Enterprise Sharing and Governance
On This Page:
Objective
This guide provides instructions on how to use VoltShare enterprise features for compliance and governance. There are four main aspects that will be covered:
- Creating a new Teams account and adding users (manually and with an SSO option)
- Setting up policy overrides to restrict what your enterprise users can do with the tool
- Setting up Slack alerts for abnormal activity
- Auditing logs
Create a Teams Account
VoltShare enables you to encrypt and decrypt information using a Teams account. For initial configuration, you need admin rights for an enterprise tenant.
Step 1: Download VoltShare.
Navigate to VoltShare Downloads to download VoltShare for your operating system.
Step 2: Install VoltShare.
-
For Apple macOS users:
-
Navigate to the application .dmg file and double-click it to run the installer.
-
Drag VoltShare.app to your Applications folder.
-
-
For Microsoft Windows users, navigate to the application .exe file and double-click it to run the installer.
-
For Linux-based distributions, the application file is pre-compiled and ready to use.
Step 3: Sign-in to VoltShare.
After you install VoltShare, you will be prompted to sign-in. If you are a first-time user, you will be prompted to sign-up.
-
When you open VoltShare for the first time:
- Click
Next
to view different features. Or clickSkip
to go straight to the sign-up process.
- Click
-
If you are a first-time user:
- Click
For Teams
.
- Click
-
Click
Sign Up
. -
Follow the instructions to complete the sign-up process.
-
If you already have a Distributed Cloud Services account and enterprise tenant:
-
Click
For Teams
. -
In the
my-domain.console.ves.volterra.io
field, enter the name of your enterprise tenant. This example uses “treino.”
-
-
Click
Next
. -
Enter the email and password used for your enterprise tenant.
-
Click
Log In
.
Note: You may be prompted to provide an invitation code when you initially create a new Teams account with Distributed Cloud Services. To request an invitation code, go to Contact Us and fill in the form. Alternatively, email
sales@cloud.f5.com
to request an invitation code.
Step 4: Add and configure user settings.
- From the F5® Distributed Cloud Console (Console) homepage, click
All Services
.
-
Click
Administration
. -
From the
Administration
options, clickIAM
>Users
>Add user
. -
In the form fields, select a
User Type
, add your email, and fill in the other fields marked with an asterisk (*
). -
Optionally, assign roles and namespaces to the new user with
Assign roles and namespaces
. -
After you finish, click
Send Invite
. This action triggers an email with set up instructions to the new user that was created. -
Notify all new users added that they need to download the VoltShare application and sign-in with their credentials.
Note: Instead of configuring users manually, you can also configure single sign-on (SSO) by following the integration guides for Azure Active Directory or Google Workspace in User Management.
Configure Governance Policy for Users
The enterprise tenant admin can configure governance policies to control VoltShare messaging for individual users and teams.
Step 1: Configure governance policy in Console.
-
From the Console homepage, click
All Services
. -
Click
VoltShare
. -
Click
Admin Policies
>Add VoltShare admin policy
.
-
In the
Metadata
section, enter a name. Optionally, you can select a label and enter a description. -
In the
VoltShare Admin Policy
section, enter a value that corresponds to the amount of time a secret message is valid. You must enter a numeric value that ends withs
,m
, orh
.
Note:
s
stands for seconds.m
stands for minutes.h
stands for hours. In this example,720h
stands for 720 hours that any secret message is valid for.
Step 2: Add or delete users from VoltShare.
-
Under
User Encryption Policy
, clickConfigure
. -
To add all users, select
Allow All Users
from theSelect Users to Allow
drop-down menu.
-
To add a list of users, select
Allow List of Users
from theSelect Users to Allow
drop-down menu. -
Configure the list:
-
Click
Add item
to add an individual user by ID or by regular expression (regex). -
After you finish, click
Add Item
.
-
-
To deny all users, select
Deny List of Users
from theSelect Users to Deny
drop-down menu. -
If you select
Deny List of Users
, clickAdd Item
to deny an individual user by ID or by regular expression (regex). -
After you finish, click
Apply
.
Step 3: Add or delete teams from VoltShare.
-
To configure with whom a team can share secret messages with:
- Click
Add Item
. The default option isAll Teams/Tenants
.
- Click
-
If you select
Team/Tenant
, enter a name in theTeam/Tenant
field. -
If you select
Individual Users
, clickConfigure
to restrict specific users. -
Click
Add Item
and then clickBack
. -
After you finish, click
Save and Exit
.
Send Abnormal Activity Alerts to Slack
The admin for an enterprise tenant can configure a Slack workspace to receive alerts for any abnormal activity. The alerts are generated from Console and then pushed to Slack.
Step 1: Create a new alert receiver.
- From the
Select service
drop-down menu, selectAudit Logs and Alerts
.
-
Click
Alerts Management
>Alert Policies
>Add Alert policy
. -
In the
Metadata
section, enter a name for the object associated with the new alert in theName
field. -
In the
Alert Receiver Configuration
section, clickSelect Receiver
to configure where the alerts are sent to. -
In the form that appears:
-
Click
Add new Alert Receiver
. -
In the
Name
field, enter a name for the object associated with the new receiver. -
From the
Receiver
drop-down menu, confirmSlack
is selected. -
Ensure that the Webhook URL is configured.
-
Note: You will need to configure the Slack API to enable Webhooks. For more information, follow the instructions at Webhooks. After you enable Webhooks, you will receive a Webhooks URL that you can encode.
-
In the
Channel
field, provide the Webhook URL corresponding to the#alert-testing
channel. -
Encode the URL as a Base64 string.
-
After you finish, click
Continue
.
Step 2: Configure the new receiver policy.
-
In the
Policy Rules
section:-
Click
Configure
. -
Click
Add Item
. -
Select the type of alerts to push to Slack. By default,
Any
is selected. -
If you select
Matching Severity
, select a severity level from theSeverities
drop-down menu. -
If you select
Matching Group
, select a group from theGroups
drop-down menu. -
If you select
Matching Alertname
, select an alert type from theMatching Alertname
drop-down menu.
-
-
In the
Action
field, confirmSend
is selected. -
Click
Apply
. -
To configure how and when alerts are sent:
-
Click
Show Advanced Fields
. -
Click
Configure
. -
Click
Show Advanced Fields
for both sections. -
In the
Notify Interval For a Alert
field, enter a numeric value. Hover over the?
symbol for information about the format to enter the numeric value. -
In the
Notification Grouping
section, set the group notifications, wait interval, and group wait interval. -
After you finish, click
Apply
.
-
- Click
Save and Exit
.
The Slack set up process is complete. If any encryption or decryption attempts cross a certain threshold, the alert will be pushed to the Slack channel.
Sharing and Storing
VoltShare is a simple application and can be used by all your enterprise users with the constraints defined in your governance policy. VoltShare prevents users from violating the governance policy for both encryption and decryption of data.
You can read the how-to guide to securely store and share data.
View Audit Logs for Activity Alerts
Audit logs are useful for compliance purposes, post-mortems, and general day-to-day visibility. If a VoltShare alert is triggered, the tenant admin can log and debug the problem.
You can view VoltShare alerts in your Slack channel for any violations of the configured governance policies.
Step 1: View the alerts in the Slack channel.
This example shows the VoltShare alert triggered at 5:22pm in the #alert-testing
Slack channel.
Step 2: View the audit logs in Console.
-
In the
Audit Logs and Alerts
page:-
Click
Notifications
>Alerts
to view alerts. -
Click
Notifications
>Audit Logs
to view audit logs.
-
- Use the
>
symbol to select the time frame to match the alert time and investigate the activity.