This task consists of two steps. First, you launch Baffle Manager in the AWS Marketplace, then you configure Baffle Manager.
Before You Begin
It is important that you verify that your site meets the Baffle Prerequisites and Requirements.
Step 1: Launch Baffle Manager
This step walks you through the process of launching Baffle Manager from AWS Marketplace.
To launch Baffle Manager, do the following:
- Search for Baffle in the AWS Marketplace or click the following link to begin setup – Baffle Data Protection Services, once on the page click Subscribe, then Continue with Configuration.
- Make the following selections to Configure this Software:
- Delivery Method – 64-bit (x86) Amazon Machine Image (AMI)
- Software Version – Baffle Manager Release (latest version is displayed by default)
- Region – Select the region.
- On your VPC, create a new security group based on ‘seller settings’. This configuration opens the necessary ports for Baffle Manager. Set the range of IP addresses that will be permitted access.
- Ensure you have saved the selected key pair to access the Baffle Manager.
IMPORTANT! You must add your own inbound security group with your IP address here so you will be able to connect to Baffle Manager in a web browser.
TIP! Since the instance is bootstrapped with a self-signed certificate, you will receive an invalid CA warning. Select the browser option to “proceed”. You will have the opportunity to upload and use your organization’s certificate later in this section.
Step 2: Configure Baffle Manager
- Configure System Settings. You are prompted for hostname and domain settings. All system users must have this domain name as part of this email going forward.
- Configure Email Settings. This allows Baffle Manager to send emails to provide notifications and for password resets. Enter the SMTP server to use, as well as the login credentials for the SMTP server.
- Create Admin Account. The screen below prompts you to create the initial Baffle Manager administrator account. This account is used to configure the subsequent components such as the key management store, data store connections, and Baffle Shields.
- Configure Credential Keystore. This configuration screen establishes an encrypted credential store for any system access credential or access key that the Baffle Manager or Baffle Shield utilize. The default name is “baffle_credential_store” and cannot be changed.
Select LOCAL for Keystore type. Enter the Baffle Secret Key in the text field. NOTE: The Baffle Secret Key must contain at least 10 characters, a mixture of upper and lower case, including at least 1 number. The Secret Key is used to generate a random key to encrypt the Keystore Config Password. For Config Password, enter a secure password or passphrase to secure the actual keystore.
- Install SSL Certificate. This configuration step allows you to install an SSL certificate to secure access to the Baffle Manager web interface. Upload the certificate and key file for your organization or respective CA to enable SSL for the Baffle Manager console.
- Login to Baffle Manager, by entering the Admin User credentials you configured and then clicking Sign In.
- Continue with Connect to a Keystore.