This guide will walk you through the steps to get up and running with Enclave microsegmentation.
Step 1: Create your account
Once logged in you will be brought to the main dashboard. This screen will show you the current status of your network and a network map of the agents in your organization. If this is a new account, you will see no agents reporting except a managed beacon that is created on your behalf.
Step 2: Add nodes to your network
Nodes are machines that need permanent access or rules that need to be open constantly (i.e. a webserver and a database or an ssh server).
On the left side navigation menu, click on the Nodes menu item.
Click on the button:
Once clicked, a form will slide into view. Enter a hostname, a name (optional), and any labels that you want this node to be a part of.
For example, if you were adding an ssh server, you could add
server1 to the
hostname field. The
Hostname field will be how this node is identified in the system. The
Name field will override the system identifer, in this example, I will add server1 as the name. In the
Labels field you can add a group to which this node belongs; I will add the
SSH servers label to this node's label list.
You can create labels later or add them in this form as well. Click on the
+ Add a new label link. This will also slide a form into view. Enter the name of the label, you wish to create.
Labels are the preferred way of grouping nodes and users. These provide a shorthand way to assign groups of agents the same access rules.
Step 3: Add users to your account
Users are designed to be used by humans. The only difference between a User and Node is how they authenticate with Enclave. A user's access is session based, expiring in a configured period of time, where as a node will never expire. To continue on the example above, we want a user to connect to our server over SSH.
In the left navigation menu, click on the
Users menu item.
There are two ways to add users: (1) individually or (2) a bulk add with a csv file.
Add users individually
If you only have a few users to add to our organization a simple way to add them is by clicking the
Add User button. A form will slide into view asking for you to enter data into three fields: Name, Email, and Labels.
- Name is the written identifier that they system will use to display the user
- Email is they email address that this user can access. They will receive their initial mfa token at this email address
- Labels are any of the groups to which this person should be a part
For our example, I will add the following information to the system:
Creating labels works the same way as previously mentioned in Step 2
Add users with a CSV file
Another option to add users, especially useful you have many users, is to upload a CSV file.
Use the following table as a template:
|email@example.com||Nick||DB admin||SSH admins|
Email of the user you would like to add
Name of the user you are adding
Label that you want to associate with this user.
You can keep adding as many label columns as necessary for the user.
Once you have completed your csv file, you can go back to the EMC. Click on the Users button in the left side navigation menu. On the Users page, click on the
Bulk Add Users + link. A form will slide into view and you can upload your csv there.
Did you upload a csv file only to realize that you forgot a label or decided to make some changes? No worries, we got you covered. Make the adjustments on the csv file and the EMC will alter the users in the system to the new specification.
Note that removing a user from a csv find and reuploading it will not remove the user from the system. You must manually remove them from the system at this time.
Step 4. Install the enclave agent
Installing the agent is a straight forward process. There are builds for Linux, Windows, and Mac OSx. Instructions for installation can be found in the EMC and under the Install tab on a User or a Node.
Installing the agent on nodes
For each Node that the EMC manages, we will need to download and install the appropriate software package.
Click which operating system you are looking to install the agent on. Enclave supports Linux, Windows, and Mac OSx.
You can select your version of the agent. We recommend the latest version. The latest version will have the most up-to-date features. The latest version is the default choice.
Next, you will choose which flavor of linux (if you chose linux as the core OS), and what architecture you system uses: x86_64 or arm64.
Once those choices have been made a download button and link will appear. Download the package and install it with the given instructions for your system.
Next, you will need to create an a token to authenticate this Node. Click on the
Create Token button in the Install page. A form will slide into view allowing you to choose how long you would like the token to be valid. Continue with your preference and then a generated token will appear. Make sure to keep this token handy when starting up the agent. Select the option to use an agent token in the GUI or following the CLI instructions to start a node. Paste your generated token into the prompt and start up your node.
Installing the agent for users
This is a bit simpler than the node installation. Go to the
Install tab on the User page. Choose which operating system and architecture that the user is on. Run through the install instructions for that platform.
Once installed, the user will be guided through the setup process when they start the app. There are two apps that a user can run: a GUI app where they can point and click to get connected, or a command line app. Both have similar features, it is up to the preference of the user on which to use.
Step 5. Create some enclaves
At this point, you have your nodes and users in the system. You should be able to see some of the nodes reporting into the EMC, designated by a green icon next to their name. Now let's start making some connections to get things communicating.
Let's go click on the
Enclaves button in the left side navigation menu. On the Enclaves page, click on the
Add an Enclave + button. A form will slide into view, where you can name the enclave and add Labels that will be associated to the enclave. Using our previous examples, let's name the enclave
SSH servers, and add the labels:
SSH admins, and
We should be brought to the Overview tab for this enclave. Here we shoudl see the labels, nodes, and users that we added this enclave.
Click on the
Network Map tab. Now click and drag on the
SSH admins label and drag the line to the
SSH servers label.
On the pop-up screen, we can add any firewall rule we like. In this case since we want SSH access to this machine for all the
SSH admins, we can simply type ssh into the search field and hit submit.
The network map will update to the provided configuration. Configurations will be sent to all the nodes associated with this enclave. And you are ready to connect.
Step 6. Test your connection
The user can now go to the client app and connect to the enclave. After a quick user verification, the enclave will be active and the user can access the SSH service on the node.
Step 7. Celebrate! 🎉
Congratulations. You just set up your first Enclave. Let's go celebrate!