Fortanix Key Insight - Getting Started

1.0 Introduction

Welcome to the Fortanix Key Insight – Getting Started Guide. This document describes:

  • How to sign up and log in to Fortanix Key Insight.
  • Configure the Amazon Web Services (AWS) organization to scan the keys and services.
  • Configure the Azure cloud connection to scan the keys and services.

2.0 Terminology Reference

Refer to Fortanix Key Insight - AWS Concepts Guide for the AWS terminologies.

Refer to Fortanix Key Insight - Azure Concepts Guide for the Azure terminologies.

3.0 Fortanix Key Insight – Log In and Create an Account

Fortanix Key Insight is a cloud service on the Fortanix Armor platform. So, you need to create an account on the platform if you do not already have one.

3.1 Sign Up and Log In to Fortanix Platform – New Users

If you are accessing Fortanix Key Insight for the first time, you need to sign up for Fortanix Armor to access Key Insight. For subsequent access, you can log in to Fortanix Armor directly.

For more details on how to sign up, log in, and create an account for Key Insight, refer to Fortanix Armor – Getting Started Guide.

3.2 Log In to Fortanix Armor Platform – Existing Users

You can directly log in to the Fortanix Armor platform to access Key Insight if you have already signed up and have an account.

For more details on how to log in and create an account on Fortanix Armor, refer to Fortanix Armor – Getting Started Guide.

4.0 Fortanix Key Insight – Configure AWS Cloud Connection

After you access the Key Insight solution from Fortanix Armor, if you want to onboard AWS cloud accounts, then you need to configure the AWS cloud connection to scan your keys and services.

4.1 Onboard AWS Cloud Account or AWS Organization

NOTE
Follow the steps described in Fortanix Key Insight – AWS Configuration for Scanning to set up your AWS Role in the AWS organization before onboarding the AWS cloud account.

After you create and select a Fortanix Armor account, you will be redirected to the Key Insight Dashboard page.
To onboard the AWS cloud accounts:

  1. On the Overview page, click + ADD CLOUD CONNECTION to add a new AWS cloud account.

    Add a New Connection.png Figure 1: Add an AWS Cloud Connection

  2. Navigate to Cloud Connections and click + ADD CLOUD CONNECTIONS to add a new AWS cloud account.

    Add a Cloud.png Figure 2: Add a New Cloud Connection

  3. On the Cloud Connections page, select the cloud provider and click NEXT.

    Select AWS.png Figure 3: Select AWS Cloud Provider

  4. On the Setup Cloud Connections form, enter the following details:
    1. Enter the AWS cloud connection name.
    2. In the Select Scope section, select Organization if you want to onboard an AWS organization. This will allow you to onboard the AWS accounts in the AWS organization. However, if you want to onboard a single AWS account, select Account.
    3. Enter the AWS access key and the AWS secret access key.
    4. Click NEXT.

    Setup AWS.png Figure 4: Configure AWS Cloud Account in Key Insight

  5. In the Select scope section:
    • If you selected Organization, then on the Select AWS Subscriptions screen, you can either select all the cloud accounts in the AWS organization using Select All Accounts to scan and onboard all the AWS accounts in the AWS organization or you can select the required accounts to onboard only the selected AWS accounts. 
    • If you selected Account, then on the Select AWS Subscriptions screen, you can select the single AWS account to scan and onboard this account.
    NOTE
    Fortanix Key Insight will not scan the AWS key material, only the available metadata.

    Select AWS Account.png Figure 5: Select Subscriptions

  6. Click NEXT to scan the selected cloud account(s) and onboard all the keys and services.
  7. This will take you to the Key Insight Overview page. You can see that the page lists all the scanned AWS keys and services. For more information on the Key Insight Overview page and its features, refer to the Fortanix Key Insight-User Interface Components.

    AWS Dashboard.png Figure 6: Key Insight Dashboard

    NOTE
    If the count of the AWS accounts before the scan does not match the count of the AWS accounts displayed on the Overview page:
    • Ensure all the roles and permissions are appropriate in the AWS accounts before performing the scan.
    • Try performing a re-scan operation using the RESCAN option on the Overview page after some time.

5.0 Fortanix Key Insight – Configure Azure Cloud Connection

After you access the Key Insight solution from Fortanix Armor, if you want to onboard Azure subscriptions, then you need to configure the Azure cloud connection to scan your keys and services.

NOTE
Before onboarding the Azure cloud,

5.1 Onboard an Azure Management Group or Azure Subscription

After you create and select a Fortanix Armor account, you will be redirected to the Key Insight Dashboard page.

To onboard an Azure cloud subscription:

  1. On the Overview page, click + ADD CLOUD CONNECTION to add a new Azure cloud subscription.

    Add a New Connection.png Figure 7: Add an Azure Cloud Connection

    You can also navigate to Cloud Connections and click + ADD CLOUD CONNECTIONS to add a new Azure cloud subscription.

    Add a Cloud.png Figure 8: Add a New Azure Cloud Connection

  2. On the Cloud Connections page, select the Azure cloud provider and click NEXT.

    Select Azure.png Figure 9: Select Azure Cloud Provider

  3. On the Setup Cloud Connections form, enter the following details:
    1. Enter the Azure account name.
    2. In the Select scope section, select Management Groups to onboard the Azure subscriptions. However, if you want to onboard a single subscription, select Subscription.
    3. Enter the management group ID or Subscription ID based on the scope.
    4. Enter Client ID, Client secret, and Tenant ID.
    5. Ensure the information is accurate, as this information is used to verify your Azure configuration, credentials, and permission settings. Click NEXT.

    Setup Azure.png Figure 10: Configure Azure Cloud Subscription in Key Insight

  4. In the Select Scope section:
    • If you selected Management Groups, then on the Select Azure Subscriptions page, you can either select all the subscriptions in the Azure management group using Select All Subscriptions to scan and onboard all the Azure subscriptions, or you can select the required subscriptions to onboard only the selected Azure subscriptions.
    • If you selected Subscription, then on the Select Azure Subscriptions page, you can select the single Azure subscription to scan and onboard this subscription.
    NOTE
    Fortanix Key Insight will not scan the Azure key material, only the available metadata.

    Select Subscriptions.png Figure 11: Select Azure Subscriptions

  5. Click NEXT to scan the selected subscription(s) and onboard all the keys and services.
  6. This will take you to the Key Insight Overview page. You can see that the page lists all the scanned Azure keys and services. For more information on the Key Insight Overview page and its features, refer to the Fortanix Key Insight-Azure User Interface Components.

    Azure Dashboard.png Figure 12: Azure Cloud Overview

    NOTE
    If the count of Azure subscriptions before the scan does not match the count of the Azure subscriptions displayed on the Overview page:
    • Ensure all the roles and permissions are appropriate in the Azure subscriptions before performing the scan.
    • Try performing a re-scan operation using the RESCAN option on the Overview page after some time.

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful