Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »


Armor Knowledge Base


Feedback

Have a suggestion for the Armor Knowledge Base?

Send a message to kb@armor.com.









This topic only applies to Armor Anywhere users.

For invited users:

Before your account was created, your account administrator decided the proper roles and permissions for your account.

Consult with your account administrator to understand what permissions you have and how you should configure your account.

You can use this document to complete the account signup process and review high-level action items to complete.

This topic only applies to users who run:

  • Windows 2012 Datacenter
  • Windows 2012 R2 Standard
  • Windows 2012 Standard
  • Windows 2016 Full Desktop

For Windows 2012 users, when you install the Armor Agent, the corresponding Trend Micro agent may cause your system to reboot. Trend Micro is currently researching this issue.

Before you begin, Armor recommends that you pre-installation information, including firewall rules.

To learn more, see Requirements for Armor Anywhere.

Before you install the Armor Anywhere agent, you must remove any previously installed anti-virus software, such as Trend Micro, McAfee, etc. Afterwards, you must reboot your system. 


Step 1: Open the Account Signup email

  1. In the email from Armor, click the link.
    • You will be redirected to enter your account security information, including payment information.
      • If you already coordinated your payment process with Armor, then you will not see the payment screen.


Step 2: Complete your security information

In this step, you will add your phone number to your account. This phone number will be used for multi-factor authentication. To complete the account signup process and to log into AMP, you must be near this phone number.

  1. Note your Armor username. 
    • The Username will be pre-populated with the email address of the Primary Contact for the account.
  2. In Password and Confirm Password, create and enter an account password.
    • Your password must be at least 12 characters in length.
    • Your password must contain an upper-case character, a lower-case character, a number, and a special character.
    • Your password cannot contain personal information, such as your name, email address, birthday, etc. For example, if your name is John Smith, then you cannot use joh or smi in your password.
    • You can only change your password once every 24 hours.
    • Passwords expire after 60 days. 
    • After 6 failed login attempts, you will be locked out of your account for an hour. To resolve this, you must contact your account administrator or contact Armor Support.
    • After 15 minutes of no activity, you will be logged out of the Armor Management Portal (AMP).
  3. Complete the Challenge Phrase and Challenge Response
    • If you call Armor for technical support, you will be asked the Challenge Phrase, and you must correctly answer the Challenge Response
    • Do not use inappropriate language or suggestive material. 
    • The answer must be at least five characters long. 
  4. In Phone Number, select your country code / flag, and then enter your phone number.
    • This phone number will be used for multi-factor authentication (MFA). Every time you log into the Armor Management Portal (AMP), you will receive a phone call in order to complete the login process.
    • You can enter a phone number with spaces and special characters, such as (555) 555-555. 
    • (Optional) If your phone number contains an extension, enter the number in Extension. You cannot include spaces or special characters in this field.
  5. Click Validate to validate the phone number entered.
    • You will receive a phone call; answer the phone, and then follow the instructions.
    • (Optional) After you complete the signup process, you can configure your account to use the Microsoft Authenticator application for MFA. To learn how to use this application, see Configure multi-factor authentication for your account.
  6. Click Continue.

If you already coordinated with Armor to pay with a check, then you will be redirected to Armor Management Portal (AMP) login screen..


Step 3: Complete your payment information

  1. In Currency, select your currency.
  2. (Optional) If your business is tax exempt, select I'm tax exempt.
    • In Tax Exempt ID, enter a valid tax exempt ID.
  3. For Payment Method, mark the desired payment (credit card or bank account):


Option 1: Credit card 

Cardholder Name, Address, City, State, and Postal Code will be pre-populated with the name and contact information for thePrimary Contact on the account.

  1. In Card Number, enter the credit card number.
  2. In Expiration Date, select the appropriate month and year.
  3. In CVV, enter the verification number for the credit card
  4. In Country, select the corresponding country.
  5. Click Submit.

You will be redirected to Armor Management Portal (AMP) login screen.


Option 2: ACH Bank Debit

  1. In ABA / Routing Number, enter the corresponding banking number.
  2. In Bank Account Number, enter the account number.
  3. Select the appropriate Account Type.
  4. In Bank Name, enter the name of the banking institution.
  5. In Account Holder Name, enter the name of the account holder.
  6. Click Submit.

You will be redirected to Armor Management Portal (AMP) login screen.


Step 4: Locate the Armor Anywhere agent

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click Virtual Machines
  3. Click Deploy New Armor Agent or click the plus ( + ) icon.
  4. Copy your license key. You will need this information in a later step.
  5. Select your operating system (Windows or Linux).  
 

For Amazon Web Services users who:

  • Use Elastic Beanstalk to run their instance's applications, and
  • Run Windows 2012 R2,

Review the following example to understand how to install the Anywhere agent. Afterwards, you can skip to the Test your connection step.

files:
  "c:\\Windows\\Temp\\armor-setup.exe":
    source: https://get.core.armor.com/latest/armor-setup.exe
commands:
  armoragentinstall:
    test: if not exist 'c:\\.armor\\opt\\armor.exe' exit 0
    command: c:\\Windows\\Temp\\armor-setup.exe /verysilent /license=AAAA1-A11AA-AA1AA-AAAAA-1AAAA
    ignoreErrors: false
    waitAfterCompletion: 5

You must replace AAAA1-A11AA-AA1AA-AAAAA-1AAA with your specific license key.


Step 5: Download and install the Armor Anywhere agent

There are three types of scripts that you can use to install the agent. 

Script typeDescription
Pre-installation

You can use these scripts to verify that your environment is compatible with Armor Anywhere. These scripts will not install the agent.

 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest https://get.core.armor.com/latest/armor_agent.ps1 -outfile armor_agent.ps1 ; .\armor_agent.ps1
Pre-installation and installation

You can use these scripts to:

  • Verify that your environment is compatible with Armor Anywhere
  • Install the agent
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest https://get.core.armor.com/latest/armor_agent.ps1 -outfile armor_agent.ps1 ; .\armor_agent.ps1 -license AAAA1-A11AA-AA1AA-AAAAA-1AAA
Installation

You can use these scripts to install the agent. These scripts will not verify your environment for compatibility. 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest https://get.core.armor.com/latest/armor_agent.ps1 -outfile armor_agent.ps1 ; .\armor_agent.ps1 -license AAAA1-A11AA-AA1AA-AAAAA-1AAA -silent


In the above scripts, replace AAAA1-A11AA-AA1AA-AAAAA-1AAA with your specific license key.


Step 6: Test your connection

After you install the agent, Armor recommends that you test the connection for each configured firewall rule.

To verify connectivity to an Armor service endpoint, use the telnet command.

The following example tests connectivity to api.armor.com over 443/tcp:

telnet 146.88.106.210 443

For Windows systems without the telnet feature installed, you can also use PowerShell:

new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)


Step 7: Review the status of the Armor Anywhere agent 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click Virtual Machines
  3. Review the corresponding Status column. The Status column contains a green or red status to indicate if the server's agent has registered a heartbeat to Armor.
    • A green status indicates the server's agent has registered a heartbeat in the past hour. 
    • A red status indicates the server's agent has not registered a heartbeat in the past hour. 
      • After four hours without a registered heartbeat, the API will close all service endpoints (firewall ports).


Step 8: Configure your notification preferences

Armor recommends that you configure your account to receive notifications for Account, Billing, and Technical events.

These notification preferences do not relate to support tickets.

To update your notification preferences for support tickets, see Support Tickets.

Account

You will receive a notification when:

  • A password expires in 14 days.
  • A password expires in 7 days.
  • A password expires in 24 hours.
  • A password has expired.
Billing

You will receive a notification when:

  • An invoice has posted. 
  • An invoice is past due (2, 10, 15, 25, and 30 days).
  • A payment method will soon expire (1, 15, and 30 days).

You can configure a user to become the primary billing contact for an account. This user will receive billing notifications. Additionally, this user will be listed in the Bill to field in an invoice. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account.
  2. Click Users
  3. Locate and hover over the desired user. 
  4. Click the vertical ellipses. 
  5. Select Set as Primary Billing Contact
  6. Click OK
Technical

You will receive a notification when:

  • A virtual machine will be deleted or downgraded.
  • CPU, disk, and memory utilization is at more than 90% for 5 minutes.
  • Ping, SSH (Linux), or RDP (Windows) fails for 5 minutes.

You can only change the notification preferences for your own account. You cannot change the notification preferences for other user accounts.

  1. In the Armor Management Portal (AMP), in the top, right corner, click the vertical ellipses.
  2. Click Settings
  3. Click Notification Preferences.
  4. Use the slider to make your desired changes. 
    • Select Alert to receive notifications in the top bar in the Armor Management Portal (AMP). 
    • Select Email to receive notifications through email. 
    • You can select both notification options.
  5. Click Update Notification Preference to save your changes. 


Step 9: Create a role and add permissions

For Account Administrators only.

In the Armor Management Portal (AMP), roles are similar to job titles that you can create and assign to your users. You can populate these roles with certain permissions. For example, you can create an Audit role, and then you can add specific permissions that will give the assigned user permission to access audit-related features.

By default, a new administrator account contains an Admin role with all the available permissions selected. 

When you create a new user account, you must assign that user a role. You can assign a default role or create a new role. 

There are three default permissions in AMP: 

  • Admin contains every permission in AMP.
  • Technical contains mostly write-only permissions. 
  • Billing contains mostly read-only permissions.

If you want to use a default role, then you can skip to Step 8: Create a user and assign a role

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Roles + Permissions
  3. Click the plus ( + ) icon. 
  4. In the top, right corner of the screen, hover over the gear icon. 
  5. Click the blue pencil (Rename) icon.
  6. In the window that appears, enter a descriptive name, and then click Rename Role.
  7. In the top menu, click Members
  8. In the field, enter and select the user (or users) to assign to the role. 
  9. In the top menu, click Permissions
  10. Mark the permissions to add to your role. 
  11. At the bottom of the screen, click Save Role


Step 10: (For Account Administrators) Create a user and assign a role

For Account Administrators only.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Users
  3. Click the plus ( + ) icon. 
  4. Complete the First Name, Last Name, and Email Address fields. 
    • The email address you enter will be the username. 
  5. Select a role for this user. 
    • You must assign a role to the user. 
    • You can assign multiple roles to the user. 
    • You can assign a default role (Admin, Technical, Billing). 
      • Admin contains every permission in AMP.
      • Technical contains mostly write-only permissions. 
      • Billing contains mostly read-only permissions 
    • To learn about Roles and Permissions, see Roles and Permissions.
  6. Click Create User. An email will be sent to the user. After 96 hours, the sign-up link in the email will expire.
    • If the link expires, you can resend the user invitation. In the Users screen, hover over the desired user, click the vertical ellipses, and then select Resend Invitation.
    • If you want to remove this newly created / invited user from your account, see Remove a newly created / invited user from your account.

Repeat Step 10: Create a user and assign a role for every user you want to invite.