Back to home

BYOSwerx Knowledge Base

BYOS Management Console

Managing Assets

Overview of Asset Management within the Byos Management Console

Overview

Running a Discovery Scan

First, you want to ensure that you are in the Asset Menu. This is achieved by clicking the arrow in the top left of the screen in the Mgmt Console.

When you select “Discover Assets,” all Edges within your Byos environment will initiate a network-wide scan to identify every Asset linked to every Edge. Discovered Assets will then be displayed in the Management Console’s Asset section, encompassing all Assets and Resources within your Byos environment.

What are Assets?

Assets refer to devices linked to Byos Secure Edge equipment.

The internal microsegment of the Edge is responsible for conducting Asset discovery to identify all Assets and Resources connected to it.

The information displayed for each Asset will include the Edge it is connected to and its Byos IP address in the SL Overlay

⚠️

Asset and Resource information will only be discovered by the Byos discovery scan if they have been allowed by the Asset’s on-board OS security settings. If you cannot find an Asset, or retrieve the Resource information you were expecting, please check that the Service has been allowed on the Asset.

What are Resources?

Resources are specific combinations of ports, protocols, and services running on a given Asset, that have been discovered by the Byos Secure Edge. Resources will be listed in the Asset inventory by their:

Service

Protocol

Port In/Out

Visible in SL

Enabling Asset Visibility in Secure Lobby

Discovered Assets and Resources are not automatically accessible through the Secure Lobby Overlay.

Visibility of each Resource in the Overlay must be explicitly allowed by the administrator, which is a Layer 4 Access Control

⚠️

Reminder: three (3) access controls need to be enabled to access a resource from within the SL Overlay. If any of the three are not enabled, you will not be able to access the desired resource. - Layer 2: the SL Overlay connection between the Edge and the Cloud needs to be established. This is done through configuring the External Network routing settings. - Layer 3: The Zone that the Resource is in that you’re trying to reach must have an inbound connection allowed from the Zone that you’re currently in. Read more about Zones here - Layer 4: The Port/Service combination of the resource needs to be made “Visible in SL”.

To make a Resource visible:

Port In Conflicts

By default, the Port In will match the Port out of a scanned Asset. Each Resource must have a unique Port to access it. If that Asset adheres to the list of “known ports” maintained by IANA, and there are multiple Assets in the environment, you may experience duplicates.

When you toggle the Visible in SL option to on, if there is a conflict, the Port In option will provide a warning that the chosen port is already in use. At this point, you can choose a *unique Port In for that Resource.

⚠️

It is important to note that you’ll want to document which default port numbers are changed, and what they are changed to. One efficient method for renaming Ports In is to front-load the original Port In with a distinguishing octet of the Assets IP address. Example: 192.168.2.1 Port In 80 – Port Out 80. With Port In 80 in conflict, you could use the 3rd octet of the IP address (in this case 2), to change Port into 280.

Once an Asset has been made visible in Secure Lobby, it can be accessed by any Edge in the Zone with approved routing.

Manually Adding Resources

If an Asset connected to the Byos Secure Gateway Edge has a non-standard port and service running, it may not be found by the asset discovery. In this case, you will need to manually add a resource, Select the Asset, click “Add Resource”, and then input the required information:

Name

Port In

Port Out

Protocol - TCP or UDP

Preset Filters

All Assets

This filter shows all discovered Assets, with Resources hidden for a quick glance.

All Resources

This filter shows all Resources (Assets are expanded) to see what ports and services are enabled and available to be enabled.

Manually Added Assets and Resources

This filter only shows Assets and Resources that have been manually added.

Enabled Resources in Secure Lobby

This filter hides only shows Resources that have been enabled to be accessed through Secure Lobby.

⚠️

For Resources that have been Enabled but their Edge is not connected to Secure Lobby, the Edge will show a Red disconnected Icon with a Warning Icon on the right. This indicates that even though the Resource is enabled, it will not be accessible through Secure Lobby because the Edge is not connected to the Lobby on Layer 3. For an Edge to be connected to Secure Lobby, ensure that it is in a Policy Group with Secure Lobby Routing (External Network Settings B-F.

Online Resources in Secure Lobby

Online Resources in Secure Lobby are all of the Resources that can be accessed through Secure Lobby.

Deleting an Asset

At the time of a Discovery Scan, all assets connected to a Byos Secure Edge will be scanned and Discovered. Sometimes, an asset might be unplugged from an Edge, in between scans, giving the appearance that the Asset is still connected.

Deleting an Asset will remove it from the Assets table. If the Asset is reconnected to the Byos Secure Edge and a new Discovery Scan is run, the Asset will re-appear in the Table.

You will be prompted to confirm you wish to delete the Asset.