Add BlastShield™ Agents to protect your servers

Add BlastShield™ Agents to protect your servers

Welcome to the BlastShield™ Quick Start Guide. In this series of articles you will learn how to setup your BlastShield™ protected network. To get your BlastShield network up and running, the following workflows are required.

  1. Sign-up for a BlastShield account on our website.
  2. Register and connect to the BlastShield™ Orchestrator
  3. Add BlastShield™ Agents to protect your servers (this article)
  4. Create policy for zero-trust access
  5. Add new users to your protected network

Add BlastShield™ Agents to protect your servers

The BlastShield™ Agent is an application installed on your server which enables secure peer-to-peer access from the BlastShield™ protected network. A BlastShield™ Agent must be installed on each server which you want to protect with BlastShield™.  Access to that server is then secured in the BlastShield™ encrypted mesh.  To connect to the server that is protected with a BlastShield™ Agent, a user must authenticate and join the BlastShield™ network using our multi-factor password-less remote authentication.
With BlastShield™ STARTER you can have up to 100 endpoints connected in a protected network. An endpoint can be a Client/User (Desktop/Laptop/Mobile Device) or Linux Host. To protect more than 100 endpoints, an upgrade is available, via the website, to BlastShield™ PROFESSIONAL.


Adding a new Agent - summary

The process to install and setup the BlastShield™ Agent on a server is summarised here:

  1. Create a new Agent instance in the Orchestrator and create a BSI file.
  2. Install the Agent on the Linux server.
  3. Register the Agent with the BSI file.
  4. Start the Agent.
  5. Configure policy to allow access to the Agent.

Currently supported builds

We currently have support for the following operating systems.

If you don't see the operating system which you are using in this list, then please contact us here so that we can help you get the correct build.

Ubuntu

  • Ubuntu 20.10
  • Ubuntu 20.04.2 LTS
  • Ubuntu 18.04 LTS

Debian

  • Debian 11 (Bullseye)
  • Debian 10 (Buster)

Centos

  • Centos 8
  • Centos 7

Amazon

  • Amazon Linux 2

Raspberry Pi

  • Raspbian GNU/Linux 10 (buster)

Windows

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012
  • Windows 10

64-bit builds for x86 CPUs are available.

Linux Agent Installation

Step 1: Add a new Agent in the Orchestrator

Learn how to add a new Agent in the Orchestrator by watching the following video or reading the steps below.

  1. Click on "Agents" in the sidebar and click the red "Add New Agent" button at the top right.
  2. The New Agent dialogue opens.  Add a friendly name and a DNS Hostname. The Hostname is optional and can be used to identify the Agent in the BlastShield™ network as BlastShield runs its own DNS..
  3. Optionally add any Groups you want it to join (or you can leave the Groups box blank and fill it in later).
  4. Then click "Save and Download Invitation".   Download the BSI file for use later.

Step 2: Install and register the Agent

To see how to install and register the Agent watch the following video or read the steps below.

1. Type the following command in the linux command line to install the Agent:

curl https://dl.blastwave.io/agent/install.sh | bash

2. When prompted, either paste all the text from the BSI file you created in step 1 or enter the path to the BSI file into the command line.  Then hit enter.

"Please enter the path or the contents of the new agent BSI file:"

<copy and paste the contents of your bsi file here and hit enter>



3. The Agent will register and start.  When the Agent is running you will see the following message:

Installation successful, the agent IP address is <Your Agent’s IP address>.


4. Now that the Agent has started you can check the status of the Agent by typing the following:

sudo systemctl status blastshield

5. The logs may be viewed as follows:

sudo journalctl -u blastshield.service

The status of the new Agent on your server should appear as "Online" in the Orchestrator as shown in the image below. 

When the status of the Agent is ‘Online’ this shows that the Agent is operational and the Orchestrator can communicate with the Agent.

The BlastShield™ interface that has been created by the Agent on the server will only be accessible to authorised and authenticated BlastShield users.  To access this interface you must set up groups and access policies for your users.  The default behaviour is to block access until a policy has been created. You can learn how to create policies in the following section

Linux Agent manual installation

You can alternatively use the standard package manager commands to install the Agent on Linux. See this section to learn about the manual installation process.

Windows Agent Installation

Use the following download link for the BlastShield Agent Windows installer. This is valid for Windows Server 2019, Windows Server 2016, Windows Server 2012 and Windows 10:

Windows Agent software download link

The following steps describe how to install and start the Agent:

  1. Create a new Agent instance in the BlastShield Orchestrator and download the .bsi file to the windows server where you want to install the Agent.
  2. Download the Windows Installer .msi file for the BlastShield Agent to the windows computer and open the installer.  
  3. The installer will auto run and ask you for the .bsi file which you will have already downloaded from the BlastShield Orchestrator
  4. To add the .bsi file you can either click ‘Browse’ to find the file or you can copy/paste the entire contents of the .bsi file into the installer dialogue box.
  5. Proceed with the registration step and the Agent will register and auto-start.

The status of the new Agent on your server should appear as "Online" in the Orchestrator as shown in the image below. 

When the status of the Agent is ‘Online’ this shows that the Agent is operational and the Orchestrator can communicate with the Agent.


The BlastShield™ interface that has been created by the Agent on the server will only be accessible to authorised and authenticated BlastShield users.  To access this interface you must set up groups and access policies for your users.  The default behaviour is to block access until a policy has been created.

Next Step:

See the next section, Create policy for zero-trust access, to learn how to create policies.