How To Set up MFA on Nexsan Unity

Hello everyone, and welcome to another. How To video. This one today is looking at setting up multi factor authentication on Nexsan Unity.

So quite lengthy topic. So I'm just going to go in there and get straight into it, actually. So so bear with me as I go through this. It's not complicated, but there are some steps and procedures that you need to go through. So if at any stage you're kind of struggling, if you're rolling this out yourself, it's a useful tool to have this video available. Feel free to skip backwards and forwards just so you can get to the bits that you need to but ultimately, let's think about, I mean, what multi factor authentication is doing for you in the first place? For me, it's really crucial. It's an important part of any kind of enhanced security offering.

There's lots of different forms of it, okay, if you think about one factor, for example, that's, that's adding a password, okay? But that could be, you know, bypass by, you know, a would be attacker or compromised in some way. So it's important to protect it with multi factor authentication. It's good for compliance requirements. It ticks a nice box in any kind of auditing criteria. It's also important to try and make this stuff kind of easy for the end user, such as just pushing a notification and you hit on ok and you're in. There's lots of different versions of it isn't if you think about some think about some laptops have got fingerprints, you know, biometric stuff, photo kind of recognition, or, you know, all kinds of different methods in order to protect the application or the kind of the solution that you're using. And all in all, this should reduce the risk of any data breaches.

Okay, so if any kind of bad actor does get onto the system, even if they try to get onto the GUI or even command line, for example, it will hit them with a prompt, but it won't hit them. That's the point, isn't it's going to hit someone else, and you can deny, okay, so they're not going to get access to your systems. Okay? So for me, it's crucial to implement it. I do strongly advise it, the last thing you want is someone to get into your solution and do any, any, any damage, as it were, okay, so, so for this Nexsan Unity currently supports duo, okay, for us, that's kind of best in class, very secure solution. You can download the app for it on both kind of Apple and Android as well, and just makes life easier, doesn't it? Because that's where it's going to kind of push the notifications and get you to log in.

Okay, so the first thing that you need to do is just head in to the website and sign up. Okay, so just signup.duo.com. Okay, enter all the details that they require on the screen. Hopefully you can see that so there's lots kind of information. Just fill that all in and then start my free trial. Okay, what will happen then, just in big green button, start my free trial. An email will get sent to you.

Okay. Now, what that does? It starts you on the free version. Okay, so there's a free trial version that lasts 30 days, okay, after that, it's simply converted to, you know, the kind of the production free version. Okay, so you don't have to pay for it. Nexsan's not asking you to pay any extra money for anything. But what that allows you to have is up to 10 users. Okay, so there are other accounts available. Okay, there's lots of different options. You may already be a user of duo, which is great. Okay, so you know, certainly know more about this topic than me, okay, but just to get you going free trial, and then you know, even if you forget about it, it's going to eventually just convert you to kind of the free version Anyway, okay, once you receive that email, go ahead and select verify your email. Pretty simple, okay, big green bar, and what you'll see is you'll see a message saying, just get started.

Okay, so what you'll need to do is you'll need to go ahead and enter in a password, okay, and that's that part pretty much done.

Okay? So then you move on to what we call Second factors. So here, all you need to do is select Continue, okay, and then you'll be hit by a pass key kind of page. And all you need to do there is click on Add pass key. Now for this example, what I did is I selected iPhone, iPad or Android, okay, so what you get them presented with is a QR code, okay. So once you've got that scanning the QR code using your kind of mobile device, and a pop up will appear, okay, and that pop up will say, pass key saved. Okay, this will allow the mobile device to use MFA to log into duo.

Okay, so at that point, go ahead and click on, okay, okay. Now what you'll see once you've gone and scanned everything in is it's time to set up the. Mobile app, right? So scan the QR code using the duo app again, then follow the prompts that come from the phone. Okay. So in this example, I selected kind of Duo Push, okay, and a prompt will be sent to your phone a three digit code, okay. So enter that in, and you'll be hit by, you know, a nice congratulations screen. Okay, so then what you need to do is just click on the continue to Duo admin panel, login, okay, and that will launch.

And as you can see, on the screen, there's lots that there's lots to look at. You know, feel free to explore as much as you like. But you can see where at the top it says, duo, try lends a month. That's fine, as I said earlier. It will just convert you to the free version, which is all good, okay, now for the next and unity part, what we need to do is we need to set up a Unix application. Okay, so on the left hand side the menus, you'll see application and then within applications, you'll see application catalog. Okay, once you go on to that, if you just start to type in the words Unix application. It will show you Unix application, as you can see on the screen. Okay, you've got this kind of two FA and all you need to do is click on the the Add button.

Okay, so the the Unix application screen will appear, okay? For application name, just enter next and unity, you know, something appropriate to the link. Yeah, he's going to link it to the storage system. Okay? If you've got multiple systems, just be just be clever with it. Okay? And then, once you've done that, the next bit is, it's crucial, okay, so make sure you change the user access from disable for all users to enable for all users. If you don't do this, it simply won't allow any users at all to access the unity, which kind of makes sense, right? Okay, so each time someone tries to log in, it will fail. So if you see that, it's worth just double checking this users, this users thing, and just making sure it says enable for all users. Okay, probably good idea. I suspect that's useful if you ever need to, like, you know, something happens. You know, something happens, you need to restrict all access to it.

Okay? And then as you scroll down, you'll see a section for for details. Okay, it's important to make a note of each one of those. Okay? Because when we set up duo on the Nexsan Unity, you'll be prompted for all of those keys. Okay, so scroll down to the very bottom and just simply select save. Okay. Now at the top of the Unix application, you will see add users.

This is the next step. Okay, so certain user IDs will be used to access Unity. Okay, so there's a standard set, but you might be adding your own. Okay, so these are the ideas that we need to lock down with. These are the IDs that we need to lock down with multi factor authentication. Okay. So in this example, what we going to use is the kind of the standard administration them user ID, which is NX admin.

Okay, that's the main user account by default. So we're going to use NX admin. Okay. You can add others. As I said, you just do it via users on the left hand side, okay. So what we're going to do is we're going to click on Add User. We're Add User the Add User screen repair. Okay, so enter the username is NX admin display name, NX admin email address. So, yeah, it's required.

It can be a generic kind of help desk address. I wouldn't suggest you really use someone's, you know, individual email address in case that member staff moves on whatever it may be. So just keep that as generic as you can. You can enter a last name, you know, first name, last name, it's it's not needed, okay. And then once you've done all that, just click on Add user at the bottom there. Okay, now the current NX admin user setting will be displayed and is listed as not enrolled, okay.

So then this example, I've used the, I've used the generate code option, okay, you can see the kind of the box. So if you click on generate code, what will happen is you'll get a URL, okay, and that will kind of lead you into the next bit, okay, so what that does is it kind of creates an enrollment code, okay, copy that. You'll need that, and then just follow the screen prompts. Just follow it on. You'll be asked again for the kind of the email address that you put in previously, and that code, okay. And then it will take you to basically add a device to Yeah, and take that option where it says Duo Mobile, add a device, take the Duo Mobile option.

Okay, here it's going to ask you for the phone number again. Just follow the prompt through nothing too difficult, okay, confirm everything's all correct. Okay. It will then prompt you to kind of download the Duo Mobile, which you've probably already done, to be honest, because I mentioned it right the very top of the of the How To video, okay, and just follow the prompts on the screen.

Again, pretty simple. The account name will be annex admin, and you'll need to kind of add that well, you'll see the new user added into the join mobile already. Use. Okay, so again, just add the security key, which we copied, and you'll get set up complete. Okay, nice and simple. It will make a lot more sense as you go through it. This is kind of a very clunky slide deck, really, to go through, but ultimately, it kind of hopefully point you in the right direction.

Okay, so you can add other devices. I didn't, okay? I've just done it for the one. Okay, so here, just double check the status. Okay, just make sure everything is active.

For obvious reasons, you know, if you disable you're going to switch it all off. So just make sure that's active. And then you're done. The duo part is done.

So first thing to mention is, please make sure that you're on the latest version of Unity firmware. Okay? So I could say something like, you know, that's version 7.3 but if you're watching this in six months time, it's probably different say, so just make sure I'm the latest version of the firmware. Okay, and all of this needs to be configured by the command line.

Okay, so, as you can see on the screen, just log on using putty, or a similar tool for SSH, and get yourself onto the unity as NX admin, okay? And then there's a few, well, there's a few things you can do. For example, if you were just to type in the word duo, it would give you a list of all the commands that are available to you for duo. Okay, a good place to start really, it's just to double check. Just do duo status, okay, that will tell you if anything's been configured, previously configured. You never know. You could be inheriting this system from another system admin, anything, right? So just duo status will tell you, as you can see on the screen, hopefully, that nothing has been configured yet.

Okay. Now, if you remember earlier, what we did when we went onto duo is we got ourselves these keys. Okay, so it's important that you had a copy, but if you haven't, you can go back in and grab them. That's fine. Not a problem at all. Just make you'll see all you've you've got them at hand, and then type in duo config. Okay, so duo config is going to prompt you for those keys and passcodes and things like that, and make sure you type them in. Now it will do this on the peer node. So whichever node you're on, you can say what node I want. It's going to do that first on node two. Okay, then it will ask you, okay, we've done that. Type yes, and then it will carry on and do it on the node that you're currently on.

Okay. The reason why it does that is when you then click on, yes, there it's going to kick you out of SSH. Okay, so it's going to close it all down, but that's fine. Just log yourself back on, okay, and then rerun that duo status command that we ran slightly different output. Now, okay, it knows that Joe is installed and configured. However, we haven't enabled it yet, and you can see that. So again, it tells you on both nodes, it's configured.

We're looking good, but we haven't enabled anything yet. That's fine. That's where we expect to be, okay. So now let's go ahead and enable it for a specific user. Okay, so if you do duo enable it, will do it for every user, okay, but if you want to pick out individual users, add that user at the end of the command. So duo enable NX admin, in this case, will enable that particular user. Okay? So once you've done that, you can test it. So then, if you just run duo test NX admin, it will send a prompt to your phone. You can log on, as I have, you know, I corrected it, and it goes, tada, amazing. You've done it all successfully.

Okay, so it's just to let you know you can, you know, set up individual users, test it, make sure everything is all good, everything's all okay, and you're in a good place. Okay. If whatever reason you need to disable it, you can, okay. So just use the Disable command. So duo disable. And again, if you just do duo disable, it will disable everyone. If you do duo disable, and it's admin, in this case, or the in the user of your choice, it will just disable that particular user. Okay, so pretty simple. I know that was a kind of a long HOW TO video, but hopefully it gives you everything that you need to to get you started. As I said, it's crucial. I think it's key, that you do deploy it. So please do, go ahead and do so, but that is it from me. So thank you very much for joining. I hope you found it useful, and I'll see you again next time.

Thank you very much.