Subsections of Quick start guide

Register your Acreto account

Overview

Registering and activation of the account is the first step to start using Acreto services. This article is a guide on the standard register & confirm procedure.

Account registration

If you would like to create an account on Acreto:

  1. Go to Acreto WEDGE.
  2. Click on the Register Here  link or yellow Sign up button on the top bar.

  1. On a register page enter the email address (1) and click accept in the box provided next to the Privacy Policy (2).

  1. Click on the Sign up button (3) and shortly thereafter you will receive an email with an activation link from Acreto to the email address provided.
Tip

If you do not receive an email from Acreto within a minute or so, check your spam folder or retype your email address in the registration form.

  1. Once you receive the email, click on the embedded link so that we may confirm your account.

  1. Set up your First Name, Last Name, and Password on the page that will appear - after you have completed, hit Next.

  1. The second step allows us to set up your company and includes Company Name, Address, and Administrative Contact.
Tip

The Administrative Contact is the person that you want to receive all notices related to any issues with your account and all general notices regarding the Acreto platform.

  1. The third part of the profile setup establishes your method of payment, either a credit card or an established corporate account ID.
  • For credit card - simply enter your credit card number in the fields provided. Your card information does not come to Acreto but is transacted with an accredited card processor.
  • Contract ID - if you have a corporate contract ID number, please enter it in the field provided. If you would like to set up a corporate billing ID, please contact us today.

When you click the finish  button your profile will be complete. You are now ready to set up your first Acreto Ecosystem

Create a New Ecosystem

Overview

Ecosystem security is a methodology unique to the Acreto platform. It’s actually quite simple. Within your organization, there are many different departments, functions, and programs. Each of these areas contains specific applications, users, and devices that work together to execute organizational tasks. For example, your remote sales team may consist of and utilize Office 365, Salesforce, another internal pricing application, and of course, every sales team member. This is an Ecosystem. In a similar fashion, your Vendor Relations department may have 75 external suppliers that provide your organization with various goods and services. In order to be effective, each vendor must interact with your purchasing application(s). These vendors, your internal purchasing department, and every utilized purchasing application is an Ecosystem.

In addition to isolating Ecosystem members from the Internet, Acreto enables you to establish security policies at the Ecosystem level, allowing you to apply customized security policies for each Ecosystem. The right set of security policies for the sales team may very well differ from the needed security policies for the vendors.

How to Create A New Ecosystem

Creating a new Acreto Ecosystem is simple:

  1. Log in to Acreto and click on the Add New button to add a new Ecosystem.
  2. Enter your Ecosystem name and click on the Add button. Use a descriptive name so that others in your organization can differentiate one Ecosystem from another. For example ATM Ecosystem, Guest WiFi Ecosystem, Cafeteria POS Ecosystem, Conference Room Tech Ecosystem, Branch Edge Ecosystem, etc.
  3. Acreto will immediately create your new Ecosystem. You will see it on the screen next to the Add New Ecosystem box.

You’re now ready to start configuring and connecting your Thing(s) and Gateway(s) into your Ecosystem!

Switch Between Ecosystems

Acreto allows you to create multiple Ecosystems. You can create a separate Ecosystem for each physical location and manage them from one WEDGE panel.

To switch between existing Ecosystems:

  1. Log in to Acreto Wedge and select the first existing Ecosystem.
  2. On the Wedge panel, check the name of the currently selected Ecosystem.
  3. Click on the <– All Ecosystems button on the side menu.
  4. Choose a different Ecosystem.

Create a new Gateway

Prerequisites

This procedure required:

  1. Active Acreto Account.
  2. Basic knowledge about local network configuration.

Overview

Gateway is a device that allows you to connect your local network to Acreto and secure whole network traffic and end-user devices without configuring them one-by-one. Take a look at the images below to compare standard network connection with the network secured by Acreto with the Gateway method.

Gateway may be configured in IPsec or vGateway mode. Each of these configurations may be used for different purposes and in different network structures:

  • choose vGateway when you want to download a preconfigured Acreto vGateway appliance and install it on a Raspberry Pi device or some virtualization platform (like KVM or VMware)
  • choose IPSec if you prefer to manually configure your existing device (like router or Linux machine) which supports IPSec protocol

To create a Gateway, you need to:

  1. Create a Gateway object inside your Ecosystem
  2. Create one or more security policies to allow traffic from that Gateway to the Internet

How to create a new Gateway

  1. Log in to an Acreto platform at wedge.acreto.net
  2. Select your ecosystem and go to Objects using the left menu.
  3. Click Add new Object and select Gateway.
  4. Fill at least:
    1. Name: - the name of the gateway that you creating, needs to be compatible with Strongswan connection name requirements (basically, only letters and numbers)
    2. Category: IoT
    3. Fill gateway type-specific settings described here: IPsec | vGateway
  5. Save the created Gateway by pressing Add.
  6. Add security policy that will allow communication from the Gateway device to the Internet.
  7. Commit pending changes (top of the screen)

How to create Acreto Gateway - animation How to create Acreto Gateway - animation

Notice: To successfully test your connectivity, you also need to create a security policy that will allow traffic to go through your device.

IPsec Gateway

Set specific setting for IPsec Gateway:

  1. Allow connection from: Empty (describes the source IP address where the connection will be permitted)
  2. Local Networks: - your local network addresses that should be routed through this gateway

Tip: To simplify testing, add IP addresses of all interfaces connected to your gateway as Local Networks (you can use /32 prefix for public interface). This will allow testing connectivity from the gateway through Acreto using ping, traceroute, and similar tools.

vGateway

Set specific setting for IPsec Gateway:

  1. DHCP/Static: - select the method of assigning addresses on the network
  2. vGateway Local IP: - address of local (LAN) interface of your device (for example 192.168.200.1/24)
  3. Local Networks: - your local network addresses that should be routed through this gateway
  4. vGateway Internet IP - IP address with a netmask of internet-facing (WAN) interface, for example 1.2.3.4/24
  5. vGateway Default Route - IP address of your Internet gateway/router that allows access to the Internet, for example 1.2.3.1

Tip: To simplify testing, add IP addresses of all interfaces connected to your gateway as Local Networks (you can use /32 prefix for public interface). This will allow testing

Next Steps

When Gateway is ready you should configure the gateway device on your end to act as a gateway to the Acreto platform and pass traffic from your endpoints through the gateway device. connectivity from the gateway through Acreto using ping, traceroute, and similar tools.

When gateway device is created then verify Acreto secured connection.

Connect first Thing

Overview

We define a Thing as any individual compute device that belongs to an Ecosystem, including servers, desktops, laptops, tablets, smartphones, IoT devices, etc. Whenever you want to connect a new device, you can create a new Thing that will represent the device in your Ecosystem.

Note: To connect your local network instead of an individual device, you should create and provision a Gateway.

Add Thing to Acreto WEDGE

Before starting this process, you should make sure that you have an Acreto account with at least one Ecosystem added to your Profile.

To add a new Thing to Acreto:

  1. Log in to your Acreto account

  2. Identify and select which Ecosystem you’d like to connect your Thing.

  3. Click on the Things option in the left sidebar menu.

  4. Once your Thing panel opens, select the Add New Thing option.

  5. An Add Device window will appear, where you can enter information about the Thing that you want to add:

Configuration tab

  • Name - the human-readable name of the Thing that you want to add. For example, a “Front Door Security Camera.”
  • Category - the category of the Thing that helps you better understand its purpose (informational only). For example, “Physical Security.”
  • Operational Importance - a scale from 1-10 that lets you determine which Thing is a priority for your business. For example, a “1” is of minor importance and a “10” is critical.
  • Profile Group – enables you to group similar Things together to provide simple security policy management.

Descriptors tab

The Descriptors tab contains some optional informational fields that allow you to manage your Things with ease.

  • Description - this field should contain any additional information that describes your added Thing(s).
  • Location – this field allows you to save the geographical location of your Thing(s).
  1. After you complete the required form fields, click the Add button to save the Thing on Acreto. Your new Thing will now be visible on the Things list.

Next, let’s configure your Thing to connect to the Acreto platform.

Configure Thing

To learn how to configure your Thing(s) on a variety of platforms, please refer to the Acreto Connect documentation.

Please note: it’s recommended to test your connectivity from a different device than the one you use to manage your Ecosystem at https://wedge.acreto.net.

Configure a Security Policy for Connected Things

A security policy is a set of rules that manages the network traffic in an Ecosystem. These policies allow you to decide what traffic should be allowed from or into your added Thing(s) and which should be blocked or redirected.

Warning

Acreto follows a Zero-Trust approach. This means that all network traffic is blocked by default. To allow traffic to pass through your Ecosystem you must create some security policies, as described in the next article.

Create first security policy

Overview

In the previous step, you configured and connected your first Thing to your Ecosystem. Now, you need to create a security policy.

A security policy is a set of rules that manages network traffic in an Ecosystem. These policies allow you to decide what traffic should be allowed, inspected, or blocked.

Warning

Acreto follows a Zero-Trust approach. This means that all network traffic is blocked by default.

Security policy: Allow all

To allow communications to flow through an Ecosystem, you must define a set of security policies. Without a matching security policy, the traffic is blocked.

For testing purposes, we’ll guide you through the creation of an Allow all traffic security policy. To do this, you will complete an Add New Policy form as shown below.

Complete the form by entering the correct values:

  • Name - use a descriptive name so that others in your organization will know what this policy is for; in this case, Allow all.
  • Description – add a short description of the policy; in this case, Allow all outgoing traffic.
  • Source - choose the source where the traffic will come from; in this case, select your profile group.
  • Service - select a protocol (like TCP, UDP, ICMP) and destination port of the traffic; in this case, Any.
  • Application - choose the applications for which the policy applies; in this case, Any.
  • Destination - choose a target where the traffic should be directed; in this case, Any.
  • Action - allow/drop traffic when the conditions have been met; in this case, Allow.
  • Threat protection - decide whether you want to enable threat protection for the traffic; in this case, Marked.
  • Click on the Add button to save the configuration.
  • Once the new security policy has been added and is visible on the list, you must Commit your changes.

Before saving, the form should look like the image below :

Warning

Your changes will not be applied until you Commit them!

Now, any Thing in a selected Profile group (Source) should be able to securely connect to any destination.

Security Policy: Block Facebook Using Application Control

If you want to block Facebook from accessing your Ecosystem users, you should use the Application Control security policy. To create such a policy, fill out the Add New Policy form as shown below.

  • Name - use a descriptive name so that others in your organization will know what this policy is for; in this case, “Block facebook.com.”
  • Description – create a short description of the policy; in this case, Block all facebook.com traffic.
  • Source - choose the source from where the traffic will come; in this case, Any.
  • Service - select the protocol (TCP, UDP, ICMP) and destination port of the traffic; in this case, Any.
  • Application - choose the application(s) for which the policy applies; in this case, facebook-base and facebook-chat.
  • Destination – select a target where the traffic should go; in this case, Any.
  • Action - allow/drop traffic when the conditions have been met; in this case, Drop.

Click the Add button to save the configuration.

Once the new security policy has been added and is visible on the list, you must Commit your changes.

Warning

Your changes will not be applied until you commit them!

After committing your settings, any Facebook traffic now coming through the Ecosystem should be blocked.