Transcription
// F5 SilverlineInstallation & Configuration Guide
Table of ContentsDOCUMENT CONTROL .3INTRODUCTION .3NOTE .3PRE-INSTALLATION .3INSTALLATION .4Assumptions and Constraints .4CONFIGURATION .5CONFIGURE USERNAME/PASSWORD CREDENTIAL .5Assumptions .5CONFIGURE ADAPTABLE APP DRIVER AT THE POLICY FOLDER (ZONE) LEVEL .6CONFIGURE A DEVICE, APPLICATION AND CERTIFICATE OBJECT .7 2021 Venafi, Inc. All rights reserved.2
Document ControlVersion HistoryVersionV1.0V1.1Date2021 02 242021 05 05AuthorFaisal RazzakFaisal RazzakV1.22021 05 20Faisal RazzakDescriptionDocumentationUpdated documentation with F5 Silverlineproduction account references.Added NOTE section.IntroductionHTTPS encryption is more prevalent than ever but can be difficult to scale. F5 Silverline andVenafi have teamed up to make it easy to automate the use of keys and certificates for applicationteams using the following products from Silverline:Silverline DDoS Protection - Silverline detects and mitigates even the largest of volumetricDDoS attacks at layer 3-7, before they reach your network.Silverline Web Application Firewall - Available as a managed service, Silverline protects webapps and data, while ensuring compliance with PCI DSS.Silverline Shape Defense - Prevents large scale fraud and degraded user experiences by detectingbots, fake users, and unauthorized transactions.This document outlines the installation and configuration steps required for F5 Silverlineintegration with Venafi’s TPP system. The document accompanies following file.1. “F5SilverlineAdaptableDriver.zip”NOTEThe certificate being provisioned to F5 Silverline must be issued by an Intermediate CA andmust not be issued directly by the Root CAPre-InstallationTo securely connect to F5 Silverline portal, an API key is required. 2021 Venafi, Inc. All rights reserved.3
1. From the Silverline Portal a user needs to go to Configuration and select API Tokens.2. Simple click the “Add” button to provision a new Token.3. Only a user in “Customer Admin” group can request a token.InstallationThe section outlines the procedure to install the “F5SilverlineAdaptableDriver.zip” file. Unzipthe context of the file and a PowerShell script will be available. F5 Silverline integration is enabledusing Adaptable Application driver feature in TPP. The script needs to be installed on all TPPsystems acting as Log servers and application servers. Please note that after the installation,configuration is mandatory.Assumptions and Constraints Version of Venafi TPP is 20.3.x StepNo.1.Description2.Restart “ved” and “venafilogserver” services.3.Restart IIS on TPP servers acting as Web servers.Additional NotesPlace the script file into the TPP Home \Scripts\AdaptableApp folder on all TPP Server. 2021 Venafi, Inc. All rights t4
ConfigurationThe configuration needs to be performed at 3 levels.1. Configure Username/Password Credential.2. Configure Adaptable App driver at the Policy Folder (Zone) level.3. Configure a Device, Application and Certificate Object.Configure Username/Password CredentialAssumptionsAYou have the API key available for F5 Silverline portal.1. Create a username credential in TPP. The “password” field will contain the API key andthe “username” field can be “null”. 2021 Venafi, Inc. All rights reserved.5
Configure Adaptable App driver at the Policy Folder (Zone) level1. An administrator must configure a Policy Folder to use the F5 Silverline adaptableapplication driver.2. Browse to the policy folder selected to hold the F5 Silverline Device/Application objects.3. Go to - Applications - Adaptable.4. Set the “PowerShell Script” field to point to the F5 Silverline adaptable application driver. 2021 Venafi, Inc. All rights reserved.6
Configure a Device, Application and Certificate Object1. Create a Device object.2. Set the Hostname/Address field: portal.f5silverline.com3. Set the credentials.4. Create an Application object.5. Set the “F5 Silverline Cert/Key Name” field.6. Create a “certificate object”.7. Make sure Management type is “Provisioning”. 2021 Venafi, Inc. All rights reserved.7
8. Renew the certificate. 2021 Venafi, Inc. All rights reserved.8
About VenafiVenafi is the cybersecurity market leader in machine identity protection, securingthe cryptographic keys and digital certificates on which every business andgovernment depends to deliver safe machine-to-machine communication.Organizations use Venafi key and certificate security to protect communications,commerce, critical systems and data, and mobile and user access. To learn more,visit venafi.com 2021 Venafi, Inc. All rights reserved.9
1. An administrator must configure a Policy Folder to use the F5 Silverline adaptable application driver. 2. Browse to the policy folder selected to hold the F5 Silverline Device/Application objects. 3. Go to - Applications - Adaptable. 4. Set the "PowerShell Script" field to point to the F5 Silverline adaptable application driver.
