A group is a logical collection of endpoints, agents and/or users that are grouped together. Groups in BlastShield™ are independent of the underlying network segmentation which gives you flexibility to configuration micro-segmentation without having to rely on complex VLAN configuration.
Groups are connected via policies, which form the foundation for BlastShield™ access control and segmentation management.
Policies are a simple way to grant users access to a protected asset by linking a group of users to a group of BlastShield™ Host Agents or Gateway endpoints. Policies work using a simple ‘From’ and ‘To’ methodology which links a group of users to a group of agents. You must install one BlastShield™ Agent on each server that you want to provide secure access to.
Summary
-
Create a group for your users and a group for your Host Agents and/or Gateway endpoints.
-
Create a policy to link the groups.
To learn how to create groups and policy, watch the following video or read the steps below.
Procedure
Create a group for your Host Agents/Gateway endpoints and a group for your user
-
Select Groups from the left menu.
-
Select Add New Group from the Group List.
-
Enter a name for the new Group.
-
To add members to the new group, click the Add Members button.
-
The Add Group Members menu will open.
-
To add users to the group, click the Users drop-down box and select the desired users which you want to add to new Group.
-
To add Host Agents to the group, click the Agents drop-down box and select the desired Host Agents which you want to add to new Group.
-
To add Gateway endpoints to the group, click the Endpoints drop-down box and select the desired Gateway endpoints which you want to add to new Group.
-
-
Click Add Members to save the members.
-
Click Save to save the new group.
-
Repeat the above so that you have one group for your users and another group for your Host Agents or Gateway endpoints.
Create a policy to link your user group to your Host Agent / Gateway endpoint group.
-
Select Policies from the left menu.
-
Select"Add New Policy from the Policy List.
-
Enter a name for the new Policy.
-
Select desired From Groups to be associated with the new Policy.
-
Select desired To Groups to be associated with the new Policy.
-
Save the new Policy.
Now that the policy has been created, the users should be able to connect to your instance using your usual connection methods.
|
Tip |
|---|
|
You can add multiple groups into the From and To fields of a policy |