Embed Size (px)
Citation preview
Technical Welcome & OverviewSecureLink for Vendors
TECHNICAL OVERVIEW
securelink.com© SecureLink, Inc., 2014.
Table of ContentsOverview.................................................................................................................................................................................1
Architecture Diagram.....................................................................................................................................................1
Technical Considerations...............................................................................................................................................2
Items that can be performed before receipt/download of server: ..............................................2
SSL Certification......................................................................................................................................................2
SecureLink Provided:.................................................................................................................................2
Customer Provided/Wildcard: ...........................................................................................................2
Networking Your Server.....................................................................................................................................3
RDP Session Recording......................................................................................................................................3
CRM/Context Prompts .....................................................................................................................................3
Server Specifications.......................................................................................................................................................4
Hardware Appliance Option..............................................................................................................................4
Virtual Appliance Option......................................................................................................................................4
GateKeeper Application.......................................................................................................................................4
Conclusion.............................................................................................................................................................................4
TECHNICAL OVERVIEW
securelink.com© SecureLink, Inc., 2014.
Overview This document is to serve as a welcoming guide through the initial stages of your SecureLink setup. Please reach out to [email protected] if you have any questions, and thank you for choosing SecureLink.
Architecture Diagram
REMOTE SUPPORT MODULE
REMMOTE STETM
SECURELINKFOR VENDORS
SECURELINK SERVER
CUSTOMER C
CUSTOMER B
CUSTOMER A
DMZ
HOSTED SMTP (SMTP.SENDGRID.NET)
USER 3
USER 2
USER 1
PORT 465 TCP
1
TECHNICAL OVERVIEW
securelink.com© SecureLink, Inc., 2014.
Technical Considerations Items that can be performed before receipt/download of server:• Allocate IP for server interface
• Create/request DNS entry for that IP (most of our customers use something like “securelink.mydomain.com”). Create firewall rules allowing inbound access from any source to the server IP on ports 22, 80 and 443. Create a firewall rule allowing access from the SecureLink server to your SMTP server on port 25
• Configure your SMTP server to relay globally on behalf of SecureLink.
• If integrating Active Directory:
• Create a service account, such as “svc-securelink”
• Note the password and full LDAP path for that account (CN=svc-securelink,OU=Users,DC=seton,DC=org) Provide access to that server on port 389 or 636
SSL Certification SecureLink Provided: SecureLink will provide a 1-year SSL123 Certificate, acquired from Thawte, as part of your implementation at no additional cost. Upon expiration, you may choose to renew this certificate through SecureLink. In order to acquire a certificate on your behalf, we will need to be provided the following:• Server DNS Name:
• Organizational Unit (OU):
• Organization (O):
• City:
• State:
An approval request email will originate from Thawte. When ordering the certificate, we have the choice to send the approval request to one of the following:
• Domain Administrative Contact (as designated by WHOIS information)
• Domain Technical Contact (as designated by WHOIS information)
• admin@[yourdomain.com]
• administrator@[yourdomain.com]
• hostmaster@[yourdomain.com]
• webmaster@[yourdomain.com]
• postmaster@[yourdomain.com]
These are our only options for approval, and we cannot specify a specific email for approval that doesn’t appear on the list above.
Customer Provided/Wildcard:You may also choose to provide your own certificate which we will install on your server. SecureLink supports X.509 v1, v2, and v3 certificates, and PKCS#7 and PKCS#12 formatted certificate chains consisting of certificates of that type. In this case, you will need to provide us the certificate and/or certificate chains as well as the certificate type and keystore password associated with it/them.
2
TECHNICAL OVERVIEW
securelink.com© SecureLink, Inc., 2014.
Networking Your ServerYou will be sent an additional document which instructs you in networking and configuring your server that is specific to your appliance type. For virtual appliances, this document also provides instructions on downloading the files necessary to install your virtual appliance.
At the end of the Server Setup Document, you will be instructed to complete a Server Setup Questionnaire within which you will provide us pertinent information such as:
• Server IP(s)
• DNS name
• SMTP IP
• SSL information (listed above)
• AD information
» AD or LDAP?
» IP
» LDAP path of service account
» Password for that account
» TCP/UDP port in use
Once we have this information, your dedicated Customer Success Manager (CSM) will begin customizing and configuring your server.
RDP Session RecordingRDP session recording will be turned on by default. You have the choice to limit session recording by either space or time, or you can choose to incorporate both limitations. For example, you may set RDP video records to begin pruning (always the oldest first) when a certain time limit is reached (ie 6 months) or when a certain amount of HD space is reached (ie 450 of 500 total GB’s). You may also choose to set both limitations. You also have the opportunity to archive these files on a separate file system. For information on archiving, please speak with your CSM.
CRM/Context PromptsBy default, your CSM will configure your server to prompt for the following information upon user connections:
• Case number
• Reason for connection
• Person who authorized access
By default, all 3 of these fields are required. Please note: these fields are optional and fully customizable. You can prompt for any information you like and have each field be required or optional. Please inform your CSM should you like something other than the default configuration.
For Virtual Appliance InstallationsWhen installing from OVA, the file will automatically designate 21.5G of HD space. We recommend that you expand this upon installation. We can make recommendations based on your particular use case, but you may follow this rule of thumb: RDP recording takes roughly 100MB of HD space per hour of recording. This is a conservative estimate, and there are many variables which effect this rate. At base, it is a good practice to add an additional 50GB of hard drive space, and we can adjust as needs may arise in the future.
3
TECHNICAL OVERVIEW
securelink.com© SecureLink, Inc., 2014.
Server Specifications Hardware Appliance Option• Dell PowerEdgeTM R210 II
• OS: CentOS 5.9
• Quad Core Xeon X3330 Processor
• 8 GB DDR2 RAM – 800MHz
• 2x 500GB SATA Hard Drive (RAID)
• 3 Year Next Business Day On-Site Hardware Warranty
Virtual Appliance Option• Available File Formats: .OVA or .ISO OS: CentOS 5.9
• 1 vCPU
• 3 GB vRAM
• 20 GB Disk Space*
GateKeeper Application• Supported Operating Systems: Windows, Solaris, Linux, AIX, HP-UX, Tru64 1G MHZ CPU
• 50 MB Disk Space
• 30 MB vRAM
• Outbound Internet Connection (DSL - 128 kpbs is optimal)
• Inbound network access to additional servers required on requested ports
• Java-capable browser (Internet Explorer, Firefox; etc.)
ConclusionThroughout the project, your designated Project Manager will be in contact providing weekly status updates. Your CSM will also be in contact after server setup to schedule training and discuss any customer onboarding needs as well as to guide you to completion with regards to any of your other SecureLink goals.
Thank you for reviewing this document. Please know that your implementation team is always here to assist should you have any questions not addressed on your project kickoff call. Please don’t hesitate to contact us at [email protected] or contact your CSM or Project Manager directly if you need anything at all. We look forward to working with you, and thank you again for choosing SecureLink.
Sincerely,SecureLink Customer Success Team
*This is a minimum. More space will need to be allocated if RDP session records are to be kept.
• We recommend approximately 100MB per hour of RDP session recording.
• We can set RDP recordings to begin pruning the oldest record based on either space allocated or time passed.
4
For more information visit securelink.com.
