Please review this guide carefully. There are many important concepts covered here which will make your deployment of Silo successful.
The following topics are covered:
- Preparation for Silo Deployment
- Consider User Authentication Options
- User Management - Decide How to Add, Suspend and Delete Users
- Define Administrators
- Decide Whether to Lock Workstations to Corporate Accounts
- Org Planning and Popular Policy Settings
- Firewall and Proxy Integration with Silo
- Additional Resources
The following preparation checklist should be completed before installing Silo:
- Ensure that client machines meet the minimum requirements
- Review network settings to ensure Silo traffic is permitted
- Decide How to Distribute Silo
Ensure that client machines meet the minimum requirements
Review network settings to ensure Silo traffic is permittedAuthentic8 Silo operates through port 443; however, we use a proprietary cert configuration which does not interoperate with SSL Inspection. Authentic8 interprets conventional SSL inspection as a man in the middle attack and shuts down the connection.
Note: See the Logging and Reporting section below for detailed information on how to audit user and admin activities in Silo.
- SSL Inspection Verify that devices on which Silo is to be installed are whitelisted for SSL inspection on port 443 to the URLS listed on Details About Firewall Rules Needed for Silo Access.
- Network Requirements Please review the article on network requirements What are the minimum network requirements to use Silo and Toolbox?
Decide How to Distribute Silo
You can either install Silo on machines individually (easier for small organizations) or administer Silo installations centrally (easier for larger organizations). The standard installer (available at https://www.authentic8.com/get/), installs Silo directly in the users’ AppData directory (c:\Users\<username>\AppData\ in Windows or /Applications on a Macintosh). The standard installer lets users install Silo without administrator privileges. Once Silo is installed, Authentic8 can automatically push updates to end users.
If your organization requires a more centralized software distribution mechanism, follow the instructions at Instructions for Enterprise Install
- PIN Login Only Users can only access Silo by entering a PIN (default configuration).
- Deferred PIN Login Users can access limited Silo browser functionality without entering a PIN. To save a website credential, bookmark, or access apps, users must authenticate using their PIN. See Deferred PIN for details.
- SAML-based SSO Authentication is performed using the customer’s SAML enabled IdP infrastructure. See SAML SSO for Silo Access for details.
- Manually, using Silo’s Admin Console. See How to Manually Add Users for details.
- Template-driven CSV upload (upload only) (Download Template) See How to Import Users via CSV for details.
- Programmatically, using Authentic8’s Active Directory Sync utility. This synchronizes select parts of your AD with Authentic8 enabling you to manage user accounts in Silo based on AD OU structure, Group membership, or any other parameter desired. See Active Directory Sync Tool for details
Granular Admin Controls.
Decide Whether to Lock Workstations to Corporate Accounts (Highly Recommended)Administrators can control or lock specific workstations to Silo organizations using Machine Lock Control. This is useful for organizations which allow Silo on their organization controlled workstations, but do not want their users to log into their personal Silo accounts from those same workstations. Learn more about the Machine Lock Control feature on the Machine Lock Control page.
Authentic8 enables you to set policies that produce different experiences for different groups of users. User groups/orgs are created in the Admin Console and users are synchronized to those groups. Usually this matches your active directory grouping and can be synchronized directly by using the Active Directory Sync ToolAdministrators use the Silo Admin Console to define the policies that will impact their users. While there are many policies to consider for each user group, here are the recommended ones to consider during your Silo deployment:
- Web Access policies to control URL filtering and to control what web content users can access during their Silo session
- Data Transfer policies to control how a user can interact with data and their local device
- Password Saving decide whether a user can save passwords in Silo
- Session Timeout duration of inactivity before Silo closes down
- Cloud Storage Options ability to save data to cloud storage
- Silo Access Portal custom-branded Silo browsing experience
Web Access (URL Filtering)Web Access provides administrators with a collection of policies to control which sites users can access during their Silo session. These tools, located in the Admin Console, can be used to enforce HR policies and limit users’ access to restricted and potentially dangerous websites. Web Access is made up of four policies:
- Browser Configuration Allows broad control over the open or closed nature of the Silo browser
- Category Filtering Allow/Block categories to control users’ website access
- Domain Filtering Whitelist/blacklist specific domains
- Block Content Notification Customize the notification that users see when a block occurs
Learn more about Web Access at Web Access (URL Filtering)
Data Transfer Policies
- File Upload/Download Decide whether users can upload and/or download files to their local desktop
- Printing Decide whether to allow users to print. Print From Silo
- Clipboard Controls Decide whether to allow users to copy content from Silo to the local clipboard and/or from the local clipboard to Silo. Clipboard Controls
Password SavingAdministrators can control whether or not their users are able to save passwords within Silo. If users are given access to save passwords, they can create web app shortcuts. Web App Shortcuts are user configured shortcuts that have saved user credentials tied to them.
Learn more about Password Saving at Password Saving Control
Learn more about Web App Shortcuts at Web App Shortcuts & How Do I Create My Own Apps?
Session TimeoutSpecifies the number of minutes that a Silo session can remain idle before the session is terminated. The default is 30 minutes. The maximum setting is 240 minutes
Choose Authentic8 Cloud Secure Storage OptionsCloud Storage allows users to store data either temporarily or permanently in Authentic8’s Cloud Secure Storage. This data can either be for personal use or the data store can be set up as a collaboration space where many users can share the same files
Note: Pooled Storage and Per User storage require additional licensing
- Per User Storage available to a single user only and cannot be shared with other users.
- Pooled Storage (Shared Cloud Drive) can be assigned to different sets of users. Pooled Storage can be created with different read/write permissions as well as data retention periods.
- Temporary Storage temporary drive that lives for the duration of a session.Temporary Storage is enabled by default, but can be disabled by admins, as required.
Learn more about Cloud Storage at Authentic8 Cloud Secure Storage
Silo Access PortalThe Authentic8 Silo Access Portal extends the feature set of Silo by giving you an easy way to launch the Silo secure browser directly from an Authentic8 hosted page which you can bookmark in your traditional browser. When configured properly, if a user navigates to the Silo Access Portal and executes an internet search, enters a URL, or presses a preconfigured webapp shortcut icon, the search, URL, or the shortcut execution will be initiated in Silo. Silo Access Portal User Guide
Firewall and Proxy Integration with Silo
When Silo is installed on the local device, a handler for A8:// and A8s:// formatted links are registered allowing specifically formatted URLs to be rendered within Silo when launched from the local browser. When a user clicks or types a link starting with A8:// or A8s:// Silo launches (if it is not running), and renders the page within Silo. This behavior is called Silo Direct Launch.
Silo Direct Launch can also be used by your firewall to redirect traffic that may be blocked or uncategorized into the Silo browser. For example, your organization may have decided not to allow facebook.com on the local browser. In this case, it should be possible to generate a custom error page (or auto-forward page) which directs the user to a8s://facebook.com which would then send the user's request to Silo where Facebook would be rendered. Please check with Authentic8 support if you need help with your specific firewall of proxy since we have some technical resources which may be of use to you.
Learn more about Silo Direct Launch at Opening a web page directly in Silo:
Reporting and Logging Information
Built-in ReportingBy default, Authentic8 logs information from user sessions, and makes summary information available to administrators through the Admin Console. Summary data available includes:
- Number of Users
- Top 5 sites accessed
- Total number of sites
- Top Users
Enhanced Reporting Using the Log APIIn addition to the summary data available through the Admin Console, a rich data set is available via the Authentic8 Log API. You can query the logs programmatically for much richer queries, and to feed to other tools at your discretion.
Learn more about logging here: Authentic8 API Reference Guide.
Authentic8 retains logged data for 90 days. Authentic8 can assist with analysis and can offer support for querying logged data.
Log EncryptionYou may elect to encrypt user session logging. This provides considerably greater fidelity of activity in logged data and provided added security to your end users' activities. Log Encryption
Note: Some customers choose to encrypt logs and not save the private key. This has the net effect of making your users’ browsing activities completely private since not even Authentic8 employees would be able to view the log data.
The Feature Information page includes a list of Silo features, with links to documentation and video help presentations.
The A8 Project Plan Template can assist in deploying your Silo project and configuring Silo policies.
If you need technical support, please submit a ticket to the support team here: Customer Support