ASMS deployment checklist

If you are deploying a full ASMS system out-of-the box, use the following list to prepare for deployment and ensure that you've configured your system as recommended.

For more details, see also Download ASMS software packages and ASMS system security.

Note: For information about ongoing maintenance after you've finished deploying your system, see Best Practices for Ongoing Maintenance in ASMS.

Infrastructure and analytics

Getting ready

# Step Description
1 AlgoSec architecture recommendation review

Work with AlgoSec to understand our architecture recommendations for your needs.

2 Required programs for remote access

Before starting, make sure you have the following programs available on your system:

  • SSH Client

  • Web Browser

  • SFTP/SCP Client

3 Infrastructure component provisioning

Ensure that your hardware or virtual components meet our system requirements.

For details, see System requirements.

4 Collecting information To make your deployment easier, we recommend you download and fill out the ASMS Questionnaire. Save this information. You will need to refer to it during the deployment process below.

Deploy ASMS infrastructure

# Step Description
5 Standalone appliances / cloud based appliances

Based on your deployment type:

6 High-availability / Disaster recovery configuration

Set up your environment, including high availability or disaster recovery clusters, as well as load or geographic distribution.

For details, see:

7 Load distribution / remote distribution configuration
8 Appliance setup checks

At this point, make sure you have:

AlgoSec Firewall Analyzer deployment tasks

# Step Description
9 Licensing application

Install your license.

For details, see:

10 Authentication and authorization configuration

Define how AFA handles user authentication and authorization.

Best practice: Whenever possible, leverage LDAP/LDAPS for authentication. This enables all ASMS users to log in easily, including change requestors, application owners, auditors, and so on.

Configuring LDAP/LDAPS for ASMS also enables auto-provisioning, which means that users are automatically created and assigned to their appropriate roles based on their LDAP group membership, without any additional configuration.

For details, see Configure user authentication.

11 User and role configuration

Define AFA users and their roles.

For details, see AFA users and roles.

12 Outbound mail integration configuration

Configure AFA to send email notifications.

For details, see Configure event-triggered notifications.

13 Storage and retention configuration

Configure AFA settings for data storage.

For details, see Storage.

14 Infrastructure component monitoring

Configure monitoring systems for each ASMS product.

For details, see:

Best practice: Deploy WatchDog monitoring to provide the broadest and most up-to-date set of system parameters to be monitored.

Direct syslog messages WatchDog to your enterprise NOC.

15 Networking estate provisioning

Populate AFA with your devices.

For details, see Manage devices and Configure log collection from an external Syslog server.

16 Schedule AFA analysis

Configure AFA settings for scheduled analysis jobs.

For details, see Schedule analysis.

17 Review & validate analysis/monitoring/log collection

See:

Intelligent policy change automation

Deploy AlgoSec FireFlow

# Step Description
18 FireFlow initial setup

FireFlow templates and workflows are fully configurable.

We recommend using the default configuration to get started, and then customizing FireFlow as needed.

For details, see:

19 FireFlow sanity-check request

Create a sample change request and push it through the entire workflow to test each step in the process.

For details, see Request changes.

Network visibility and awareness

Build your ASMS network topology

# Step Description
20 Environment visibility and accuracy validation

View your network map in AFA and confirm that it displays as expected.

For details, see AFA's graphic network map.

21

Sanity end-to-end traffic simulation

Run an end-to-end traffic simulation query to ensure that the data presents as expected.

For details, see Run traffic simulation queries.

22 Network topology modeling & adjustment

After viewing default reports and query results, you may want to adjust the way AFA displays your data.

For details, see:

Application discovery and management

Deploy AlgoSec AppViz

All AppViz information and procedures in these tech docs are relevant for both on-prem and SaaS unless marked specifically as follows:

  • indicates instructions relevant only for AppViz on-prem

  • indicates instructions relevant only for AppViz in the SaaS-environment

# Step Description
  23 AppViz initial setup

Set up AppViz to view your network details from a business perspective.

AppViz (SaaS) initial setup

Do the following:

  1. (To connect to AlgoSec SaaS Services via the tunnel) ASMS integration to SaaS services

  2. Configure Access management

  3. Logging in and out

  4. (Optional) Set the user prop connectivity.scan.enable to false if you want to turn off connectivity indicators during the deployment phase.

  5. Follow steps in Configure applications

  6. Manage permissions and roles

  7. Configure Custom fields

  8. Configure Security zones

  9. Configure Critical processes

  10. Manage vulnerability assessment scanners

  11. Customize interactions with AFA and FireFlow

  12. (Optional) Set the user prop connectivity.scan.enable to true to turn on connectivity indicators if required.

AppViz on-prem initial setup

Do the following:

  1. (Optional) Set the user prop connectivity.scan.enable to false if you want to turn off connectivity indicators during the deployment phase.
  2. Follow steps in Configure applications
  3. Manage AppViz users, permissions, and roles
  4. Configure Custom fields
  5. Configure Security zones
  6. Configure Critical processes
  7. Manage vulnerability assessment scanners
  8. Customize interactions with AFA and FireFlow
  9. (Optional) Set the user prop connectivity.scan.enable to true to turn on connectivity indicators if required.
24 AppViz sanity-check application

View data for your application from AppViz to test each feature.

For details, see Business applications.

25 AlgoSec Application Discovery Deployment tasks