Launch your Orchestrator and add BlastShield™ Agents to protect your servers

Launch your Orchestrator and add BlastShield™ Agents to protect your servers

Welcome to the BlastShield™ Quick Start Guide. In this series of articles you will learn how to setup your BlastShield™ protected network. To get your BlastShield network up and running, the following workflows are required.

  1. Sign-up and register for a BlastShield account
  2. Authenticate and connect to BlastShield™
  3. Launch your Orchestrator and add BlastShield™ Agents to protect your servers (this article)
  4. Create policy for zero-trust access
  5. Add new users to your protected network

About Agents

The BlastShield™ Host Agent enables secure peer-to-peer access to a server from the BlastShield™ protected network. A BlastShield™ Agent is installed on each server which you want to protect.  Access to that server is then controlled by policy in the BlastShield™  network.


Adding a new Agent - summary

The process to install and setup the BlastShield™ Agent on a server is summarised here:

  1. Connect to the Orchestrator.
  2. Create a new Agent instance in the Orchestrator and create a BSI file.
  3. Install the Agent on the Linux server.
  4. Register the Agent with the BSI file.
  5. Start the Agent.
  6. Configure policy to allow access to the Agent.

Currently supported builds

We currently have support for the following operating systems.

If you don't see the operating system which you are using in this list, then please contact us here so that we can help you get the correct build.

Ubuntu

  • Ubuntu 20.10
  • Ubuntu 20.04.2 LTS
  • Ubuntu 18.04 LTS

Debian

  • Debian 11 (Bullseye)
  • Debian 10 (Buster)

Centos

  • Centos 8
  • Centos 7

Amazon

  • Amazon Linux 2

Raspberry Pi

  • Raspbian GNU/Linux 10 (buster)

Windows (Download the Agent installer for Windows)

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012
  • Windows 10

macOS

  • macOS 10.13 and later

64-bit builds for x86 CPUs are available.

Connect to the BlastShield™ Orchestrator

If you are following these articles in order, then you will have already connected to BlastShield™, so now you can launch the Orchestrator to begin managing your new BlastShield™ network. If you haven't yet connected to your BlastShield™ network, then check out the previous article on how to connect.

To launch the Orchestrator simply click on the 'Launch Orchestrator' buton in the Desktop Client. This will trigger an additional authentication step with a QR code scan and biometric check using the Mobile Authenticator app. Please remember that you must be connected to BlastShield™ before you can launch the Orchestrator. See the video below to learn how to launch the Orchestrator.

The Orchestrator will launch in your web browser at https://orchestrator.blastshield.io

The Dashboard will be displayed as shown below.

Now you can move on to the next step where you will add BlastShield™ Agents to protect your servers.


Linux Agent Installation

Learn how to add a new BlastShield™ Agent to a Linux server by watching the following video or reading the steps below.

Step 1: Add a new Agent in the Orchestrator

  1. Click on "Agents" in the "Manage" menu in the the left sidebar, and then click the red "Add New Agent" button at the top right.
  2. The New Agent dialogue opens.  Add a name for the Agent and a DNS Hostname. The DNS Hostname is optional and can be used to identify the Agent in the BlastShield™ network as BlastShield runs its own DNS..
  3. Then click on the red "Save and Download Invitation" button and choose the option for "Save and copy Linux/macOS installation command to the clipboard". Click on that option to copy the command.

Step 2: Install and register the Agent

Open a terminal session on the Linux server where you are going to install the Agent.

  1. Paste the command you just copied to the terminal and hit enter. This will start the software download.
  2. The software will automatically install and run. The Agent will then automatically register with the Orchestrator. When the process has completed you will see the following message in the terminal window:

"Installation successful, the agent IP address is <Agent IP address>."

Step 3: View the status of the Agent

Now that the installation and registration processes have completed, your Agent is up and running.

You can check the status of the Agent by typing the following:

sudo systemctl status blastshield

The logs may be viewed as follows:

sudo journalctl -u blastshield.service

The status of the new Agent on your server should appear as "Online" in the Orchestrator as shown in the image below. 

When the status of the Agent is ‘Online’ this shows that the Agent is operational and the Orchestrator can communicate with the Agent.

The BlastShield™ interface that has been created by the Agent on the server will only be accessible to authorised and authenticated BlastShield users.  To access this interface you must set up groups and access policies for your users.  The default behaviour is to block access until a policy has been created. You can learn how to create policies in the following section

Linux Agent manual installation

You can alternatively use the standard package manager commands to install the Agent on Linux. See this section to learn about the manual installation process.

Next Step:

See the next section, Create policy for zero-trust access, to learn how to create policies.

Windows Agent Installation

Learn how to add a new BlastShield™ Agent to a Windows server by watching the following video or reading the steps below.

Step 1: Add a new Agent in the Orchestrator

  1. Click on "Agents" in the "Manage" menu in the the left sidebar, and then click the red "Add New Agent" button at the top right.
  2. The New Agent dialogue opens.  Add a name for the Agent and a DNS Hostname. The DNS Hostname is optional and can be used to identify the Agent in the BlastShield™ network as BlastShield runs its own DNS..
  3. Then click on the red "Save and Download Invitation" button and choose the option for "Save and copy invitation contents to the clipboard". Click on that option to copy the invitation.

Step 2: Install and register the Agent

Open a session on the Windows server where you are going to install the Agent.

  1. Download the Windows Agent Installer to the Windows computer and run the installer.
  2. The installer will install and run the Agent software and ask you for the .bsi invitation information which you have already copied from the BlastShield Orchestrator.
  3. Paste the invitation contents which you just copied to the clipboard into the installer and click Start to start the registration process.
  4. When the process has completed the installer displays a "Registration successful." message.

Step 3: View the status of the Agent

On the server where you have installed the Agent, open the ​Services​ app and verify that the 'BlastShield Agent' service is running, as shown in the image below. If it is not running then right click on the BlastShield Agent service and choose ​Start​​.

Go to the Orchestrator and click on the Agents Menu, find your new Agent and click on it. The status of the new Agent on your server should appear as "Online" in the Orchestrator as shown in the image below

When the status of the Agent is ‘Online’ this shows that the Agent is operational and the Orchestrator can communicate with the Agent.

The BlastShield™ interface that has been created by the Agent on the server will only be accessible to authorised and authenticated BlastShield users.  To access this interface you must set up groups and access policies for your users.  The default behaviour is to block access until a policy has been created.

Next Step:

See the next section, Create policy for zero-trust access, to learn how to create policies.


macOS Agent Installation

Learn how to add a BlastShield™ Agent on macOS by watching the following video or reading the steps below.

Step 1: Add a new Agent in the Orchestrator

  1. Click on "Agents" in the "Manage" menu in the the left sidebar, and then click the red "Add New Agent" button at the top right.
  2. The New Agent dialogue opens.  Add a name for the Agent and a DNS Hostname. The DNS Hostname is optional and can be used to identify the Agent in the BlastShield™ network as BlastShield runs its own DNS..
  3. Then click on the red "Save and Download Invitation" button and choose the option for "Save and copy Linux/macOS installation command to the clipboard". Click on that option to copy the command.

Step 2: Install and register the Agent

Open a terminal session to the server where you are going to install the Agent.

  1. Paste the command you just copied to the terminal and hit enter. This will start the software download.
  2. The software will automatically install and run. The Agent will then automatically register with the Orchestrator. When the process has completed you will see the following message in the terminal window:

"Installation successful."

Step 3: View the status of the Agent

Now that the installation and registration processes have completed, your Agent is up and running. The status of the Agent as shown in the Orchestrator will change to Online as shown below.

Logs for the Agent may be viewed in the Console.app.

Next Step:

See the next section, Create policy for zero-trust access, to learn how to create policies.

Remove a macOS Agent

Unload the plist file for the Host Agent

sudo launchctl unload -w /Library/LaunchDaemons/io.blastwave.blastshield-agent.plist 

Remove the plist file

sudo rm /Library/LaunchDaemons/io.blastwave.blastshield-agent.plist

Remove the Host Agent files

sudo rm -rf  /Library/Application\ Support/BlastShield\ Agent


Next Step:

See the next section, Create policy for zero-trust access, to learn how to create policies.