Secure Connect Gateway — Virtual Edition

Pre-Site Checklist—Centralized Solution

February 2022
Rev. A03
Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2021 – 2022 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Other trademarks may be trademarks of their respective owners.
 Contents

Chapter 1: Before you begin.......................................................................................................... 4

Document purpose.............................................................................................................................................................. 4

Chapter 2: Best practices..............................................................................................................5

Chapter 3: Download Secure Connect Gateway............................................................................. 6

Chapter 4: Customer information.................................................................................................. 7

Chapter 5: Secure Connect Gateway configuration choices...........................................................8

Secure Connect Gateway and Policy Manager details...............................................................................................8
Proxy network and SMTP server details....................................................................................................................... 9
Proxy network................................................................................................................................................................ 9
SMTP server................................................................................................................................................................. 10

Chapter 6: Set up the network..................................................................................................... 11

Chapter 7: Install Policy Manager for Secure Connect Gateway................................................... 12

Chapter 8: Am I ready to deploy Secure Connect Gateway?......................................................... 13

Chapter 9: Deploy Secure Connect Gateway................................................................................ 14

Chapter 10: Configure Secure Connect Gateway.......................................................................... 15

Chapter 11: Add devices to Secure Connect Gateway................................................................... 16

Devices to be monitored using Secure Connect Gateway...................................................................................... 16

Chapter 12: Final steps................................................................................................................ 18

Chapter 13: Notes and comments.................................................................................................19

Contents 3
 1
Before you begin
Secure connect gateway — Virtual Edition is an appliance that can be deployed using this checklist and the supporting
documentation. We strongly recommend the involvement of:
● The customer lead to define the devices that will be monitored using secure connect gateway
● The customer IP networking team to define how the devices will securely connect to the backend.
If you are a customer, you can also request the Dell Field services team to deploy secure connect gateway and add the devices
at no additional cost. For steps to create a service request, click here.
The following table describes the conventions that are used in this document:

Table 1. Conventions used in the document

Convention Description
Indicates a step that can be performed by the customer, Dell
partner, or a Dell technical support agent.

Indicates a step that can be performed only by the customer.

Document purpose
This document helps you deploy secure connect gateway — virtual edition in your environment. It also helps you gather the
information and make the decisions to ensure success with the guidance of your Dell technical support agent.
In this document, the term local system refers to the secure connect gateway virtual appliance.

4 Before you begin

 2
Best practices
Step 1 – Planning
● Download the secure connect gateway deployment package and documentation.
● Plan and prepare to deploy secure connect gateway and its networking access to Dell.
● Plan the devices that must be monitored by secure connect gateway. You can also prepare the devices when you perform
Step 3.
● Complete the checklist details.

Step 2 - Deployment
● Deploy secure connect gateway.
● Optionally, install Policy Manager for Secure Connect Gateway on a different server.

Step 3 - Deploying
● Prepare the environment and network for your devices to connect to secure connect gateway.
● Register your deployed products with Dell Support.
● Add devices to secure connect gateway.
● Configure the remote support and alert delivery services.

Best practices 5
 3
Download Secure Connect Gateway

Run security checks on the secure connect gateway deployment package in accordance with your security policy.
The following table provides links to download secure connect gateway deployment package, documents, and Policy Manager
for Secure Connect Gateway application:

Table 2. Related links

Software or document
Secure connect gateway deployment package
Secure connect gateway documentation
Host and IP address information for Dell Global access and
enterprise server
Policy Manager for Secure Connect Gateway
Links
Go to https://www.dell.com/SCG-VE > Drivers &
Downloads tab.
https://www.dell.com/SCG-VE-docs.
See the network requirements section in the Support Matrix
available at https://www.dell.com/SCG-VE-docs.
Go to https://www.dell.com/SCG-VE > Drivers &
Downloads tab.

6 Download Secure Connect Gateway

 4
Customer information

Customer information
Table 3. Customer information
Item
Company name
Primary Manager Name for this project
Primary contact phone number and email address
Secure connect gateway deployment service request number,
if applicable
Requested install date
PS Project Number (optional)

Site location (UCID, PartyID number, or SiteID number)

information
The site location information is also available at Company Administration.

Table 4. Site location (UCID, PartyID number, or SiteID number ) information

Function Name Site location (UCID, PartyID Locations
number, or SiteID number )
Primary
Secondary (if
applicable)

Customer technical contacts

Table 5. Customer technical contacts
Type * Name Title/Role Phone number Email address
Primary
Technical

* You can also enter the primary and technical contacts during secure connect gateway registration.

Customer information 7
 5
Secure Connect Gateway configuration
choices

Select the required secure connect gateway configuration and note the number of virtual appliances that are required for the
selected configuration.
Some Dell devices have integrated (onboard) secure connect gateway solutions. For customers with fewer Dell devices these
may be preferable.

Table 6. Configuration choices

Configuration choice
Single secure connect gateway*, no Policy Manager
Single secure connect gateway* and Standalone Policy Manager
Dual secure connect gateway (High-Availability)**, no Policy Manager
Dual secure connect gateway (High-Availability)**, and stand-alone Policy Manager

* Do not place secure connect gateway or storage files on Dell devices that are managed by secure connect gateway.
** Each HA secure connect gateway should run in separate virtual environments.

Go to Company Administration to view the devices that are installed or pending installation. Choose and
list devices to be deployed in the Devices to be monitored using Secure Connect Gateway section.

Some devices need an extra workstation with specific software to enable those products to send
alert data to Dell. Workstations are customer-provided. Switch management software is customer installable and may incur a
separate cost.

Table 7. Device monitoring solution

Device monitoring solution Select if must Select if it is Select if it is
be installed already not required
installed
Additional Connectrix Manager Workstation for Brocade Switch
Monitoring
Additional Fabric Manager Workstation for Cisco Switch Monitoring
Additional Collectors for CloudIQ

Secure Connect Gateway and Policy Manager details

Plan the various resources required to deploy secure connect gateway. For more information about the minimum system
and network requirements, see the secure connect gateway — virtual edition User's Guide available at https://www.dell.com/
SCG-VE-docs.

8 Secure Connect Gateway configuration choices

Secure Connect Gateway - Appliance 1
Table 8. Appliance 1
Item Item
Name or IP address VM or Hyper-V VM
Enable failover FTPS (Y/N)* N Enable failover Email (Y/N)* N
Policy Manager enabled? (Y/N) N Policy Manager name or IP address

* It is recommended to configure failover methods to send Call Home data from devices to the backend using FTPS when the
connectivity between the local system and the backend is lost.

Secure Connect Gateway - Appliance 2 (HA partner of appliance 1)

Table 9. Appliance 2
Item Item
Name or IP address VM or Hyper-V Hyper-V
Enable failover FTPS (Y/N) N Enable failover Email (Y/N)* N
Policy Manager enabled? (Y/N) N Policy Manager name or IP address

Policy Manager
Table 10. Policy Manager
Item Item
Name or IP address Default policy for Remote Support
(allow/ask/refuse) refuse

Policy Manager port number Policy Manager SSL (Y/N) N

Proxy network and SMTP server details

Provide details of the supporting resources needed before deploying secure connect gateway.

Proxy network
A proxy network can be used for the connectivity between the local system and the following:
1. Internet
2. Server on which Policy Manager is installed

Table 11. Proxy network

Proxy name or IP Proxy functions (1 Port number Proxy type (Auto, Username and
address and or 2) HTTP, or SOCKS) password available (Y
or N)

Secure Connect Gateway configuration choices 9

Table 11. Proxy network (continued)
Proxy name or IP Proxy functions (1 Port number Proxy type (Auto, Username and
address and or 2) HTTP, or SOCKS) password available (Y
or N)
N

SMTP server
Provide your SMTP server details to receive email notifications from secure connect gateway. For information about the email
messages that are sent by secure connect gateway, see the secure connect gateway — virtual edition User's Guide available at
https://www.dell.com/SCG-VE-docs or click here.

Table 12. SMTP server details

SMTP server name or Email functions Sender email Notification email to
IP address
Secure connect
gateway to internal
Secure connect
gateway to external
(Call Home failover -
optional)
Policy Manager to
internal

10 Secure Connect Gateway configuration choices

 6
Set up the network

For information about the minimum network requirements to deploy secure connect gateway and port requirements for the
devices, see the secure connect gateway — virtual edition Support Matrix available at https://www.dell.com/SCG-VE-docs.

Table 13. Network preparation

Task
Prepare Firewalls for Customer <> External Communication.
Configure the external firewall rules to enable the local system to connect to the Global access and
Enterprise servers on outbound ports 443 and 8443. For more information, see the secure connect gateway —
virtual edition Support Matrix or User's Guide available at https://www.dell.com/SCG-VE-docs.
To ensure communication integrity, proxy servers and devices outside your DMZ must not perform SSL
checking on outbound or inbound traffic for secure connect gateway. SSL checking causes connectivity loss
to the backend. If SSL checking is performed on outbound communications by customer firewalls, proxies, web
traffic filtering appliances or applications, web traffic shaping/load balancing, certificate verification or proxying,
or Intrusion Detection Services (IDS), there will be loss of connectivity to the backend.
Prepare firewalls for secure connect gateway.
Configure internal firewall rules to enable the local system to connect to the SMTP server to send notifications.
Optionally, configure internal firewall rules to enable the Policy Manager to connect to the SMTP server to send
notifications.
Configure internal firewall rules to enable customer to connect to secure connect gateway on port 9443 for UI
Management and port 22 for CLI.
Optionally, configure internal firewall rules to enable communication between secure connect gateway and the
Policy Manager on ports 8090 and/or 8443.
Configure internal firewall rules to enable communication between secure connect gateway and the device as
defined in secure connect gateway — virtual edition Support Matrix available at https://www.dell.com/SCG-
VE-docs.

NOTE: This step can be deferred until you Add devices to Secure Connect Gateway.

Set up the network 11

 7
Install Policy Manager for Secure Connect
Gateway

For information about installing Policy Manager, go to https://www.dell.com/SCG-VE-docs. To download Policy Manager, go to
https://www.dell.com/SCG-VE > Drivers & Downloads tab.

Table 14. Install Policy Manager for Secure Connect Gateway

Task
Build Policy Manager server hardware or virtual machine with a compatible operating system.
Download the latest version of Policy Manager for Secure Connect Gateway.
Install Policy Manager for Secure Connect Gateway.

12 Install Policy Manager for Secure Connect Gateway

 8
Am I ready to deploy Secure Connect
Gateway?

For more information about the checks that must be performed, go to https://onlinesupport.emc.com/CompanyAdminSites

Table 15. Preparation to deploy secure connect gateway

Task
Credential check

If you are a customer, you must have a business account. For information about creating a business account,
see the secure connect gateway — virtual edition User's Guide available at https://www.dell.com/SCG-VE-
docs.

If you are a Dell employee and a service enabled partner, you must have an active RSA Soft Fob.

If you are a non-servicing partner, the customer must enter their credentials, or raise a Dell Service Request
with details of the Site location (UCID, PartyID number, or SiteID number ) and devices to be deployed.
Installer check

Click Manage Sites and search for the Site location (UCID, PartyID number, or SiteID number ). Click the Site
location (UCID, PartyID number, or SiteID number) and then Contacts. Select Web Support Enabled to
filter the list.

If you are a customer, you must be listed as an authorized contact. If you are not listed, contact
support@emc.com.

If you are a partner, you must be listed as a support partner. If you are not listed, contact
GSP_SSC_ESRS@emc.com.
Site location (UCID, PartyID number, or SiteID number)Check

Click View Sites to view your Company Site location (UCID, PartyID number, or SiteID number ) and the devices
installed. You can deploy secure connect gateway only if the devices are supported by secure connect gateway.
For the list of supported devices, see secure connect gateway — virtual edition Support Matrix available at
https://www.dell.com/SCG-VE-docs.

If the devices are not supported, use a different Site location (UCID, PartyID number, or SiteID number ), or
contact Dell technical support.

Am I ready to deploy Secure Connect Gateway? 13

 9
Deploy Secure Connect Gateway

Table 16. Deploy secure connect gateway

Task
Deploy secure connect gateway. For information about deploying secure connect gateway, see the secure
connect gateway — virtual edition User's Guide available at https://www.dell.com/SCG-VE-docs.
NOTE: Create a root password at this step. Weaker passwords may be accepted but will not function in the
next step. It is recommended to have a complex root password. The password must have a minimum eight
characters with at least one uppercase letter, one lowercase letter, one number, and one special character.

The default keyboard in secure connect gateway is set to US-English.

14 Deploy Secure Connect Gateway

 10
Configure Secure Connect Gateway

To access the secure connect gateway user interface, go to https://<IP address or hostname of the local
system>:5700.
Registering secure connect gateway ensures connectivity with the backend. For information about signing into secure connect
gateway and registration, see the secure connect gateway — virtual edition User's Guide available at https://www.dell.com/
SCG-VE-docs.

Table 17. Configure Secure Connect Gateway

Task
Sign in to secure connect gateway. If you are unable to sign in, ensure if the keyboard layout is set to
US-English.
Register secure connect gateway.
If you are a customer and you are building a secure connect gateway High-Availability cluster, create a Dell
Service Request and provide the secure connect gateway serial numbers, for example ELMDKZW7RJSWDN and
SHTESTREDSRZJK. You can view the serial number in the About page on the secure connect gateway user
interface.

If you are a partner or Dell employee, create the High-Availability cluster at https://connectivityhub.dell.com/.

Configure Secure Connect Gateway 15

 11
Add devices to Secure Connect Gateway

Add the devices using the table on the next page as a reference. Some devices must only be added to secure connect gateway
from the device user interface using the RESTful protocol. For more information, see the device configuration documentation.
For information about the devices that must be added using the RESTful protocol, see the secure connect gateway — virtual
edition User's Guide available at https://www.dell.com/SCG-VE-docs.

Table 18. Add devices to secure connect gateway

Task
Prepare the environment and network for your devices to connect to secure connect gateway. For information
about the network requirements, see the secure connect gateway — virtual edition User's Guide available at
https://www.dell.com/SCG-VE-docs.
Add the devices to secure connect gateway. For information about adding devices, see the secure connect
gateway — virtual edition User's Guide available at https://www.dell.com/SCG-VE-docs.
Register each device with Dell:
● If you are a Dell employee, use AEON.
● If you are a partner, click here.
● If you are a customer, create a Dell service request.

For each serial number, include the product login and password to be used by Dell for remote support, and if
remote support and alert delivery settings are enabled (default).
If you are a Dell employee or a partner, verify if remote support to the devices is successful.
Perform the following steps to verify that the remote alert from the device to the backend is successful:
1. Trigger a test alert from the device. For steps to trigger the session, see the product documentation.
2. If you are a Dell employee, use CLM to check if the test alert was received in the backend.
3. If you are partner or a customer, use https://www.dell.com/support/home/en-us/product-
support/serialnumber/<My serial number>/overview to check if the test alert was received in
the backend.
NOTE: Though, the alert is processed immediately by Dell technical support, it may take approximately four
hours to appear in the reporting systems mentioned above. You can also check the status on the device user
interface or in the Alert Delivery and File Transfer audit pages in secure connect gateway user interface.
If the alert information is not displayed, create a service request.

Devices to be monitored using Secure Connect

Gateway
Table 19. Devices
Device type Serial Site location Configure Configure Device IP Device ports Device
number (UCID, Remote Alert address open in addition and
PartyID support network connectivity
number, or check date
SiteID
number )

16 Add devices to Secure Connect Gateway

Table 19. Devices (continued)
Device type Serial Site location Configure Configure Device IP Device ports Device
number (UCID, Remote Alert address open in addition and
PartyID support network connectivity
number, or check date
SiteID
number )

Add devices to Secure Connect Gateway 17

 12
Final steps

Check the secure connect gateway user interface for any updates and install the updates.

Table 20. Final steps

Task
If you are using the Policy Manager for Secure Connect Gateway, to ensure that the Windows Task Scheduler is
running and unrestricted, so that Policy Manager backups can occur.

18 Final steps
 13
Notes and comments
Table 21. Notes and comments
Task

Notes and comments 19