ASMS deployment checklist
If you are deploying a full ASMS system out-of-the box, use the following list to prepare for deployment and ensure that you've configured your system as recommended.
For more details, see also Download ASMS software packages and ASMS system security.
Note: For information about ongoing maintenance after you've finished deploying your system, see Best Practices for Ongoing Maintenance in ASMS.
Infrastructure and analytics
Getting ready
# | Step | Description |
---|---|---|
1 | AlgoSec architecture recommendation review |
Work with AlgoSec to understand our architecture recommendations for your needs. |
2 | Required programs for remote access |
Before starting, make sure you have the following programs available on your system:
|
3 | Infrastructure component provisioning |
Ensure that your hardware or virtual components meet our system requirements. For details, see System requirements. |
4 | Collecting information | To make your deployment easier, we recommend you download and fill out the ASMS Questionnaire. Save this information. You will need to refer to it during the deployment process below. |
Deploy ASMS infrastructure
# | Step | Description |
---|---|---|
5 | Standalone appliances / cloud based appliances |
Based on your deployment type:
|
6 | High-availability / Disaster recovery configuration |
Set up your environment, including high availability or disaster recovery clusters, as well as load or geographic distribution. For details, see: |
7 | Load distribution / remote distribution configuration | |
8 | Appliance setup checks |
At this point, make sure you have:
|
AlgoSec Firewall Analyzer deployment tasks
# | Step | Description |
---|---|---|
9 | Licensing application |
Install your license. For details, see: |
10 | Authentication and authorization configuration |
Define how AFA handles user authentication and authorization. Best practice: Whenever possible, leverage LDAP/LDAPS for authentication. This enables all ASMS users to log in easily, including change requestors, application owners, auditors, and so on. Configuring LDAP/LDAPS for ASMS also enables auto-provisioning, which means that users are automatically created and assigned to their appropriate roles based on their LDAP group membership, without any additional configuration. For details, see Configure user authentication. |
11 | User and role configuration |
Define AFA users and their roles. For details, see AFA users and roles. |
12 | Outbound mail integration configuration |
Configure AFA to send email notifications. For details, see Configure event-triggered notifications. |
13 | Storage and retention configuration |
Configure AFA settings for data storage. For details, see Storage. |
14 | Infrastructure component monitoring |
Configure monitoring systems for each ASMS product. For details, see:
Best practice: Deploy WatchDog monitoring to provide the broadest and most up-to-date set of system parameters to be monitored. Direct syslog messages WatchDog to your enterprise NOC. |
15 | Networking estate provisioning |
Populate AFA with your devices. For details, see Manage devices and Configure log collection from an external Syslog server. |
16 | Schedule AFA analysis |
Configure AFA settings for scheduled analysis jobs. For details, see Schedule analysis. |
17 | Review & validate analysis/monitoring/log collection |
See: |
Intelligent policy change automation
Deploy AlgoSec FireFlow
# | Step | Description |
---|---|---|
18 | FireFlow initial setup |
FireFlow templates and workflows are fully configurable. We recommend using the default configuration to get started, and then customizing FireFlow as needed. For details, see: |
19 | FireFlow sanity-check request |
Create a sample change request and push it through the entire workflow to test each step in the process. For details, see Request changes. |
Network visibility and awareness
Build your ASMS network topology
# | Step | Description |
---|---|---|
20 | Environment visibility and accuracy validation |
View your network map in AFA and confirm that it displays as expected. For details, see AFA's graphic network map. |
21 |
Sanity end-to-end traffic simulation |
Run an end-to-end traffic simulation query to ensure that the data presents as expected. For details, see Run traffic simulation queries. |
22 | Network topology modeling & adjustment |
After viewing default reports and query results, you may want to adjust the way AFA displays your data. For details, see: |
Application discovery and management
All AppViz information and procedures in these tech docs are relevant for both on-prem and SaaS unless marked specifically as follows:
-
indicates instructions relevant only for AppViz on-prem
-
indicates instructions relevant only for AppViz in the SaaS-environment
# | Step | Description |
---|---|---|
23 | AppViz initial setup |
Set up AppViz to view your network details from a business perspective. |
AppViz (SaaS) initial setup |
Do the following:
|
|
AppViz on-prem initial setup |
Do the following:
|
|
24 | AppViz sanity-check application |
View data for your application from AppViz to test each feature. For details, see Business applications. |
25 | AlgoSec Application Discovery Deployment tasks |
|