Manage U-Series Appliance Security Settings

Download a Crypto Key

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. Under Download Crypto Key Options, create an encryption password.
  4. Click Submit. The crypto key zip file is created and downloaded to your system.

Upload a Crypto Key

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. Under Upload Crypto Key Options, enter the encryption password.
  4. Drag and drop the crypto key zip file into the drop area or click the button to browse to the zip file.
  5. Click Generate the Uploaded Key.

Check FIPS Compliance

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. Under FIPS Compliance Checking, click the toggle to change it to FIPS State (Yes).
  4. Click Update FIPS Setting.
  5. You must reboot the U-Series Appliance for this setting to take effect.

Manage the U-Series Appliance API Key

The U-Series Appliance API manages the communication between U-Series Appliances when high availability is used in your environment. The API key enables U-Series Appliances to communicate with each other.

The API key is automatically generated and is available to copy from the Appliance API Keys page.

For security reasons, we recommend that you regenerate the key regularly. Remote appliances using the previous Registration Code to communicate with this appliance will be denied access until the new Registration Code is copied to that appliance and registered again.

To view this appliance's key details:

  1. On the sidebar menu, click Integrations, and then select Appliance API Keys.
  2. Ensure that the This Appliance tab is selected. The details appear in the Appliance Key Details section.
  3. To view the Registration Code, from the dropdown list, select an IP Address to Use in Configuration.

Appliance API Keys page

Regeneration and Settings

To create a new API key:

  1. Click Regenerate Registration Code. A new API key appears in the Appliance Key Details section on the left.
  2. From the dropdown list, select an IP Address to Use in Configuration. The associated registration code appears.
  3. At the right of the Registration Code field, click the Copy button.

You must copy the new registration code to the remote appliances that you want to communicate with this appliance.

Register a Remote Appliance

Communication between appliances requires both appliances to be registered with each other.

To register a remote appliance:

  1. Open the U-Series Appliance Console on the remote appliance first.
  2. On the sidebar menu, click Integrations and select Appliance API Keys.
  3. Click the Register Remote Appliance tab.

Register Remote Appliance tab view

  1. Copy and paste in the registration code from the first appliance.
  2. (Optional). Enter a short Description for the appliance being registered.
  3. Click Register Remote Appliance.
  4. Click the This Appliance tab.
  5. To view that appliance's Registration Code, from the dropdown list, select an IP Address to Use in Configuration.
  6. At the right of the Registration Code field, click the Copy button.
  7. Go back to the first appliance's console, and go to the Appliance API Keys page again.
  8. Click the Register Remote Appliance tab.
  9. Paste the registration code from the remote appliance.
  10. (Optional). Enter a short Description for the appliance being registered.
  11. Click Register Remote Appliance.

The registered remote appliance now appears in the Registered Remote Appliance table at the bottom of the page. At any time, to refresh that list, click the Refresh button at the top right of the table.

To view more of the table, at the right of the Appliance API Keys section, click the down arrow to collapse that section.

Registered Remote Appliance list table

 

Background Network Check Interval

In the Registered Remote Appliance table listing, you might see the word Communicating under the Status Ongoing and Status Incoming headings. You can adjust how often the connected appliances check with each other to make sure they are still connected.

To set the Background Network Check Interval:

  1. Under the This Appliance tab, in the Regeneration and Settings section, enter the number of minutes for the background network check interval.
  2. Click Save Settings.

Turn SSL Authentication Off or On

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. Under Event Service SSL Requirement, click the toggle to Event Service SSL/Certificate Required (No) to ignore SSL certificate authentication.
  4. Click Submit.

 

 

We do not recommend disabling SSL certificate authentication. SSL authentication should be disabled only in certain rare circumstances, such as during testing.

Analytics & Reporting Endpoints

If the BeyondInsight Analytics & Reporting website is unreachable, you can refresh the settings to establish the connection.

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. Under Analytics & Reporting Web Service Endpoints, clickRefresh.

Generate and Export Certificates

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. To regenerate the SSL certificate to match the U-Series Appliance network name, under Generate SSL Certificate, click Generate Certificate.

This certificate will not be trusted by the client browser.

  1. To export the client certificate, under Export Client Certificate, enter the password for the certificate, and then click Export Certificate.

Set a Security Protocol

Security Protocols

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. Under Security Protocols (TLS), select the security protocol that applies to your environment.
  4. Click Update Security Protocols.

 

To use TLS 1.2 on a U-Series Appliance running Windows Server 2008 R2 and SQL Server 2014, ensure the following patches have been applied to your U-Series Appliance.

Turn On HSTS

You can apply extra security to the U-Series Appliance website by using HTTP strict transport security (HSTS) technology.

  1. On the sidebar menu, click LA (if you are in the new environment only).
  2. On the Maintenance menu, click Security Settings.
  3. Under HTTP Strict Transport Security, toggle the switch to on.
  4. Click Update HSTS Setting.