To ensure a successful installation of the Sensor Gateway appliance, perform required tasks and pre-checks before running the installer.
- Provision an SSL signed certificate. See Sensor Gateway Certificates. Choose between:
- Certificate authority (CA) signed certificate. This certificate is the preferred choice.
- Self-signed certificate. This certificate requires pushing these certificates into the trust store of each sensor workload.
Note: You need the private key for the certificate. - If you have a CA-signed certificate or an internal certificate that has an Online Certificate Status Protocol (OCSP) responder, you might have to provision the entire certificate chain. The Sensor Gateway uses the certificate and its chain to get the OCSP response and staple it with every request. This ensures that the sensors do not reach out to the OCSP responders directly.
Generate the Certificate Chain file by using any online service that offers a certificate chain composition. See Create a Certificate Chain File.
- Acquire a Static IP for each Sensor Gateway server.
- Reserve a DNS entry. For example,
sensorgateway.company.com
To install the Sensor Gateway in your environment, map its DNS to the IP address that you allocated to the server.
Use the DNS mapping to IP address if you plan to configure your Sensor Gateway with its FQDN.Note: You can use an IP address and create the certificates with the IP address being the same as the CN. - If you use the proxy feature of the Sensor Gateway and there is a proxy server between the Sensor Gateway and Carbon Black Cloud, you must make sure that the Carbon Black Cloud URLs are accessible through the proxy.
Note: A proxy between the sensor and the Sensor Gateway is not supported.