How to enable dedicated Accounts for multi-tenant operations in Capture Client
07/29/2021 0 2866
MSSPs typical manage endpoint security for their customers through global operations that span across all tenants. In Capture Client, Accounts enable global operations. This article provides more information on how Accounts work and how they are setup for SonicWall-qualified MSSPs.
The concept of Accounts was introduced in Capture Client 3.5. Accounts are containers of multiple tenants and they enable global operations using 3 major features - Account Scope of Operations, Account Dashboard and Policy Inheritance. Here is a quick reference to what these features offer. Please refer to https://www.sonicwall.com/support/technical-documentation/docs/capture_client-protecting_assets/Content/Scope-And-Policies/scopes-and-policies.htm/.
Account Scope of Operations
The Account Scope allows MSSPs to view all telemetry and perform actions across multiple tenants from within a single workflow in a single plane of operations. This includes the ability to investigate and respond to Threats, manage Devices, manage Policies and other operations typically available with Capture Client. This eliminates the need to have to monitor and perform actions for each tenant individually and delivers global visibility and control over all endpoints.
As part of the Account Scope, an Account Dashboard is also available that provides a high-level overview of key indicators for all managed tenants in the Account. These include infected endpoints, unresolved threats, vulnerable applications, content filtering activity and license usage. The Account Dashboard functions as the primary workspace for an MSSP technician.
Inheritance refers to the ability to configure a policy at a child scope to be automatically inherited from the policy of a parent scope. For example: If an MSSP has a baseline policy for Threat Protection, they can configure it at the Account level and enable inheritance for every new tenant they provision. If inheritance is enabled, any changes to the policy at the parent level are automatically propagated to child scopes. Inheritance propagates from Accounts to Tenants and from Tenants to Groups. And if inheritance is enabled at the Tenant and Group level, the account policy is effectively applied to the Group level.
How do customers get their own Account
Currently the Account scope is only available on-request for MSSPs who have completed or are in the process of completing the SonicWall MSSP Program onboarding process. To get started, please reach out to a Sonicwall Channel Sales representative with the MSW Accounts where customer Capture Client instances are registered, as well as MSW accounts of users who need to be designated as Account Administrators.
- As part of setting up an account, there will be a manual migration of selected tenants from the default SonicWall Account. The typical timeline to complete this activity is 5 working days
- To preserve policy integrity during this migration, policy inheritance will not be enabled at the Tenant level. This will need to be manually enabled after the Account is setup
- If you have co-managed customers whose Capture Client instances are registered in their accounts, please share these details as well.
- In case a customer would like to break away from the MSSPs account, a separate request will need to be made by the customer and approved by the MSSP.