5nine Cloud Security - Acronis · 2020. 3. 27. · Make sure all 5nine Cloud Security basic...

Mission Control for the Microsoft Cloud

5nine Cloud Security Web Portal Version 12.o Getting Started Guide

5nine Cloud Security for Hyper-V

© 2009-2018 5nine Software, Inc. All rights reserved. Unified Management and Security Platform for the Microsoft Cloud

1

© 2018 5nine Software Inc.

All rights reserved. All trademarks are the property of their respective owners.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

system, or translated into any language in any form by any means, without written permission

from 5nine Software Inc. (5nine). The information contained in this document represents the

current view of 5nine on the issue discussed as of the date of publication and is subject to

change without notice. 5nine shall not be liable for technical or editorial errors or omissions

contained herein. 5nine makes no warranties, expressed or implied, in this document. 5nine

may have patents, patent applications, trademark, copyright or other intellectual property rights

covering the subject matter of this document. All other trademarks mentioned herein are the

property of their respective owners. Except as expressly provided in any written license

agreement from 5nine, the furnishing of this document does not give you any license to these

patents, trademarks, copyrights or other intellectual property.

Important! Please read the Software License Agreement before using the accompanying

software program(s). Using any part of the software indicates that you accept the terms of the

Software License Agreement.



2

Table of Contents

Summary ................................................................................................................................................................. 3

System Requirements .......................................................................................................................................... 4

Installation ............................................................................................................................................................... 5

5nine Cloud Security Web Portal Operations ............................................................................................... 8

Log in ................................................................................................................................................................... 8

Log out ................................................................................................................................................................ 9

Hosts management .......................................................................................................................................... 9

Security tenants and users ........................................................................................................................... 14

Virtual machines management .................................................................................................................. 20

Notifications .................................................................................................................................................... 23

Virtual Firewall ................................................................................................................................................ 24

Firewall dashboard ................................................................................................................................... 24

Configuring Virtual Firewall Rules ......................................................................................................... 26

Security Groups .......................................................................................................................................... 31

Rules Templates ........................................................................................................................................ 32

Virtual Firewall Logs ................................................................................................................................. 34

Antivirus ........................................................................................................................................................... 38

Antivirus dashboard .................................................................................................................................. 38

Antivirus Settings ....................................................................................................................................... 40

Creating Antivirus Jobs ............................................................................................................................. 41

Quarantine .................................................................................................................................................. 46

IDS ..................................................................................................................................................................... 48

5nine Smart Firewall for Azure ....................................................................................................................... 49

Uninstall ................................................................................................................................................................. 51



3

Summary 5nine Cloud Security Web Portal presents a web user interface for 5nine Cloud Security

for Hyper-V and 5nine Smart Firewall for Azure products. It contains all main features of Cloud

Security: virtual firewall protection, antivirus, intrusion detection (IDS) and traffic anomalies

detection. 5nine Cloud Security Web Portal also supports multi-tenancy. Additionally, the web

portal includes the following VM management functions: start, shutdown, turn off,

pause/resume, save and reset virtual machine.



4

System Requirements Supported Operating Systems:

• Microsoft Windows Server 2016

• Microsoft Windows Server 2012 R2

• Microsoft Windows Server 2012

• Microsoft Windows Server 2008 R2 SP1 (with .NET 4.5 additionally installed)

Software Prerequisites:

Enable the following roles and features on management server:

• .NET Framework 4.5

• .NET Framework 3.5

• ASP.NET 4.5.

• Web Server IIS.

• Web Server – Security (required: all except Digest Authentication, IP and Domain

Restrictions, URL Authorization).

• Web Server – Application Development: .NET Extensibility 4.5.

• Web Server – Application Development: ASP.NET 4.5.

• Web Server – Application Development: ISAPI Extensions and ISAPI Filters.

• Web Server – Management Tools: IIS Management Console.

• Web Server – Management Tools: Management Service.



5

Installation Attention. Make sure all 5nine Cloud Security basic components are properly installed. In

current release, Web Portal should be installed onto the same server with 5nine Cloud Security

Management Service.

To install 5nine Cloud Security Web Portal, first run the single setup launcher application:



6

Select CloudSecurity Web and click Install. The 5nine Cloud Security Web Portal Setup wizard

will open:

Click Next to start pre-configuration process.

Read and accept the SLA (software license agreement). Click Next.



7

Click Install to start the 5nine Cloud Security Web Portal installation process.

Wait until the following screen appears and then click Finish to complete the 5nine Cloud

Security Web Portal installation process.



8

Upon installation, the 5nine-CloudSecurity-Web site will appear in IIS Manager on your server.

There is no need to additionally configure it, unless you need to change the default port, which

is set to 18088. If you change it, make sure the port is not being used by any other application.

5nine Cloud Security Web Portal Operations Open your browser and type the following URL: http://localhost:18088/. Change the port to your

custom one if required.

Log in The Welcome dialog will appear. Login is required to start working with the web portal:

A custom user – Global Admin is required to login to Web Portal. Create the one using 5nine

Cloud Security management console, menu Settings – User Management and Settings –

Permissions management; assign “Security Administrator” and “Auditor” roles as shown on the

pictures below:



9

After the successful login, the portal will open:

Features are listed in the menu on the left side and details of the selected feature on the right

side.

Log out To log out, click on the user’s icon to the right from the welcome greeting, and then click Log

Out:

Hosts management If hosts are not added already, first thing to do is adding hosts to Cloud Security protection. This

operation can be done using any other 5nine Cloud Security interface (e.g., standalone

management console) and will apply across all of them as well as any other action.



10

To add host(s) for monitoring, select Infrastructure – Hosts.

Then click the Add Host button:

Just like adding hosts using 5nine Cloud Security management console, there are the following

options:

- Adding host by name or IP. Just type the name or IP address into the Name/IP field on

the Host Selection block.

- Using Active Directory (AD) or IP range search to find hypervisors and then select the

required ones from the list. Select the corresponding search option on the Host



11

Selection block: Active directory or IP range (for the last one specify the required range),

then click the Find Hosts button to start the search:

In the Found hosts field select hosts by checking the corresponding boxes against each

one that you need to add (or check the one on the header line to select all found

servers).

- Set the host connection credentials on the Authentication block:

Ø Use default credentials. This option will use the account under which you are

currently working.

Ø Active directory. This option will let you specify any account. Type domain\user

and password. Contact your network administrator if required.

- Click the Add Host button to add selected host(s).

To change host connection credentials click the Credentials button:



12

Specify default or new custom credentials for host connection and click Save:



13

To add and join the host into a group, click the Add Host Group button.

Type in the name of the group and select hosts to add them into the group. Then click ADD

GROUP. The host list will update accordingly:

To edit host group, click the Edit Host Group button. Actions are the same as when adding the

host group.

To remove the host group, select it and click the Remove Host Group button.



14

To remove the host from monitoring, select it and click the Remove Hosts button on the

Infrastructure – Hosts tab:

Security tenants and users 5nine Cloud Security Web Portal has the following interface elements for operations with

tenants and users:

There are two tabs: Tenants and Users.



15

On the Tenants tab you can add, edit and remove tenants.

Add tenant:

- Click the Add Tenant button to open the Add Tenant wizard:

- Type in the name and select VMs to assign to the tenant. Use filter to select VMs for

convenience. Click Next.



16

- Set tenant permissions: you may use default or set individual permissions. Click Finish to

complete the operation.

Edit tenant. Click the Edit Tenant button. Edit tenant actions are the same as when creating a

tenant.



17

Edit default permissions. Click the Edit default permissions button and set the defaults:

Click Save when complete.

To remove tenant, select it and click the Remove tenant button:

On the Users tab you can add, edit and remove users:

Note. Web portal allows working with custom users only. Domain users operations are not

supported.



18

Add custom user.

Click the Add User button and specify parameters for the new user:

Select tenant to create the tenant user or “Global Group” to create the global user. Specify

password and user permissions:

- Security Administrator. This role grants the full permissions on the Hyper-V

implementation for the user. The user assigned to this role will act as a global

administrator or a tenant administrator, depending on which group it is assigned to.

- Auditor. The user will be able to view the whole Hyper-V implementation or a tenant

depending on which user is selected. In this role, the user can review virtual firewall and

IDS logs but cannot apply any changes.

Click OK to complete the operation.



19

Edit custom user.

Click the Edit User button to edit the user. Only password can be changed with this operation:

Specify and confirm the new password and click OK.

Edit user roles.

Click the Edit Roles button to edit the user roles:

Check or clear roles as required and click SAVE.



20

To remove the user, select it and click the Remove User button:

Virtual machines management The web interface provides all basic operations with virtual machines in the environment

protected by 5nine Cloud Security: configuring and managing security features – virtual firewall,

IDS, traffic scanner, network anomalies detection and antivirus. Additionally, it also provides

basic virtual machine management operations: start, shut down, turn off, save, pause/resume

and reset.

To manage virtual machines, select Infrastructure – All Virtual Machines:

There are checkboxes against each virtual machine on the left side, use them to apply actions

to a virtual machine – set security features states, review/edit VM settings and perform VM

management operations. Security features state control and VM management operations are

allowed in group actions –select multiple VMs to perform group operations.

To enable/disable a security feature, click the corresponding button on the control ribbon above

VMs:

You will easily see, which feature is enabled (green mark), and which is disabled (gray mark):



21

To perform VM management actions, use the corresponding VM Management drop-down

menu commands for the one or more selected VMs:



22

Click the VM Settings button to review/edit VM settings (allowed for a single VM at a time):

All settings are standard as they are represented in 5nine Cloud Security Management console.



23

Click on the VM name to get inside and review firewall rules (details are described below) and

see various security features logs. Example, network anomalies detection log:

Notifications In the right-upper corner there is an icon located to the left from the welcome greeting, which

displays if there are new messages about last actions performed on the portal:

Click on it to open system messages:



24

There is information for the latest actions, and list of them with visual status icons (green circle –

success, red circle – failure). Failed actions has the “!” sign on the right hand. Click on it to see

the details. Click green mark on the right of each message to dismiss it or the Dismiss

Completed button on the header to dismiss all latest messages at once.

Virtual Firewall 5nine Cloud Security web portal provides all basic operations with virtual firewall protection:

configuring rules, managing VM protection status, reviewing filtering logs.

Firewall dashboard Firewall dashboard contains consolidated graphical data for the protected environment:

Dashboard has three blocks: VM Firewall Status, Top 5 VMs with highest traffic and Average

Traffic Profile.

The VM Firewall Status block displays intuitive graphical dispersion (with percentage and

numbers) of VMs with enabled and disabled virtual firewall protection.



25

The Top 5 VMs with highest traffic block displays the list of VMs having the most traffic. A filter

is configurable to display the desired data:

The Average Traffic Profile block displays average total traffic for the configured period. The

period is set using filter:



26

Data can be printed or exported into the one of available formats:

Each block has the View details link, which leads you to the required section of the portal to get

the detailed data on the corresponding subject.

Configuring Virtual Firewall Rules 5nine Cloud Security Web portal provides managing all type of virtual firewall rules as it’s

represented in the standalone management console: global rules, user-defined security group

rules and local rules.

Global rules are configured in the Firewall – Global Rules section:



27

There are checkboxes against each rule on the left side, use them to apply actions to a

particular rule – edit or remove. Removing rule is allowed in the group action – select multiple

rules to perform group removal.

Local rules are configured in the Infrastructure – All Virtual Machines section individually for

each VM. Click on the required VM name to get inside and set ARP/L2 and IP rules for this VM:

Security group rules are configured in the Infrastructure – VM Groups section. Click on the

required VM group name to get inside and set ARP/L2 and IP rules for this group:

Note. VM Group(s) must be created before adding group rules. Refer to the “Security Groups”

subsection below.

Rules of all three types are configured in the same way as described below.



28

Click the Add ARP/L2 Rule button to add the new ARP/L2 rule:



29



30

Click the Add IP Rule button to add the new IP rule:



31

Select the required rule and click the Edit Rule button. Edit rule process is the same as when

adding a new rule.

Select the required rule(s) and click the Remove Rule button to remove rule(s). Group action is

allowed when removing rules.

Security Groups Security VM groups are configured in the Infrastructure – VM Groups section.

To create a security group, click the Add VM Group button.



32

Configure the security group parameters, including VM group membership, and click the Add

Group button in the below dialog window:

To edit or remove a security group, select it by clicking a checkbox on the left side against the

group and then click the Edit VM Group/Remove VM Groups buttons accordingly. Multiple

group removal is allowed in the single action when more than one group is marked in the group

list.

Rules Templates Rules templates are configured in the Infrastructure – Templates section.



33

To create a new template, click the Add Template button:

Enter the name for the new template and click the Add Template button.

To edit the rules template, select the template by checking the checkbox against the template

and then click Edit Template button.

To delete rules template, select the template by checking the checkbox against the template

and then click Remove Templates button. Group removal action is allowed.

To add rules into the template, select the template and click on its name to get inside:

Adding, editing and removing rules in templates are done in the same way as it’s done for

security groups, global and local rules as described above. Rules in templates will be stored so

they can be easily applied in the future to VM or security group.

To apply template, select the corresponding object – VM or a group, and then click the Use

template button:



34

You can customize some parameters – remote IPs and MACs before applying a template:

Click OK to add rules from the template to the selected object.

Virtual Firewall Logs Virtual firewall logs can be reviewed either in the Firewall – Logs section of the portal or inside

VM in the Infrastructure – All Virtual Machines section.

To view firewall log on global level, open the Firewall – Logs section of the portal. You have to

select the exact VM to see the filtering log before. The first VM as appears in the list is selected

by default.

Click the Search button to find and select the required VM:



35

Then find the required VM and click the Apply button in the Find VM dialog as shown below.

Use the search filter for convenience.



36

The VM filtering log records will appear in the portal:



37

To view firewall log on VM level, open the Infrastructure – All Virtual Machines section of the

portal, find the required VM and click its name to get inside. Then select the Filtering Log tab:

The resulting virtual firewall log entries can be filtered by using firewall log entry filter:

Set the required filtering parameters and click the Apply filters button.



38

Antivirus 5nine Cloud Security web portal provides agentless anti-malware scans for virtual machines and

Hyper-V hosts: immediate anti-malware scans, recurring anti-malware scans by user-defined

schedules and delayed one-time anti-malware scans.

Antivirus dashboard Antivirus dashboard contains consolidated graphical views of the environments anti-malware

protection status.

First two blocks Protected VMs and Infected VMs display graphical views (with percentage and

numbers) of the VMs included/not included into AV scans and clean/infected VMs that have

already been scanned:



39

Other blocks: Signature Updates, Top 5 Threats and Latest Quarantine Events display data

for signature databases on protected Hyper-V hosts, top 5 viruses detected during scans and

latest quarantine records:

A filter is configurable for the top 5 threats:



40

Each block has the View details link, which leads you to the required section of the portal to get

the detailed data on the corresponding subject.

Antivirus Settings 5nine Cloud Security web portal provides general antivirus settings that are required for AV

operation. They are configured in Antivirus – Settings section of the portal.

Action on virus, definitions update frequency and workload orchestration:

Host definitions information, force update and proxy settings (if required):



41

Scan extensions, exclusions and “always blocked” lists:

Creating Antivirus Jobs Antivirus job is created in the Antivirus – Jobs or AV Scheduled Jobs sections of the portal.

Each one of them has the Create VM Scan button – to create scan for virtual machines, and the

Create Host Scan button – to create scan for Hyper-V host.



42

Click the required button to create either host(s) or VM(s) AV scan job. The Create VM (Host)

scan wizard will open, similar to the one in standalone management console. Go through the

wizard and set the required parameters for the job:

Type the name and select objects:



43

Select extensions:

Select exclusions and other scan parameters:



44

Set the “always blocked” locations and/or files if required:

Set the schedule and click Finish to create the job:



45

The job will appear in the Antivirus – Jobs section if the job runs immediately and in the

Antivirus – Scheduled jobs section if it is scheduled or deferred job.

All currently active and already completed jobs are shown in the Antivirus – Jobs section:

Filter is available to display jobs:



46

To view log of the particular antivirus job, select it and click the View Log button:

Quarantine All quarantine events are displayed in the Antivirus – Quarantine section of the portal:



47

Filter is available to select quarantine entries:

You can control the threats that are moved to the quarantine folder. You can take the following

actions:

- Cancel Quarantine/Restore – for pending events or already moved to quarantine

accordingly.

- Remove File/Remove from Quarantine – to permanently remove suspicious file from the

system.



48

IDS The Intrusion Detection System (IDS) is configured in the Intrusion Detection section of the

portal.

First tab Logs displays IDS logs in accordance with filter settings:

Second tab Settings displays definitions, update frequency and proxy settings:



49

5nine Smart Firewall for Azure The 5nine Cloud Security Web Portal has menu option for the 5nine Smart Firewall for Azure

solution. Customers that have purchased Smart Firewall for Azure will be able to use the web

portal as the user interface to use the solution.

Select the Smart Firewall for Azure menu option to launch it in a new browser tab.

Login with your Live ID associated with your Azure subscription.



50

You can create firewall rules the same as the standard console.

View logs



51

Azure Billing

Please refer to the 5nine Smart Firewall getting started guide for more information.

Uninstall To uninstall 5nine Cloud Security for Hyper-V Web Portal from your server, use the same single

setup launcher application as when installing the product:

Select CloudSecurity Web, click Uninstall and confirm the operation.

5nine Cloud Security - Acronis · 2020. 3. 27. · Make sure all 5nine Cloud Security basic...

Documents

Transcript of 5nine Cloud Security - Acronis · 2020. 3. 27. · Make sure all 5nine Cloud Security basic...