When you log on for the first time, a wizard appears to help the user configure their organization setup in Seqrite HawkkProtect. The complete on-boarding of Users, Applications and Services can be done in the following 6 steps.
- Add Certificates.
- Add Sites.
- Add App Connectors.
- Add Applications and Services.
- Add Zero Trust Policies.
- Add Default Hierarchy.
Click Proceed to start the on-boarding.
Adding Certificates
In this step, add a valid security certificate for your organization so that the connections between HawkkProtect and application servers are secure and authenticated.
Select the type of certificate as required. Depending on your selection, follow these steps.
Note: To integrate the ADFS IdP type with HawkkProtect, only a custom certificate can be used.
Adding a custom certificate
If you select Import Custom Certificate, a new page appears.
Enter the following certificate details.
- Enter the certificate name.
- Enter the certificate description.
- Paste the certificate body file content.
- Upload the certificate chain file. The certificate chain file is used if there are multiple entries in a certificate file.
- Paste the private key file content.
- Enter the site domain name.
- Enter the passphrase. A Passphrase is required for an encrypted private key file.
Adding an auto-generated certificate
Enter the following certificate details.
- Enter the certificate name.
- Enter the certificate description.
- Enter the organization name.
- Enter the site domain name.
After this is done, click Add Certificate. The Certificates page is displayed.
Click Proceed to Step 2. The Add Site dialog is displayed.
Adding Sites
The Tenant administrator must add the location/sites where the organizational applications/services are hosted or located.
Adding Sites
The Tenant administrator must add the location/sites where the organizational applications/services are hosted or located.
Click Proceed to add Sites. The Add Site dialog is displayed.
- Enter the following site details.
- Enter the site name.
- Enter the site description, if any.
- Select the appropriate certificate from the drop-down menu.
- Select the appropriate IdP from the drop-down menu.
- Enter the sub domain in the Site Domain Name textbox and select the base domain from the drop-down menu.
- Click Deploy.
-
The Site Deployment Live Logs pop up window appears as follows.
On this screen the Administrator gets to know the progress of the site deployment through the live logs.
Note: A successful site deployment may take from 5 to 15 minutes.
The ‘Download Logs‘ option becomes available after a successful site deployment, allowing the administrator to download the logs from that location. In the event of a failed site deployment, the ‘Download Logs’ option also appears, enabling the administrator to download the logs and share them with technical support for further analysis.
- Enter the sub domain in the Site Domain Name textbox and select the base domain from the drop-down menu. Click Deploy. If verification is successful, the DNS Addition form dialog is enabled.
- In the DNS addition section, perform the following steps.
- Copy the site domain name and site canonical name (CNAME).
- Add a CNAME type record in your DNS provider host.
- After the DNS is propagated globally, click Verify.
- After this is done, click Finish. The Sites page appears.
- Click Proceed to Step 3 for adding the App Connectors.
Once the verification is successful, the DNS Addition form dialog is enabled.
Note: The DNS addition is required only in case of custom certificate and not in case of the auto-generated certificate.
Adding App Connectors
In this step, you must specify the connection details to connect HawkkProtect to your application servers.
If you want to configure app connector later, you can select Public Web Apps and click Skip step 3.
Click Add App Connectors. The Add App Connector Deployment page appears.
To add App Connectors, refer the details mentioned here. Post deployment, the App Connectors page displays list of App Connectors.
Click Proceed to Step NaN to start adding applications and services.
Adding Applications and Services
Here, the tenant administrator must add the applications and services to which you want to apply the Zero Trust paradigm.
Click Proceed to add Applications and Services. The Add Application dialog is displayed.
Enter the following information in the Application Information section.
- Enter the Application Name.
- Enter the Application Description.
- Upload the application logo.
Enter the following details and select appropriate options (wherever applicable) in the Application Details section.
Select one of the application types.
- Public Web Apps.
- Private Web Apps.
- Agent Based Apps.
Depending on the application type that you select, relevant parameters are displayed.
Public Web Apps
Enter the following information for the public web apps.
- Enter the IP Address / Domain Name of the application.
- Select the appropriate protocol from the drop-down menu.
- The Port Value will be auto populated based on the selected protocol.
- Enter the relative URL path. For example: For the URL https://myapps.organization.com/careers/engineering, the relative URL path is /careers/engineering. The relative URL path must start with a forward slash ( / ).
- Enter the external domain name.
- Enter the tags applicable to the application.
Private Web Apps and Services
Enter the following information for the private web applications.
- Enter the IP Address / Domain Name of the application.
- Select the appropriate protocol from the drop-down menu.
- The port value will be auto populated based on the selected protocol.
- If the selected protocol is either HTTP or HTTPS, enter the relative URL path. For example: for the URL https://myapps.organization.com/careers/engineering, the relative URL path is /careers/engineering. The relative URL path must start with a forward slash (/).
- If the selected protocol is Web RDP, select the RDP access type. If the selected RDP access type is ‘Limited Application Access’, enter the Remote Application Name, Remote Application Directory, and Remote Application Argument.
- Enter the external domain name.
- Select the appropriate App Connector from the drop-down.
- Enter the tags applicable to the application.
Providing support for importing a private key file while accessing webSSH applications
While configuring a WebSSH application the administrator can import the private key file as shown in the following image, so that the end user can access the application by entering the valid credentials.
Note:☛
- The use of passphrases to generate private keys is not supported.
- At present, the only supported method for authentication to WebSSH applications is through private key files encrypted with RSA.
Adding Agent Based Apps
Enter the following information for the agent-based applications.
- Enter the IP Address / Domain Name of the application.
- Select the appropriate protocol from the drop-down menu.
- If the selected protocol is HTTPS, then the administrator should provide the Domain Name and not the IP address. The external domain name will be auto populated.
- Enter the external domain name.
- The port value will be auto populated based on the selected protocol.
- Select the appropriate App Connector from the drop-down.
- Enter the tags applicable to the application.
Note:
For the Agent Based Apps the supported protocols are HTTP, HTTPS, RDP, SSH, Telnet, SMB, VNC, SFTP, and SCP.
Note:
- Currently, to connect the SMB app in Windows OS, need to stop and disable server services and then need to reboot the device.
- The FTP protocol does not provide native support for using custom ports at present.
After this is done, click Add. The Applications page is displayed with the application details that you have configured.
Click Proceed to Step 5.
Adding Zero Trust Policies
In this step, you must add the policies with the necessary conditions to access or restrict access to the applications.
Click Proceed to add Zero Trust Policies. The Add Policy dialog is displayed.
I. In the Policy Information dialog, enter the following information.
| Column Name | Description |
|---|---|
| Identifier | Suitable identifier for the policy. |
| Name | Name of the policy. |
| Observe | Shows whether connections allowed under this policy are being observed. |
| Description | Detailed description of the policy. |
II. In the Allow Rule dialog, enter the following information.
| Column Name | Description |
|---|---|
| IdP | Select the appropriate IdP from the configured IdPs. |
| User Tags | Tags applied on the user from the configured IdP. |
| Application Tags | Tags applied on applications where the connection is received. Add specific tags here so that users will only be allowed to access applications which are configured here. |
| User Exception Tags | Based on connection requirements, these tags will exclude users to whom available source tags are applicable. |
III. Click Save as draft if you want to work on the policy later. Else, click Add Policy. By default, the Zero Trust Policies page with added policies is displayed.
You can view the Firewall and DDoS Policies Pages by clicking the respective tabs at the top.
Click Proceed to Step 6. The Add Default Hierarchy dialog is displayed.
Adding Default Hierarchy
You can create the default hierarchy for users and services based on location, department, role, etc.
Click Proceed to create Default Hierarchy. The Default Hierarchy dialog is displayed.
You can enter the User and Service Hierarchy details as required. These details help you view the status of the attempted connections of users to the grouped applications and services. Enter the details as follows. In the User Hierarchy dialog, enter the following details.
- User Hierarchy Name.
- Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.
In the Service Hierarchy dialog, enter the following details.
- Service Hierarchy Name.
- Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.
After entering this information, click Create. A success prompt is displayed for a successful configuration. You can now view the connections between the users to the applications and services on the dashboard.
Note: You can add and use a maximum of 6 hierarchy tags for each hierarchy. A maximum of 6 hierarchies (1 Default and 5 Custom) can be created in one workspace.
Click View Connections. This will open the Hierarchy view on the Visibility page.
Note:
If you see the Proceed to create Default Hierarchy button disabled, you must complete all the previous steps to add the Default Hierarchy.
