Enterprise Sharing and Governance

Objective

This guide provides instructions on how to use VoltShare enterprise features for compliance and governance. There are four main aspects that will be covered:

  • Creating a new Teams account and adding users (manually and with an SSO option)
  • Setting up policy overrides to restrict what your enterprise users can do with the tool
  • Setting up Slack alerts for abnormal activity
  • Auditing logs

Create a Teams Account

VoltShare enables you to encrypt and decrypt information using a Teams account. For initial configuration, you need admin rights for an enterprise tenant.

Step 1: Download VoltShare.

Navigate to VoltShare Downloads to download VoltShare for your operating system.

Step 2: Install VoltShare.
  • For Apple macOS users:

    • Navigate to the application .dmg file and double-click it to run the installer.

    • Drag VoltShare.app to your Applications folder.

VoltShare Installation
Figure: VoltShare Installation

  • For Microsoft Windows users, navigate to the application .exe file and double-click it to run the installer.

  • For Linux-based distributions, the application file is pre-compiled and ready to use.

Step 3: Sign-in to VoltShare.

After you install VoltShare, you will be prompted to sign-in. If you are a first-time user, you will be prompted to sign-up.

  • When you open VoltShare for the first time:

    • Click Next to view different features. Or click Skip to go straight to the sign-up process.
  • If you are a first-time user:

    • Click For Teams.

Initial Sign Up for Teams
Figure: Initial Sign Up for Teams

  • Click Sign Up.

  • Follow the instructions to complete the sign-up process.

Initial Sign Up for Teams
Figure: Initial Sign Up for Teams

  • If you already have a Distributed Cloud Services account and enterprise tenant:

    • Click For Teams.

    • In the my-domain.console.ves.volterra.io field, enter the name of your enterprise tenant. This example uses “treino.”

Enterprise Tenant Example
Figure: Enterprise Tenant Example

  • Click Next.

  • Enter the email and password used for your enterprise tenant.

  • Click Log In.

Enterprise Tenant Example
Figure: Enterprise Tenant Example

Note: You may be prompted to provide an invitation code when you initially create a new Teams account with Distributed Cloud Services. To request an invitation code, go to Contact Us and fill in the form. Alternatively, email sales@cloud.f5.com to request an invitation code.

Step 4: Add and configure user settings.
  • From the F5® Distributed Cloud Console (Console) homepage, click All Services.

All Services
Figure: All Services

  • Click Administration.

  • From the Administration options, click IAM > Users > Add user.

  • In the form fields, select a User Type, add your email, and fill in the other fields marked with an asterisk (*).

  • Optionally, assign roles and namespaces to the new user with Assign roles and namespaces.

  • After you finish, click Send Invite. This action triggers an email with set up instructions to the new user that was created.

  • Notify all new users added that they need to download the VoltShare application and sign-in with their credentials.

Note: Instead of configuring users manually, you can also configure single sign-on (SSO) by following the integration guides for Azure Active Directory or Google Workspace in User Management.


Configure Governance Policy for Users

The enterprise tenant admin can configure governance policies to control VoltShare messaging for individual users and teams.

Step 1: Configure governance policy in Console.
  • From the Console homepage, click All Services.

  • Click VoltShare.

  • Click Admin Policies > Add VoltShare admin policy.

Add Admin Policy
Figure: Add Admin Policy

  • In the Metadata section, enter a name. Optionally, you can select a label and enter a description.

  • In the VoltShare Admin Policy section, enter a value that corresponds to the amount of time a secret message is valid. You must enter a numeric value that ends with s, m, or h.

Create Admin Policy
Figure: Create Admin Policy

Note: s stands for seconds. m stands for minutes. h stands for hours. In this example, 720h stands for 720 hours that any secret message is valid for.

Step 2: Add or delete users from VoltShare.
  • Under User Encryption Policy, click Configure.

  • To add all users, select Allow All Users from the Select Users to Allow drop-down menu.

User Encryption Policy
Figure: User Encryption Policy

  • To add a list of users, select Allow List of Users from the Select Users to Allow drop-down menu.

  • Configure the list:

    • Click Add item to add an individual user by ID or by regular expression (regex).

    • After you finish, click Add Item.

  • To deny all users, select Deny List of Users from the Select Users to Deny drop-down menu.

  • If you select Deny List of Users, click Add Item to deny an individual user by ID or by regular expression (regex).

  • After you finish, click Apply.

Step 3: Add or delete teams from VoltShare.
  • To configure with whom a team can share secret messages with:

    • Click Add Item. The default option is All Teams/Tenants.

Add Teams
Figure: Add Teams

  • If you select Team/Tenant, enter a name in the Team/Tenant field.

  • If you select Individual Users, click Configure to restrict specific users.

  • Click Add Item and then click Back.

  • After you finish, click Save and Exit.


Send Abnormal Activity Alerts to Slack

The admin for an enterprise tenant can configure a Slack workspace to receive alerts for any abnormal activity. The alerts are generated from Console and then pushed to Slack.

Step 1: Create a new alert receiver.
  • From the Select service drop-down menu, select Audit Logs and Alerts.

Select Service
Figure: Select Service

  • Click Alerts Management > Alert Policies > Add Alert policy.

  • In the Metadata section, enter a name for the object associated with the new alert in the Name field.

  • In the Alert Receiver Configuration section, click Select Receiver to configure where the alerts are sent to.

  • In the form that appears:

    • Click Add new Alert Receiver.

    • In the Name field, enter a name for the object associated with the new receiver.

    • From the Receiver drop-down menu, confirm Slack is selected.

    • Ensure that the Webhook URL is configured.

Note: You will need to configure the Slack API to enable Webhooks. For more information, follow the instructions at Webhooks. After you enable Webhooks, you will receive a Webhooks URL that you can encode.

  • In the Channel field, provide the Webhook URL corresponding to the #alert-testing channel.

  • Encode the URL as a Base64 string.

  • After you finish, click Continue.

Step 2: Configure the new receiver policy.
  • In the Policy Rules section:

    • Click Configure.

    • Click Add Item.

    • Select the type of alerts to push to Slack. By default, Any is selected.

    • If you select Matching Severity, select a severity level from the Severities drop-down menu.

    • If you select Matching Group, select a group from the Groups drop-down menu.

    • If you select Matching Alertname, select an alert type from the Matching Alertname drop-down menu.

  • In the Action field, confirm Send is selected.

  • Click Apply.

  • To configure how and when alerts are sent:

    • Click Show Advanced Fields.

    • Click Configure.

    • Click Show Advanced Fields for both sections.

    • In the Notify Interval For a Alert field, enter a numeric value. Hover over the ? symbol for information about the format to enter the numeric value.

    • In the Notification Grouping section, set the group notifications, wait interval, and group wait interval.

    • After you finish, click Apply.

Configure Notifications
Figure: Configure Notifications

  • Click Save and Exit.

The Slack set up process is complete. If any encryption or decryption attempts cross a certain threshold, the alert will be pushed to the Slack channel.


Sharing and Storing

VoltShare is a simple application and can be used by all your enterprise users with the constraints defined in your governance policy. VoltShare prevents users from violating the governance policy for both encryption and decryption of data.

You can read the how-to guide to securely store and share data.


View Audit Logs for Activity Alerts

Audit logs are useful for compliance purposes, post-mortems, and general day-to-day visibility. If a VoltShare alert is triggered, the tenant admin can log and debug the problem.

You can view VoltShare alerts in your Slack channel for any violations of the configured governance policies.

Step 1: View the alerts in the Slack channel.

This example shows the VoltShare alert triggered at 5:22pm in the #alert-testing Slack channel.

Alerts
Figure: VoltShare Alerts in Slack Channel

Step 2: View the audit logs in Console.
  • In the Audit Logs and Alerts page:

    • Click Notifications > Alerts to view alerts.

    • Click Notifications > Audit Logs to view audit logs.

Audit Logs
Figure: Audit Logs

  • Use the > symbol to select the time frame to match the alert time and investigate the activity.

Concepts