Cisco AMP Threat Grid Appliance Setup and Configuration Guide
PLANNING
Threat Grid Appliance User Interfaces
After the server has been correctly attached to the network and powered up, there are several user
interfaces available for configuring the Threat Grid Appliance. Note that LDAP authentication is available for
TGSH Dialog and OpAdmin with version 2.1.6.
TGSH Dialog
The first interface is the TGSH Dialog, which is used to configure the Network Interfaces. TGSH Dialog is
displayed when the appliance successfully boots up.
Reconnecting to the TGSH Dialog
TGSH Dialog will remain open on the console and can be accessed either by attaching a monitor to the
appliance or, if CIMC is configured, via remote KVM.
To reconnect to the TGSH Dialog, ssh into the Admin IP address as the user 'threatgrid'.
The required password will either be the initial, randomly generated password, which is visible initially in
the TGSH Dialog, or the new Admin password you create during the first step of the OpAdmin Portal
Configuration, which is described in the next section.
OpAdmin Portal
This is the primary Threat Grid GUI configuration tool. Much of the appliance configuration can ONLY be
done via OpAdmin, including licenses, email host, SSL Certificates, etc.
AMP Threat Grid Portal
The Threat Grid user interface application is available as a cloud service, and is also installed on Threat
Grid Appliances. There is no communication between Threat Grid Cloud service, and the Threat Grid Portal
that is included with a Threat Grid Appliance.
CIMC
Another user interface is the Cisco Integrated Management Controller ("CIMC"), which is used to manage
the server.
Network Interfaces
Admin Interface
Connect to the Admin network. Only inbound from Admin network.
•
OpAdmin UI traffic
•
SSH (inbound) for tgsh-dialog
•
Note:
The form factor for the Admin interface is SFP+. See Figure 2 -
T).
Cisco 1000BASE-T Copper SFP (GLC-
8