Managing Assets

Overview of Asset Management within the Byos Management Console

Overview

What are Assets?

  • Assets refer to devices or equipment connected to Byos Secure Edge devices.
  • The internal microsegment of the Edge is responsible for conducting Asset discovery to identify all Assets and Resources connected to it.
  • The information displayed for each Asset will include the Edge it is connected to and its Byos IP address in the SL Overlay
⚠️
Asset and Resource information will only be discovered by the Byos discovery scan, if they have been allowed by the Asset’s on-board OS security settings. If you cannot find an Asset, or retrieve Resource information you were expecting, please check that the Service has been allowed on the Asset.

What are Resources?

Resources are specific combinations of ports, protocols, and services running on a given Asset, that have been discovered by the Byos Secure Edge. Resources will be listed in the Asset inventory by their:

  • Service
  • Protocol
  • Port In/Out
  • Visible in SL

Running a Discovery Scan

  • When you select “Discover All Assets,” all Edges within your Byos environment will initiate a network wide scan to identify every Asset linked to every Edge. Discovered Assets will then be displayed in the Management Console’s Asset section, encompassing all Assets and Resources within your Byos environment.
  • Discovered Assets and Resources are not automatically accessible through the Secure Lobby Overlay.
  • Visibility of each Resource in the Overlay must be explicitly allowed by the administrator, which is a Layer 4 Access Control
Notion image
⚠️
Reminder: there are three (3) access controls that need to be enabled in order to access a resource from within the SL Overlay. If any of the three are not enabled, you will not be able to access the desired resource. - Layer 2: the SL Overlay connection between the Edge and the Cloud needs to be established. This is done through configuring the External Network routing settings. - Layer 3: The Zone that the Resource is in that you’re trying to reach must have an inbound connection allowed from the Zone that you’re currently in. Read more about Zones here - Layer 4: The Port/Service combination of the resource needs to be made “Visible in SL”.

Per Edge Discovery Scan

To run a discovery for a single Edge, navigate to the Edge table, click on an Edge, and click the “Discover Edge Assets” Button. Alternatively, you can discover the Assets for Edges in the selected filter in the Edge table.

Notion image

Enabling Asset Visibility in Secure Lobby

  • To make a Resource visible in Secure Lobby:
      1. Click on the Resource
      1. Toggle “Visible in SL” to on
      1. Select the desired Port In
      1. Click Save
      Notion image

Port In Conflicts

  • By default, the Port In will match the Port out of a scanned Asset. Each Resource must have a unique Port in order to access it. If that Asset adheres to the list of “known ports” maintained by IANA, and there are multiple Assets in the environment, you may experience duplicates.
  • When you toggle the Visible in SL option to on, if there is a conflict, the Port In option will provide a warning that the chosen port is already in use. At this point, you are able to choose a *unique Port In for that Resource.
Notion image
⚠️
It is important to note that you’ll want to document which default port numbers are changed, and what they are changed to. One efficient method for renaming Ports In, is to front-load the original Port In with a distinguishing octet of the Assets IP address. Example: 192.168.2.1 Port In 80 – Port Out 80. With Port In 80 in conflict, you could use the 3rd octet of the IP address (in this case 2), to change Port in to 280.

Once an Asset has be made visible in Secure Lobby, it can be accessed by any Edge in the Zone with approved routing.

Manually Adding Assets and Resources

Adding a Manual Asset

Some assets may not be found by the Secure Edge’s Discovery Scan. To add an Asset manually, click “Add Asset” and Add all of the necessary details:

  • Asset Name
  • Select which Byos Secure Edge it is connected to
  • Input the LAN IP address of the Asset in the Edge’s Microsegment
  • Description
  • Resource Details
    • Name
    • Port Out
    • Protocol - TCP or UDP
ℹ️
Manually added Assets and Resources will display as “Manually Added” in the “Last Seen” Column of the Asset Table.
Notion image

Adding a Manual Resource

If an Asset connected to the Byos Secure Gateway Edge has a non-standard port and service running, it may not be found by the asset discovery. In this case, you will need to manually add a resource, Select the Asset, can click “Add Resource”, and then input the required information:

  • Name
  • Port In
  • Port Out
  • Protocol - TCP or UDP
    • Notion image
 

Asset Templates

Asset Templates are pre-configured Assets, that are have resources but are not yet assigned to an Edge. Asset Templates were added as a feature so that preset lists of devices could be added to streamline the set up of the platform when deploying Secure Edges in the network.

Permissions

  • View Asset Templates - All Roles
  • Create & Modify Asset Templates - Owner and Admin roles only
  • Copy Asset to Template - Owner and Admin roles only
  • Clone Asset Template - Owner and Admin roles only
  • Add Asset from Template - All Roles

Create a Template

Notion image
 

Add Asset from Template

Assets can be added with pre-configured templates, to speed up the set up of new assets added to the network.

Notion image

Copy an Asset from Template

Owners and Admins are able to modify details of the Asset Templates, clone asset templates as well copy to new assets.

Notion image

Preset Filters

There are a number of preset filters in the Assets table

  • All Assets - shows all discovered Assets, with Resources hidden for a quick glance.
  • All Resources - shows all Resources (Assets are expanded) to see what ports and services are enabled and available to be enabled.
  • Manually Added Assets and Resources - only shows Assets and Resources that have been manually added.
  • Edge Connected to Secure Lobby - the Edges that have a connection established to the SL overlay
  • Enabled Resources in Secure Lobby - only shows Resources that have been enabled to be accessed through Secure Lobby.
⚠️
For Resources that have been Enabled but their Edge is not connected to Secure Lobby, the Edge will show a Red disconnected Icon with a Warning Icon on the right. This indicates that even though the Resource is enabled, it will not be accessible through Secure Lobby because the Edge is not connected to the Lobby on Layer 2. For an Edge to be connected to Secure Lobby, ensure that it is in a Policy Group with Secure Lobby Routing (External Network Settings B-F).
Notion image
  • Online Resources in Secure Lobby - all of the Resources that can be accessed through Secure Lobby.
Notion image

Deleting Assets and Resources

At the time of a Discovery Scan, all assets connected to a Byos Secure Edge will be scanned and Discovered. Sometimes, an asset might be unplugged from an Edge, in between scans, giving the appearance that the Asset is still connected.

Deleting an Asset will remove it from the Assets table. If the Asset is reconnected to the Byos Secure Edge and a new Discovery Scan is run, the Asset will re-appear in the Table. You will be prompted to confirm you wish to delete the Asset.

Deleting a Resource works the same way.

Notion image
 
 
 
 
Did this answer your question?
😞
😐
🤩

Last updated on September 25, 2024