Page tree

This topic only applies to Armor Complete users. 

For invited users:

Before your account was created, your account administrator decided the proper roles and permissions for your account.

Consult with your account administrator to understand what permissions you have and how you should configure your account.

You can use this document to complete the account signup process and review high-level action items to complete.

Step 1: Review pre-deployment considerations

Windows

Operating system
  • Windows
Version
  • 2008 R2 Datacenter
  • 2008 R2 Standard
  • 2008 R2 Web
  • 2012 Datacenter
  • 2012 R2 Standard
  • 2012 Standard
  • 2016 Full Desktop

Windows servers require a minimum of 2 CPU and 2GB of memory.

2008 R2 Web and 2008 R2 Standard does not support CPUs 12 and above.

CPU
  • 2
  • 4
  • 8
  • 12
  • 16
Memory (GB)
  • 2
  • 4
  • 6
  • 8
  • 12
  • 16
  • 4
  • 8
  • 12
  • 16
  • 24
  • 32
  • 64
  • 8
  • 16
  • 24
  • 32
  • 48
  • 64
  • 12
  • 24
  • 36
  • 48
  • 72
  • 96
  • 16
  • 32
  • 48
  • 64
  • 96

Linux

Operating system
  • CentOS
  • RHEL
  • Ubuntu
Version
  • 6
  • 7
  • 6
  • 7
  • 16.04

Linux servers require a minimum of 1 CPU and 2GB of memory.

CPU
  • 1
  • 2
  • 4
  • 8
  • 12
  • 16
Memory (GB)
  • 2
  • 4
  • 6
  • 8
  • 2
  • 4
  • 6
  • 8
  • 12
  • 16
  • 4
  • 8
  • 12
  • 16
  • 24
  • 32
  • 64
  • 8
  • 16
  • 24
  • 32
  • 48
  • 64
  • 12
  • 24
  • 36
  • 48
  • 72
  • 96
  • 16
  • 32
  • 48
  • 64
  • 96


Supported browsers

The Armor Management Portal (AMP) supports the current version of the following browsers:

  • Chrome
  • Firefox
  • Internet Explorer
  • Safari
     

Armor cannot guarantee that previous versions will be supported.


Step 2: Complete your account signup

In this step, you will add your phone number to your account. This phone number will be used for multi-factor authentication. To complete the account signup process and to log into AMP, you must be near this phone number.
  1. In the email from Armor, click the sign-up link to access the Redeem Invitation screen.
  2. Note your Armor username. 
  3. In Password and Confirm Password, create and enter an account password. 
    • Your password must be at least 12 characters in length.
    • Your password must contain an upper-case character, a lower-case character, a number, and a special character.
    • Your password cannot contain personal information, such as your name, email address, birthday, etc. For example, if your name is John Smith, then you cannot use joh or smi in your password.
    • You can only change your password once every 24 hours.
    • Passwords expire after 60 days. 
    • After 6 failed login attempts, you will be locked out of your account for an hour. To resolve this, you must contact your account administrator or contact Armor Support.
    • After 15 minutes of inactivity, you will be logged out of the Armor Management Portal (AMP).  
  4. Complete the Challenge Phrase and Challenge Response
    • If you call Armor for technical support, you will be asked the Challenge Phrase, and you must correctly answer the Challenge Response
    • Do not use inappropriate language or suggestive material. 
    • The answer must be at least five characters long. 
  5. In Phone Number, select your country code / flag, and then enter your phone number. 

    • This phone number will be used for multi-factor authentication (MFA). Every time you log into the Armor Management Portal (AMP), you will receive a phone call in order to complete the login process.
    • In Phone Number, you can enter a phone number with spaces and special characters, such as (555) 555-555. 
    • (Optional) If your phone number contains an extension, in Extension, enter the number. You cannot include spaces or special characters in this field.
  6. Click Validate
  7. You will receive a phone call. Answer the phone, and then follow the instructions.
  8. After the call, click Submit. You will be taken to the Armor Management Portal (AMP) login page.
  9. Enter your username and password, and then click Login.
  10. You will receive a phone call. Answer the phone, and then follow the instructions to access AMP.


 


Step 3: Create a virtual machine with a new workload

Workloads and tiers are visual tools used in the Armor Management Portal (AMP) to help you organize your virtual machines and corresponding resources. Workload refers to a container of virtual machines that live inside the Armor data center. Tiers are levels within workloads.

  1. In the Armor Management Portal, in the left-side navigation, click Infrastructure.
  2. Click Virtual Machines.
  3. Hover over the plus ( + ) icon, and then click the Virtual Machine icon.
    • If you do not have any virtual machines listed, then click Deploy New, and then select Virtual Machine.
  4. Locate and select the desired operating system and operating system version.
  5. On the right side, use the Region drop-down menu to select the data center to host your virtual machine.
  6. Select the desired virtual machine based on your CPU and memory needs (GB).
    • You can click High CPU or High Memory to filter the list of virtual machines. You can also click Show All Options to see every virtual machine offering.
    • Armor labels virtual machines by CPU and memory features. For instance, 2x4 indicates that the virtual machine has 2 CPU and 4 GB of memory.
  7. In Name, enter a descriptive name for your virtual machine.
  8. In Workload, select New Workload
  9. In New Workload Name, enter a descriptive name.
  10. In New Tier Name, enter a descriptive name. 
  11. In Location, select the data center to host your virtual machine. 
  12. Under Access Credentials, note your username to access the virtual machine. 
  13. In Password, enter a secure password to use to access the virtual machine. 
    • Your password must contain:
      • An upper-case letter
      • A lower-case letter
      • A number
      • A special character: ! @ # $ % ^ * ( ) { } [ ]
    • You can also click Generate Password to allow Armor to create a password. 
  14. (Optional) For additional storage, under Storage Substrate and Disk Size, select your desired storage, and then click Add Disk
  15. On the right-side menu, review the pricing information, and then click Purchase
  16. To view the status of your newly created virtual machine, in the left-side navigation, click Infrastructure, click Virtual Machines, and then search for your newly created virtual machine. 


Step 4: Enable and install your SSL/VPN access 

If you have accounts in multiple virtual data centers, you must install SSL/VPN for each data center. 

If you run Ubuntu 16.x, then please review Install SSL VPN Client for Ubuntu 16.x.

If you run Ubuntu 18.x, then please review Install SSL VPN Client for Ubuntu 18.x.

Account administrators should use these instructions to enable and download the client for their account. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click SSL VPN
  3. In the top bar, select the data center that corresponds to your virtual machine. 
    • If you have virtual machines in other data centers, then you must download the client for every data center you use. 
  4. Under Active Members, type and select your username.
    • When you add your username, the Download SSL VPN Client box will appear above the table. 
  5. Based on your operating system, select the appropriate client to download, and then follow the on-screen instructions. 
    • Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP). 

      For Windows users, the client will download as a .zip file.

      • Extract the installation files to your local hard drive.
      • Launch the installer.exe file to begin the installation. 

      For Mac OS users, the client will download as a .tgz file.

      • Extract the installation files to your local hard drive.
      • Access the mac_phat_client folder, and then run the naclient.pkg installer.
      • When you run the installer, you will see an error regarding the certificate. Click Continue. (In a future release, Armor will resolve the issue.)
      • To launch the SSL VPN client, in your Applications folder, search for naclient.
  6. If you have virtual machines in other data centers, then you must download the client for every data center you use. Repeat these steps for additional data centers.


Step 5: Create a firewall rule with a new IP address group

Step 1: Create an IP Group

In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several IP addresses or just a single IP address. 

You can combine related IP addresses into a single IP Group. For example, if you want to block traffic from three separate IP address, you do not have to create three separate firewall rules. Instead, you can combine the three separate IP addresses into a single, configurable IP Group. Then, when you create a firewall rule, you can pick the newly created IP Group as your Source or Destination IP addresses.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.  

  4. Click IP Groups
  5. Click the plus ( + ) icon. 
  6. In IP Group Name, enter a descriptive name. 
    • Armor recommends that you add Source or Destination into the name of the IP Group to help you identify the IP Group as the Source or Destination IP group. 
  7. In Add Members To Group, enter a member, and then click the plus icon.
    • You can enter:
      • A single IP address
      • A range of IP addresses
      • CIDR
    • You must add at least one member. 
    • You can add multiple members to a service group. 
  8. Click Apply
    • The newly created IP group will appear at the bottom of the table. 


Step 2: Create a Service Group

In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).

You can combine related protocols (and ports) into a Service Group. For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable Service Group. Then, when you create a firewall rule, you can pick the newly created Service Group.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.  

  4. Click Service Groups
  5. Click the plus ( + ) icon. 
  6. In Service Group Name, enter a descriptive name. 
  7. In Add Members To Group, enter the service or sub-protocol, and then click the plus ( + ) icon. 
    • You must add at least one member. 
    • You can add multiple members to a service group. 
    • Service or sub-protocolNotesExample
      Services (TCP, UDP, etc.)

      You must enter a port number.

      These services are not case-sensitive.

      • tcp/80
      • TCP/80
      • Tcp/80
      • tCp/80
      Additional services (AARP, AH, etc.)

      These additional services are not case-sensitive.

      Do not enter a port number with these additional services.

      • ATALK
      • igmp
      • Gre
      Sub-protocols (echo-reply, redirect, etc.)

      You must enter icmp, followed by the specific sub-protocol.

      You must enter the sub-protocol in lower-case letters.

      Do not enter a port number.

      • icmp/source-host-isolated
      • icmp/time-exceeded
  8. Click Apply
    • The newly created service group will appear at the bottom of the table. 

For a complete list of supported services and sub-protocol, see Review supported services and sub-protocols.


Step 3: Create a firewall rule 

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top menu, click the corresponding data center. 

  4. Click the plus ( + ) icon. 

  5. In Name, enter a descriptive name. 
  6. In Action, select Allow to allow specified traffic to access your virtual machine or Block to block specified traffic. 
  7. Under Service, enter and select the name of the desired Service Group.
  8. Under Source, enter and select the name of the desired IP Group.
  9. Under Destinations, in the field, enter and select the name of the desired IP Group.
  10. Click Save Rule

After you create a rule, Armor recommends that you place the rule in the correct order.

To reorder a rule:

  1. Select and drag the newly created rule to the desired position.
    • Under the Order column, you can also enter a number to move the firewall rule to a different position.
    • If you have more than 25 rules, the additional rules will be placed in a secondary section within the Firewall screen. To reorder and move these additional rules into a higher position, enter a number under the Order column, and then press Enter on your keyboard. You cannot drag these additional rules into the primary section of the Firewall screen.
  2. In the top window, click Save.

If you are not familiar with ordering rules, contact Armor Support to help you properly order your firewall rules. It is extremely important to order rules in order to receive desired traffic.

To learn how to send a support ticket, see Support Tickets.

To disable a rule:

  1. Locate and hover over the desired rule.
  2. Click Disable Rule.
  3. Click Disable Rule again.
  4. In the top window, click Save.

 


Step 6: Subscribe to data center notifications

You can use Armor's StatusHub page to review the status of Armor's infrastructure, as well as other Armor services, such as the Armor Management Portal (AMP).

Additionally, you can use StatusHub to receive notifications and updates regarding infrastructure outages.

  1. Access Armor's StatusHub page
  2. In the top menu, click Subscribe
  3. Select your desired notification method (Email, SMS, Slack, or Webhook), and then enter the corresponding information, such as your email address for the Email tab. 
  4. Select a notification type. There are two options.  
    1. To receive information about every Armor service, click All services. This option will send you information about: 
      1. All data centers
      2. Gen 3 portal (my.armor.com)
      3. Armor API
      4. Gen 4 portal (amp.armor.com)
    2. To receive information about specific Armor services, click Selected Services
      1. Next to Choose services, click Select.   
      2. Click the desired data center, and then click Select to receive information for every infrastructure component for that data center.  
  5. During an unexpected outage (or incident), you may receive multiple updates regarding the status of an outage.
    • To receive multiple updates during an outage, select OFF for Do not notify on intermediate incident updates.
    • To simply receive one notification regarding the beginning of an outage, and then one notification regarding the completion of an outage, select ON for Do not notify on intermediate incident updates.
  6. Click Subscribe


Step 7: Configure your notification preferences

Armor recommends that you configure your account to receive notifications for TicketAccount, Billing, and Technical events.

Ticket

You will receive a notification when:

  • There is an update on a ticket you submitted.
  • There is an update on a ticket that you have been added to.
Account

You will receive a notification when:

  • A password expires in 14 days.
  • A password expires in 7 days.
  • A password expires in 24 hours.
  • A password has expired.
Billing

You will receive a notification when:

  • An invoice has posted. 
  • An invoice is past due (2, 10, 15, 25, and 30 days).
  • A payment method will soon expire (1, 15, and 30 days).

You can configure a user to become the primary billing contact for an account. This user will receive billing notifications. Additionally, this user will be listed in the Bill to field in an invoice. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account.
  2. Click Users
  3. Locate and hover over the desired user. 
  4. Click the vertical ellipses. 
  5. Select Set as Primary Billing Contact
  6. Click OK
TechnicalYou will receive a notification when a virtual machine will be deleted or downgraded.

You can only change the notification preferences for your own account. You cannot change the notification preferences for other user accounts.

  1. In the Armor Management Portal (AMP), in the top, right corner, click the vertical ellipses.
  2. Click Settings
  3. Click Notification Preferences.
  4. Use the slider to make your desired changes.
    • Select Alert to receive notifications in the top bar in the Armor Management Portal (AMP). 
    • Select Email to receive notifications through email. 
    • You can select both notification options.
  5. Click Update Notification Preference to save your changes. 






In this topic



Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.