides the value.
    Proxy Type To enable the Sensor Gateway to communicate over a proxy, select the proxy type.
    • By default, None
    • HTTP or HTTPS. For each, choose one of the following options:
      • Proxy Host: Provide the FQDN or IP address of the Proxy Host
      • Proxy Port: Provide the port where the Proxy server receives requests

    If you select HTTPS as your proxy type, you must include HTTPS Proxy Certificate.

    Proxy Host Enter the FQDN or IP address of the Proxy Host.
    Proxy Port By default, the Sensor Gateway hosts its services over SSL on port 443. If this port is in use on the virtual machine where you are installing the Sensor Gateway, you can enter a different port.
    HTTPS Proxy Certificate If you selected HTTPS as the proxy type, paste the entire content of the HTTPS proxy certificate file.

    To avoid updating the HTTPS proxy certificate, Carbon Black recommends that you include the issuer of the certificate.
    Default Gateway Optional. Set the default gateway for this virtual machine. Although input is optional, you must populate these fields to use a static DNS and static IP address allocated to the Sensor Gateway. If you leave the fields blank, the Sensor Gateway aquires its IP address from the DHCP server.
    Domain Name Optional. Enter the domain name for the virtual machine.
    Domain Search Path Optional. Enter the domain names for this virtual machine.
    Domain Name Servers Optional. Enter the IP addresses for this virtual machine that are mapped to the domain names.
    Network 1 IP Address Optional. Set the IP address for the network interface.
    Network 1 Netmask Optional. Set the netmask or prefix for the network interface.
  12. Review your configuration setup and click Finish.

Results

It takes some time for the deployment to complete. You can monitor the deployment progress under the Recent Tasks tab or by opening the Monitor > Tasks page.

What to do next

After the Sensor Gateway virtual machine is imported and deployed, you can power it on. It takes some time for the operation to complete.The deployed Sensor Gateway appliance in a powered on state

After the appliance boots up, if you configured the Sensor Gateway virtual machine successfully, you can see it registered with the Carbon Black Cloud console under the Settings > API Access > Sensor Gateway tab.

If the appliance deployment fails, use the SGW configurator tool to re-enter the settings and restart the appliance. See Reconfigure the Sensor Gateway Appliance.