1. Code42 Support
  2. Incydr
  3. Incydr administration
  4. Configuring

Configure Code42 for use with Amazon WorkSpaces

Updated

Overview

Code42 supports Amazon WorkSpaces that run one of the currently supported Windows or Ubuntu operating systems. To monitor these Amazon WorkSpaces, some additional configuration is required. This article identifies system and networking requirements for Amazon WorkSpaces and has the steps you need to take to configure Code42 to monitor them.

Considerations

Code42 Developer Portal
See the Code42 Developer Portal for more API documentation and resources. The portal provides:

Use the Code42 Developer Portal for your API needs as much as possible. APIs in the portal are the preferred way to integrate with Code42 for Incydr users. If you use Code42 APIs that do not appear on the Code42 Developer Portal, contact our Technical Support Engineers for guidance on the best way to integrate with Code42. 

Before you begin

Verify that your WorkSpaces meet Amazon and Code42 system and networking requirements.

Group Amazon WorkSpace users into their own organization

After verifying system and networking requirements, create a new organization for Amazon WorkSpaces users, and then move those users into that organization. By grouping Amazon WorkSpaces users into their own organization, you can configure File Metadata Collection and backup file selection settings for that organization only, without affecting settings for existing users with physical endpoints.

For details on how to create a child organization and add users to it, see these articles:

Adding Amazon WorkSpaces users to existing organizations impacts current settings
You can choose to add Amazon WorkSpaces users to your existing organization structure. However, keep in mind that if you do so, the configuration steps below to update the File Metadata Collection file paths and backup file selection for Amazon WorkSpaces users also affects your existing users and devices.

This may result in unexpected file event reporting or unnecessary (or unwanted) backups of files on any D:\ drives that currently exist on users' physical Windows devices, or the user's home directory on Ubuntu devices.

Update File Metadata Collection file paths

Because Amazaon WorkSpaces store user files in slightly different locations than on a physical endpoint, you must configure the organization containing these users to monitor different file paths than the rest of your organizations and devices. This is a two-step process:

  1. Locate the OrgID of the organization containing your Amazon WorkSpaces users in the Code42 console.
  2. Use that OrgID in a Code42 API command to modify the file paths watched by Code42's File Metadata Collection for that organization.

Step 1: Locate the numeric OrgID

  1. Sign in to the Code42 console.
  2. Select Administration > Environment > Organizations.
  3. Select Export.
    The list of organizations is downloaded to your device as a CSV file.
  4. Open the downloaded CSV and locate the applicable organization.
  5. Note the numeric ID in the orgID column.

Step 2: Modify the File Metadata Collection file paths

Windows

Run the following command to add the D:\ drive to the file paths watched by Code42's File Metadata Collection. See the Command details section below for more specifics.

curl -X PUT \
    '<RequestURL>/api/v1/OrgSettings/<OrgID>' \ -H 'Authorization: Bearer <auth_token>' \ -H 'cache-control: no-cache' \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -d '{ "packets": [ { "key": "device_fileForensics_watchPaths_included", "value": [ "'\'':main'\''", "'\''D:'\''" ], "locked": true } ] }'

Ubuntu

Run the following command to exclude the /volumes/user/home/ directory from the file paths watched by Code42's File Metadata Collection. On some Ubuntu VDIs, /volumes/user/home/ is a hard link to /home, so duplicate file events can be created for file activity in the user's home directory if it is not excluded. Note: File activity in the /home directory is still monitored even after excluding /volumes/user/home/

See the Command details section below for more specifics.

curl -X PUT \
    '<RequestURL>/api/v1/OrgSettings/<OrgID>' \ -H 'Authorization: Bearer <auth_token>' \ -H 'cache-control: no-cache' \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -d '{ "packets": [ { "key": "device_fileForensics_watchPaths_excluded", "value": [ "'\'/volumes/user/home/\''" ], "locked": true } ] }'

Command details

Applies to both Windows and Ubuntu

In the examples above:

  • Replace <requestURL> with the address of your Code42 environment (do not include the brackets in your request).
    • United States:
      • If you sign in to the Code42 console at https://console.us.code42.com (US1), use: 
        https://console.us.code42.com
      • If you sign in to the Code42 console at https://console.us2.code42.com (US2), use:
        https://console.us2.code42.com
      • If you sign in to the Code42 console for the Code42 federal environment at https://console.gov.code42.com (US3), use: 
        https://console.gov.code42.com
    • Ireland:
      • If you sign in to the Code42 console at https://console.ie.code42.com (EU1), use: 
        https://console.ie.code42.com
  • Replace <OrgID> with the numeric identifier of the new organization, identified in Step 1.
  • Replace <auth_token> with an authentication token.

Execute the curl command in your command-line tool of choice. When prompted, enter your password. This command does not return any messages if it executes successfully, but will notify you if any errors occur.

Verify the File Metadata Collection file paths

To verify that the new path was added correctly, run this command, using the correct address, organization ID, and token (as above). When prompted, enter your password. 

Note: The command below is for Windows. For Ubuntu, use the key device_fileForensics_watchPaths_excluded.

curl -X GET \
  '<requestURL>/api/v1/OrgSettings/<OrgID>?keys=device_fileForensics_watchPaths_included' \ -H 'cache-control: no-cache' \ -H 'content-type: application/json' \ -H 'Authorization: Bearer <auth_token>'

The results show the locations included in the File Metadata Collection file paths. In the example below, the included locations are :main (\u0027:main\u0027) and D:\ (\u0027D:\u0027).

{"metadata":{"timestamp":"2021-04-07T14:28:56.833Z","params":{"keys":"device_fileForensics_watchPaths_included"}},"data":{"device_fileForensics_watchPaths_included":{"scope":"ORG","value":"[\u0027:main\u0027, \u0027D:\u0027]","locked":true,"id": 123456}}}C02Z

Add the D:\ drive to the backup file selection

Required for Incydr Basic, Advanced, and Gov F1 only; not applicable to Incydr Professional, Enterprise, Horizon, and Gov F2

To preserve files that users create on their Amazon WorkSpace virtual machines, add the D:\ drive to the backup file selection.

  1. Sign in to the Code42 console.
  2. Select Administration > Environment > Organizations.
  3. Select the organization that contains your Amazon WorkSpaces users.
  4. Select action menu > Device Backup Defaults.
  5. Select the Backup tab.
  6. If needed, unlock the File selection settings on the Backup tab.
  7. Enter D:\Users\ in the Included files box and click Add Add icon.
    The new path is added to the Included files list. Add the D:\Users\ directory to the backup file selection, or customize as needed for your organization.
  8. Click Push setting to devices Push setting icon to update the backup file selection on endpoints.
  9. If needed, lock the File selection settings again to prevent changes.
  10. Click Save.