Asset Onboarding modes in Xshield

Asset Onboarding is a process of bringing assets (workloads and user assets) under management from Xshield.

Onboarding assets in Xshield

In Xshield, Onboarding an asset involves installing the Xshield agent on the asset and registering the asset with the Xshield instance. Onboarding is deemed to complete only after an asset is successfully registered with the instance, that is, the asset's inventory details are seen on the Assets page.

Registration is automatic; however, you can set manual triggers for registration by manually selecting assets for registration or providing a reference list of assets that must be approved.

Onboarding modes

In Xshield, User assets can be onboarded in One of the Three Onboarding modes -  Auto Onboard Assets, Review and Onboard Assets, and Pre Approved Assets. The Onboarding modes define how and when the assets are registered with the instance after installing the agents on them.

You can switch Onboarding modes at any time, and the new mode applies to all the assets in the instance.

Mode - Auto Onboard Assets

This is the default mode for Onboarding assets on all instances (new and upgraded). In this mode, after agent installation, the assets are automatically registered. This is the traditional mode for onboarding assets.

Mode - Review and Onboard Assets

In this mode, assets are registered only you manually verify their basic inventory details (IP address, OS, MAC address, and hostname). After the agents are successfully installed on the assets, the following happens:

  1. Assets establish the initial connection with the instance; however, they are not active for management from Xshield. 

  2. Assets are listed on the Assets page but, they are not active for management from Xshield. The inventory details of these assets are listed in the Pending for Approval tab.

  3. Assets report connectivity with the instance at an extended interval of once every five minutes.

Approve or reject assets

You must do one of the following to clear the assets from the Assets > Pending for Approval page.

  • Approve - select and approve known assets. This registers the assets, and you will see active entries for the assets on the Assets page. This happens only after the assets report their connectivity. 

  • Reject - select and discard unwanted or unknown assets from the purview of management from Xshield. This decommissions the selected assets.  
Xshield automatically discards and decommissions assets that have been in the Pending for Approval state for 24 hours. When an admin approves or rejects the assets in the  Pending for approval page, the same action will be captured in the audit log for reference.

Mode - Pre Approved Assets

For high-volume agent deployments planned in the future, use the Pre Approved Assets mode to auto-approve assets by a reference list containing the assets' inventory details. You must upload a CSV file with the following inventory details - IP address, OS, MAC address, and hostname.

Xshield matches the assets' inventory details with that in the reference list when agents are installed on the assets and the assets establish the initial communication with the instance.

  • If the details match, the asset is registered. You will see an active entry for the asset on the Assets page.

  • If the details do not match any on the list, the asset is seen in the Pending for Approval tab. You must manually approve or reject (discard) the asset within 24 hours. Rejected assets are decommissioned.

You must provide all details as per the sample file:

"hostname","localMacaddress","ip","os"
"Nonmtlsubuntu","00:50:56:01:0d:b9","10.30.56.228",""16.04.6 LTS
"Win2016temp","00-50-56-01-12-30","10.30.57.171","Windows server 2016 standard"
"awadhwin","00-50-56-01-12-90","10.30.56.101","Windows 10 Pro"

Upload CSV reference list

If multiple CSV files are uploaded with duplicate entries across them, Xshield maintains a master reference list without duplicate entries. Also, the assets from the CSV files are displayed in the Pre-Approved tab.

  • When setting the mode to Pre Approved Assets, upload or more CSV files in the Upload File box.

Set Onboarding mode

Onboarding mode is an instance-level setting. You can switch Onboarding modes at any time. The new mode applies to all the assets ( Microsegmentation and User Access) in the process of being onboarded (Pending for Approval state) and the assets you want to onboard.

For example, changing the Onboarding mode from Review and Onboard Assets with some assets left for manual approval, to Pre Approved Assets with a CSV reference list of the leftover assets, automatically registers the assets.

  1. Go to Settings > Agent Download.

  2. Click Installation Details

  3. Click Edit in the Installation Options tab.

  4. Set the mode.

  5. (Optional) For Pre Approved Assets mode, upload one or more CSV files as the reference list.

  6. Click Save.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.