Page Comparison

...

Note

For invited users:

Before your account was created, your account administrator decided the proper roles and permissions for your account.

Consult with your account administrator to understand what permissions you have and how you should configure your account.

You can use this document to complete the account signup process and review high-level action items to complete.

Expand

title	Step 1: Open the Account Signup Email

In the email from Armor, click the link.
- You will be redirected to enter your account security information.

Expand

title	Step 2: Complete Your Security Information

Note
In this step, you will add your phone number to your account. This phone number will be used for multi-factor authentication. To complete the account signup process and to log into AMP, you must be near this phone number.

Note your Armor username.

- The

Username

- Username will be pre-populated with the email address of

the

- the Primary Contact

for

- for the account.

In

In Password

and

and Confirm Password,

create

create and enter an account password.
- Your password must be at least 12 characters in length.
- Your password must contain an upper-case character, a lower-case character, a number, and a special character.
- Your password cannot contain personal information, such as your name, email address, birthday, etc. For example, if your name is John Smith, then you cannot use joh or smi in your password.
- You can only change your password once every 24 hours.
- Passwords expire after 60 days.

- After 6 failed login attempts, you will be locked out of your account for an hour. To resolve this, you must contact your account administrator or contact Armor Support.
- After 15 minutes of no activity, you will be logged out of the Armor Management Portal (AMP).
Complete

the

the Challenge Phrase

and

and Challenge Response.

- If you call Armor for technical support, you will be asked

the

- the Challenge Phrase, and you must correctly answer

the

- the Challenge Response.

- Do not use inappropriate language or suggestive material.

- The answer must be at least five characters long.

In

In Phone Number,

select your country code / flag, and then enter your phone number.
- This phone number will be used for multi-factor authentication (MFA). Every time you log into the Armor Management Portal (AMP), you will receive a phone call in order to complete the login process.
- You can enter a phone number with spaces and special characters, such as (555) 555-555.

- (Optional) If your phone number contains an extension, enter the number

in

- in Extension. You cannot include spaces or special characters in this field.

Click

Click Validate

to

to validate the phone number entered.
- You will receive a phone call; answer the phone, and then follow the instructions.
- (Optional) After you complete the signup process, you can configure your account to use the Microsoft Authenticator application for MFA. To learn how to use this application,

see

- see Configure multi-factor authentication for your account.

Click

Click Continue.
- You will be redirected to the Armor Management Portal (AMP) login screen.

true

Expand

title	Step 3: Create a Virtual Machine with a New Workload

excerpt-include

Note

ESLP:

Workloads and tiers

(snippet)

ESLP:Workloads and tiers (snippet)

nopanel

are visual tools used in the Armor Management Portal (AMP) to help you organize your virtual machines and corresponding resources. Workload refers to a container of virtual machines that live inside the Armor data center. Tiers are levels within workloads.

In the Armor Management Portal, in the left-side navigation,

click

click Infrastructure.

Click

Click Virtual Machines.
Hover over the plus ( + ) icon, and then click

the

the Virtual Machine

icon

icon.
- If you do not have any virtual machines listed, then click

- Deploy

- New, and then select

- Virtual Machine.
Locate and select the desired operating system and operating system version.
On the right side, use

the

the Region

drop

drop-down menu to select

the data

the data center to host your virtual machine.
Select the desired virtual machine based on your CPU and memory needs (GB).
- You can

click

- click High CPU

or

- or High

- Memory

to

- to filter the list of virtual machines. You can also

click

- click Show All

- Options

to

- to see every virtual machine offering.
- Armor labels virtual machines by CPU and memory features. For instance,

- 2x4

indicates

- indicates that the virtual machine has 2 CPU and 4 GB of memory.

In

In Name, enter a descriptive name for your virtual machine.

In

In Workload,

select New Workload

select New Workload.

In

In New

Workload

Name, enter a descriptive name.

In

In New

Tier

Name, enter a descriptive name.

In

In Location, select and verify the data center to host your virtual machine.

Under

Under Access

Credentials, note your username to access the virtual machine.

In

In Password, enter a secure password to use to access the virtual machine.

- Your password must contain:
  - An upper-case letter
  - A lower-case letter
  - A number
  - A special character: ! @ # $ % ^ * ( ) { } [ ]
- You can also

click Generate Password

- click Generate Password to allow Armor to create a password.

(Optional) For additional storage,

under

under Storage Substrate

and

and Disk Size, select your desired storage, and then

click

click Add

Disk.

On the right-side menu, review the pricing information, and then

click

click Purchase.

- When you order a virtual machine, you are also ordering Intelligence Security Model (ISM) for the virtual machine. Prices for ISM will vary based on the number of virtual machines you have ordered. IMS pricing is based on the following tiered structure:

- Tier
  Number of Virtual Machines
  1 1 - 10
  2 11 - 25
  3 26 - 100
  4 101 - 250
  5 251 - 500
  6 500 +
To view the status of your newly created virtual machine, in the left-side navigation,

click Infrastructure, click Virtual Machines, and then search for your newly created virtual machine. Expand

title	Step 4: Download and Install Your SSL/VPN

Note

If you run Ubuntu 16.x, then please review Install SSL VPN for Ubuntu 16.x ( decommission).

If you run Ubuntu 18.x, then please review Install SSL VPN for Ubuntu 18.x.

If you run Mac OS 10.11 or higher, then please review Install SSL VPN for Mac OS 10.11+.

click Infrastructure, click Virtual Machines, and then search for your newly created virtual machine.

Expand

title	Step 4: Download and Install Your SSL/VPN

Note

Before you can download and install your SSL VPN, the account administrator must add the following permissions to your account:

Write SSL VPN Devices and
Users
Users
Read SSL VPN Devices and Users
Read Virtual Data
Centers
Centers

Additionally, your account administrator must enable your account to download and install the client.

Confirm with your account administrator before you attempt to download and install.

Note
This section is for Account Administrators only.

In the Armor Management Portal (AMP), in the left-side navigation,

click

click Infrastructure.

Click

SSL

SSL VPN.

Click

Members.
Click the plus ( + ) icon.
In the field, enter and select the name of the user, or their email address.
Mark the desired data center or data centers that the user can connect to.
Click

Submit.
- The newly added user will appear in the table; the table is organized in alphabetical order, based on the first name of the user.

Click

Client.

Click

Click Download SSL

VPN client.

- AMP will automatically detect your operating system; however, you can

click Download

- click Download for

another

- another platform

to

- to view other operating system options.
- When you open the client, follow the on-screen installation instructions.

- For

- Windows

- users, the client will download as

a

- a .zip

file

- file.
  - Extract the installation files to your local hard drive.
  - Launch the

- - installer.exe

- - file to begin the installation.

- For

- Mac OS

- users, the client will download as a

- .tgzfile.
  - Extract the installation files to your local hard drive.
  - Access

the

- - the mac_phat_client

- - folder, and then run

the

- - the naclient.pkg

installer

- - installer.

- - When you run the installer, you will see an error regarding the certificate. Click

- - Continue. (In a future release, Armor will resolve the issue.)
  - To launch the SSL VPN client, in your

- - Applications

- - folder, search for

- - naclient.
  - If

- - you run Mac OS 10.11 or higher, then please

review

- - review Install SSL VPN Client for Mac OS, version 10.11 and higher.

After installation, open the client.
- In the drop-down menu,

- default

- will be listed.

- Image Modifiedk
Click

Settings.
- To add a new connection, you must enter a

- Connection

- Alias,

- Hostname/IP Address, and

- Port, which you can find in AMP.

- Image Modified
Return to AMP, specifically to the

Client

section of the

SSL VPNscreen.
Use the

Client Configuration

table to locate the data center and corresponding information to add to the client.

Image Modified
Under

Client Configuration, copy the

Location

information, and then paste that information into

Connection

Alias.
Under

Client Configuration, copy the

HOST/FQDN

information, and then paste that information into

Hostname/IP Address.
Under

Client Configuration, copy the

Port

information, and then paste that information into

Port.
Click

Add.
Click

OK.
In the drop-down menu, select the newly created connection.
Log into the client.
- Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP).

Expand

title	Step 5: Create a Firewall Rule with a New IP Address Group

Step 1: Create an IP Group

In the the Firewall screen screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several IP addresses or just a single IP address.

You can combine related IP addresses into a single single IP Group. For example, if you want to block traffic from three separate IP address, you do not have to create three separate firewall rules. Instead, you can combine the three separate IP addresses into a single, configurable configurable IP Group. Then, when you create a firewall rule, you can pick the newly created created IP Group as your Source or Destination IP as your Source or Destination IP addresses.

In

the Armor

the Armor Management Portal (AMP), on the left-side navigation,

click

click Security.

Click

Click Firewall.

If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.

Click

Click IP Groups.

Click

Actions, and then click

New Group.

In

In IP

Group

Name, enter a descriptive name.

- Armor recommends that you

add

- add Source

or

- or Destination

into

- into the name of the IP Group to help you identify the IP Group as

the

- the Source

or

- or Destination

- IP group.

In

In Add

Members

To Group, enter a member, and then click the plus icon.
- You can enter:
  - A single IP address
  - A range of IP addresses
  - CIDR
- You must add at least one member.

- You can add multiple members to a service group.

Click

Click Apply.

- The newly created IP group will appear at the bottom of the table.

Step 2: Create a Service Group

In the the Firewall screen screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).

You can combine related protocols related protocols (and ports) into a a Service Group. For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable Service Groupconfigurable Service Group. Then, when you create a firewall rule, you can pick the newly created Service Groupcreated Service Group.

In

the Armor
the Armor Management Portal (AMP), on the left-side navigation,
click
click Security.

Click
Click Firewall.

If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.

Click
Click Service Groups.

Click

Actions, and then click

New Group.

In
In Service

Group

Name, enter a descriptive name.

In
In Add

Members

To Group, enter the service or sub-protocol, and then click the plus ( + ) icon.

You must add at least one member.

You can add multiple members to a service group.

Service or Sub-Protocol
Notes
Example
Services (TCP, UDP, etc.)
You must enter a port number.
These services are not case-sensitive.
tcp/80
TCP/80
Tcp/80
tCp/80
Additional services (AARP, AH, etc.)
These additional services are not case-sensitive.
Do not enter a port number with these additional services.
ATALK
igmp
Gre
Sub-protocols (echo-reply, redirect, etc.)
You must
enter
enter icmp, followed by the specific sub-protocol.
You must enter the sub-protocol in lower-case letters.
Do not enter a port number.
icmp/source-host-isolated
icmp/time-exceeded
Click

Click Apply.

The newly created service group will appear at the bottom of the table.

Note
For a complete list of supported services and sub-protocol, see see Review supported services and sub-protocols.
Step 3: Create a Firewall Rule Rule
In
the Armor
the Armor Management Portal (AMP), on the left-side navigation,
click
click Security.

Click
Click Firewall.

If you have virtual machines in various data centers, then in the top menu, click the corresponding data center.

Click

Actions, and then click

New Rule.

If you do not see

Actions, then click

Create a Firewall Rule.

In
In Name, enter a descriptive name.

In
In Action,
select
select Allow
to
to allow specified traffic to access your virtual machine
or Block
or Block to block specified traffic.

Under

Service,

enter and select the name of the desired Service Group.
To learn how to create a Service Group,
see
see Create a service group.

Under

Source, enter and select the name of the desired IP Group.
To learn how to create an IP Group,
see
see Create an IP group.
Under
Under Destinations,
in
in the field, enter and select the name of the desired IP Group.
Click
Click Save Rule.

Note
After you create a rule, Armor recommends that you place the rule in the correct order.
Reorder a rule:
Under Rule, in the numbered fields, enter a number to move the rule to a different position.

If you have more than 25 rules, the additional rules will be placed in a secondary section within
the Firewall
the Firewall screen. To reorder and move these additional rules into a higher position, enter a number under
the Order
the Order column, and then
press
press Enter
on
on your keyboard.

In the top menu that appears,

click

Save.
Note
If you are not familiar with ordering rules, contact Armor Support to help you properly order your firewall rules. It is extremely important to order rules in order to receive desired traffic.
To learn how to send a support ticket, see Armor Support Tickets.

Disable a rule:
Locate and hover over the desired rule.
Click the vertical ellipses.
Click

Disable Rule.
Click

Disable

Rule

again.
In the top menu that appears, click

Save.

Expand

title	Step 6: Subscribe to Data Center Notifications

ESLP:Subscribe to data center notifications (snippet)

Insert excerpt

ESLP:Subscribe to data center notifications (snippet)

	Account Administrators
	Account Administrators
name	Subscribe to Data Center Notifications
nopanel	true

Expand

title	Step 7: Configure Your Notification Preferences

Armor recommends that you configure your account to receive notifications for for Account, BillingBilling, and Technical Technical events.

Note

These notification preferences do not relate to support tickets.

To update your notification preferences for support tickets, see Armor Support Tickets.

Account

You will receive a notification when:

A password expires in 14 days.
A password expires in 7 days.
A password expires in 24 hours.
A password has expired.

Billing

You will receive a notification when:

An invoice has posted.

An invoice is past due (2, 10, 15, 25, and 30 days).
A payment method will soon expire (1, 15, and 30 days).

Note
You can configure a user to become the primary billing contact for an account. This user will receive billing notifications. Additionally, this user will be listed in

the

the Bill to

field

field in an invoice.

In the Armor Management Portal (AMP), in the left-side navigation,

click

click Account.

Click

Click Users.

Locate and hover over the desired user.

Click the vertical ellipses.

Select

Select Set as Primary Billing Contact.

Click

Click OK.

ing

Technical

You will receive a notification when:

A virtual machine will be deleted or downgraded.
CPU, disk, and memory utilization is at more than 90% for 5 minutes.

P

Ping, SSH (Linux), or RDP (Windows) fails for 5 minutes.

Note
You can only change the notification preferences for your own account. You You cannot change the notification preferences for other user accounts.

In the Armor

In the Armor Management Portal (AMP), in the top, right corner, click the vertical ellipses.

Click

Click Settings.

Click

Notification Preferences.
Use the slider to make your desired changes.
- Select

Alert to

- Alert to receive notifications in the top bar in the Armor Management Portal (AMP).

- Select

Email to

- Email to receive notifications through email.

- You can select both notification options.

Click

Click Update Notification Preference

to

to save your changes.

...

Versions Compared

Old Version 150

New Version Current

Key

Step 1: Create an IP Group

Step 2: Create a Service Group

Step 3: Create a Firewall Rule Rule

Tier	Number of Virtual Machines
1	1 - 10
2	11 - 25
3	26 - 100
4	101 - 250
5	251 - 500
6	500 +