Download and configure Entrust CloudControl

Download the Entrust CloudControl software

  1. Go to https://trustedcare.entrust.com

  2. Sign in with your Entrust Trusted Care account.

  3. Select Products and then expand Cloud Security Posture Management under CLOUD SECURITY.

  4. Select the Entrust CloudControl version and then select and download the OVA.

    download cloudcontrol

  5. Open the downloaded ZIP file to access to the OVA file.

Deploy an Entrust CloudControl VM from the OVA

  1. Log in to vCenter.

  2. Select the cluster in which to create the Entrust CloudControl VM.

  3. From the Actions menu, select Deploy OVF template…​.

    new vm ig

  4. Select Local file and upload the Entrust CloudControl OVA file, and then select Next.

  5. Follow the instructions during the deployment as needed.

    For more information refer to Installing CloudControl from an OVA in the online documentation.

Power the Entrust CloundControl virtual appliance

  1. Sign in to the vCenter.

  2. Locate the Entrust CloudControl virtual machine in the inventory.

  3. Right-click the Entrust CloudControl virtual machine and select Power > Power On.

Configure the Entrust CloudControl virtual appliance

  1. Create a standalone Entrust CloudControl node as described in Creating a Standalone Node.

  2. Set up the CloudControl GUI as described in Setting Up the CloudControl GUI

  3. Open a web browser and navigate to the IP address or hostname of the standalone Entrust CloudControl node created above. Bookmark this URL.

  4. Login with the credentials from Entrust CloudControl GUI credentials.

  5. Select Home > System > Primary Authentication.

    ccprimaryauthentication

  6. Select Configure Active Directory and Confirm you want to configure Active Directory.

  7. In the Details tab of the Configure Active Directory window, enter the following:

    Item Value

    Configuration Method

    Manual

    Default Domain Name

    Domain name

    Root Domain Name

    Domain name

    Security

    None

    Service Account

    Service account, for example, htaServiceAccount

    Service Account Password

    Password for account above
    This guide uses a Manual configuration. However, in a production environment Entrust recommends that this field is set to Automatic Mode. The mode can also be changed later using the Actions > Change to Automatic Mode menu.
    ccaddetails

  8. In the Domain Controllers tab, select the Add Domain Controller Now link.

  9. In the Add Domain Controller window, enter the following information:

    Item Value

    Name

    IP address/FQDN of the Active Directory server

    Priority

    Primary

    Port

    389 (for LDAP)

    User Search Context (Base DN)

    Your search context, for example, DC=example,DC=com

    Group Search Context (Base DN)

    Your search context, for example, DC=example,DC=com
    ccaddomaincontroller

  10. Select Continue.

  11. In the Global Catalogs tab, select the Add a Global Catalog Now link.

  12. In the Add Global Catalog window, enter the following information:

    Item Value

    Name

    IP address/FQDN of the Active Directory server

    Priority

    Primary

    Port

    3268

    User Search Context (Base DN)

    Your search context, for example, DC=example,DC=com

    Group Search Context (Base DN)

    Your search context, for example, DC=example,DC=com
    ccadglobalcatalog

  13. Select Add and then Continue.

  14. In the Add Additional Domains window, select Skip.

  15. In the ASC_SuperAdmin Role Mapping tab, enter the Active Directory group created in Configure your Active Directory.

    ccadrolemapping

  16. Select Continue.

    The summary window displays the details.

    ccadsummary

  17. Select Apply to make the changes effective. A confirmation window is shown asking you to confirm the changes to Active Directory.

  18. Select Apply AD Settings and Log Out.

  19. Sign back in either of the two accounts etccadmin or etccuser in the ASC_SuperAdmin group in Active Directory.