Managing Nodes in the Cloud

As cloud infrastructure expands, the importance of ensuring security visibility and asset integration increases. Especially in a Zero Trust security environment like Genians ZTNA, real-time collection and monitoring of cloud resources form the foundation of security policies. The Genian ZTNA Cloud Collector can be enabled to collect information on IP-supported nodes within a cloud environment. On a configured schedule, the Cloud Collector queries the Cloud Service Provider to identify nodes in the designated environment and other critical cloud-related details.

Cloud Environment Configuration

Prior configuration is required to use the Cloud Collector. Please follow the steps below to complete the setup before use.

  1. Cloud Provider Management

  2. Site Management

  3. Collector

Cloud Node Detection Check

This page allows you to search nodes registered by sensors using various status views and filters.

  1. From the top menu, go to Management > Node.

  2. In the left pane, click the site name created in the previous steps.

  3. All resources in the previously specified VPC and subnet will appear as nodes.

  4. Detailed cloud resource information for discovered nodes can be viewed through the node information. Go to Management > Node, click the node's IP, and scroll down to the Cloud section to see more details.

  • Credential information from NAVER

  1. Access Key: NCloud Console > User ID in the upper right corner > Account Management > Password and Authentication > Authentication Key Management > Create a new API authentication key > Check and enter 'Access Key ID'.

  2. Secret Key: After creating the API authentication key, check the 'Secret Key' and enter it.

  • Policy items that must be activated related to IAM for Naver account

  • Setting path: User ID in the upper right corner > View permissions

  • The policy name of the authority is set to NCP_ADMINISTRATOR (the authority to access the portal and console is the same as the main account).

  • Permission settings are set in the administrator-only menu at Service Environment Settings > Membership/Permission Management at the top left.

  • Credential information from LINODE

  1. Token: Linode Console > My Profile > API Tokens > Add a Personal Access Token > Check 'Key' and enter it.

  • Policies that must be activated related to Linode account

  • When creating an API Token, set it to have full authority such as creation/deletion.

  • On the left, set Account > User & Grants > User Permissions for the user > Full Account Access.

  • Credential information from OCI

  1. Tenancy OCID: Enter the OCID by navigating to OCI Console > Top Right Corner (MY Profile) > Tenancy > OCID.

  2. User OCID: Enter the OCID by navigating to OCI Console > Top Right Corner (MY Profile) > User Information > OCID.

  3. Fingerprint: Enter the Fingerprint by navigating to OCI Console > Top Right Corner (MY Profile) > API Keys > Fingerprint.

  4. Private Key: Select the private key downloaded when generating API Keys in OCI Console > Top Right Corner (MY Profile) > API Keys.

  5. Region: Select the region information located in the top right corner of the OCI Console.

  • IAM Policies Required for OCI Account Activation

  • Path: Identity & Security > Policies

  • Tenancy Management Policy

  • Policy Statement : Allow group Administrators to manage all-resources in tenancy

  • Description: Grants the Administrators group permission to manage all resources within the tenancy.

  • User and Group Management Policy

  • Policy Statement : Allow group Administrators to manage users in tenancy

  • Description: Grants the Administrators group permission to manage users and groups within the tenancy.

  • Policy Management Policy

  • Policy Statement : Allow group Administrators to manage policies in tenancy

  • Description: Grants the Administrators group permission to manage policies within the tenancy.

  • Adding an API Key for API Usage

  • Path: My Profile > API Keys > Add API Key > Generate API Key Pair

  • Click Download Private Key to download the oci_api_key.pem file.

  • Download Path: /home/{username}/.oci/oci_api_key.pem

  • Click Add below.

  • Once the API Key is successfully added, the Fingerprint value will be displayed.

Create Cloud site

  1. From the top menu, navigate to System > Site

  2. Click Tasks then Create

  3. Enter a Name for the site (ex. 'Corp Hub' or 'VCP-XXXXXXXX')

  4. For Infrastructure select Cloud

  5. For Cloud Provider, select the Cloud Provider created in the previous steps

  6. The display of the Collector tab below will be determined based on whether a collector is available when selecting a cloud provider.

  7. For the Region, select the desired region from the list.

  8. For the VPC ID, select the desired VPC from the list.

  9. The Network Address will be automatically populated upon selecting a VPC ID.

Note

If no VPCs are listed, check the previous step and logs to ensure there were no issues when adding the Cloud Provider.

  1. For Type select Hub or Branch

  2. For Network Address enter the corresponding subnet for the VPC entered in step 7 (ex. 172.31.16.0/20)

  3. Set Collector status to Enabled (leave Proxy settings default and set desired collection interval)

  4. Click Save

Verify Cloud Node Detection

  1. From the top menu, navigate to Management > Node

  2. In the left window pane, click on the Site name created in the previous steps

  3. All AWS EC2 instances in the VPC and subnet previously specified should be listed as nodes

  4. AWS details for discovered nodes is logged under node details. Node details can be viewed by navigating to Management > Node, clicking on the node IP and scrolling down to the AWS section.

Note

See: Monitoring Network Nodes for search, grouping and monitoring of nodes.Managing Nodes in the Cloud