Getting Started with Baffle Advanced Data Protection

The following instructions will help you get started using Baffle Advanced Data Protection:

  1. Use a SSH client (e.g. Putty) to connect to Baffle Advanced Data Protection instance as the “baffle” user. Be sure to configure SSH to use key based authentication using the key you’ve used to launch the instance.
  2. If this is the first time you’re connecting to the instance after launching, the network configuration text UI is automatically launched to allow you to validate or reconfigure the network settings. In most cases, the network interface settings are set up correctly automatically, so you can use the arrow keys to select “Quit” and press enter.
  3. In a web browser, connect to the IP address of the Baffle Advanced Data Protection instance vial HTTPS. (e.g. https://34.205.2.233). Because the instance is bootstrapped with a self-signed certificate, you will receive an invalid CA warning. Select the browser option to “proceed”. (You will have the opportunity to upload and use your organization’s certificate later in the setup process.)
  4. You will be prompted to enter an initial password in order to gain access to setup the initial administrator account. This password is a randomly generated value and requires that you have access to the host running BaffleManager. To locate the password, go to the /opt/baffle/baffle-manager directory and view the initpass file. Enter the password in the password field in the browser and click the “Continue” button. (Note: if you reload the page, a different password will be generated)
  5. After entering the correct password, you’ll be prompted to enter the initial system setup information. Here, enter your organizations domain name, and formal name. All users must have this domain name as part of this email going forward. An example is show in the screenshot below:
  6. The next screen requires you to configure email settings. This allows BaffleManager to send email to provide notifications and for password resets. Enter the SMTP server to use as well as the credential to use to authentication to the SMTP server. Once again, an example is show in the screenshot below:
  7. The next screen prompts you to create the initial BaffleManager administrator. This administrator is used to bootstrap BaffleManager and create other administrators. Here, enter the email address of the administrator as the username, and fill out the rest of the information as show in the example below:
  8. The next screen allows you to upload a certificate for your organization signed by a well-known CA. This will eliminate the untrusted CA warning when browsers connect to BaffleManager. You can skip this step if you wish to continue using the self-signed certificate
  9. This should complete the initial setup process and bring you to the logon page. Enter the credentials for the administrator account you created to login and create other users and start enrolling applications and databases.