This article shows you how to install and provision SSProtect using an AWS Marketplace subscription.
Prerequisites
This article is for those subscribing to SSProtect from the AWS Marketplace.
What you need to know:
- When you use SSProtect, you first Login using an Account
- Accounts are uniquely associated with email you control
- There are two types of Accounts: Organization and Individual
- AWS Subscriptions entitle you to provision an Organization
- You can apply an AWS Subscription to an existing Organization, or create one as described here
AWS Marketplace subscriptions determine the number of licensed Users your Organization will have, and also scope optional components and services available to them. Privileged Users can request additional service components from within SSProtect, which with AWS Marketplace licensing associate additional charges with the original, consolidated billing services.
For Licensing details, start with the article, SSProtect Licensing. Note that, unlike some User Licensing models, you can dynamically re-assign License Seats at any time. Email support@definisec.com with specific questions or for hands-on assistance.
Organizations and Privileged Accounts
Since you're using an AWS Subscription, you will Provision an Organization. Users will share configuration traits and/ or Trust relationships managed by this Organization.
Organizations are collections of Accounts managed by Privileged Users (Accounts). These include zero or more Delegates and one single Administrator, which by default is the Account used to provision the Organization.
For more information, refer to articles in the Quick Start and Concepts Help Sections.
Before You Begin
IMPORTANT: Review this section for important details that govern Provisioning and Use.
- You cannot change the name of your Organization once it's submitted
- Your Account will be the one and only Administrator for the new Organization
- You can transfer your Administrator role to another Account, though it's customary to provision a separate Delegate Account for daily use.
- Organization names are subject to approval, limiting immediate use to Individual Account activity
- You can use an Organization naming convention to provision immediately
Running SSProtect
SSProtect starts when you Login to Windows, executing in the background with a minimal use of system resources. When SSProtect detects events associated with managed content, it takes action within the context of a Login Session. If you are not operating in the context of an active Session, you will be prompted to Login using your Account's Username (associated email address) and Password (that you set and manage; see below).
Once you've established a Login Session, you do not need to re-enter your password until it expires. The default duration of a Login Session is 60 minutes, though you can change this to be as little as 10 minutes or as much as 8 hours (not recommended unless using a hardware 2FA token). This is described in the article, Managing Your Account.
Creating and Provisioning Accounts
Accounts are created, 1) from within the :Foundation Client, described below, 2) by Organization Administrators/ Delegates, and 3) by DefiniSec Support. The latter two methods generate a Registration Email for others to use, associating their provisioning with your Organization. This is described in the article, Using the Registration Email, and execution is straightforward as described in email instructions.
Provisioning from Scratch
When you Subscribe to SSProtect in AWS Marketplace, you are given a link that redirects to a simple Subscription Page containing a Registration Code and instructions for obtaining the installation package (along with a link to this article):
Download the SSProtect :Foundation Client using the link from the Subscription page (you can download the client from this page as well), then run the installer. Detailed installation guidance is provided in the article, Installing the :Foundation Client.
When finished, click the SSProtect icon in the system Notification Tray to display its' context menu, then choose Refresh Login...:
This displays the Login dialog, as follows:
NOTE: You can double-click the Desktop shortcut to display the Login dialog if an active Login Session is not present. Else, you will see the notification tray advertisement.
This display managed SSProtect Account Profiles. Profiles allow you to use a friendly name for an Account rather than rely on associated email addresses. Though straightforward when working with a single Account, it becomes more useful when working with more than one Account and/ or regional Server Sets. These relationships are further described in the article, Trusts, Profiles, and Server Sets , though are more advanced topics that can be investigated at a later time.
To provision your Account, click the Profile dropdown and choose the item, Create New... to display the Create Account dialog:
Enter the email address for an account you control and wish to associate with SSProtect and check the AWS checkbox, which will adjust the dialog for the required next steps:
Copy and Paste the RegCode displayed in the Subscription web page (shown above), then proceed to the next section before choosing and submitting your Organization Name.
NOTE: Component services such as :Recover, :Email, and others, are automatically provisioned based on your AWS Marketplace Subscription. When the License entitles you to a choice, you will receive instructions with email notification acknowledging creation.
Choosing your Organization Name
When Provisioning an AWS Marketplace License, you must choose an Organization Name using a format that reflects your business entity:
- Use a prefix that matches your Account's domain/ hostname, without the TLD (.com, .net, .io)
- Use a dash or underscore to separate the prefix from a variable suffix representing a team name or function
- Coordinate with other teams in your business to choose a consistent naming scheme
It's important to consider a broad naming scheme in concert with others in you business. This allow teams to provision and use independent SSProtect Organizations to achieve a greater degree of separation. This protects against internal threats by limiting the authorized scope of sensitive data while maintaining a high degree of collaborative control. Refer to Organization Peer Sharing and Third Party Trusts described the :Collaborate series of articles.
Creating and Confirming
Enter the name of the Organization you wish to create, then choose Create... to proceed. If you've chosen an Organization Name that cannot be verified automatically, you will be prompted with a reminder so that you can return to make adjustments or proceed.
To clarify by way of example, if using an Account email address like support@definisec.com, qualifying names for automatic approval include DefiniSec-Support, DefiniSec-Support-West, DefiniSec-Help, etc. A more complex example: Account email address support@west.definisec-test.com includes valid auto-approval names similar to West.DefiniSec-Test-Dev or west.definisec-Test-marketing.
After you click Create..., you will receive a confirmation Code in your email account's Inbox. Copy and paste this into the Code edit box, which will be enabled. Choose Verify to complete the process:
NOTE: You must enter your Code within 5 minutes of submitting your request, and from the same host computer else Code Verification will fail.
The software will provision your configuration data, which will take a few seconds, then prompt you to create and verify a new Password for your Account (which you can change later):
NOTE: Server content may be different than shown here, though commonly some aspect of the secdefini.com domain.
Choose a new (unique) value and enter it twice, then choose Change. This will complete Provisioning and return you to the Login dialog so you can enter your credentials to establish your first SSProtect Session.
:Shell Considerations
There are currently two install packages available for you to choose from - the Primary Package that is generally available, which includes a filesystem driver that enables In-Place Encryption. An Alternate Package with limited-use distribution foregoes use of the filesystem driver. It is appropriate for specific circumstances that include email-only use.
Both Packages install the :Shell component for you. You can make post-Provisioning adjustments to your optional features using the instructions in, Adding Feature Components, though :Shell configuration is now handled automatically.
If you have needs related to the Alternate Package, contact Support for consideration.
1st Time Operation
The first time you Login after provisioning, you will be presented with additional startup instructions to guide your configuration. These are described in, 1st Time Use.
Using Email Aliases with Organization Accounts
When you intend to join multiple Organizations over time, make sure you're using different email accounts that have 1-1 correlations with the SSProtect Organization Accounts you intend to create. When you do not have corporate email addresses specific to the target Organization, consider using Aliases purposed for each. This will allow you to work with multiple Organizations at a time (using Profiles to simplify matters) while maintaining proper Access Control permissions, data separation, and also safeguards against cross-exposure.
Organization Name Characters
An Organization Name must adhere to the following:
- It must be 127 characters or less in length
- It can include both Uppercase and Lowercase letters
- It can only include the following subset of Symbols:
()\-_@.
Organization Names are case-sensitive, though you cannot create two Organizations that are the same from the standpoint of a case-insensitive comparison. For example, if you create an Organization named, "SampleOrg" and later try to join it with, "sampleorg", the operation will fail. In similar fashion, if you try to create a 2nd Organization, "sampleorg", the operation will also fail due to a name collision with "SampleOrg".
Organization Consideration: Seats
When you create and manage a new Organization, you are the sole Administrator (though you can provision Delegates with elevated permissions). By default, new Organizations created with Sign-Up have 5 Seats, which allows you to deploy 4 more Accounts/ Users with whom you will be working.
Organization Consideration: Shared Data
Organization peers have direct and automatic secured access to your managed content, though you must deliver it to them using any one of the traditional data sharing mechanisms available for sharing conventional application data (email, network file shares, sync and sharing applications, etc). As such, do not provision Users in your Organization unless they are members of your team or company, and should have access to data you intend to manage with SSProtect.
Organization Consideration: Quota
Organization Quota is evenly distributed across Organization Seats, by default. As such, your Account will at first have 1GB of :Recover storage space. You can change this with the Administer Users UI available to Administrators and Delegates, and you can always request more to distribute to your Users. For more information, refer to the article, Managing Organization Users.
Email Notifications and Junk Mail Filters
You will receive email notifications related to Provisioning. Allow email from ssprotect-admin@definisec.com, or check your Junk Mail/ Spam storage if you do not receive your Code and/ or confirmation that your Account/ Organization has been created.
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.0.1 of the :Foundation Client