Configure CylanceHYBRID

Take a snapshot of the virtual machine that hosts the application in case the configuration fails, including invalid SSL certificate uploads. This will allow you to revert to the snapshot instead of having to reinstall the application.

  1. In the Aurora Endpoint Security management console, click Settings > Application.
  2. In the Installation Token field, copy the token.
  3. In the CylanceHYBRID console (for example, login.hybrid.com:8800), in the Application section, click CylanceHYBRID. Make sure that the status is Ready.
  4. On the Welcome screen, click Let’s Get Started. The Import Hybrid Config page displays.
  5. If you want to import a CylanceHYBRID configuration file from an existing CylanceHYBRID instance, do the following sub-steps. For more information, see Importing a CylanceHYBRID configuration. Otherwise, continue to Step 6.
    1. Enable Import.
    2. Drag and drop your CylanceHYBRID configuration file, or browse to the file and select it.
    3. Click Save & Continue.
  6. Perform one of the following tasks:

    Task

    Steps

    Generate a certificate signing request (CSR) that will be submitted to a certificate authority (CA) to use with the CylanceHYBRID application.
    1. Fill in the form:
      1. In the Common Name field, enter the common name, derived from the fully qualified domain name (FQDN) for the application. For example, if the FQDN is https://hybrid.cylance.com, the common name is hybrid.cylance.com.
      2. In the Subject Alternative Name field, enter any alternative names to use for the application, such as hybrid-alt.cylance.com. The Common Name will be added automatically as a Subject Alternative Name.
      3. In the Organization Name field, enter the legal name of the organization.
      4. In the Organizational Unit field, enter the unit name. This could be a department name.
      5. In the City field, enter the city where the organization is located.
      6. In the State / Province field, enter the state or province where the organization is located. Do not use an abbreviation.
      7. In the Country field, enter the two-letter ISO abbreviation for the country.

    2. Click Generate CSR. This creates a cert_request.csr file in the Downloads folder. Send this file to your CA who should then send back an SSL certificate.

      Example: hybrid.cylance.crt.

      After you generate the CSR, the text at the top of the page changes to a pending status and includes a link where you can re-download the CSR and Step 2 displays at the bottom of the page.
      Note: If you click Generate CSR again, a new private key will be generated, and you will need to provide the latest CSR to the CA.
    3. In the Step 2: Upload certificate from CA box, upload your SSL certificate.
    Note: For more information on a possible certificate issue, see KB 42221166501659.

    Upload an SSL certificate and key generated on a computer other than the one that hosts the CylanceHYBRID application.
    1. Turn off Generate private key and CSR. For more information on certificate guidelines, see KB 42221264888347.
    2. Drag and drop the certificate in the Upload certificate box, or click Browse for a file and select the certificate.
    3. Drag and drop the key in the Upload key box, or click Browse for a file and select the key.
    (Optional) To have the CylanceHYBRID application and status page use the same certificate as the CylanceHYBRID admin console:
    1. Turn off Generate private key and CSR.
    2. Turn on Use CylanceHYBRID admin console TLS certificate and key.
    3. Click Save.
  7. Click Save & Continue. The Active Directory Integration page displays.
  8. To disable Active Directory Integration or to configure it after the initial setup of the CylanceHYBRID application, turn off Use Active Directory and go to step 11. For more information, see Using the CylanceHYBRID Status page.
    To add Active Directory/LDAP Integration, do the following:
    1. In the Active Directory Host field, enter the FQDN of the server that hosts Active Directory. This is a TLS requirement. If you enter an IP address for an LDAP server or the hostname instead of an FQDN, the configuration will fail. The FQDN must be configured in DNS.
    2. In the Port field, enter the port number of the LDAP server.
    3. In the Base DN field, enter the base distinguished name (DN) used as a base for the LDAP search to look for the user DN.
    4. In the Group DN field, enter the group DN used to perform an LDAP search to check if the user is a member of the group DN.
    5. In the Upload certificate to enable TLS field, upload the SSL certificate used to perform a TLS connection when binding to the LDAP server. The certificate must be Base64 encoded.
    6. Click Test Connection. A Test Active Directory Connection dialog displays.
    7. Enter a username and password and click Test Connection. A message displays informing you that the connection was successful. If the connection failed, use the red text that appears on the dialog to troubleshoot and resolve the issue.

      To test the connection, use either the UPN login or sAMAccountName login:

      UPN Login Example: username@domainname.com (hadmin@onprem-cylance.com)

      sAMAccountName Login Example: domain\username (onprem-cylance\hadmin)

  9. Click Save & Continue. The Set a password to access the CylanceHYBRID Status page displays.
  10. Enter and confirm your new password, and click Save & Continue. Follow the password requirements. The Configuration Step 1 of 2: Enter Info page displays.
    Warning: Ensure that you note down this password. Currently, there is no mechanism to reset or recover the password.
  11. Enter or paste your Installation Token.
  12. Enter a Device Name. This name will appear in the Aurora Endpoint Security console as a device.
  13. Type an FQDN for the virtual machine that hosts the CylanceHYBRID application. The FQDN must match the one in the DNS entry. For example, an FQDN could be login.hybrid.com or hybrid.com.
  14. To include a proxy server, turn on Connect Appliance to Proxy. Enter the proxy-server information, including a proxy username and password.
  15. Click Save & Continue. The Configuration Step 2 of 2: Confirm Info page displays.
  16. If your CylanceHYBRID setup information is correct, click Confirm & Finish. The CylanceHYBRID Setup Complete page displays.
  17. Click Go to Status Page. You are automatically signed in to the CylanceHYBRID Status page. For future sign ins, the CylanceHYBRID username is cylance.

When you have finished configuring the CylanceHYBRID application, it will appear in your Aurora Endpoint Security management console, under Devices, with the Device Name that you assigned in Step 12.