Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Home > Installation > Complete the pre-upgrade process (account administrators for Armor Complete - Secure Hosting)

Note

This topic only applies to Armor Complete - Secure Hosting account administrators who have not started the upgrade process to Generation 4.

Note

Before you begin, to better understand the upgrade process, Armor recommends that you review the Frequently Asked Questions for Generation 4 documentation.

Overview

This document only applies to Armor Complete account administrators who have been notified by Armor to perform two pre-upgrade tasks.  

24 hours before your scheduled upgrade begins, you will receive an invitation from Armor to complete the account signup process and to access the Armor Management Portal (AMP).

Before Armor begins the upgrade process , use this document to complete the recommended pre-upgrade tasks.begins, Armor recommends that you complete these the two tasks below so that after the upgrade process is complete, you and your users can easily access AMP. 

...

Step 1: Complete your account signup

Excerpt Include
Complete your account signup (snippet)
Complete your account signup (snippet)
nopaneltrue
 

...

Step 2:

...

Review assigned roles

...

In the Armor Management Portal (AMP), roles are similar to job titles that you can create and assign to your users. You can populate these roles with specific permissions to restrict the type of access your users can have in AMP.

For example, if you have a user who simply needs billing / accounting permissions in AMP, you can create an Accounting role, assign billingaccounting-related permissions to the role, and then assign that the Accounting role to a the specific user. 

To prepare for the upgrade process, Armor has created :

  • Created three default roles (Admin, Technical, and Billing)

...

  • with permissions
  • Transferred your users into AMP
  • Assigned one of the default roles to your users 

...

Step 1: View default roles and permissions 

Armor recommends that you review the assigned roles, along with their corresponding permissions.

Expand
titlePermissions in the default Admin role

By default, the The default Admin role contains every permissions and permission available.

The Admin role is automatically assigned to a new administrator account.

To review every available permissions, see Review available permissions.



Expand
titlePermissions in the default Billing role

By default the Billing role contains the following permissions: 

At a high-level, the default Billing role contains mostly read-only permissions.

Review the following table to better understand the specific permissions associated with the default Billing role. 

AMP ScreenPermissionDescription

Read Entity Metadata

View notes and tags
Read IdentityView account information
Read WorkloadsView account workloads
Read Payment InformationView payment information

Write Payment Information

Update payment information
Read ComplianceView vulnerability scanning product information
Read AVAMView Malware Protection detail
Read Dashboard StatisticsView the data that populates the security dashboard
Read FIMView File Integrity Monitoring details.
Read Connections
Read FirewallView account firewall rules
Update Personal IdentityUpdate the challenge phrase and challenge response
View InvoicesView the invoices associated with your account
Read Network IPView account IP allocations and assignments
Read Network L2LView L2L network tunnels
View Core LicenseView core license information for your account
Read LocationsView locations available for this account
Read LogManagementView Log Management information
Read LogSearchView Log Search information
Read MonitoringView account resources
Read Network NatView DNAT assignments per VM.
Read Network BandwidthView network transfer history
Write Entity MetadataUpdates notes and tags
Read NotificationsView account notifications
Read OrdersView account resources
Read OS PackagesView OS patching details
Read Product CatalogRead Product Catalog
Global SearchPerform Global Search
Read Endpoints
Read SSL VPN Devices and UsersView SSL VPN account users and details
Read Virtual Machine StatsView graph data for virtual machines
Read StorageView disk and storage information for the account
View SubscriptionsView subscriptions for your account
Read TasksView task information
Read TemplatesView template details
Read TicketsView open tickets in your account
Write TicketsCreate a support ticket
Read Virtual Data CentersView account virtual data center details.
Read Server Replication
Read Virtual MachinesView virtual machine details
View Vulnerability ScansView vulnerability scanning report details
Expand
titlePermissions in the Technical role

By default the Technical role contains the following permissions: 

  • Read Entity Metadata
  • Read Identity
  • Read Workloads
  • Write Workload
  • Read Compliance
  • Write Compliance
  • Read AVAM
  • Read Dashboard Statistics
  • Read FIM
  • Read Connections
  • Write Connectors
  • Read Firewall
  • Write Firewall
  • Update Personal Identity
  • Read Network IP
  • Write Network IP
  • Read Network L2L
  • Write Network L2L
  • View Core License
  • Read Locations
  • Read LogManagement
  • Read LogSearch
  • Write LogManagement
  • Read Monitoring
  • Read Network Nat
  • Write Network Nat
  • Read Network Bandwidth
  • Write Entity Metadata
  • Read Notifications
  • Read Orders
  • Write Orders
  • Read OS Packages
  • Read Product Catalog
  • Global Search
  • Write Secret
  • Read Endpoints
  • Read SSL VPN Devices and Users
  • Read Virtual Machine Stats
  • Read Storage
  • View Subscriptions
  • Write Subscriptions
  • Read Tasks
  • Write Tasks
  • Read Templates
  • Write Templates
  • Read Tickets
  • Write Tickets
  • Read Virtual Data Centers
  • Read Server Replication
  • Read Virtual Machines
  • Scale Virtual Machine
  • Write Server Replication
  • Write Virtual Machine
  • View Vulnerability Scan

Security Dashboard (landing page)

Read Dashboard StatisticsThis permissions allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.

Malware Protection

Read AVAMThis permissions allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.

FIM

Read FIMThis permissions allows you to view file integrity details for each virtual machine.

Patching

Read OS PackagesThis permissions allows you to view details OS patching details for each virtual machine.

Log Management

Read LogManagement

This permissions allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log Management

Read LogSearch

This permission allows you to view details for log collection, such as the specific log message, for each virtual machine.

Firewall

Read Firewall

This permissions allows you to view details for firewall rules for each virtual machine.

MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
Virtual Machines / VM DetailsWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual Machines / VM DetailsRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM DetailsRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual Machines / VM DetailsRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM DetailsRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual Machines / VM DetailsRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual Machines / VM DetailsRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual Machines / VM DetailsRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.

Tickets + Notification

Read Ticket(s)This permission allows you to view previous and current support tickets.
Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
InvoicesView InvoicesThis permission allows you to view current and previous invoices.
Payment MethodsRead Payment InformationThis permission allows you to view current payment information, such as the primary payment method.
Payment MethodsWrite / Update Payment InformationThis permission allows you to update the payment information, such as adding a new credit card or assigning a new primary payment method
Not applicableRead Entity Metadata

This permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.

Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.




Expand
titlePermissions in the default Technical role

At a high-level, the default Technical role contains read-only and write-only permissions, with a focus on security and infrastructure resources in AMP.

Review the following table to better understand the specific permissions associated with the default Technical role. 

AMP ScreenPermissionDescription

Security Dashboard (landing page)

Read Dashboard StatisticsThis permissions allows you to view the widgets (and corresponding data) that populate the security dashboard. These widgets display a high-level status of your virtual machines, agents, and open security incidents.
Malware ProtectionRead AVAMThis permissions allows you to view antivirus and anti-malware (malware protection) details for each virtual machine.
FIMRead FIMThis permissions allows you to view file integrity details for each virtual machine.
PatchingRead OS PackagesThis permissions allows you to view details OS patching details for each virtual machine.
Log ManagementRead LogManagement

This permissions allows you to view high-level information for log collection for each virtual machine, such as:

  • Date logs were last received
  • Average size of collected logs
  • Log Status
Log ManagementRead LogSearchThis permission allows you to view details for log collection, such as the specific log message, for each virtual machine.
Log Management

Write LogManagement

This permission allows you to update the log management service, specifically the permission to upgrade the log retention plan.
FirewallRead FirewallThis permissions allows you to view details for firewall rules for each virtual machine.
FirewallWrite FirewallThis permissions allows you to add, update, or delete firewall rules.
MarketplaceRead Product Catalog

This permission allows you to view available add-on products.

You must have this permission enabled in your account in order to view purchased services and also to order new services in AMP.

Marketplace (and My Products)View SubscriptionsThis permission allows you to view subscription-based add-on products in the My Products screen of the User Details screen.
Marketplace (and My Products)Write Subscriptions

This permission allows you to view the Armor Marketplace, as well as add and cancel subscription-based add-on products.

Specifically, you can add the subscription in the Armor Marketplace, and then cancel the subscription in the My Products screen of the User Details screen.

WorkloadsRead Workload(s)

This permission allows you to view high-level data for workloads, such as

  • the associated data center
  • the number of tiers within the workload
  • the number of virtual machines within the workload
WorkloadsWrite WorkloadThis permission allows you to create, update, and remove workloads and tiers.
Virtual Machines / VM DetailsWrite OrdersThis permission allows you to provision a new virtual machine.
Virtual Machines / VM DetailsRead Virtual Machine StatsThis permission allows you to view usage data for a virtual data. This data is displayed in a line graph.
Virtual Machines / VM DetailsRead Virtual Machine(s)

This permission allows you to view data for a virtual machine, such as

  • Operating system
  • Size
  • Corresponding workload
  • Status
Virtual Machines / VM DetailsScale Virtual MachineThis permission allows you upgrade or downgrade (resize) the size of a virtual machine.
Virtual Machines / VM DetailsWrite Virtual MachineThis permission allows you to create, update, and remove virtual machines.
Virtual Machines / VM DetailsRead Location(s)This permission allows you to view a list of available Armor data centers when you manage your virtual machines.
Virtual Machines / VM DetailRead Virtual Data CentersThis permission allows you to view the list of virtual environments in your account.
Virtual MachinesRead Server Replication

This permission allows you to view high-level data for the server replication (disaster recovery) add-on product. Specifically, this permission allows you to view:

  • The status of the add-on product (configuring, enabled, disabled)
  • The location of the primary data center
  • The location of the failover data center
  • The status of the replication
Virtual MachinesWrite Server ReplicationThis permission allows you to order and cancel the server replication add-on product.
Virtual MachinesRead TasksThis permission allows you to view pending tasks, such as a scheduled delete or downsize of a virtual machine.
Virtual MachinesWrite TasksThis permission allows you to schedule a delete or downsize of a virtual machine.
Virtual MachinesRead StorageThis permission allows you to view disk and storage information for a virtual machine.
IP AddressesRead Network IPThis permission allows you to view data for unassigned and assigned public and private IP addresses
IP AddressesWrite Network IP

This permission allows you to update an IP address, such as:

  • Assign an IP addresses
  • Unassign an IP addresses
  • Delete IP address
  • Request a new public IP address
IP AddressesRead Network NATThis permission allows you to view DNAT assignments.
IP AddressesWrite Network NATThis permission allows you to add and remove DNAT assignments.
L2L VPNRead Network L2LThis permission allows you to view high-level data for your L2L network tunnels. 
L2L VPNWrite Network L2LThis permission allows you to add, update, and remove L2L tunnels.
SSL/VPNRead SSL VPN Devices and UsersThis permission allows you to view the status of your users' SSL VPN client.
SSL/VPNWrite SSL VPN Devices and UserThis permission allows you to enable your users the ability to download and install the SSL VPN client.
ComplianceRead ComplianceThis permission allows you to view information for the vulnerability scanning add-on product information. Specifically, you will see the status of the add-on product.
ComplianceWrite ComplianceThis permission allows you to upgrade, downgrade, or delete the vulnerability scanning add-on product.
Tickets + NotificationRead Ticket(s)This permission allows you to view previous and current support tickets.
Tickets + NotificationWrite Ticket(s)This permission allows you to create and follow a support ticket.
Overview (Account screen)Read Identity

This permission allows you to view the account-level information, such as

  • Account overview
  • Armor contacts
  • User profiles
  • Roles and permissions
User DetailUpdate Personal Identity

This permission allows you to update your personal account information, such as your:

  • Password
  • Challenge Phrase
  • Challenge Response
User DetailRead Notification(s)This permission allows you to view the notification preferences for your users, such as a user's preference to receive an email regarding technical updates.
Not applicableRead Entity MetadataThis permission allows you to view optional notes and tags that have been added to various AMP resources, such as a note added to a virtual machine.
Not applicableWrite Entity MetadataThis permission allows you to add, update, and delete optional notes and tags to various AMP resource, such as adding a note to a virtual machine.
Not applicableGlobal SearchThis permission allows you to use the global search function throughout AMP.





...

(Optional) Step 2: Update assigned roles 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role (Admin, Billing, Technical). 
  4. Under the name of the role, click Members
  5. Click Edit Members
  6. Select and drag the desired user to the Chosen column. 
  7. Click the X at the top, right corner to save your changes. 
  8. Click Admin
  9. Click Members
  10. Review and confirm the list of assigned users.  
  11. (Optional) To remove a user from this role, in the table, hover over the desired user, click the trash icon, and then click Remove Access.
  12. In the left-side navigation, click Roles + Permissions.
  13. Click Billing.
  14. Click Members.
  15. Review and confirm the list of assigned users.  
  16. (Optional) To remove a user from this role, in the table, hover over the desired user, click the trash icon, and then click Remove Access.
  17. In the left-side navigation, click Roles + Permissions.
  18. Click Technical.  
  19. Click Members.
  20. Review and confirm the list of assigned users.  
  21. (Optional) To remove a user from this role, in the table, hover over the desired user, click the trash icon, and then click Remove Access.