Page tree

Overview

This document only applies to Armor Complete account administrators who have been notified by Armor that their account has fully upgraded to Generation 4. Additionally, this document only applies to users who have complete the pre-upgrade tasks. 

24 hours before the upgrade process began, you received instructions regarding the pre-upgrade process. Armor highly recommends that you complete the two tasks before you continue with this document. To learn how to complete the pre-upgrade tasks, see Complete the pre-upgrade process (account administrators for Armor Complete).

Step 1: Review your virtual machines

To ensure a successful upgrade, Armor recommends that you review your virtual machines. 
  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click Virtual Machines
  3. Review the listed virtual machines. 
    • If you have any questions, contact Armor Support. For more information, see Support Tickets
    • To learn how to create a virtual machine, see Virtual Machines

      If you add or update a virtual machine in Generation 4, those changes will be priced according to the updated pricing structure for Generation 4.


Step 2: Enable SSL/VPN access for your users

If you run Ubuntu 16.x, see Install SSL VPN Client for Ubuntu 16.x

Before an invited user can download and install their SSL VPN, the account administrator must add the following permissions to their account: 

  • Write SSL VPN Devices and Users 
  • Read SSL VPN Devices and Users
  • Read Virtual Data Centers 

Additionally, the account administrator must enable the account to access the SSL VPN client:

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click SSL VPN
  3. Click Members.
  4. In the top bar, select the data center that corresponds to your virtual machine. 
    • If you have virtual machines in multiple data centers, then you must configure the user for each data center. (Also, you must download the client for every data center you use.)
  5. Under Active Members, type and select the desired username.
    • The user can now access to AMP to download their SSL VPN client. 


Step 3: Enable and install your SSL/VPN access 

If you have accounts in multiple virtual data centers, you must install the SSL/VPN client for each data center. 

If you have accounts in multiple virtual data centers, then you must install SSL/VPN for each data center. 
  1. (For Account Administrators only) In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. (For Account Administrators only) Click SSL VPN
  3. (For Account Administrators only) Click Members.
  4. (For Account Administrators only) In the top bar, select the data center that corresponds to your virtual machine. 
  5. (For Account Administrators only) Under Active Members, type and select your username or the username of your user.
  6. Click Client.
  7. In the top bar, select the data center that corresponds to your virtual machine. 
  8. Click Download SSL VPN client
    • AMP will automatically detect your operating system; however, you can click Download for another platform to view other operating system options.
    • When you open the client, follow the on-screen installation instructions. 
    • For Windows users, the client will download as a .zip file.

      • Extract the installation files to your local hard drive.
      • Launch the installer.exe file to begin the installation. 

      For Mac OS users, the client will download as a .tgz file.

      • Extract the installation files to your local hard drive.
      • Access the mac_phat_client folder, and then run the naclient.pkg installer.
      • When you run the installer, you will see an error regarding the certificate. Click Continue. (In a future release, Armor will resolve the issue.)
      • To launch the SSL VPN client, in your Applications folder, search for naclient.
      • If you run Mac OS 10.11 or higher, then please review Install SSL VPN Client for Mac OS, version 10.11 and higher.
  9. After installation, open the client.
    • In the drop-down menu, default will be listed.
  10. Click Settings.
    • To add a new connection, you must enter a Connection Alias, Hostname/IP Address, and Port, which you can find in AMP.
  11. Return to AMP, specifically to the Client section of the SSL VPN screen.
  12. Use the Client Configuration table to locate the data center and corresponding information to add to the client.


    If you see two entries for the same data center, then you must verify that you are using the non-recovery data center. To determine the correct data center: 1. In the left-side navigation, click IP Addresses. 2. In the top, drop-down menu, select the data center that does not contain the Recovery tag. 3. Take note of the displayed public IP address. 4. In the left-side navigation, click SSL VPN. 5. Under HOST/FQDN, verify the data center that contains the matching public IP address.
  13. Under Client Configuration, copy the Location information, and then paste that information into Connection Alias.
  14. Under Client Configuration, copy the HOST/FQDN information, and then paste that information into Hostname/IP Address.
    • Remove .vpc.armor.com.
    • Replace dashes / hyphens ( - ) with periods ( . ).
    • Remove any zero ( 0 ) that begins a section, such as 085 or 067.
    • For example, if you see in AMP 122-087-074-072, then in the client, you should enter 122.87.74.72.
    • In another example, if you see in AMP 122-087-074-702, then in the client, you should enter 122.87.74.702.
    • OriginalCorrectIncorrect
      122-087-074-072.vpc.armor.com122.87.74.72

      122-087-074-072

      122-87-74-72

      122-087-074-702.vpc.armor.com122.87.74.702

      122-087-074-702

      122-87-74-72

  15. Under Client Configuration, copy the Port information, and then paste that information into Port.
  16. Click Add.
  17. Click OK.
  18. In the drop-down menu, select the newly created connection.
  19. Log into the client.
    • Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP). 
  20. If you have virtual machines in other data centers, then you must download the client for every data center you use. Repeat these steps for additional data centers.


Step 4: Review your firewall rules

To ensure a successful upgrade, Armor recommends that you review your firewall rules.
  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security
  2. Click Firewall
  3. Review the listed firewall rules. 
    • If you have any questions, contact Armor Support. For more information, see Support Tickets
    • To learn how to create a firewall rule, see Firewall Rules

(Optional) Step 5: Create additional roles 

Before the upgrade process began, Armor had created default roles and assigned those roles to your users. 

Now, you can assign and customize additional roles to your users, or modify the default roles from Armor. 

You can assign multiple roles to a user.

To learn more about Roles and Permissions, see Roles and Permissions (Armor Complete).

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Click the plus ( + ) icon. 
  4. In the top, right corner of the screen, hover over the gear icon. 
  5. Click the blue pencil (Rename) icon.
  6. In the window that appears, enter a descriptive name, and then click Rename Role.
  7. In the top menu, click Members
  8. In the field, enter and select the user (or users) to assign to the role. 
  9. In the top menu, click Permissions
  10. Mark the permissions to add to your role. 
  11. At the bottom of the screen, click Save Role


(Optional) Step 6: Assign roles to existing users

This step only applies if you created additional roles for your users.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Locate and select the desired role. 
  4. In the top menu, click Members
  5. In the field, enter and select the desired user. 
    • The change will be automatically saved. 
    • The user will have immediate access to the permissions within the role. 


Step 7: Invite your users

During the upgrade process, Armor transferred your users into the Armor Management Portal (AMP).  

Similar to account administrators, upgraded users must also complete the account signup process. 

  1. In the Armor Management Portal, in the left-side navigation, click Account
  2. Click Users
  3. Locate and hover over the desired user.
  4. Select Resend Invitation. An email will be sent to the user. 
    • After 96 hours, the sign-up link in the email will expire.  
    • If the link expires, you can resend the user invitation. (In the Users screen, click the corresponding gear icon, and then select Resend Invitation.)
  5. Repeat the above steps for every user. 

To help your users, you can share the Complete the onboarding process (invited users for Armor Complete) document located in the Armor Knowledge Base.



Step 8: Update your Vormetric account

If you used Vormetric in Generation 3, you must update your Vormetric account for Generation 4. 

After the upgrade process, Armor will send you instructions regarding how to update your Vormetric account. 


Step 9: Subscribe to data center notifications

You can use Armor's StatusHub page to review the status of Armor's infrastructure, as well as other Armor services, such as the Armor Management Portal (AMP).

Additionally, you can use StatusHub to receive notifications and updates regarding infrastructure outages.

  1. Access Armor's StatusHub page
  2. In the top menu, click Subscribe
  3. Select your desired notification method (Email, SMS, Slack, or Webhook), and then enter the corresponding information, such as your email address for the Email tab. 
  4. Select a notification type. There are two options.  
    1. To receive information about every Armor service, click All services. This option will send you information about: 
      1. All data centers
      2. Armor API
      3. Gen 4 portal (amp.armor.com)
    2. To receive information about specific Armor services, click Selected Services
      1. Next to Choose services, click Select.   
      2. Click the desired data center, and then click Select to receive information for every infrastructure component for that data center.  
  5. During an unexpected outage (or incident), you may receive multiple updates regarding the status of an outage.
    • To receive multiple updates during an outage, select OFF for Do not notify on intermediate incident updates.
    • To simply receive one notification regarding the beginning of an outage, and then one notification regarding the completion of an outage, select ON for Do not notify on intermediate incident updates.
  6. Click Subscribe


Step 10: Configure your notification preferences

Armor recommends that you configure your account to receive notifications for Account, Billing, and Technical events.

These notification preferences do not relate to support tickets.

To update your notification preferences for support tickets, see Support Tickets.


Account

You will receive a notification when:

  • A password expires in 14 days.
  • A password expires in 7 days.
  • A password expires in 24 hours.
  • A password has expired.
Billing

You will receive a notification when:

  • An invoice has posted. 
  • An invoice is past due (2, 10, 15, 25, and 30 days).
  • A payment method will soon expire (1, 15, and 30 days).

You can configure a user to become the primary billing contact for an account. This user will receive billing notifications. Additionally, this user will be listed in the Bill to field in an invoice. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account.
  2. Click Users
  3. Locate and hover over the desired user. 
  4. Click the vertical ellipses. 
  5. Select Set as Primary Billing Contact
  6. Click OK
Technical

You will receive a notification when:

  • A virtual machine will be deleted or downgraded.
  • CPU, disk, and memory utilization is at more than 90% for 5 minutes.
  • Ping, SSH (Linux), or RDP (Windows) fails for 5 minutes.

You can only change the notification preferences for your own account. You cannot change the notification preferences for other user accounts.

  1. In the Armor Management Portal (AMP), in the top, right corner, click the vertical ellipses.
  2. Click Settings
  3. Click Notification Preferences.
  4. Use the slider to make your desired changes.
    • Select Alert to receive notifications in the top bar in the Armor Management Portal (AMP). 
    • Select Email to receive notifications through email. 
    • You can select both notification options.
  5. Click Update Notification Preference to save your changes. 






In this topic



Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.