When you log on for the first time, a wizard appears to help the user configure their organization setup in Seqrite HawkkProtect. The complete on-boarding of Users, Applications and Services can be done in the following 6 steps.
- Add Certificates.
- Add Sites.
- Add App Connectors.
- Add Applications and Services.
- Add Zero Trust Policies.
- Add Default Hierarchy.
Click Proceed to start the on-boarding.
Adding Certificates
In this step, add a valid security certificate for your organization so that the connections between HawkkProtect and application servers are secure and authenticated.
Select the type of certificate as required. Depending on your selection, follow these steps.
Note: To integrate the ADFS IdP type with HawkkProtect, only a custom certificate can be used.
Adding a custom certificate
If you select Import Custom Certificate, a new page appears.
Enter the following certificate details.
- Enter the certificate name.
- Enter the certificate description.
- Paste the certificate body file content.
- Upload the certificate chain file. The certificate chain file is used if there are multiple entries in a certificate file.
- Paste the private key file content.
- Enter the site domain name.
- Enter the passphrase. A Passphrase is required for an encrypted private key file.
Adding an auto-generated certificate
Enter the following certificate details.
- Enter the certificate name.
- Enter the certificate description.
- Enter the organization name.
- Enter the site domain name.
After this is done, click Add Certificate. The Certificates page is displayed.
Click Proceed to Step 2. The Add Site dialog is displayed.
Adding Sites
The Tenant administrator must add the location/sites where the organizational applications/services are hosted or located.
Adding Sites
The Tenant administrator must add the location/sites where the organizational applications/services are hosted or located.
Click Proceed to add Sites. The Add Site dialog is displayed.
- Enter the following site details.
- Enter the site name.
- Enter the site description, if any.
- Select the appropriate certificate from the drop-down menu.
- Select the appropriate IdP from the drop-down menu.
- Enter the sub domain in the Site Domain Name textbox and select the base domain from the drop-down menu.
- Click Deploy.
- Enter the sub domain in the Site Domain Name textbox and select the base domain from the drop-down menu. Click Deploy. If verification is successful, the DNS Addition form dialog is enabled.
- In the DNS addition section, perform the following steps.
- Copy the site domain name and site canonical name (CNAME).
- Add a CNAME type record in your DNS provider host.
- After the DNS is propagated globally, click Verify.
- After this is done, click Finish. The Sites page appears.
- Click Proceed to Step 3 for adding the App Connectors.
Note: The site deployment may take up to 8 minutes.
If verification is successful, the DNS Addition form dialog is enabled.
Note: The DNS addition is required only in case of custom certificate and not in case of the auto-generated certificate.
Adding App Connectors
In this step, you must specify the connection details to connect HawkkProtect to your application servers.
If you want to configure app connector later, you can select Public Web Appsstrong> and click Skip step 3strong>.
Click Add App Connectors. The Add App Connector page appears.
On the Add App Connector page, enter the following information.
I. In the App Connector Details dialog, enter the following information.
Fields | Description |
---|---|
App Connector Name | App Connector Name |
App Connector Description | Description of the app connector, if any. |
II. In the App Connector Other Details dialog, select the site from the drop-down list. This is the domain name where organizational applications/ services are hosted.
III. After entering this information, click Add. The App Connectors page is displayed with app connectors list and description with app connectors list and description.
Click Proceed to Step NaN to start adding applications and services.
Adding Applications and Services
Here, the tenant administrator must add the applications and services to which you want to apply the Zero Trust paradigm.
Click Proceed to add Applications and Services. The Add Application dialog is displayed.
Enter the following information in the Application Information section.
- Enter the Application Name.
- Enter the Application Description.
- Upload the application logo.
Enter the following details and select appropriate options (wherever applicable) in the Application Details section.
Select one of the application types.
- Public Web Apps.
- Private Web Apps.
- Agent Based Apps.
Depending on the application type that you select, relevant parameters are displayed.
Public Web Apps
Enter the following information for the public web apps.
- Enter the IP Address / Domain Name of the application.
- Select the appropriate protocol from the drop-down menu.
- Enter the appropriate port value from the drop-down menu whether HTTP or HTTPS.
- Enter the relative URL path. For example: For the URL https://myapps.organization.com/careers/engineering, the relative URL path is /careers/engineering. The relative URL path must start with a forward slash ( / ).
- Enter the external domain name by entering the sub domain and selecting the base domain.
- Enter the tags applicable to the application.
Private Web Apps and Services
Enter the following information for the public web applications.
- Enter the IP Address / Domain Name of the application.
- Select the appropriate protocol from the drop-down menu.
- Select the appropriate port value from the drop-down menu.
- If the selected protocol is either HTTP or HTTPS, enter the relative URL path and enter only the Domain Name and not the IP address. For example: for the URL https://myapps.organization.com/careers/engineering, the relative URL path is /careers/engineering. The relative URL path must start with a forward slash (/).
- If the selected port is Web RDP, select the RDP access type. If the selected RDP access type is ‘Limited application type’, enter the Remote Application Name, Remote Application Directory, and Remote Application Argument.
- Enter the external domain name for the application by entering the sub domain and selecting the base domain.
- Enter the tags applicable to the application.
Adding Agent Based Apps
Enter the following information for the agent-based applications.
- Enter the IP Address / Domain Name of the application.
- Select the appropriate protocol from the drop-down menu.
- Select the appropriate port value from the drop-down menu.
- If the selected port is either HTTP or HTTPS, enter the relative URL path. For example: for the URL https://myapps.organization.com/careers/engineering, the relative URL path is /careers/engineering. The relative URL path must start with a forward slash ( / ).
- Enter the external domain name for the application by entering the sub domain and selecting the base domain.
- Select the appropriate App Connector from the drop-down.
- Enter the tags applicable to the application.
Note:
For the Agent Based Apps the supported protocols are HTTP, HTTPS, RDP, SSH, Telnet, SMB.
Note:
Currently, to connect the SMB app in Windows OS, need to stop and disable server services and then need to reboot the device.
After this is done, click Add. The Applications page is displayed with the application details that you have configured.
Click Proceed to Step 5.
Adding Zero Trust Policies
In this step, you must add the policies with the necessary conditions to access or restrict access to the applications.
Click Proceed to add Zero Trust Policies. The Add Policy dialog is displayed.
Enter the following details.
I. In the Policy Information dialog, enter the following information.
Column Name | Description |
---|---|
Identifier | Suitable identifier for the policy. |
Name | Name of the policy. |
Observe | Shows whether connections allowed under this policy are being observed. |
Description | Detailed description of the policy. |
II. In the Allow Rule dialog, enter the following information.
Column Name | Description |
---|---|
Source Tags | Tags applied on the user from where the connection is established. |
Destination Tags | Tags applied on applications where the connection is received. |
Exception Tags | Based on connection requirements, these tags will exclude users to whom available source tags are applicable. |
III. Click Save as draft if you want to work on the policy later. Else, click Add Policy. By default, the Zero Trust Policies page with added policies is displayed.
You can view the Firewall and DDoS Policies Pages by clicking the respective tabs at the top.
Click Proceed to Step 6. The Add Default Hierarchy dialog is displayed.
Adding Default Hierarchy
You can create the default hierarchy for users and services based on location, department, role, etc.
Click Proceed to create Default Hierarchy. The Default Hierarchy dialog is displayed.
You can enter the User and Service Hierarchy details as required. These details help you view the status of the attempted connections of users to the grouped applications and services. Enter the details as follows. In the User Hierarchy dialog, enter the following details.
- User Hierarchy Name.
- Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.
In the Service Hierarchy dialog, enter the following details.
- Service Hierarchy Name.
- Hierarchy Tags. You can add more tags by clicking the Add Hierarchy Tag button.
After entering this information, click Create. A success prompt is displayed for a successful configuration. You can now view the connections between the users to the applications and services on the dashboard.
Note: You can add and use a maximum of 6 hierarchy tags for each hierarchy. A maximum of 6 hierarchies (1 Default and 5 Custom) can be created in one workspace.
Click View Connections. This will open the Hierarchy view on the Visibility page.
Note:
If you see the Proceed to create Default Hierarchy button disabled, you must complete all the previous steps to add the Default Hierarchy.