When Elisity provisions Cloud Control Center for a new customer all the infrastructure, security, and high availability are already set up. However, there are some customer-specific configurations that should be made to ensure all Elisity features, and functionalities are fully operational.
This setup guide does not cover advanced settings - ONLY initial setup configurations. Learn about settings not covered in this article by reading the relevant knowledge base articles.
Elisity selects the latest stable version of Cloud Control Center for new deployments. If a different version of Cloud Control Center is required, please contact Elisity support.
For the best user experience, Elisity recommends using Google Chrome as your web browser when accessing Cloud Control Center.
1. Cloud Control Center Access and User Management
Login with the user credentials provided to you by your Elisity representative and Cloud Control Center will force a password change.
After logging in, navigate to the Administration section of Cloud Control Center and select User Management. Here you can add new Cloud Control Center users to the local login database.
Select Add Local User to create a new user. A user can by assigned to any of the two default roles: Tenant Admin and Tenant User. The Tenant Admin role has read and write privileges while the Tenant User role has read-only privileges. Alternatively, a user can be assigned to a custom role with select privileges. Refer to the Role Based Access Control document for more details.
Managing Cloud Control Center Users
After users are created in Cloud Control Center, you can manage them through the same dashboard in several ways by clicking the options button to the far right of any user. SSO users also show up here, however SSO users cannot be modified from Cloud Control Center as they are a component of the integrated SSO provider.
Edit User: Change the user role (Tenant Admin, Tenant User or custom role) or change the User's name and description.
Delete User: Completely remove a user and delete them from the system.
Reset Password: You can now reset the password for any Cloud Control Center User as a Tenant Admin. This will send an email to the associated email address with instructions on how to reset the password.
Unlock Account: This allows you to unlock user accounts that have been locked due to too many unsuccessful login attempts, rather than waiting for the lockout timer to expire (according to your Account Lockout configuration.) You can also see the "Locked" status of users next to their email address to quickly identify which user accounts are locked.
2. Single Sign On
Note that you can also enable Single Sign On (SSO) using your provider of choice.
3. Cloud Control Center Account Lockout
First review the Cloud Control Center security settings located at Settings > ADMIN > Account Lockout Policy. Here you can modify the lockout policy for failed local user login.
4. Support Alerting Configuration
This setting will configure Cloud Control Center to send email alerts for major events such as an Elisity Edge policy enforcement node losing connection to Cloud Control Center. Multiple individuals can be configured to receive these alerts.
Here is an example of an alert sent via Cloud Control Center after this feature was configured.
5. Virtual Edge Configuration
Here you can enter your default switch admin username and password if you have a standardized login credential you will use for your Elisity deployment. This streamlines the onboarding process for Virtual Edge Nodes. Note that this setting can be overwritten per switch.
Optionally you can set a custom RADIUS key that is leveraged as a part of the internal policy distribution and update process. A default key is present and uniquely encrypted on configuration per Cloud Control Center deployment but can be changed with this setting.
6. Logo Configuration
The last configuration option on the Cloud Control Center administration page is the Cloud Control Center logo. This logo appears on the top left of the Cloud Control Center user interface and allows a user to customize the Cloud Control Center UI with an organization-specific logo. You can configure different icons for light mode and dark mode.
Integrations are managed from the Cloud Control Center Settings Dashboard. This allows you to connect via API to various third party identity solutions, giving you the ability to enrich data within Cloud Control Center using external identity sources.
Here is a summary of some of the connectors and integrations that we support.
Microsoft Active Directory Integration
To integrate Cloud Control Center with Microsoft Active Directory, please follow the instructions here.
To integrate Cloud Control Center with Claroty, please follow the instructions here.
To integrate Cloud Control Center with Medigate, please follow the instructions here.
ServiceNow CMDB Integration
To integrate Cloud Control Center with ServiceNow CMDB, please follow the instructions here.
8. Suppression List
Cloud Control Center provides the ability to dynamically and manually suppress attach & identity events being generated by unstable devices in the network.
To suppress the events navigate to Settings > System > Suppression List. Here you can select + Add New Device to add either the IP address or the MAC address of the device you wish to suppress. Once added, all events generated by device will be ignored by Cloud Control Center and the device will show as "offline" on the device list page.
The Elisity Identity Engine continuously monitors attachment and identity events from devices on the network. It is equipped to dynamically mitigate the impact of unstable devices that fluctuate, potentially triggering a flood of events. This functionality safeguards the Cloud Control Center by preventing excessive, unnecessary computations.
Every 30 minutes, the system calculates statistics for all connected devices by counting the number of events for each device over the last 30 minutes and sorts them in descending order.
The following variables are used:
1. Maximum number of events allowed in a specific time = 200 Events.
2. The time period for counting events = 30 Minutes
3. The duration before a device is automatically removed from the suppression list = 30 Minutes
For the top 10 devices in the list, if the number of events exceeds the maximum threshold, they are added to the suppression list.
Finally, every 30 minutes, the system reviews all devices on the suppression list and removes any whose expiry time has passed before adding new devices based on the current statistics.
In addition to the IP being in the Suppress List, a suppressed device will show up with a "Suppressed" label next to the Device Information page.