Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud Transition

Carbon Black Cloud Transition

This document describes the steps required to transition already deployed Sensors to the Carbon Black Cloud Appliance. The opposite direction is also supported, transitioning from the Carbon Black Cloud Appliance to your on Premise Server.

 

Transitioning already deployed sensors

Provide the contents of the /etc/cb/certs directory before provisioning the server. Compress the directory using the tar utility and send the resulting .tar.gz file to us. To do this:

  1. Login as root
  2. Create a copy of the /etc/cb/certs directory
  3. Create the archive in the root user’s home directory:
    tar zcvf ~/hostname.certs.tar.gz /etc/cb/certs
  4. Send the resulting .tar.gz file above to us:
    /usr/share/cb/cbpost ~/hostname.certs.tar.gz

Once your cloud server has gone live, you will need to change the Server URL in the Sensor Group Settings of your on-premise server from within the Carbon Black UI:

 

Administration > Sensors > Edit Settings > update Server URL

 

At the next sensor check-in, the Sensor’s will receive the new URL update and begin communicating to your new Carbon Black Cloud Server instead

 

Transitioning from Cloud to on Premises Server

 

Carbon Black will provide you with the contents of the /etc/cb/certs directory from the Carbon Black Cloud Server for you to import onto your on-premise Carbon Black Server.

 

Note: It’s critical to always create backups of the /etc/cb/certs directory prior to making changes.

 

Why do we need the Certificate Directory?

Carbon Black’s SSL dual authentication mechanism utilizes:

 

Browser / Rest API clients to Cb server:

  • Server: Cb Enterprise sends cb-server.crt as the identity. By default, the cert is self-signed.
  • Client: The client’s use CA verification procedures to authenticate against the Carbon Black Server. Since the certificate is self-signed, it will fail by default.

 

Sensor to Cb Server:

  • The server sends /etc/cb/cb-server.crt as the identity. The sensor has cb-server.crt embedded at installation time and validates that it matches with the server during regular communication.
  • The sensor has an embedded client certificate and private key named cb-client-ca which is used at the time of the sensor download and installation. The sensor then validates the sensor client cert and has not been revoked. If the client cert does not match the expected certificated for the sensor group, but is from the valid ca and has not been revoked, the server sends a replacement client certificate.

 

We support transitioning sensors, not transitioning data.

Carbon Black Cloud service does not support transitioning data due to the size. A Carbon Black server can have a large amount of data stored (in some cases, terabytes). To transfer that data would be a taxing process. The lifetime of the data is typically ~30 days by default; resulting in the time of the transfer outliving the data on larger servers.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-27-2015
Views:
1165
Contributors