Adding Server

Note: AppViewX SSH+ currently supports addition of only Linux servers.
To add a server:
  1. Go to (Menu) icon > SSH+ > Administration > Device Management.

    The Device::Server page is displayed.

  2. On the command bar, click + (Add) icon to add a new server.

    The Device::Server > Add page is displayed.

  3. Select Linux from the Vendors list.
  4. Enter the following details:
    Table 1. Field description for Device Details section
    Field Description
    Server details
    *Server type Select a server type. The values are Apache and Tomcat.
    *Server name Enter a unique name for the server. This helps you identify it easily.
    *IP address/FQDN Enter the IP address/FQDN.
    Data center Select a data center from the dropdown list.
    Communication mode Select SSH.
    *SSH Port By default, the port is 22. You can choose to enter a port number.
    Cert sync Select one of the options:
    • Managed: AppViewX connects to the customer’s server account and discovers host and user keys. These keys are added to the host and key inventory. Users with the relevant permissions can then perform the required keys-related actions.
    • Monitored: AppViewX connects to the customer’s server account and discovers host and user keys. These keys are added to the host and key inventory where the users are allowed to only view the keys.
    • Ignored: Certificate discovery is ignored.
    Note: The Cert sync option is applicable only if the CERT+ license is active; otherwise, it can be ignored.
    Credentials
    *Credential Type Select one of the options:
    • Manual entry: Enter the username and password.
    • Credential List - AppViewX: Select the credential details that are already stored in the credential inventory page.
    • SSH: Enter the username, browse and upload the identity key along with its passphrase.
    Service account credentials
    Username Enter the user name.
    Password Enter the password.
    Vendor Specific Details
    Access Elevation By default, the value is None. Select a value from the dropdown list.
    Discover Formats Enter a value to filter the formats to be discovered from the device. By default, all standard formats are discovered.
    Certificate details
    Certificate Directory Provide the directory from where the certificates must be discovered. By default, the system scans for certificates from all the directories.
    Scan type Select one of the options:
    • Default: The system scans for supported certificate formats such as pem, crt, cer, der, kdb, jks, p12, p7, pfx, and adds them to the certificate inventory.
    • Aggressive: The system scans for all keystore files with non-standard extensions.
    *Operation Select one the options:
    • Exclude: Disables the scan in the specified certificate directory.
    • Include: Enables the scan only in the specified certificate directory.
    Note: Fields indicated with red asterisk (*) symbol are mandatory.
  5. Scroll down to the SSH Details section. By default, the SSH Sync Enable toggle button is turned off.
  6. Click the SSH Sync Enable toggle button to enable SSH sync.
  7. Click Customise to modify the default settings.
  8. Enter the following fields:
    Table 2. Field description for SSH Details section
    Field Description
    *Inventory Action Select one of the options:
    • Do Not Move: To avoid the movement of newly discovered keys in the inventory.
    • Manage: To allow the system to manage the newly discovered keys, which are moved to the inventory with Managed status.
    • Monitor: To allow the system to monitor the newly discovered keys, which are moved to the inventory with Monitored status.
    *Discover Select one or both of the options:
    • User Keys: To discover user keys.
    • Host Keys: To discover host keys.
    Scan Type Select one of the options:
    • Default: The system scans the default ssh folders.
    • Full: The system scans the entire location. You can enter the files name/path that you want to exclude from the discovery for non-standard location.
    • Directory: The system performs default scan along with directory scan in the specified directory. Enter the file name/path you want to exclude/include for non-standard location.
    Note: Changing the scan type clears the File Path table.
    Recursive Scan This field is enabled if you select Default or Directory as your Scan Type and is applicable for file path.
    • For Default scan type, enable this toggle to perform a recursive scan of all user home directories.
    • For Directory scan type, by default, this toggle button is disabled, and only the specified top-level folder is scanned—nested directories are skipped. When enabled, the system recursively scans all subdirectories within the specified folder path for keys. This is applicable for file path.
    File Path This field appears if you select Fullor Directory as your Scan Type.

    Enter the file/s name/path that you want to exclude/include scan (only for directory scan) from the discovery for non-standard location.

    File path should always start with '/'.
    Operation This field appears if you select Full or Directory as your Scan Type.
    Select one of the options:
    • Exclude: Disables the scan in the file/s name/path location entered in File Path.
    • Include: Enables the scan only in the file/s name/path location entered in File Path.
    Note: Multiple folder/path entries can be entered for scan, which are displayed in the consecutive table with respect to File Path and Operation.
    For Full or Directory scan type, click Add. The File Path table is populated with the results.
    Intensive Scan This field is enabled if you select Default, Full, or Directory as your Scan Type.
    You can toggle Intensive Scan to scan the content of each and every file.
    Note: For the Default scan type, Intensive Scan can only be enabled if Recursive Scan is also enabled.
    *Host Compliance Group Groups with RW permission will be visible in the Host Compliance Group field.

    Select the required Host Compliance Group to which you want to map the discovered hosts and host keys. The discovered hosts and host keys are associated with the selected host compliance group.

    *Key Compliance Group Groups with RW permission will be visible in the Key Compliance Group field.

    Select the required Key Compliance Group to which you want to map the discovered keys. The discovered keys are associated with the selected key compliance group.

    The key group selection simplifies the grouping of the discovered keys and checks the discovered keys for key compliance. The keys are checked for compliance based on the policy of the key group it is associated with.
    *Application Infra access group Groups with RW permission will be visible in the Application Infra Access Group field. Only users with ACF permission can create an infra access group by entering a name in the text box and pressing Enter.

    Select the Application Infra Access Group(s) to which you want to map the onboarded host.

    Note: Fields indicated with red asterisk (*) symbol are mandatory.
  9. Click Save.

    The host is created and displayed in the host inventory.

    Note: Server inventory allows the addition of multiple vendors configured under the same hostname/IP, but only one hostname/IP is added in the SSH+ inventory to avoid duplication of SSH actions.
What to do next:
  • To add credentials to the server, see Adding Credentials.
  • To perform any of the actions such as export, import, manage, unmanage, or delete a server, or fetch configuration from a server, see Actions.