Creating an MSSP Management Console

The process of provisioning an MSSP Management Console is similar to the CLI-based process that provisions a Pulse One appliance, see the Pulse One Appliance Getting Started Guide.

There are some key differences:

•Licenses and certificates are different, see Preparing to Provision an MSSP Management Console.

•After you have installed a valid Pulse One MSSP license, you can provision an MSSP management console from the Pulse One Appliance. This uses an MSSP-specific command:

p1 mssp provision

For example:

p1 mssp provision demo.customer.com --admin-username admin123
--admin-email [email protected]

In this example:

•The FQDN URL (demo.customer.com) is the URL for the management console. You can choose this URL; it does not have to start with ‘mgmt’.

•The admin username (admin123) will be the username that is used to log into the MSSP management console.

The command will also prompt the customer to enter the password for the admin user.

•Credentials for AFW services - there will be multiple customer domains running on the appliance. Do not manually generate separate ESA credentials for each customer domain and send them to the customer. Instead, contact Pulse Secure about new MSA and ESA credentials. All the customer domains will share the same ESA credentials to enroll with AFW services.

The following commands are used to configure the MSA and ESA:

pws config set msa

pws config set esa

These commands require a valid PWS license. For the first command to set MSA, a valid MSSP license as also required.

•The following commands are disabled in MSSP mode. Where required, equivalent functionality is supported in the MSSP management console:

p1 domain provision

p1 domain group

pws email-domain