INTRODUCTION
The Device Control feature, which is part of the Dualog Endpoint service, allows for easy management of connected devices across your fleet, including USB storage devices, printers and scanners, Bluetooth devices, CD/DVDs etc. This guide will show you how to enable the feature to allow or block connected devices according to your fleet policy.
The Device Control feature can be accessed from the Endpoint page on the Dualog Apps Portal, under the Configurations tab. It is important to note that Dualog Endpoint will only report information about connected devices for installations that have Device Control configured.
Before adding a new Device configuration, you should note that configurations can be either be assigned to a tag, or to specific installations on ships.
Tags
The Tags functionality, which can also be found on the same Configurations tab, allow you to group similar installations together to easier apply configurations. For example, you may have different device control policies for Master PCs vs Bridge PCs and want to configure them accordingly.
You can create a new tag by clicking on Create Tag, then adding a tag name and description.
Once your tag has been created, you may assign the tags to installations on your fleet by clicking on the tag you want to assign, then on Assign Tag.
Next, select the ships and installations you want to apply this tag to. You may choose to assign tags to individual installations or entire ships. All future installations assigned with tags will also have any configurations assigned to that tag apply.
Now that you understand how to create and assign tags, we’ll move on to talk about how to create a configuration.
Creating a Device Control Configuration
- Under the Device Control section, click on Create Control.
- You will now see the list of device types that you can choose to block.
- Click on the Enable Device Control toggle, and do the same for the devices you want to block
- Next, name your configuration and then click Continue.
- The next step is to assign the configuration to either a previously created tag or specific installations/ships. Once you have made your selection, click on Continue to save the configuration.
The newly created configuration will now be available in your list of configurations, where it can be edited further if needed. -
Important: When enabling the device control configuration on an installation for the first time, you will have to restart it for the configuration to properly take effect.
After restarting, you may verify that the configuration setting has applied to the selected installations by checking that the Device control option under Advanced setup of the onboard ESET settings has been toggled on. Additionally, you can see that it is being managed from shore if it is locked on the onboard installation.
If you later choose to delete a configuration that has been assigned to an installation, the device control settings will return to their previous local setting or default setting (depending on ESET version). - When creating a device control configuration, you have the option of adding allowed devices, which will bypass the configuration you have set. For example, you can choose to block all USB storage devices by default but allow selected approved USB drives connecting to the installation. This can be done by clicking on the Add Device button next to Allowed Devices.
There are two main methods for adding devices to be excluded from a device control configuration.
- You can add devices to be excluded manually entering these details on the Advanced tab, then to Add Device. Do note that you will need the information in the screenshot below to proceed. If you have a small number of vessels on your fleet or a small number of devices to exclude, this method is suitable. This will not be a feasible method if you do not have access to each device’s information beforehand, in which case you should use the next method.
- You can also set up the configuration so that devices are automatically detected and logged to show up on the Apps Portal. These devices will then show up for you to exclude from the configuration. This method is recommended if you are managing a fleet with many installations or if you will have many devices to manage exclusions for. To use this method, it is required that you have previously enabled a device control configuration and assigned it to either a tag or specific installations as per Steps 1-6 above. This makes any new devices connected after the first configuration available to add as devices to exclude.
This list of devices is available in the same Allowed Devices > Add Device section under the Basic tab. You may search for a specific ship or installation to filter the devices that have connected.Clicking on a device will automatically populate its details to be added as an excluded device, which you can then add by clicking on Add device.
Once you have added your allowed devices, click on Save to apply the changes.
Best Practices when setting up Device Control
Now that you understand how the Dualog Endpoint Device Control feature works, here are the best practices you should consider when configuring the feature for your fleet.
- Before creating any device control configurations, you should understand what your fleet requirements are in terms of:
- Your fleet policy when it comes to allowing or blocking specific types of devices such as USB storage devices, cameras, CD/DVD etc, and which computers these should apply to
- Whether or not the installations across each vessel on your fleet are the same
- Whether different configurations should apply to different groups of vessels on the fleet e.g. due to different owner requirements
Knowing the information above will be helpful in deciding how you configure your device control configurations in terms what devices to block, whether to assign configurations to tags, or whether it makes more sense in your case to assign them to ships instead.
It is also important that whether you choose to use tags or assign directly to installations/ships, each installation should only fall under one device control configuration to avoid any subsequent confusion. From a technical perspective, only the latest saved device control configuration will apply, but setting up initial configurations correctly will save you time further down the road.
- Once you have determined your requirements for each tag or group of installations, you should create the initial device control configuration and apply it to the selected installations. This step ensures that Endpoint begins to log all connected devices, whether or not they are blocked or allowed in the configuration. The logging makes these devices available to add as excluded devices as needed by editing and saving your configurations as covered earlier in this article.
- To minimise disruption to your fleet, it is recommended that you implement the device control feature gradually i.e. by applying it to selected tags or vessels and rolling out to the fleet progressively, rather than implementing a fleet-wide block off the bat.
Should you require any further information on how to use this feature, you may reach out to Dualog Support at support@dualog.com or reach out to your Dualog point of contact.
Comments
Article is closed for comments.