Installing the DSG On-Premise
Steps to install the DSG ISO
Installing the DSG
Installing the DSG On-Premise or on Cloud Platforms
Installing the DSG On-Premise
The Data Security Gateway (DSG) installation requires an existing ESA. It serves as a single point of management for the data security policy, rules configuration, and on-going monitoring of the system. This section provides information about the recommended order of the steps to install a DSG appliance.
Before you begin
Ensure that an ESA v10.1.x is installed.
For more information about installing the ESA v10.1.x, refer to the sections Installing Appliance On-Premise and Installing Appliances on Cloud Platforms.
Ensure that HubController service is running on the ESA.
Ensure that Policy Management (PIM) has been initialized on the ESA. The initialization of PIM ensures that cryptographic keys for protecting data and the policy repository have been created.
For more information about initializing the PIM, refer to section Initializing the Policy Information Management.Ensure that the FIPS mode is disabled on the ESA.
Ensure that Analytics component is initialized on the ESA. The initialization of Analytics component is required for displaying the Audit Store information on Audit Store Dashboards.
For more information about initializing Analytics, refer Initializing Analytics on the ESA.Ensure that the list of patches are available for DSG 3.3.0.0 release. The following table describes the patch details.
Patch Description ESA_PAP-ALL-64_x86-64_10.0.1.xxxx.DSGUP.pty This patch is applied on the ESA to extend the ESA with the DSG Web UI. DSG_PAP-ALL-64_x86-64_3.3.0.0.x.iso The .iso image is used to install the DSG appliance.
Installation Order
To setup the DSG, it is recommended to use the following installation order.
| Order of installation | Description | Affected Appliance | Reference |
|---|---|---|---|
| 1 | Install the DSG v3.3.0.0 ISO. | DSG | Installing DSG |
| 2 | Configure the Default Gateway for the Service NIC using the DSG CLI Manager. | DSG | Configuring Default Gateway for Service NIC (ethSRV0) using the DSG CLI Manager |
| 3 | Create a Trusted Appliance Cluster (TAC) on the DSG | DSG | Create a TAC on DSG |
| 4 | Update the host details of ESA on DSG. If the DNS and name server is properply configured then this step is optional. | DSG | Updating the host details |
| 5 | Create a Trusted Appliance Cluster (TAC) on the ESA | ESA | Create a TAC on ESA |
| 6 | Update the host details of DSG on ESA. If the DNS and name server is properply configured then this step is optional. | ESA | Updating the host details |
| 7 | Note the FQDN or the IP address of the ESA node. | ESA | Ascertaining the host address in the ESA server certificate |
| 8 | Set ESA communication between the DSGs and ESA. | DSG | Set ESA communication |
| 9 | Note the FQDN or the IP address of the DSG node. | DSG | Ascertaining the host address in the DSG server certificate |
| 10 | Apply the DSG v3.3.0.0 patch (ESA_PAP-ALL-64_x86-64_10.0.1.xxxx-DSGUP.pty) on the ESA v10.0.x. Before applying a patch on the ESA, it is recommended to take a full OS backup from the ESA Web UI. For more information about taking a full OS backup from the ESA Web UI, refer Backing up the Appliance OS. | ESA | Installing the DSG patch on ESA |
| 11 | Optional: Add the other DSG nodes to the existing Trusted Appliance Cluster from the Cluster tab. | DSG | Adding a DSG node |
| 12 | Optional: Add the other ESA nodes to the existing Trusted Appliance Cluster from the TAC screen. | ESA | Adding a ESA node |
| 13 | Perform the post-installation steps. | ESA | Post Installation Steps |
| 14 | Enable Scheduled Tasks on Insight | ESA | Enabling Scheduled Tasks on Insight |
| 15 | Configure the DSG to forward the logs to Insight on the ESA. | DSG | Forwarding Logs to Insight |
Note: By default, the default_80 HTTP tunnel is disabled for the security reasons. If you want to use default_80 HTTP tunnel in any service, then you must enable the default_80 HTTP tunnel from the Web UI.
To enable the default_80 HTTP tunnel, on the ESA Web UI, navigate to Cloud Gateway > 3.3.0.0 {build number} > Transport. Then, click the Tunnels tab. Select the default_80 HTTP tunnel and click Edit.
After the default_80 tunnel is enabled, you must restart the gateway. On the Tunnels tab, click Deploy to All Nodes to restart the gateway.
Installing DSG on Cloud Installation
DSG can be installed on cloud platforms, such as, AWS, Azure, or GCP.
Updating the Host Details
Steps to update the host details on ESA and DSG.
Feedback
Was this page helpful?