Dell Protected Workspace Management Server Installation and Configuration Guide Dell Protected Workspace Management Server v2.2.2 Created and Maintained by Invincea, Inc.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Contents Purpose and Intended Audience......................................................................................................................5 System Requirements .....................................................................................................................................5 DPWMS Sizing Recommendations ...............................................................................................
Dell Protected Workspace Management Server – Install and Configure – v2.2 Additional Administrative Tasks ................................................................................................................... 46 Modifying the default Firewall ............................................................................................................................... 46 Installing Linux Updates ...................................................................................................
Dell Protected Workspace Management Server – Install and Configure – v2.2 Administration Section ........................................................................................................................................................... 76 Threats Module ............................................................................................................................................................................... 77 Settings and Plugins .........................................
Dell Protected Workspace Management Server – Install and Configure – v2.2 Purpose and Intended Audience This document is intended to provide instructions for installing and configuring the Dell Protected Workspace Management Server. It is intended for IT administrators that will be completing the initial deployment and configuration and/or will be managing the Dell Protected Workspace Management Server. System Requirements One of the following Host Platforms o VMware Workstation 7.
Dell Protected Workspace Management Server – Install and Configure – v2.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Dell Protected Workspace Management Server Features The Dell Protected Workspace Management Server is a modular system that allows for multiple Dell Protected Workspace applications to run on a single appliance. Each module is licensed individually and will only be available with a valid license key. Threats Module The Threats Module allows Dell Protected Workspace clients to view Threat Report details.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Installing the Dell Protected Workspace Management Server The Dell Protected Workspace Management Server is delivered as a virtual machine, in the VMware OVF template format. The following instructions outline how to install the DPWMS on either VMware vSphere 4.x or later or VMware Workstation 7.1.x or later. Some steps may differ slightly based on the version being used.
Dell Protected Workspace Management Server – Install and Configure – v2.2 2. Select the File menu and choose “Deploy OVF Template…” 3. Choose the file location of the OVF template (the download must be unzipped before this step). Press the “Next” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 4. Review the OVF information. Press the “Next” button. 5. Give the virtual machine a name (or use the default one provided). Choose which datacenter/folder the VM will be deployed to (if applicable). Press the “Next” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 6. For clustered systems, choose which cluster/host the VM will be deployed on. Press the “Next” button. 7. If multiple datastores are available, choose the datastore to deploy the VM on. Press the “Next” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 8. Choose the desired disk format for the virtual disk. Press the “Next” button. 9. Select the network that the VM will be connected to. Press the “Next” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 10. Verify your configuration and press the “Finish” button. 11. Optional step: Once the OVF template has finished deploying, take a snapshot of the VM to retain the original settings before any configuration is done. 12. Power on the VM. 13. Installation of the DPWMS is now complete. Please continue to the “Configuring the Dell Protected Workspace Management Server for Basic Operation” section.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Installing VMware Tools for DPWMS running in a vSphere Environment To install VMware Tools into the DPWMS appliance, follow these steps. 1. Connect to the console of the DPWMS from the vSphere client. Use the root account (default password is invincea) 2. From the VM menu, select Guest, then Install/Upgrade VMware Tools 3. Create a mount point for the cdrom by running the following command: mkdir /mnt/cdrom 4.
Dell Protected Workspace Management Server – Install and Configure – v2.2 9. Confirm the installation was successful by viewing the details of the VM. A status of “VMware Tools: Running (Current)” should be displayed.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Upgrading the network adapter to VMXNET3 for DPWMS running in a vSphere Environment In some VMware environments, changing the DPWMS appliance network adapter from the default E1000 adapter to a VMXNET3 adapter may be required. To change the appliance to the high‐performance network adapter, follow these instructions. 1. Connect to the DPWMS appliance VM via the vSphere console. 2. From the VM menu, choose Edit Settings 3.
Dell Protected Workspace Management Server – Install and Configure – v2.2 4. Press the “Add” button above the device list. 5. Select “Ethernet Adapter” from the device list and then press the “Next” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 6. From the Network Type window, select VMXNET 3 as the Adapter Type and select the correct network from the Network Connection drop‐down. Also make sure the “Connect at power on” check box is selected. Press the “Next” button. 7. Press the “Finish” button. 8. Press the “OK” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 9. From the console, log in as the root user and run the following command: rm /etc/udev/rules.d/70-persistent-net.rules 10. Confirm the delete process when prompted.
Dell Protected Workspace Management Server – Install and Configure – v2.2 11. Reboot the appliance by running the following command: reboot 12. Verify proper network connectivity after the system reboot.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Conversion of files for VMware Workstation 7 or 8 Before installation can begin on VMware Workstation version 7 or 8, the OVF file provided in the download must be converted to the correct format. The following steps will outline the proper steps for the conversion. The following steps also assume that VMware Workstation has already been installed. 1.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Installing DPWMS on VMware Workstation 7.1.x or later 1. Open VMware Workstation. Select File Open… 2. Browse to the location of extracted / converted files and select the .vmx file (for Workstation 7 or 8). Choose Open. a. For VMware Workstation 9 or later, select the OVF file.
Dell Protected Workspace Management Server – Install and Configure – v2.2 3. Optional step: Take a snapshot of the VM to retain the original settings before any configuration is done. 4. Power on the DPWMS virtual machine and continue to the “Configuring the Dell Protected Workspace Management Server for Basic Operation” section.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Installing the DPWMS on Custom Hardware or a custom Virtual Machine Installing the DPWMS and prerequisites If administrators prefer to use their own version of Linux, a TGZ file is available for installation. Invincea uses CentOS 6.6 x86_64, but a similar Linux OS may be used (a 64‐bit Linux OS is required). The DPWMS requires a MySQL database, either on the local system or on a remote system.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuring the DPWMS SYSV startup script In order to simplify and automate the startup of DPWMS, the following SYSV startup script can be added to the system. Before creating the startup script, a change to the number of files a single process can access needs to be made. By increasing this limit, it allows the DPWMS process to handle a higher number of requests per API system.
Dell Protected Workspace Management Server – Install and Configure – v2.2 killproc main retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } case "$1" in start) start ;; stop) stop ;; status) pgrep main > /dev/null 2>&1 status=$? if [ $status -eq 0 ]; then echo "running" else echo "not running" fi ;; restart) stop start ;; reload) stop start ;; *) echo "Usage: {start|stop|status|reload|restart]" exit 1 ;; esac exit $? Save the file by typing “:wq!” This will close the file.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuring the DPWMS configuration file The DPWMS configuration file defines the necessary settings needed for the DPWMS to function, including port numbers, certificate locations, MySQL settings and logging settings. The configuration file is located at: /var/www/html/ims2/ims.defaults (or ims.conf once the IMS has run at least once) The following section reviews the configuration file and options.
Dell Protected Workspace Management Server – Install and Configure – v2.2 [license] #the license activation key to automatically attempt activation_key = paste activation key here for automatic activation when the system starts (prevents need to having to enter key into the UI) #activation server url server = http://delllicense.invincea.com/activate defines the URL that will be used to activate the system with the supplied license key. [mysql] #mysql parameters host = 127.0.0.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Applying New Updates via the UI Server upgrades can now be done via the DPWMS management console for single API systems (multiple API systems must manually upgrade each API/UI system). The following steps outline the process to upgrade to a new DPWMS release. 1. Log into the DPWMS 2.x UI with an admin level account 2. From the Admin tab, click on the “Upgrades” tab 3. On the Upgrades tab, press the “Install Upgrade…” button 4.
Dell Protected Workspace Management Server – Install and Configure – v2.2 8. From the list of custom commands, click the “Restart IMS2” command 9. Once the DPWMS (ims2) service restart has finished, return to the management console to access the upgraded system.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Manual Upgrade from via SSH/Console In some environments, the upgrade process via the DPWMS UI may not work correctly if the upgrade package cannot copy to the DPWMS system before the allotted timeout or in cases where multiple API/UI systems exist. In these cases, the DPWMS upgrade will need to be applied manually by copying the update package to the server and unpacking it. The following steps outline this procedure: 1.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Merging configuration file (ims.conf) changes after upgrade After upgrading to a new version of the DPWMS, new configuration setting are enabled with “default” values that an admin may wish to change. In order to do this, new preferences from the “ims.default” file need to be copied into the active “ims.conf” file and configured with the correct settings.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuring the Dell Protected Workspace Management Server for Basic Operation – Pre‐Built Virtual Machine Only Obtaining the DHCP Address of the System By default, the DPWMS is configured to obtain a DHCP address. In order to continue with the configuration of the DPWMS, this address is needed so that the WebUI can be accessed. To obtain the address of the system, open a console session to the server.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Accessing the WebUI The remaining initial configuration steps can be completed by accessing the Dell Protected Workspace Management Server WebUI. To access the WebUI, use a web browser to browse to the following address: https://:10000 where is the one obtained in the last section. This address will be changed later in the setup.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Changing the time or time zone For the DPWMS to function properly, it is important that the system be configured with the correct date, time and time zone. The current date and time can be seen on the default landing page after logging into the WebUI. To modify these settings, select “09 System Time.” The System Time page has three tabs at the top of the page: Set time, Change time zone and Time Server sync.
Dell Protected Workspace Management Server – Install and Configure – v2.2 From the Set time tab, the system and hardware time and date can be set. Set the System date and time first, pressing the apply button when finished. Next, press the Set hardware time to system time button to sync the hardware time. The Time server sync tab lets administrators enter the name of a time server hostname or web address.
Dell Protected Workspace Management Server – Install and Configure – v2.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Network Configuration The next task is to configure the network and DNS name of the system. To do this, select “01 Network Configuration” under the “Invincea Server Management” menu. Click on the “Network Interfaces” icon to set the IP address of the system. Once in the configuration view click on “eth0” to set a static IP address for the network adapter. It is recommended that the system not be left with a DHCP address.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Press the “Save” button when finished. Now select the “Routing and Gateways” icon. On the “Boot time configuration tab”, select “eth0” as the interface under the Default route section. Then add the default gateway in the text box. Once that is entered, press Save. The WebUI will be directed back to the “Network Configuration” page when complete. Once back on the Network Configuration page, press the “Apply Configuration” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 After the settings have been applied, the browser needs to be pointed to the new address (either IP or DNS name). Once the login page loads on the new address, reenter the admin credentials, and navigate back to the “01 Network Configuration” dialog. Next, select the “Hostname and DNS Client” icon.
Dell Protected Workspace Management Server – Install and Configure – v2.2 The network configuration is now complete.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Self‐Signed Certificate Creation In order for the DPWMS to operate properly, a SSL certificate needs to be generated. The following steps outline the process for generating a self‐signed certificate. Start by selecting “02 Certificate Management” from the “Invincea Server Management” menu. From the “Certificate Manager” page, click the “Generate Self Signed Certificate and Key” option. Starting with the “Common Name (e.g.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Additionally, verify that the paths to the certificate files are correct before continuing. They should read as follows: Certificate file name: Key file name: Key/Cert pair file name: /etc/pki/tls/certs/dpwms.crt /etc/pki/tls/private/dpwms.key /etc/pki/tls/private/dpwms.csr Once all of the information is filled out and verified, press the “Generate Key” button.
Dell Protected Workspace Management Server – Install and Configure – v2.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Changing the root and ims_admin passwords To change the passwords for the root and ims_admin user accounts, select the “07 Change Passwords” page from the “Invincea System Management” menu. Select “root” or “ims_admin” from the list of users. Enter the new password in both fields and make sure the “Change passwords in other modules?” option is checked. Press the Change button to commit the new password.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Additional Administrative Tasks Modifying the default Firewall In most cases the firewall will not need to be modified. However, if a custom firewall rule is needed or if a default rule needs to be removed, use the “Linux Firewall” page from the “Unused Modules” menu to make the modifications. Incoming firewall rules should be added, changed or removed in the Chain RH‐Firewall‐1‐INPUT section.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Installing Linux Updates In order to keep the Linux OS up to date, available system patches should be applied like any other server in the environment. By navigating to the “05 Software Package Updates” page from the “Invincea Server Management” menu, a list of all available updates can be viewed.
Dell Protected Workspace Management Server – Install and Configure – v2.2 To apply updates, select the desired updates and press the “Update Selected Packages” button at the bottom of the list.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Generating a new self‐signed certificate after initial configuration is complete In case a new self‐signed certificate needs to be generated, either because the system name has changed, the original certificate is incorrect or for any other reasons, follow the steps listed under “Certification Creation” and “Restarting the DPWMS.
Dell Protected Workspace Management Server – Install and Configure – v2.2 On the next page, press the “Continue” button to generate the CSR. From the confirmation page, use the hyperlink locations to go to the download page for the CSR and KEY files. Press the “Download” button to display the file so it can be copied to the local machine.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Importing Signed Certificate and Key To import a certificate and key from a trusted CA, start by choosing the “02 Certificate Management” option from the “Invincea Server Management” menu. From the “Certificate Manager” page, select “Import Key or Signed Certificate.” From the “Import Key or Signed Certificate” page, press the “Browse” button to choose the certificate or key that needs to be uploaded.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuring the Dell Protected Workspace Management Server for SYSLOG For SIEM integration it is necessary to add a SYSLOG destination server to the DPWMS. To configure this, select the “06 System Logs” option from the “Invincea Server Management” menu. From the System Logs page, select the “Add a new system log” hyperlink located at the bottom of the table.
Dell Protected Workspace Management Server – Install and Configure – v2.2 To complete the syslog configuration, the syslog service needs to be restarted (or started if it was not running). To do this, navigate to the 03 Custom Commands menu and use the Syslog commands. Testing SYSLOG connection from DPWMS To validate that the DPWMS is sending data to the configured SYSLOG destination server, go to the “03 Custom Commands” menu from the “Invincea Server Management” Menu.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuring the Threats Module with the Correct SYSLOG format The DPWMS Threats Module is able to send Threat Report information to SIEM systems in a few different formats to better suit the receiving SIEM system. Available formats are Splunk, Q1 Labs , Arcsight and RSA Envision. To set the proper logging format, select the Plugins menu from the Threat Data tab.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Operational Notes for the Dell Protected Workspace Management Server Security Restrictions/Features The Dell Protected Workspace server has the following security restrictions that may need to be taken into consideration within your environment. ICMP echo (ping) is disabled SELinux is enabled and configured with the strictest default policy. You can only connect to the appliance using HTTPS on port 443 and SSH on port 10022.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuring Dell Protected Workspace to work with the Dell Protected Workspace Management Server – Configuration Management Module In order for installations of Dell Protected Workspace to report to the Dell Protected Workspace Management Server – Configuration Management Module, the client software needs to be configured to point to the DPWMS. The following steps outline how to properly configure the clients. 1.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuring Dell Protected Workspace to work with the Dell Protected Workspace Management Server – Threat Data Module In order for installations of Dell Protected Workspace to report to the Dell Protected Workspace Management Server – Threat Data Module, the client software needs to be configured to point to the DPWMS. The following steps outline how to properly configure the clients. 1.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Dell Protected Workspace Management Server Administrative Tasks Acquiring the temporary administrator password for DPWMS UI Upon startup of the DPWMS 2.x server, a temporary password is generated and stored in the database for the DPWMS system. The follow steps outline how to access the temporary password so that access can be granted to the DPWMS UI.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Logging into the Dell Protected Workspace Management Server Console To access the Dell Protected Workspace Management Server Console (DPWMS Console), use a web browser to browse to the following address: https:// where is the FQDN defined during setup (alternatively, the IP address of the system can be used).
Dell Protected Workspace Management Server – Install and Configure – v2.2 Entering the DPWMS License Key The DPWMS license key can be entered via two different methods: via the DPWMS UI or via the DPWMS configuration file. IMPORTANT NOTE: The Dell Protected Workspace Management Server requires an internet connection to allow product activation of the server. If an internet connection is not available, please contact Dell Support for assistance.
Dell Protected Workspace Management Server – Install and Configure – v2.2 When the Activate License dialog box is displayed, enter the license key from the License Entitlement Certificate. Press the “Activate” button to finish the activation. If the activation is successful, the Activate License dialog will close and the modules will now be available for use. If the activation does not work, an error message will display on the dialog box.
Dell Protected Workspace Management Server – Install and Configure – v2.2 DPWMS Configuration File Method By placing the DPWMS activation key into the configuration file, the DPWMS will automatically attempt to activate, if it has not done so already, when the DPWMS (ims2) service is started. This ensures that any hardware / configuration changes (MAC, FQDN, etc.) will not cause a user to be prompted to enter the activation key when they log in.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Modules The Dell Protected Workspace Management Server is broken into different modules. Each module can be accessed by clicking on the appropriate module icon on the navigation bar. This version of the Dell Protected Workspace Management Server contains the following modules: Dell Protected Workspace Home – The Home module is a consolidated view of the Configuration and Threats Modules.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Admin Module The Admin module is used for user management and activity tracking, database backups, error log viewing and DPWMS upgrades. It can be accessed by clicking on the Admin tab in the navigation bar. Users Tab The Admin module defaults to the Users tab when it is loaded. From this tab, new users can be added and existing users can be modified or removed. With the release of DPWMS 2.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Adding a new DPWMS User To add a new user to the DPWMS, click on the “Add User” button: When the Add User dialog box is displayed, enter a user name. Then enter a password for the user and confirm it. When finished, click the “Create” button. To cancel the add user action, press the “Cancel” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 After the user has been created, the user details will display. If required, select the additional flags necessary to give the user the correct permission level. Press the Save Flags button when finished. Note: once a user is given admin level privileges, only that user can remove the admin level flag from the account.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Activity Tab The Activity Tab is used to display the user audit log. This log will display when users log in and out of the system, and what actions they take while modifying the system. For example, activities such as creating or deleting a new group are tracked. Backup Tab The Backup Tab is used to backup and restore the DPWMS database. The backup table displays a list of all backups that have been run or uploaded to the DPWMS.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Create a Database Backup To create a new database backup, press the “Create” button at the bottom of the table. When the Create Backup dialog is displayed, select whether to include the client install kits currently uploaded to the DPWMS Config module as part of the backup, and then press the “Create” button to finish the creation. To cancel the action, press the “Cancel” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Errors Tab The Errors Tab provides a UI display of the latest errors logged by the system. These error messages may be useful in troubleshooting an issue with the DPWMS. The table displays the error messages, with the most recent issue listed first. The table can be sorted by clicking on the column headers.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Upgrades Tab The Upgrades Tab is used to display the upgrade history of the DPWMS system and can also be used to apply new versions of the DPWMS software, as well as to restart the DPWMS process. The Upgrade History table displays the date and version of the DPWMS software that was installed. The log entry may also display any important details about the version applied. Upgrading the DPWMS To apply an upgrade to DPWMS 2.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Restarting the DPWMS Process If the DPWMS process needs to be restarted, such as when enabling new plugins for the Threat Data module, a “Restart Server…” button is also available on the Upgrade History tab. To restart the DPWMS process on the system, press the “Restart Server…” button. NOTE: This functionality is not supported for multiple API set ups.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Platform Tab The Platform Tab provides some basic information about the DPWMS server, including the currently configured host name, CPU usage information, Memory usage information, and disk usage information. Additionally, two buttons exist at the bottom of the screen to allow access to the server’s ims.log file and also to provide one‐click button access to the backend management page (webmin).
Dell Protected Workspace Management Server – Install and Configure – v2.2 Dell Protected Workspace Home Module The Dell Protected Workspace Home Module is a consolidated view of the Modules. This view will change based on which modules are available in the system.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Home Tab Threat Data Section The Threat Data Section provides a brief overview of threats that have been reported to the system. The section header contains a “View All Threat Data” button that will direct the user to the Threat Data module.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuration Management Section The Configuration Management section provides a brief overview of hosts that are being managed by the system. The section header contains a “Manage Configuration” button that will direct the user to the Config module. The display contains a graphical display showing the total number of hosts by version per day, a chart of the five groups with the most hosts and additional host‐level statistics.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Administration Section The Administration Section provides a brief overview of the DPWMS users. The section header contains a “Manage Administration” button that will direct the user to the Admin module. The display contains a chart showing the most recent user activity.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Threats Module The Threats module is used to review Threat Reports that are reported by the Dell Protected Workspace client software. From this module, detailed analysis can be performed on the reports to determine the source and impact of the threat on the client system. To access the Threats module, click on the Threat Data icon from the navigation bar of DPWMS.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Settings and Plugins Additional settings for the Threat Server and for Plugins can be modified by accessing the Settings or Plugins configuration dialogs. Threat Data Module Settings Pressing the “Settings” button will display the “Threat Data Module Settings” dialog box. The following options can be configured in this dialog. Ignore incoming detections that are duplicates currently in the database, including deleted ones.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Plugin Settings Additional third‐party plugins can be enabled to allow for integration with such providers as ReversingLabs, VirusTotal, ThreatGrid, Threat Stream, URLQuery, Google, Email Alerts, and iSightPartners. By enabling these plugins, additional tabs will be added to the threat report view. To enable a plugin, select the checkbox next to the plugin name.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Overview Tab The Overview tab contains an overview of the threat reports that have been uploaded to the DPWMS. Graphs, charts and other information are provided to show statistical information about the threat reports. The overview tab is broken into four sections. Detections by Date This section will display incidents by 3 filters: daily, monthly, or yearly.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Top Users and Top Sources This section displays the number of incidents for the top users with the most threat reports sent to the Threat Data module and the top sources that existed in threat reports sent to the Threat Data module. Top Users – Displays the users in descending order based off of the number of threat reports that have been submitted to the Threat Data module.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Detections Tab The Detections Tab of the Threats module displays a summary of fifteen threat reports. The details of any report can be viewed by clicking on the source name for the selected report. The detections table can be filtered to only display certain categories of threat reports by selecting a category in the “Category” drop‐down menu.
Dell Protected Workspace Management Server – Install and Configure – v2.2 The detections tab provides the ability to manually import threat reports, modify threat report categories and delete threat reports from the DPWMS system through a series of buttons that exist below the incidents table. The “Select All” and “Select None” buttons are used to work with the currently displayed page of threat reports.
Dell Protected Workspace Management Server – Install and Configure – v2.2 To manually import an infection report, click the “Import” button from the series of buttons below the threat reports table. From the Import dialog box, press the “Choose File” button and locate the XML report file to upload. Once the file is selected, press the “Upload” button. Once the report import has finished, the report will be displayed on the Detections tab.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Report Overview Page The details of a threat report can be viewed by clicking the Source hyperlink of the report in the incidents table. The reports details will then be displayed so that the threat report can be reviewed in detail. The heading bar at the top of the report details provides a color code based on the category assigned to the report.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuration The Configuration section contains additional information about the host system and user that uploaded the Threat Report. Displayed Information: Product – Displays which flavor of Dell Protected Workspace is running on the machine that reported the alert. Version – Displays which version of Dell Protected Workspace is running on the machine that reported the alert. Protocol – Displays the threat protocol number.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Delete Source – Displays a red X or a green checkmark depending on whether or not the document responsible for the infection during that session was deleted. Infection Warning ‐ Displays a red X or a green checkmark depending on whether or not the end user received a notification of infection. Rule Training ‐ Displays a red X or a green checkmark depending on whether or not this infection was categorized as Training.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Threat Report Analysis Tab The Analysis tab provides the common display of the Threat report that a user can see from the Dell Protected Workspace product when the Threat is detected. This display categorizes the actions based on five severity levels: Red, Orange, Yellow, Green and Blue Each categorized line can be expanded so that the contents can be reviewed.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Threat Report Event Tree Tab The Event Tree tab window provides a hierarchal view of the threat. The display shows parent and sub‐events. The display has the ability to be filtered, so specific event types (Process, File, Registry, Network and Module Load) can be displayed. By default, all filters are displayed except for the Module Load filter.
Dell Protected Workspace Management Server – Install and Configure – v2.2 For threat reports that were triggered by an untrusted process, the triggering process (that caused the threat report) will be displayed in Red to help easily identify it. All process entries contain additional details about the process (some will display options used during the process launch). When third‐party integration is enabled for the Threat Data module, these plugins can be used to for additional analysis.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Threat Report Timeline Tab The Timeline tab provides the time‐based display of all the actions that occurred during the threat. The display has the ability to be filtered, so specific event types (Process, File, Registry, Network and Module Load) can be displayed. By default, all filters are displayed except for the Module Load filter.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Threat Report Geography Tab The geography tab displays a geo‐lookup view of the threat to identify where any outbound connections that were made by the threat are located on a map. A connection line will display between these connections and the DPWMS home location. Threat Report Plugin Tabs Additional tabs may also be displayed, based on which Threat Data module plugins have been enabled.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Threat Report Actions: There are several additional actions that can be done with a threat report. The following outlines what the available actions are. Export – The Export Detection dialog menu provides the option to export the threat report. Available formats are XML, CSV, and JSON. There is also an option to view the export in a new tab instead of downloading.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Configuration Module The Configuration Module provides the ability to control client configuration files and software versions from a centralized system. Client machines can be separated into different groups to allow for custom configurations on the group level. The follow section reviews the Configuration Module and its functions.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Accessing the Configuration Module The Configuration Module is accessed by clicking on the “Config” button in the navigation bar. Configuration Module Interface Packages Tab Packages are Dell Protected Workspace Install Kits combined with apps.xml overrides and/or server mirrors for the product installer files.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Adding a Package to the DPWMS To add a new package to the DPWMS, press the “Add Package” button. When the Upload Package dialog box is displayed, press the “Choose File” button and select the installation kit to upload. Once the file has been selected, press the “Upload” button. The dialog box will display “Uploading…” in the bottom left corner during the upload process, and will close when the process is complete.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Viewing package details To view the details of a package, click on the package name in the packages list. The package details view provides several different options. Below the display name, the product version, date of upload and the last modified date are displayed. To the right of this information are two buttons.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Clicking on the client installer icon is a recommended way to verify that an upload was completely successful, as the provided link is the one the client software will use to download the software from the DPWMS. If, after clicking on the installer icon, an error is displayed, rather than beginning a download of the installer, delete the package and attempt to upload it again. The Override Apps.
Dell Protected Workspace Management Server – Install and Configure – v2.2 The last section is the Installer Mirror section. This section allows for the product installer to be downloaded by the clients from an alternate location, such as an internal NAS or public CDN. The address provided must be a HTTP or HTTPS address, and must include the full path to the installer, not the full installation kit. The installer can be downloaded from the installer icon on this page, and uploaded to an external source.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Entering the Client Software Activation Key The DPWMS is now able to provide a global activation key that will be used for all clients that connect to the DPWMS system. In order to enable this feature, the client activation key needs to be entered into the Global Settings. To access the Global Settings, click the Global Settings button at the bottom of the Packages tab.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Additional Global Package Settings The Global Package Settings dialog box provides three other global setting options, which affect the entire DPWMS. The first option is used to override the config_server and report preference URLs for all groups. By default, any new group will be automatically populated with the FQDN of the DPWMS system. However, this may not be the desired address for clients to use.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Groups Tab The Groups Tab displays a list of all available groups on the system. By default, the display lists the group with the largest number of hosts first. Along with the group name, the current revision number for that group is displayed, along with the total number of hosts assigned to the group, and the date of the last modification of that group.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Creating a New Group To add a new group to the DPWMS, press the “Add Group” button. In the Add Group dialog, enter a name for the new group, and select an existing group to copy the configuration from. It is recommended that an existing group always be used as a template for any new group. If the None option is selected, the group will contain only the default settings. Press the “Create” button to finish the process.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Group Details View The Group Details View provides a view of the currently selected group that shows the current configuration options, current software deployment options, plus history information and a link to the list of hosts that are currently assigned to the group.
Dell Protected Workspace Management Server – Install and Configure – v2.2 There are also six buttons available in the navigation bar that allow the current hosts assigned to the group to be listed, the audit events log for the current group to be displayed, the revision history of the group to be reviewed, provide the ability to reset a group to its default configuration, rename a group and finally allow a group to be deleted from the system.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Pressing the “View History” button will switch the display to view the revision History for the currently selected group. Any comments that were noted while saving a revision will be displayed on the Comment section of that revision. Clicking the “View Changes” link on a revision will provide a detail of whatever changes were made during the selected revision.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Clicking on the “Revert” link on a revision with reset the group settings back to what was published in this revision. To return to the Group, click on the Group Name link in the title. Pressing the “Reset Group…” button on the group details page will prompt the user to select where the group should be reset. The user can select the current configuration of another group, or can go back to all default settings by selecting “None”.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Finally, pressing the “Delete…” button will prompt the user to confirm deletion of the selected group.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Set Installation Method The next section of the Group Details View is the “Set Installation Method” section. While the DPWMS is not able to do initial installations of client software, it can provide software updates once the clients are managed. The “Set Installation Method” provides options for how client updates should be applied.
Dell Protected Workspace Management Server – Install and Configure – v2.2 The next section provides a drop‐down that allows for the selection of the software version to be used for the client upgrades. New to DPWMS 2.0 is the ability to directly assign a package upgrade to an individual host. If a package has been assigned directly to a host, that host will not receive a package upgrade assignment from the Group it is part of until the package assignment has been removed.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Adjust Preferences The Adjust Preferences section is used to set the client software preferences. This UI is automatically created based on the latest version of the client software loaded into the system. The preferences are broken into several sections to help group together the different preferences by functionality. By clicking on the tabs along the left hand side, the different sections are displayed.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Preferences all start with the default values that are set in the client software installation kit. When a value has been changed from the default option, an additional option will now be present on the same line. The word “Default” being displayed next to a preference attribute indicates that the preference is no longer set to the default value in the client installation kit.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Adding Custom Preferences / Attributes In some cases, a custom preference may need to be added to enable a new preference, or to add additional attributes to a default preference. To add a new preference or attributes, switch to the “other” tab of the Adjust Preferences menu and press the “Add Custom Preference” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Locate the new or modified preference to ensure it has been added or modified. Modifications that are not part of the default configuration file will contain an “x” at the end of the line to allow for removal of the modification, and to act as an indicator that it is a custom entry. For modified preferences, this only applies to attributes that are not part of the default configuration file.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Manage Unprotected Sites The next section on the Group Detail View is the Manage Unprotected Sites section. This section is used to enter regex values for URLs that should be added to the trusted sites list for the client software. When a new group is created, this section is populated with the default entries included in the installation kit.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Within the “Add Multiple Unprotected Sites” dialog box, paste a list of regex entries, one per line, then press the “Create” button to add them. Comments can also be added within the bulk upload by adding a hashtag “#” at the beginning of the line. Each entry in the list must be classified with one of five different classifications. By default, all new entries are classified as “trusted (unprotected).
Dell Protected Workspace Management Server – Install and Configure – v2.2 Grey – disabled – indicates that the entry is not active and will be skipped. The disabled option can also be used to place comments within the trusted sites list to indicate what a certain section of regex values may relate to. If a comment is entered, it is extremely important to make sure it is disabled.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Customize App Settings The Customize App Settings section of the Group Details View allows the default custom_apps.xml that is included with the installation kit to be displayed as individual apps so that those individual apps can be enabled or disabled and/or modified from their default values. Additionally, it also allows for additional custom apps snippets to be added.
Dell Protected Workspace Management Server – Install and Configure – v2.2 The XML editor allows for the XML snippet to be modified as necessary. Once finished, press the “Apply” button. For custom_apps included with the installation kit, press the “Use Default” button to return the snippet to its default setting. This should also be used when a new version of the client software is added to the system, to ensure the latest version of the snippet is being used.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Once the new snippet has been added, it will display in the list of available apps. From the list, it can also be enabled or disabled and edited, same as the default apps. Additionally, custom snippets can be deleted from the system.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Copy Configuration File(s) The final option on the Group Details page is the “Copy Config…” button. This button is used to copy a set of configuration files between groups. To copy one or more configuration files to one or more groups, start by browsing to the source group to be copied from, and press the “Copy Config…” button.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Hosts Tab The Hosts Tab displays a list of all hosts currently being managed by the Config module. This tab can be used to display all hosts and details. The display can also be filtered on several different criteria to display a subset of the hosts.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Once a filter has been selected, it will display below the drop‐down. To remove a filter, click on the “x” next to the filter name. The packages drop‐down allows the table to be filtered by the assigned package version. The drop‐down will include all software versions that have been added to the package tab. When a version is selected, only hosts that are currently assigned to that package version will display.
Dell Protected Workspace Management Server – Install and Configure – v2.
Dell Protected Workspace Management Server – Install and Configure – v2.2 The “Select All” and “Select None” buttons are used to select all of the currently displayed hosts or to clear the currently selected hosts. These buttons only apply to the currently displayed page, and not all hosts within the current filter if there are multiple pages. The “Change Group…” button is used to reassign selected hosts (or filtered hosts) to a new group.
Dell Protected Workspace Management Server – Install and Configure – v2.2 configuration updates to any clients. To enable a host to receive package updates based on the group level settings, set the host back to the (None) assignment. The “Delete...” button is used to remove the currently selected or filtered hosts from the system. This not only removes the host, but all history for the host. However, this does not remove the client software from the host system.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Audit Tab The Audit Tab is used to display client audit events (such as using the Unprotect Current Page option) that were sent to the server. The table will show all audit events, with the most recently received displayed at the top by default. In order for the DPWMS to receive audit events, the client software has to be configured to point to this DPWMS. For the audit events table, up to ten results are displayed on a single page.
Dell Protected Workspace Management Server – Install and Configure – v2.2 These column headings can be used to sort the table based on the selected column header. By default, the Date column is selected to display the most recent event at the top of the table. The search box can also be used to search the audit table for specific information. Finally, the currently displayed table, based on selected filter, can be exported to an HTML or CSV report by pressing the “Export…” button at the bottom of the table.
Dell Protected Workspace Management Server – Install and Configure – v2.2 Contacting Dell Support For assistance with the Dell Protected Workspace Management System, please contact Dell Support at: http://support.dell.com DPWMS updates, DPW apps.xml updates and Installation Kit downloads can all be found at: http://www.dellprotectedworkspace.