&nbsp;<h3>Overview</h3>The purpose of this document is to fulfill your requirements by applying a systematic approach to know how and when to use the necessary tools within SITE Support Portal.<h3>Access to SITE Support</h3><pre><code class="language-plaintext"> 1.1: Support Website can be accessed through this link: https://support.cloud.site.sa 
</code></pre>1.2: After Accessing the website click on “Clients”. <img src="https://cms.cloud.site.sa/docs/uploads/figure_2_0_373d219a9c.png" alt="figure(2.0).png">1.3: Insert your credentials “Email and Password”<img src="https://cms.cloud.site.sa/docs/uploads/figure_2_1_fcaafefdd2.png" alt="figure(2.1).png">1.4: Click on Registration, and scan the code to enroll in using any authenticator app.(Ensure that the registration process only happens at the first time you log in)<img src="https://cms.cloud.site.sa/docs/uploads/figure_2_2_7a5c8076ca.jpg" alt="figure(2.2).jpg">1.5: Scan the code.<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/scancodesupport_707f9d0b6f.png"></figure>&nbsp;1.6: Enter the code.<img src="https://cms.cloud.site.sa/docs/uploads/figure_2_4_a7d3e7f90f.jpg" alt="figure(2.4).jpg"><h3>Support Portal Guidliness</h3>After registration and enrolling in 2FA, you can access the main page for the support portal.<img src="https://cms.cloud.site.sa/docs/uploads/figure_3_0_7f7c3ca613.png" alt="figure(3.0).png">In the center of the page, you will see the above four options:• View All Requests: which you will be able to see all opened &amp; closed tickets.• Service Request: Which you will be able to request a service.• Report an Incident: Which you will be able to report an incident.• Service Release Request: If you need to publish a new service for eg; Website.2.0: When you click on “Service Request” you will be able to see the below form where you have to fill all the required fields then click “Create” to post your request.<img src="https://cms.cloud.site.sa/docs/uploads/figure_3_1_f1a64a47c4.png" alt="figure(3.1).png">2.1: When you click on “Report an Incident” you will be able to see the below form where you have to fill all the required fields then click “Create” to post your request.<blockquote>Please consult the SITE Incident Priority Figure located at the bottom of the page to determine the priority level of your incident.</blockquote><img src="https://cms.cloud.site.sa/docs/uploads/figure_3_2_4fdabe8307.png" alt="figure(3.2).png">2.2: When you click on “Service Release Request” you will be able to see the below form where you have to fill all the required fields then click “Create” to post your request.<img src="https://cms.cloud.site.sa/docs/uploads/figure_3_3_7e9409002c.png" alt="figure(3.3).png">2.3: After submitting your request, you can view all of your requests by clicking on the “View All Requests” button.<img src="https://cms.cloud.site.sa/docs/uploads/3_4_mt_27d071c0c6.png" alt="3.4-mt.png">2.4: Select the specific request you wish to modify or add a comment to.<img src="https://cms.cloud.site.sa/docs/uploads/3_5_mt_6a1daf47de.png" alt="3.5-mt.png">Incident Priority<img src="https://cms.cloud.site.sa/docs/uploads/figure_4_0_52b5bd1c2a.png" alt="figure(4.0).png">SLA (Response Time)<img src="https://cms.cloud.site.sa/docs/uploads/figure_4_1_26a38fd671.png" alt="figure(4.1).png">

Seek the support you need to effectively run your environment

Support

Support - User Manual

1- In windows start, search for "Control Panel", then click on "Control Panel". 2- In the search bar, type "Mail", then click on "Mail".<img src="https://cms.cloud.site.sa/docs/uploads/CP_Mail_f0a952d895.PNG" alt="CP-Mail.PNG">3- In following pop-up, click "Show Profiles...".<img src="https://cms.cloud.site.sa/docs/uploads/Show_Prof_46806113ef.PNG" alt="Show-Prof.PNG">4- In the following pop-up, click "Add" to create a new email profile.<img src="https://cms.cloud.site.sa/docs/uploads/Mail_Add_f53954df88.PNG" alt="Mail_Add.PNG">5- Name your profile, then click "OK".<img src="https://cms.cloud.site.sa/docs/uploads/Prof_Name_4f3f1a01f9.PNG" alt="Prof-Name.PNG">6- You will be asked for your name, email address, your password, and a password confirmation. Fill in the information, then click "Next&gt;".<img src="https://cms.cloud.site.sa/docs/uploads/Add_Acc_b7268dccba.PNG" alt="Add-Acc.PNG">7- Auto Discover will find your server settings and auto connect you to your mailbox. Once the mailbox has been linked, you may be asked to confirm your settings again. It is recommended that you check the box labeled "Save this password in your password list" otherwise you will be asked to provide your password whenever you open Microsoft applications. Then, click "OK".<img src="https://cms.cloud.site.sa/docs/uploads/re_Add_Acc_ca5a90bbc4.PNG" alt="re_Add-Acc.PNG">8- Click "Finish" once the account has been setup.<img src="https://cms.cloud.site.sa/docs/uploads/confirm_5e07dbf80f.PNG" alt="confirm.PNG">

Email Service

Configure a New Outlook Profile

1- Go to "https://reset.cloud.site.sa" in your browser.2- Enter a valid email, then press "Submit".&nbsp;<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/1_6a33181863.PNG"></figure>&nbsp;3- Enter the OTP you received, and the new password, then press "Submit". &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/2_2d69c67b6e.PNG"></figure>Congratulations!! Your password has been reset!<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/3_2a03ebe5a0.jpg"></figure>&nbsp;

Self-provisioning portal that allows users to independently and efficiently manage and configure various resources, services, or features without the need for manual intervention from administrators or support teams

My Cloud Portal

User Reset Password

<h2>What is SITE Authenticator?</h2>SITE Authenticator is a two-factor authentication (2FA) app developed by SITE. It provides an additional layer of security for online accounts by generating time-based one-time passwords (TOTPs). Users link their accounts to the app, and when they log in, they must enter the current TOTP along with their regular password. This adds an extra level of verification beyond just a password, making it harder for unauthorized individuals to access accounts even if they know the password.<h4>Guided Steps for using SITE Authenticator:</h4>1- Search for SITE Authenticator and download it. It’s available on iOS and Android or you can use the below links.iOS: <a href="https://apps.apple.com/sa/app/site-authenticator/id1580913822" target="_blank" rel="noopener noreferrer">Download Here</a> &nbsp;Android: <a href="https://play.google.com/store/apps/details?id=com.site.cloud.authenticator" target="_blank" rel="noopener noreferrer">Download Here</a><img src="https://cms.cloud.site.sa/docs/uploads/1_de03548902.jpg" alt="1.jpg">2- You can Set your PIN code or Login with Biometrics.<img src="https://cms.cloud.site.sa/docs/uploads/2_15b1c6441d.jpg" alt="2.jpg">3- This is the interface, and from the plus sign, you can either scan QR codes, select a QR code or add a key manually.<img src="https://cms.cloud.site.sa/docs/uploads/3_4f92228859.jpg" alt="3.jpg"> <img src="https://cms.cloud.site.sa/docs/uploads/4444jpg_4b638b277c.jpg" alt="4444jpg.jpg">4- The following example is added manually.<img src="https://cms.cloud.site.sa/docs/uploads/55_2536cc7d76.jpg" alt="55.jpg"><img src="https://cms.cloud.site.sa/docs/uploads/66_732e16b067.jpg" alt="66.jpg">The code will re-generate every 30 seconds.<img src="https://cms.cloud.site.sa/docs/uploads/77_f732336033.jpg" alt="77.jpg">

SITE Authenticator

Embrace Comprehensive Compliance Controls with SITE Cloud SITE Cloud supports numerous security standards and compliance certifications, such as ISO 27001, ISO 27017, ISO 27018, and CSA. We help clients meet compliance requirements.<h4>Benefits of Compliance on SITE Cloud</h4>Third-Party Validation for Global Requirements SITE Cloud frequently undergoes third-party validation for thousands of global compliance requirements. Our service helps you meet security and compliance standards for various sectors, such as government.Inherit Latest Security Controls These controls enhance your compliance and certification programs. You also gain access to tools that reduce your cost and time to meet your specific security assurance requirements.<h4>Compliance is a Shared Responsibility</h4>Security and Compliance is a shared responsibility between SITE Cloud and the client. This shared model can help relieve the client’s operational burden as SITE Cloud operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The client assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the SITE provided security firewall.Check the Responsibility matrix to learn more.<h4>Achieving Your Compliance Goals on SITE Cloud</h4>Data Privacy SITE Cloud gives clients ownership and control over their client content by design through simple, but powerful tools that allow clients to determine where their client content will be stored, secure their customer content in transit or at rest, and manage access to SITE services and resources.Compliance Resources SITE Cloud provides information about its compliance programs to help clients incorporate SITE Cloud controls into their governance framework. This information can assist clients in documenting a complete control and governance framework with SITE Cloud included as an important part of that framework.

SITE Cloud Compliance

<h4>Overview:</h4>SITE Cloud offers a comprehensive range of security measures to ensure the protection and integrity of your environment. Our cloud security solutions are designed to meet regulatory compliance requirements and provide continuous edge-to-edge protection. With SITE Cloud, you can trust in our commitment to security and innovation.<h4>Embedded Security at Every Step:</h4>At SITE Cloud, security is embedded at every step of your cloud journey. We understand the importance of protecting your data throughout its lifecycle. Our comprehensive security measures ensure that your data remains secure in all phases - from development to deployment. Trust SITE Cloud to provide you with the highest level of security at every step of the way.<h4>Supportive Regulatory Management Tools:</h4>SITE Cloud empowers you with supportive regulatory management tools to control your cloud environment. Stay ahead of compliance regulations and ensure your enterprise operates in a secure and compliant manner with SITE Cloud.<h4>Data Centers:</h4>SITE Cloud offers a choices for where and how your data and workloads should run. Our data centers are located to provide optimal performance, scalability, and redundancy. Choose the data center that best suits your needs and enjoy the flexibility and reliability of SITE Cloud's infrastructure.<h4>Secure Your Cloud:</h4>Customize your SITE Cloud experience to fit your unique business needs. Contact our expert team here to explore how SITE Cloud can enhance your security posture and provide the peace of mind you need to focus on your core business objectives. Trust SITE Cloud to secure your cloud environment and safeguard your valuable data and applications.

SITE Cloud Security 

This Privacy Notice describes how we collect and use your personal information in relation to SITE Cloud Services. This Privacy Notice does not apply to the “content” processed, stored, or hosted by our clients using SITE Cloud offerings.Personal Information We Collect your personal information in the course of providing SITE Cloud Offerings to you. Here are the types of information we gather:<ul><li>Information You Give Us: We collect any information you provide in relation to SITE Cloud Offerings.</li><li>Automatic Information: We automatically collect certain types of information when you interact with SITE Cloud portals.</li></ul>How We Use Personal Information SITE uses the information and data collected from the Website to provide a safe, efficient and better user experience. Below are details of how the information and data are used:<ul><li>Managing Website Services: information and data collected are to measure and improve those services and features, and to provide Visitors with the necessary customer support.</li><li>Countering Illegal Activities: information and data collected is used to prevent potentially illegal activities and to enforce the terms and conditions herein. A variety of technological systems are also utilized to detect and address anomalous activities and screen content to prevent abuse, such as spam. These efforts may, on occasion, result in temporary or permanent suspension or termination of some aspects of the relevant Website for some Visitors.</li><li>Contacting Visitors: information and data collected may be used to contact Visitors with service-related announcements from time to time. Visitors may, however, opt out of all communications except for essential updates.</li></ul>Cookies Cookies are electronic placeholders that are placed on users' computers by websites and are commonly used as anonymous unique user identifiers to track the individual activity on their website over time. Cookies used by SITE are session-based and therefore last only for the duration of the Visitor's session and are used on the Website to keep track of Visitor sessions to balance between the Web Servers during usage of this Website. Cookies do not contain information or data that may identify a Visitor, as no Personally Identifiable Information (PII) about any user generally, and any Visitor specifically, is stored by them. Occasionally, SITE will make use of persistent cookies. A persistent cookie provides information about an ongoing session a Visitor is engaged in and is temporarily stored on such Visitor's hard drive until the following visit. This provides SITE with useful information, including Visitor behavior, enabling it to recognize frequent Visitors and to facilitate Visitors' access to and use of the Website, allowing SITE to make content improvements. Such cookies are used for this purpose only, and are not used to identify Visitors or to track their usage of other websites.Sharing Personal Information Information about our clients is an important part of our business, and we are not in the business of selling our client’s personal information to others. We don't share personal information with any third parties.Location of Personal Information SITE Cloud Services is located in Saudi Arabia. The client's personal information is stored in or accessed from Saudi Arabia. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this SITE Privacy policy and as permitted by Saudi data protection laws.How We Secure Information At SITE Cloud, security is our highest priority. We design our systems with security and privacy in mind.<ul><li>We maintain a wide variety of compliance programs that validate our security controls.</li><li>We protect the security of your information during transmission to or from SITE Cloud services, portals or applications by using encryption protocols and software.</li><li>We maintain procedural safeguards in connection with the disclosure of personal information. Our security procedures mean we may request approval from the client's business owner before disclosing personal information.</li></ul>Access and Choice The client can view, update, and delete certain information about their contact information to interact with SITE Cloud Offerings by contacting SITE Cloud Support atThird-Party Sites and Services SITE Cloud services and offerings do not utilize any third-party embedded content or include links to other websites and applications.Retention of Personal Information SITE Cloud keeps the client's information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law. We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice unless a longer retention period is required or permitted by law (such as VAT, accounting, or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than six (6) months past the termination of the contract.When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.Contacts, Notices, and Revisions If you have any concerns about privacy at SITE Cloud, please with a thorough description, OR send us an email at and we will try to resolve the issue for you.

Privacy Notice

1- Enter your organization email and password in the specified blanks, then press on Sign in.<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/1_1_27f82a1a5b.PNG"></figure>2- On “Configuration Options”, press the Registration button.&nbsp;<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/2_1_9f1867fa46.PNG"></figure>3- On “ Enroll Authenticator App”, press Continue<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/3_22cb44f136.PNG"></figure>&nbsp;4- On “Enroll Authenticator App”, Download SITE Authenticator on your phone, then press Continue<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/4_4727667a3e.PNG"></figure>5- Use SITE Authenticator to capture the QR code, then press Continue<figure class="image image_resized" style="width:49.71%;"><img src="https://cms.cloud.site.sa/docs/uploads/tempsnip_e04d281d42.png"></figure>6- Enter the 6-Digit code from SITE Authenticator app, then press Verify&nbsp;<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/6_30fdccba3c.PNG"></figure>&nbsp;7- Congratulations! You are now registered, press Finish<figure class="image image-style-align-center image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/7_dd01ce2924.PNG"></figure>

MFA Registration 

<h3>Subnets Overview&nbsp;</h3>&nbsp;Subnets play a crucial role in modern network architecture for two fundamental reasons, Organization and security.&nbsp;By breaking down larger networks into smaller, manageable segments, subnets enhance resource management and simplify administration.&nbsp; &nbsp;<h3>Subnet Manual</h3>1- Login into My.cloud.site.sa Access the Subnets section from the left sidebar under Networking&nbsp;<figure class="image image-style-align-center image_resized" style="width:24.21%;"><img src="https://cms.cloud.site.sa/docs/uploads/subnets_a8e9afee2a.jpg"></figure>2- Move to the right sidebar and click on the create button.<figure class="image image_resized" style="width:25.1%;"><img src="https://cms.cloud.site.sa/docs/uploads/networking_0476cf8b12.jpg"></figure>3- Choose the Business Group (BG) for which you intend to establish a subnet.&nbsp;Select your Virtual Private Cloud (VPC): SSA or HSA.Provide a Name for the subnet.Specify the Network in the format (e.g., 192.168.0.0/24) that you wish to allocate.Set the Gateway for the subnet.&nbsp;Define the DNS suffix, which denotes the domain name (e.g., "google.com").Assign your DNS server, for example, 8.8.8.8.

Subnets 

This manual will guide you through the process of setting up TinyProxy on a Ubuntu Virtual Machine (VM) that resides in the SSA (Standard Security Assurance) zone of your tenant. The purpose of this setup is to provide controlled internet access for VMs in the HSA (High Security Assurance) zone that cannot reach the internet directly. By using TinyProxy, you can securely manage and monitor internet access for these VMs.<h3>Getting Started</h3><h4>Prerequisites</h4>Before you begin, make sure you have the following:<ul><li>A Ubuntu 20.04 VM running in the SSA zone, and has access to the internet on ports 80/443/53.</li><li>SSH access to the Ubuntu VM with administrative privileges.</li><li>Basic knowledge of Linux command-line operations.</li></ul><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_194744_208ff983af.png" alt="Screenshot 2023-08-17 194744.png"><h4>Steps</h4><h4>1. Update the System</h4>Log in to your Ubuntu VM via SSH and ensure your system is up-to-date:<pre><code class="language-plaintext">sudo apt update
</code></pre><h4>2. Install TinyProxy</h4>Install the TinyProxy package using the following command:<pre><code class="language-plaintext">sudo apt install tinyproxy
</code></pre><h4>3. Configure TinyProxy</h4>Edit the TinyProxy configuration file to customize the settings:<pre><code class="language-plaintext">sudo nano /etc/tinyproxy/tinyproxy.conf
</code></pre>Modify the configuration as follows:<ul><li>Port - Set the port on which TinyProxy will listen (e.g., 3128).</li><li>Allow - Configure the IP addresses or ranges that are allowed to use the proxy (e.g., Allow 0.0.0.0/0).</li><li>Anonymous - Disable anonymous access.</li></ul><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_203213_6d5c49d239.png" alt="Screenshot 2023-08-17 203213.png"><ul><li>Save the file and exit the editor.</li></ul><h4>4. Restart TinyProxy</h4>After making changes to the configuration, restart the TinyProxy service:<pre><code class="language-plaintext">sudo systemctl restart tinyproxy
</code></pre><h4>5. Configure Firewall Rules</h4>Allow the connection to your proxy VM on proxy port (tcp/3128) using SITE Cloud Portal.<img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_210451_728bd46fb5.png" alt="Screenshot 2023-08-17 210451.png"><h4>6. Configure Proxy on VMs</h4><h4>- Windows VM</h4><ol><li>Select the Start button, then select Settings &gt; Network &amp; Internet &gt; Proxy.</li><li>Under Manual proxy setup, turn on Use a proxy server.</li><li>Save</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_205251_5469d27189.png" alt="Screenshot 2023-08-17 205251.png"><h4>- Linux VM</h4><ol><li>vi /etc/environment</li><li>Add the following lines containing your proxy IP and port.</li></ol><pre><code class="language-plaintext">http_proxy=http://your_proxy_IP:3128/
https_proxy=http://your_proxy_IP:3128/
</code></pre><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_204656_128ead6d0c.png" alt="Screenshot 2023-08-17 204656.png"><ol><li>Save the file and exit the editor.</li></ol><h3>Safety and Security</h3>1. Firewall Rules Ensure that your VM firewall rules allow incoming connections on the Proxy port (3128) only from necessary sources.2. Regular Updates Keep your Ubuntu system and TinyProxy software up to date by regularly applying updates and security patches.3. Monitoring and Logs Regularly review TinyProxy logs located in /var/log/tinyproxy/tinyproxy.log to monitor proxy activities. Analyze the logs for any unusual or unauthorized access attempts.Remember that security is paramount when setting up a proxy server in SSA. Incorrect configuration or mismanagement could potentially expose your HSA VMs to security risks. Always follow best practices and consult with your organization's IT security personnel if necessary.<h3>Glossary and References</h3>TinyProxy: A lightweight, open-source HTTP/HTTPS proxy server.SSH: Secure Shell, a protocol for securely accessing a remote server over a network.References: TinyProxy Documentation: http://tinyproxy.github.ioUbuntu Documentation: https://help.ubuntu.com

Reach the internet from HSA, how to setup your own proxy in SSA

User security awareness refers to the level of understanding and knowledge that individuals within an organization have about cybersecurity risks, best practices, and the actions they should take to protect sensitive information and systems.It involves educating employees about various threats, such as phishing, malware, social engineering, and the importance of maintaining strong passwords, using secure networks, and being cautious with data sharing.<h4>Importance of Security Awareness:</h4>Password Security: Educate employees about creating strong passwords, using password managers, and avoiding password sharing.Social Engineering Awareness: Raise awareness about tactics used by attackers to manipulate individuals into revealing confidential information or taking malicious actions.Data Protection and Privacy: Inform employees about the importance of handling sensitive data responsibly, including proper data storage, sharing, and disposal.Physical Security: Teach employees about physical security measures such as locking workstations, securing laptops, and reporting unauthorized access.Remote Work Security: Provide guidance on securing remote work environments, including safe Wi-Fi usage, VPNs, and maintaining the security of home networks.Malware Awareness: Educate employees about different types of malware (e.g., viruses, ransomware) and how to avoid downloading or spreading them.Safe Email Practices: Teach employees to identify phishing emails, avoid clicking on suspicious links or downloading attachments from unknown sources.Mobile Device Security: Inform employees about securing mobile devices, protecting against app-based threats, and using secure connections.Multi-Factor Authentication (MFA): Encourage the use of MFA to add an extra layer of security to logins and protect against unauthorized access.Incident Reporting: Promote a culture of reporting security incidents promptly to help the organization respond effectively to potential threats.Safe Social Media Usage: Guide employees on sharing information responsibly on social media platforms to avoid revealing sensitive company details.Software Updates and Patching: Educate employees on the significance of regularly updating software and systems to protect against known vulnerabilities.Physical Access Controls: Explain the importance of restricting access to secure areas and following access control procedures.Secure File Sharing: Provide guidelines for sharing files securely within and outside the organization, using encrypted methods and secure file-sharing platforms.The goal of user security awareness is to empower individuals to make informed decisions and adopt security-conscious behaviors to minimize the organization's overall cybersecurity risks.

Security Awareness

DNS (Domain Name System) is a fundamental technology that translates human-readable domain names (e.g., www.example.com) into IP addresses that computers use to identify each other on a network. Setting up DNS nameservers on Linux distributions like Ubuntu, CentOS, RHEL, and Oracle Linux is essential for proper network communication, as it enables your system to resolve domain names to IP addresses.This manual will guide you through the process of setting DNS nameservers on these Linux distributions, ensuring smooth connectivity and efficient network communication.&nbsp;<h4>Getting Started:</h4><h4>Prerequisites</h4>Before you begin, make sure you have the following:<ul><li>Administrative privileges (sudo or root) on your Linux system.</li><li>IP addresses of the DNS nameservers you want to use. These can be SITE Cloud DNS (100.64.3.140 and 100.80.0.175).</li><li>Apply similar rule to the below on your VM.</li></ul><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_184321_f0cac06cfc.png" alt="Screenshot 2023-08-17 184321.png"><h4>1. Ubuntu:</h4><ul><li>a. Open a terminal.</li><li>b. Edit the /etc/netplan/99-netcfg-vmware.yaml file using your preferred text editor (e.g., nano, vim).</li><li>c. Add a nameservers section with the IP addresses of DNS nameservers, indented under addresses:</li></ul><pre><code class="language-plaintext">nameservers:
addresses: [100.64.3.140, 100.80.0.175]
</code></pre><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_184443_c3a7fe9799.png" alt="Screenshot 2023-08-17 184443.png"><ul><li>d. Save the file and apply the changes by running:</li></ul><pre><code class="language-plaintext">sudo netplan apply
</code></pre><h4>2. CentOS/RHEL/Oracle Linux:</h4><ul><li>a. Open a terminal.</li><li>b. Edit the /etc/resolv.conf file using your preferred text editor.</li><li>c. Add the IP addresses of the DNS nameservers at the top of the file:</li></ul><pre><code class="language-plaintext">nameserver 100.64.3.140
nameserver 100.80.0.175
</code></pre><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_185122_617e92f0c1.png" alt="Screenshot 2023-08-17 185122.png"><ul><li>d. Save the file.</li></ul><h4>Safety and Security:</h4>While configuring DNS nameservers is generally safe, it's essential to be aware of potential security concerns:<ol><li>Use Trusted DNS Servers: When choosing DNS servers, prefer well-known and reputable providers like SITE Cloud DNS (100.64.3.140, 100.80.0.175).</li><li>Avoid Untrusted Sources: Be cautious of DNS servers from untrusted sources, as they may compromise your privacy and security.</li><li>Double-Check Configuration: Before applying changes, review your netplan file to ensure there are no syntax errors that might disrupt network connectivity.</li><li>Regular Updates: Keep your system and software up to date to benefit from security patches and improvements.</li><li>Firewall Rules: Maintain proper firewall rules to restrict DNS access to trusted networks.</li><li>DNSSEC: Consider implementing DNSSEC (Domain Name System Security Extensions) to enhance DNS security by validating responses from DNS servers.</li></ol>&nbsp;<h4>Glossary and References:</h4>DNS: Domain Name System, a system that translates domain names to IP addresses.IP Address: A numerical label assigned to each device on a computer network.Linux: An open-source Unix-like operating system kernel.netplan: Network configuration utility on Ubuntu.resolv.conf: DNS configuration file on CentOS, RHEL, and Oracle Linux.References:<ul><li>Ubuntu Netplan documentation: https://netplan.io/</li><li>CentOS documentation: https://wiki.centos.org/</li><li>RHEL documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/</li><li>Oracle Linux documentation: https://docs.oracle.com/en/operating-systems/oracle-linux/</li></ul>

Configure SITE Cloud DNS Nameservers on Linux VMs

<h3>What is User Access Review?</h3>A user access review is the process of periodically assessing the rights of anyone who has access to enterprise systems and data, it’s looks at who’s accessing what, and if they have valid reasons for accessing the enterprise’ assets. Users can include employees, partners, third-parties, service providers and vendors.<h4>Threats mitigated by a user access review:</h4>Privilege Creep: Happens when employees obtain access to lots of sensitive data during the time they work at an organization.Excessive privileges: Access privileges can be granted only to users that need them only to do their jobs.Access misuse: 15% of data breaches happen because of access and data misuseInsider threats: Danger of insiders comes from the fact that they have access to sensitive data and know about security measures implemented.To reduce risks associated with User Access:<ul><li>Review and verify who has access to the organization’s systems and services.</li><li>The business owner is to review and update the information gathering sheet and share the updated sheet with Cloud Operation Center at COC@site.sa</li><li>Restrict the use of shared accounts and minimize the access to third-parties.</li></ul>

Access Review

Windows Server is a powerful operating system used by organizations to host various services. Ensuring that the server can reach the internet is crucial for downloading application updates, and other essential tasks. This troubleshooting manual will guide you through the process of diagnosing and resolving common issues that may affect the internet reachability of your Windows Server.<h4>Getting Started</h4>Before diving into troubleshooting, ensure you have the following prerequisites:Zone: VM has to be in SSA zone to be able to reach the internet directly.Valid Firewall Rules: Add an outgoing FW rule to the internet on ports 443/80, and port 53 to your DNS.Access: Ensure you have administrative access to the Windows VM.Basic Knowledge: Familiarize yourself with basic networking concepts, DNS, and Windows Server settings.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/18_dbdb34670a.png"></figure>&nbsp;<h4>Safety and Security</h4>While performing troubleshooting tasks, always keep safety and security in mind:<ol><li>Backup: Before making any significant changes, back up critical data and configurations.</li><li>Firewall: Be cautious when modifying firewall settings. Ensure you do not compromise security.</li><li>Updates: Ensure your server has the latest updates and security patches.</li><li>Documentation: Document any changes made during troubleshooting for future reference.</li></ol><h4>Troubleshooting Steps</h4><h4>Step 1: DNS Server Configuration</h4>A common reason for internet reachability issues is incorrect DNS server settings. Follow these steps to verify and fix DNS issues:Check DNS Settings:Open "Server Manager." Click on "Local Server" and check the DNS settings under the "NIC Teaming" section. Ensure the DNS server addresses are correct.DNS Resolution: Open Command Prompt with administrative privileges. Use the nslookup command to check DNS resolution. For example:<pre><code class="language-plaintext">nslookup site.sa
</code></pre>If DNS resolution fails, check the DNS server settings and try using alternative DNS servers.<h4>Step 2: Windows Internet Explorer Enhanced Security Configuration (IE ESC)</h4>Internet Explorer Enhanced Security Configuration can prevent access to websites. To disable it:<ol><li>Open Server Manager.</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_202456_68f501a016.png" alt="Screenshot 2023-08-17 202456.png"><ol><li>Click on "Local Server".</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_202529_189548dc23.png" alt="Screenshot 2023-08-17 202529.png"><ol><li>In the properties pane, locate "IE Enhanced Security Configuration" and click on the "On" link.</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_202556_5064211e13.png" alt="Screenshot 2023-08-17 202556.png"><ol><li>Set both "Administrators" and "Users" to "Off".</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_17_202616_364d129900.png" alt="Screenshot 2023-08-17 202616.png"><ol><li>Apply the changes. Restart Internet Explorer or the server if necessary.</li></ol><h4>Step 3: Firewall Settings</h4>Firewall rules can block internet access. Ensure the necessary rules are in place:<ol><li>Open Windows Defender Firewall with Advanced Security.</li><li>Review both inbound and outbound rules to ensure there are no rules blocking internet access.</li><li>If necessary, create a new outbound rule to allow internet access.</li></ol><h4>Step 4: Proxy Server Configuration (if applicable)</h4>If your network uses a proxy server, make sure it's correctly configured on the server:<ol><li>Open Internet Explorer.</li><li>Go to "Tools" &gt; "Internet Options" &gt; "Connections" tab &gt; "LAN Settings".</li><li>Ensure the correct proxy server details are entered.</li></ol><h4>&nbsp;</h4><h4>&nbsp;</h4><h4>Glossary and References</h4>DNS: Domain Name System - A system that translates domain names into IP addresses. nslookup: A command-line tool to query DNS servers for domain name resolution. Firewall: A security system that controls incoming and outgoing network traffic.References:Windows Server Documentation: https://learn.microsoft.com/en-us/windows-serverFAQ about Internet Explorer Enhanced Security Configuration (ESC): https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/security-privacy/enhanced-security-configuration-faq

Troubleshooting Windows VM Internet Connectivity

<h3>What are Firewall Rules?</h3>Firewall rules or Firewall policies are an access control mechanism that examines information in individual packets, and enforces security in networks by either blocking or allowing communication based on a set of rules or predetermined criteria.In My Cloud Portal, these predetermined criteria or rule components include the following:<ul><li>Direction.</li><li>Policy Type.</li><li>Sources.</li><li>Destinations.</li><li>Services.</li><li>Description (Optional).</li></ul>We will explore each component, and go through the different use cases for Firewall Rules.<h3>Firewall Rules - View:</h3>To view the existing Firewall Rules of a certain Virtual Machine (VM):<ol><li>Navigate to the Virtual Machines tab in Compute section (upper left corner).</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/V_Ms_1_3a0c39d2b9.png" alt="Error while showing the image."><ol><li>Search for the VM by typing the VM ID or VM IP in Search Box.</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/V_Ms_Search_5f4d13e181.png" alt="Error while showing the image."><ol><li>Click on the VM, and you will be able to view existing Firewall Rules in Firewall Rules tab.</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/V_Ms_Name_42c9e7104d.png" alt="Error while showing the image.">If you would like to view and search all Firewall Rules across your environments, navigate to Firewall Rules tab in Networking Section.<img src="https://cms.cloud.site.sa/docs/uploads/Firewall_rules_tab_882aa22bb0.png" alt="Error while showing the image."><h3>Firewall Rules - Add:</h3>Firewall Rules are added in the Firewall Rules tab on the Virtual Machine (VM) page, or the Load Balancer (LB) page.<img src="https://cms.cloud.site.sa/docs/uploads/Firewall_Rule_details_prompt_8d79cc1c35.bmp" alt="Error while showing the image.">And this brings us to the components of the Firewall Rule.<h4>Direction:</h4>The Direction of the Firewall Rule is to specify the traffic direction ON the VM/LB you are adding the Firewall Rule on, it can either be:<ul><li>Incoming to the VM/LB.</li><li>Outgoing from the VM (LBs do not have an Outgoing interface).</li></ul>If you are wondering where to add the Firewall rule, below points will guide you:<ul><li>Add the Firewall Rule in Destination (Incoming): When the destination is in SITE Cloud.</li><li>Add the Firewall Rule in Source (Outgoing): When the destination is either:</li></ul><ol><li>NOT in SITE Cloud. Example: (INTERNET, or MAN/on-premise)</li><li>NOT in the same environment. Example: (Source in Riyadh Environment, and Destination in Jeddah Environment).</li></ol><img src="https://cms.cloud.site.sa/docs/uploads/Direction_abfb3d6b27.bmp" alt="Error while showing the image."><h4>Policy Type:</h4>The firewall policy type specifies the zone of the source, and the zone of the destination. These zones can be one of the following:INTERNET (NET): Public IP on the internet, outside SITE Cloud. (Access from the internet, or to the internet is conditional, ONLY if the VM/LB is in SSA zone AND has a Public IP assigned to it)On-Premises (ON-PREM/MAN): Private IP, MAN connection in your on-premises network OR a VM/LB in different environment.High Security Assurance (HSA): Private IP, Virtual Machine or Load Balancer in SITE Cloud. (the workloads in HSA zone are by default severely restricted (or practically forbidden) from direct communications with random external systems. There are stricter rules for onboarding and operating these workloads).Standard Security Assurance (SSA): Private IP, Virtual Machine or Load Balancer in SITE Cloud. (SSA zone hosts workloads of lower sensitivity or higher vulnerability. These workloads are allowed to connect directly to and from the Internet with appropriate controls. There is more flexibility in the configuration/security requirements for these workloads).Below is an example of the HSA policy type options for Incoming, notice all options have HSA as destination (-&gt;HSA):<img src="https://cms.cloud.site.sa/docs/uploads/Policy_Type_HSA_8d9b31204a.bmp" alt="Error while showing the image.">Below is an example of the SSA policy type options for Incoming, notice (INTERNET-&gt;SSA) option is available, only because the VM has a public IP, otherwise it is not available:<img src="https://cms.cloud.site.sa/docs/uploads/Policy_Type_SSA_3276d80a3a.bmp" alt="Error while showing the image."><h4>Sources:</h4>The firewall rule's Source specifies where the traffic is coming from, and it should match the source type chosen in the Policy Type as explained earlier. in the Sources field, a single or multiple valid IPs, subnets, or virtual machines must be entered.<img src="https://cms.cloud.site.sa/docs/uploads/firewall_Rule_Sources_8a426a05ab.png" alt="Error while showing the image."><h4>Destinations:</h4>The firewall rule's Destination specifies where the traffic is going to. In the Destinations field, a single or multiple valid IPs, or subnet must be entered. To know where to add the Firewall rule, please refer to the Direction section.<img src="https://cms.cloud.site.sa/docs/uploads/firewall_Rule_Destinations_bd5f0b145c.png" alt="Error while showing the image."><h4>Services:</h4>The firewall rule Services use one or more ports, protocol types (TCP, UDP, or ICMP) for the required communication.<img src="https://cms.cloud.site.sa/docs/uploads/firewall_Rule_Services_517c419e42.png" alt="Error while showing the image."><h4>Description (Optional):</h4>In the Description field, it is preferable to type a short description of the firewall rule for future reference. For example specifying the use of the firewall rule. However, this field is optional.<img src="https://cms.cloud.site.sa/docs/uploads/firewall_Rule_Description_4609e31f9f.png" alt="Error while showing the image."><h3>Firewall Rules - Edit:</h3>To edit an existing Firewall rule, click on the edit Icon on the far right.<img src="https://cms.cloud.site.sa/docs/uploads/firewall_Rule_Edit_cef1f35a34.png" alt="Error while showing the image."><h3>Firewall Rules - Delete:</h3>To delete an existing Firewall rule, click on the delete Icon on the far right.<img src="https://cms.cloud.site.sa/docs/uploads/firewall_Rule_Delete_a30f80ab3e.png" alt="Error while showing the image.">

Firewall Rules (View, Create, Edit, and Delete)

In SITE, we ensuring the availability of everything the customer needs. so we allow the customer to export all the firewall rules.To export firewall rules you should to do these steps below:1- Sign in to my.cloud.site.sa2- From the options under Networking chose Firewall Rules.<img src="https://cms.cloud.site.sa/docs/uploads/Capture11_a8f9aaa66f.jpg" alt="Capture11.jpg">3- You can filter now so you can chose which Business group, resource type (Private IP/ Load balancers / environment), Direction (Incoming / outgoing), and Policy type. <img src="https://cms.cloud.site.sa/docs/uploads/Capture2222_8efe7eb49f.JPG" alt="Capture2222.JPG">4- Now from this option you can export it.<img src="https://cms.cloud.site.sa/docs/uploads/33_4756620470.jpg" alt="33.jpg">

How to export firewall Rules

<h4>Introduction</h4>This guide provides installation and configuration instructions for check and validate EDR and EPP visibility.Please note that any VM created on SITE’s community cloud is auto provisioned with an EPP &amp; EDR Agent installed by default. These agents secure endpoints with a multi-method prevention approach that blocks known and unknown malware and exploits before they compromise endpoints and help us with ongoing monitoring of endpoints and network events and recording of the information in a database where further analysis, detection, investigation, reporting and alerting take place.<h3>&nbsp;</h3><h4>Check EDR &amp; EPP Status</h4>In order to check current status of EDR and EPP agents you may access SITE Cloud portal and navigate to: Virtual Machines tab as screenshot below and check the current EDR &amp; EPP status.<img src="https://cms.cloud.site.sa/docs/uploads/SITE_Cloud_EDR_EPP_6a30275392.png" alt="SITE Cloud EDR EPP.png">Status details:- ON: The agent is up and run normally.- OFF: Either Machine is off or agent service is off.- Not Installed: Agent has not been installed or removed.<h3>&nbsp;</h3><h3>&nbsp;</h3><h4>How to Install EDR/EPP</h4>In order to install EDR/EPP agents, Click on the machine tab, then select the virtual machine which has a limited visibility, the click on "Not installed" and follow the steps to install EDR/EPP on your machine, as shown in the screenshot below.<img src="https://cms.cloud.site.sa/docs/uploads/Server_Selection_a08b93d5a8.PNG" alt="Server Selection.PNG">After Selection of the server, click on "Not installed", follow the steps to install agents for both EDR and EPP.<img src="https://cms.cloud.site.sa/docs/uploads/Server_details_0a8b9df39f.PNG" alt="Server details.PNG">Steps samples for installing EPP Agent:<img src="https://cms.cloud.site.sa/docs/uploads/Install_EPP_Manual_dd_6b02592184.PNG" alt="Install EPP Manual dd.PNG">Steps samples for installing EDR Agent<img src="https://cms.cloud.site.sa/docs/uploads/Install_EPP_Manual_922625c4db.PNG" alt="Install EPP Manual.PNG">&nbsp;&nbsp;<h4>How to Reinstall the EDR agent</h4>to remove the EDR sensor on an endpoint, Kindly utilize the below:&nbsp;Uninstall EDR Sensor from Windows endpointsProcedure:<ol><li>Open an elevated command prompt window. (Right Click CMD.exe and select "Run as Admin")</li><li>Ensure your current working directory is not in the installed sensor's path by running cd c:\</li><li>Then run: %WINDIR%\\CarbonBlack\\uninst.exe /S</li></ol>&nbsp;Uninstall EDR Sensor from Linux endpointsProcedure:<ol><li>You must be a root user or have “sudoer” permissions and run the installer with “sudo”.</li><li>Run the following command: /opt/carbonblack/response/bin/sensoruninstall.sh</li></ol>&nbsp;then install the agent again as shown in the How to Install EDR/EPP section

EDR & EPP Installation and configuration guide 

WAF stands for "Web Application Firewall." It's a security technology designed to protect web applications from a variety of online threats, such as SQL injection, cross-site scripting (XSS), and other malicious activities, helping to secure websites and web applications against cyberattacks.In order to detect and reduce potential security concerns, a WAF functions as a protective barrier between a web application and its users by filtering and monitoring incoming traffic. It functions through analyzing user-to-web application data exchanges to identify patterns and anomalies that could indicate an attack. The WAF can then take proactive steps to neutralize malicious traffic by blocking it, redirecting it, or otherwise by doing this while still allowing legitimate traffic to pass through.<img src="https://cms.cloud.site.sa/docs/uploads/waf1_7d0e57c562.png" alt="waf1.png">1. Enforcement Mode: ensures that the WAF provides active protection against known threats and attacks, immediately blocking or mitigating malicious traffic. It is essential for maintaining the security and integrity of the web application.<ul><li>Blocking describes the action taken by the WAF to prevent potentially malicious requests from reaching the web application.</li><li>Transparent refers to a deployment mode where the WAF operates without modifying the communication flow between users and the web application.</li></ul>2. Learning Mode: helps the WAF improve its accuracy by allowing it to adapt to the specific behavior of the web application and its users. This mode helps reduce the risk of blocking legitimate traffic and enhances the overall performance of the WAF.Manual Learning Mode:<ul><li>Human Involvement: Requires human administrators to review and adjust security rules.</li><li>Effort and Expertise: Needs security expertise and time for analysis and rule refinement.</li><li>Rule Control: Administrators have direct control over rule adjustments.</li><li>Adaptation: Slower to adapt to changing traffic patterns.</li><li>Accuracy: Highly dependent on the administrator's ability to identify patterns.</li></ul>Automatic Learning Mode:<ul><li>Automated Process: Relies on machine learning algorithms and automation.</li><li>Effort and Expertise: Reduces the need for manual configuration and management.</li><li>Rule Control: Adjusts rules automatically based on machine learning insights.</li><li>Adaptation: Faster at adapting to changing traffic patterns.</li><li>Accuracy: Depends on the quality of machine learning algorithms and data.</li></ul>Choose based on expertise, desired control, and adaptation speed. After creating the policy, you can assign it to the desired load balancer as shown in the below picture.<img src="https://cms.cloud.site.sa/docs/uploads/waf2_34d3220ddd.png" alt="waf2.png">

Creating a WAF Policy

<h2>1. Introduction</h2>&nbsp;<h3 style="margin-left:0px;">1.1 Purpose</h3>This manual provides guidance on designing a 3-tier architecture application with a Load Balancer (LB), a Web Application Firewall (WAF), an SSL Termination Zone, an Application VMs zone, and a DB VMs zone. A 3-tier architecture is a widely adopted approach for building scalable and secure web applications. This manual will help you understand the concepts and steps required to design and implement such an architecture in SITE Cloud.<h3 style="margin-left:0px;">1.2 Target Audience</h3>This manual is intended for SITE Cloud users including system architects, network administrators, and developers who want to design a robust and scalable architecture for their web applications.<h3 style="margin-left:0px;">1.3 Scope</h3>This manual covers the design considerations and best practices for each tier of the 3-tier architecture:<ul><li>Tier 1: Load Balancer, Web Application Firewall, and SSL Termination Zone.</li><li>Tier 2: Application VMs Zone.</li><li>Tier 3: Database VMs Zone.</li></ul>&nbsp;<h2>2. Getting Started</h2>&nbsp;<h3 style="margin-left:0px;">2.1 Design</h3><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/3_Tier_Architecture_2_3fe8c0ecbd.png"></figure><h3 style="margin-left:0px;">2.1.1 Tier 1: LB + WAF + SSL Termination Zone</h3><h4 style="margin-left:0px;">2.1.1.1 Load Balancer (LB)</h4><ul><li>Configure the load balancer to distribute incoming traffic evenly among application servers in Tier 2.</li><li>Ensure high availability and scalability by setting up multiple application servers.</li><li>Regularly monitor and adjust load balancing methods based on traffic patterns.</li></ul><h4 style="margin-left:0px;">2.1.1.2 Web Application Firewall (WAF)</h4><ul><li>WAF protects against common web application vulnerabilities.</li><li>Configure WAF rules to filter and protect against malicious requests (Learning -&gt; Blocking).</li><li>Continuously update WAF rules to adapt to emerging threats.</li><li>Integrate WAF with your monitoring and alerting system to detect and respond to security incidents.</li></ul><h4 style="margin-left:0px;">2.1.1.3 SSL Termination</h4><ul><li>Implement SSL termination at this tier to offload SSL/TLS encryption and decryption from application servers in Tier 2.</li><li>Use a trusted SSL certificate for securing communication between clients and the load balancer.</li><li>Regularly update SSL certificates to ensure security and compliance.</li><li>Configure SSL policies to enforce encryption standards and security best practices.</li></ul><h3>2.1.2 Tier 2: Application VMs zone</h3><h4>2.1.2.1 Application VMs zone</h4><ul><li>This zone hosts the application logic, business logic, and presentation layers of the system.</li><li>It is responsible for processing user requests, executing application-specific tasks, and generating responses.</li><li>Application VMs, middleware, web servers, and other necessary software components reside within this zone.</li><li>It contains the codebase responsible for implementing the business logic and serving user interfaces.</li><li>Communicates with the database servers (in the DB VMs zone) to retrieve, manipulate, and store data required by the application.</li><li>Handles client requests, processes data, and interacts with other components in the architecture.</li><li>Scalability is a critical factor in this zone, as it directly affects the application's responsiveness to user requests.</li><li>Horizontal scaling (adding more application server instances) is commonly employed to handle increased traffic.</li></ul><h3>2.1.3 Tier 3: DB VMs zone</h3>2.1.2.1 DB VMs zone<ul><li>This zone is dedicated to hosting the database management systems (DBMS) and storing the application's data.</li><li>It manages, stores, retrieves, and manipulates data based on requests received from the application servers.</li><li>Database servers, database management systems (e.g., MySQL, PostgreSQL, MongoDB), and related software are deployed in this zone.</li><li>Stores structured or unstructured data required by the application, such as user information, transaction records, configurations, etc.</li><li>Receives and responds to queries from the application servers, providing the requested data or performing necessary operations.</li><li>Scalability in this zone involves optimizing database performance, ensuring efficient query execution, and managing data storage requirements.</li><li>Vertical scaling (increasing resources like CPU, memory, or storage) or employing techniques like sharding and replication may be used to scale databases.</li></ul>&nbsp;<h3>2.2 Implementation</h3>2.2.1 Create your BG.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_13_203055_3f2eb9884c.png"></figure>2.2.2 Enable envirenmet access for the BG.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_13_203300_2d9a627d44.png"></figure>2.2.3 Create your subnets.<ul style="list-style-type:circle;"><li>Navigate to the subnets page, and find the BG you’re working on. We’re going to create 2 subnets.</li><li>SSA Subnet</li></ul><figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_13_203829_11aaca5e3c.png"></figure><ul style="list-style-type:circle;"><li>HSA Subnet</li></ul><figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_13_204658_903be07bae.png"></figure>2.2.4 Create your VMs.App VMs will be placed on SSA zone and DB VMs will be placed on HSA zone.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_13_205029_f530a50b7a.png"></figure><figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2023_08_15_093500_3abe2d8e5a.png"></figure>2.2.5 Allocate VIP to DB cluster.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Capture34_ea9f04f6c4.PNG"></figure>2.2.6 Create the needed firewall rules between VMs.<ul style="list-style-type:circle;"><li>Due to the zero-trust policy, you will need to open the needed ports between your VMs.</li><li>App-to-App SSA-to-SSA.</li></ul><figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Capturesss_477c907757.PNG"></figure><ul style="list-style-type:circle;"><li>App-to-DB SSA-to-HSA.</li></ul><figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Capturessssss_00f48c3c74.PNG"></figure>2.2.7 Create a WAF profile.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Capture_32e4851065.PNG"></figure>2.2.8 Create an SSL profile.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Capture2_dc81f9d901.PNG"></figure>2.2.9 Create LB and Assign WAF profile.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Captuddddddresscccssss_b8e7e54dcd.PNG"></figure>2.2.10 Assign SSL profile.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Captuddssss_82f47bd575.PNG"></figure>2.2.11 Allocate Public IP to the BG.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Capture4444_ca866a931a.PNG"></figure>2.2.12 Assign public IP to LB.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Captuddddresscccssss_7c4a4bbc37.PNG"></figure>2.2.13 Publish the application.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Capturesscccssss_bec0ea6eed.PNG"></figure><h2>3. Safety and Security</h2><h3>&nbsp;</h3><h3>3.1 Safety and Security</h3><ul><li>Implement access controls to restrict who can configure and manage your tenant.</li><li>Regularly update the app software to patch security vulnerabilities.</li><li>Enable logging and monitoring and forward it to SITE SIEM to detect and respond to unusual activities or potential attacks.</li><li>Ensure that SSL certificates are obtained from a reputable Certificate Authority (CA).</li><li>Implement strong encryption ciphers and protocols to secure data in transit.</li><li>Periodically review SSL configuration to maintain compliance with security standards.</li><li>Monitor SSL/TLS vulnerabilities and apply patches promptly.</li></ul>&nbsp;<h2>4. Glossary and References</h2>&nbsp;<h3 style="margin-left:0px;">4.1 Glossary</h3><ul><li>Load Balancer (LB): A product that distributes network traffic across multiple servers to ensure high availability and optimal performance.</li><li>Web Application Firewall (WAF): A security solution that protects web applications from various cyber threats and vulnerabilities.</li><li>SSL Termination: The process of decrypting SSL/TLS-encrypted traffic at a specific point in a network, often at the load balancer, before forwarding it to the application servers.</li><li>SSL Certificate: A digital certificate that verifies the authenticity of a website and encrypts data transmitted between the client and the server.</li></ul>&nbsp;

Design & Implement a 3-Tier Architecture Application - Zero to Hero in SITE Cloud

<h4>What is SITE PAM?</h4>SITE PAM Access is an innovative solution that empowers our clients and partners to efficiently and securely access their virtual environments hosted on SITE Cloud while maintaining control and visibility over their systems, data, and workloads.&nbsp;<h4>SITE Cloud Access Service Features</h4>The SITE Cloud Access Service introduces a range of powerful features designed to streamline your virtual environment access:Rapid Deployment Get up and running in no time with our easy-to-deploy solution.Multi-layered Security Design Safeguard your virtual environment with our comprehensive security framework.Multi-Factor Authentication (MFA) Enhance security with multiple authentication layers.Single HTTPS Entry Point Reduce potential attack surfaces with a single, secure point of entry.Session Monitoring Keep track of user sessions for heightened security and control.Native RDP and SSH Access Controls Manage remote desktop and secure shell access with ease.Compliance-Ready Audit Trails Meet regulatory requirements with automatically generated, unalterable audit logs.Integration with SITE MDR Technology Stack Seamlessly integrate with our advanced Managed Detection and Response solutions.Overall, SITE Access plays a critical role in safeguarding your organization and most sensitive assets by enforcing strict controls, accountability, and monitoring over privileged access, thereby reducing the attack surface and enhancing overall cybersecurity posture.&nbsp;<h4>Guided Steps for using SITE PAM Access</h4>1- Open the Cloud Access Portal through this link: <a href="https://access.cloud.site.sa" target="_blank" rel="noopener noreferrer">https://access.cloud.site.sa</a>2- Sign in using the credentials provided by SITE team during your onboarding process.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/C_Loud_Access_Portal_ab6039dab5.png"></figure>*Note: In case of password issue please use this link to reset: <a href="https://reset.cloud.site.sa/">https://reset.cloud.site.sa/</a>&nbsp;For how to: <a href="https://docs.cloud.site.sa/MyCloudPortal/user-reset-password">https://docs.cloud.site.sa/MyCloudPortal/user-reset-password</a>&nbsp;3- Here, you will need to enter the OTP generated by your MFA app, which was set up by SITE team during your onboarding process.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/MFA_Page_d6d90cb64b.png"></figure>&nbsp;4- After you sign in, you can access the PAM that appears in the portal.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Group_1_1_b1ac5f5e83.png"></figure>&nbsp;5- Download the RDP configuration to start accessing the service.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/RDP_749878ffb1.PNG" alt="RDP.PNG"></figure>&nbsp;6- Run the downloaded RDP file<ul><li>Enter the same credentials you used to log in to SITE access, but without including the domain.</li><li>Keep the “Target” field empty.</li><li>Don't change the “Login” field and only type the password</li></ul><figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Access3_f9908c2463.png"></figure>*Note: In case of password issue please use this link to reset: <a href="https://reset.cloud.site.sa/">https://reset.cloud.site.sa/</a>&nbsp;For how to: <a href="https://docs.cloud.site.sa/MyCloudPortal/user-reset-password">https://docs.cloud.site.sa/MyCloudPortal/user-reset-password</a>&nbsp;7- The available/assigned Jump server will appear in the portal if you have more than one jump servers.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Available_jump_servers_cd771770f6.PNG" alt="Available jump servers.PNG"></figure>&nbsp;8- After selecting a jump server, authenticate locally or with corporate credentials (if AD is used), which differ from your SITE Access and PAM credentials.<figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/pint_8_3aefb3356e.png"></figure>Note: In case of password issue the client needs to refer to the local AD Admin, but if managed by SITE raise a ticket using this link: <a href="https://support.cloud.site.sa/servicedesk/customer/portal/1">https://support.cloud.site.sa/servicedesk/customer/portal/1</a> &nbsp;

SITE PAM Access

To generate a Certificate Signing Request (CSR) via a MMC certificate snap-in using Microsoft Windows, perform the following steps. 1- From Microsoft Windows, click Start.&nbsp;2- In the Search programs and files field, type mmc.&nbsp;3- Click File &gt; Add/Remove Snap-in.&nbsp;4- From the list of available snap-ins, select Certificates.&nbsp;5- Click Add.&nbsp;6- Select Computer account.&nbsp;7- Click Next.&nbsp;8- Select Local computer (the computer this console is running on).&nbsp;9- Click Finish.&nbsp;10- In the Add/Remove Snap-in window, click OK.&nbsp;11- Save these console settings for future use.&nbsp;12- Access your MMC snap in &gt; right click the Personal folder. 13- Select All Tasks &gt; Advanced Operations &gt; Create Custom Request.<img src="https://cms.cloud.site.sa/docs/uploads/1_28fc1c5bfa.PNG" alt="1.PNG">14- The CSR generation wizard will open &gt; Click Next.<img src="https://cms.cloud.site.sa/docs/uploads/2_0e2d8c500a.PNG" alt="2.PNG">15- Select the option to Proceed without enrollment policy &gt; Click Next.<img src="https://cms.cloud.site.sa/docs/uploads/3_98802d3baf.PNG" alt="3.PNG">16- Click Next at the PKCS # 10 window.<img src="https://cms.cloud.site.sa/docs/uploads/4_b97d3f4743.PNG" alt="4.PNG">17- From the Details drop down menu &gt; Click Properties.<img src="https://cms.cloud.site.sa/docs/uploads/5_f500e45af9.PNG" alt="5.PNG">18- Enter a Friendly Name of your choosing.19- Access the Subject tab &gt; in the Subject name: Type: field add the following distinguish name values required for your CSR (CN, O, S, L and C).Example: CN = Common Name: The registered organizational name that the certificate will be issued to and secure. *.OrganizationName.sa O = Organization: The registered organizational name the certificate belongs to. Ex: Saudi Information Technology Company S = State: The business registered state or province. Do not abbreviate the state or province name, for example: California not CA. Ex: Riyadh L = Locality: The business registered location/city (not the actual server location). Ex: Riyadh C = Country/region: The two letter ISO country code. Ex: SA<img src="https://cms.cloud.site.sa/docs/uploads/6_4075e4c4c1.PNG" alt="6.PNG">20- Click the Private Key tab &gt; click the drop down for Key options &gt; select Key size: 2048 and check the option to Make private key exportable &gt; Click OK.21- Click the drop down for Select Hash Algorithm, under Hash Algorithm select sha256 &gt; Click OK.<img src="https://cms.cloud.site.sa/docs/uploads/7_bcac20779e.PNG" alt="7.PNG">22- Click Next &gt; Click Browse.<img src="https://cms.cloud.site.sa/docs/uploads/8_e9062b95d7.PNG" alt="8.PNG">23- Select a location to save the CSR file. Enter a name for the file and click Save.<img src="https://cms.cloud.site.sa/docs/uploads/9_779697f1fe.PNG" alt="9.PNG">24- Click Finish.<img src="https://cms.cloud.site.sa/docs/uploads/11_d18056904c.PNG" alt="11.PNG">25- The CSR file will be present at the location you saved and can be used to request a Code Signing or Client (S/MIME) certificate.

Generate CSR In Windows

SITE Share

SITE Share Manual

<h3>Definition&nbsp;</h3>VM Replication creates exact copies on another host, synchronized with the source VM [2]. Replication duplicates the entire VM initially, then only copies changed data blocks in subsequent sessions, following a user-defined schedule.This technology is a crucial component of disaster recovery (DR) [4], ensuring minimal downtime and data loss by maintaining up-to-date copies of VMs&nbsp;<h3 style="margin-left:0in;">Difference between Replication and Back up&nbsp;</h3>Disk backup and VM replication are two overlapping yet different techniquesA backup copies physical or virtual files and databases to a secondary location for recovery when needed, either on-premises or in the cloud.A replica maintains up-to-date copies of entire VMs in a second location for instant failover if the primary source fails, ensuring mission-critical applications have minimal downtime. Data is stored across two on-premises instances or separate locations using cloud-based services.&nbsp;<h3 style="margin-left:0in;">Features</h3><ol><li>Continuous Data Protection (CDP):&nbsp;Ensures that changes to the source VM [2] are continuously replicated to the targeted environment.</li><li>Automation Preference:&nbsp;Ability to customize the replication schedule according to a specific need, every 4 hours, 8 hours, daily, weekly or monthly.</li><li>Manual Failover:&nbsp;Allows for manual initiation of failover process, providing control over when to activate the DR environment.</li><li>Seamless Replication:&nbsp;The process operates independently of the VM's operating system &amp; applications, requiring no changes to their configuration or ongoing management.</li><li>Centralized Management: Provides a unified interface through the portal for managing both the replicated VM and the source VM [2], simplifying administration and monitoring.&nbsp;</li><li>Data Deduplication:&nbsp;Implementing replication strategies that filter out unnecessary data blocks &amp; perform data deduplication.</li></ol>&nbsp;<h3>Use Cases:</h3><ol><li>Geographically Distributed Disaster:&nbsp;Replicating VM to a geographically distant site to safeguard against regional natural disasters.</li><li>Disaster Recovery (DR):&nbsp;Implementing a replication strategy with scheduled replications and minimal active resources at the DR [4] site until a disaster occurs.</li><li>Business Continuity Planning: Integrating replication into a comprehensive business continuity plan to prepare for unforeseen disruptions.</li></ol>&nbsp;<h3>Prerequisites:</h3><ol><li>Target environment is available&nbsp;</li><li>Private IP is available in target environment&nbsp;</li><li>Network is available in target environment&nbsp;</li></ol>&nbsp;<h3>Step-by-Step Guide</h3><h3>1- Navigation to Virtual Machine</h3><ul><li>Access Through Compute Section: On the side menu, through Compute section select “Virtual Machine”.</li><li>Select the VM: Choose the virtual machine you want to replicate.</li><li>Create a new VM: If you don't have an existing VM, refer to <a href="https://docs.cloud.site.sa/MyCloudPortal/article-26" target="_blank" rel="noopener noreferrer">Virtual Machine Document</a> to make a new VM.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/1_a164b47af0.png"></figure><h3>2- Requesting Replication</h3><ul><li>In the source VM, navigate to the Replication tab and select "Manage Replication".</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/2_ee044b1803.png"></figure>&nbsp;A modal window will appear, prompting you to provide the following information:<ul><li>Destination: Choose a destination environment for the replica&nbsp;</li><li>Regime: Set the replication frequency, such as every 4 hours, 8 hours, daily, weekly, or monthly&nbsp;</li><li>After filling the requirements press “Submit” to create the replication &nbsp;</li></ul>&nbsp; &nbsp;* A green note will appear if the private IP is available in the destination environment, allowing you to make the replication. If the private IP is not available, a red message will appear, preventing you from creating the replication&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/3_e54e47088f.png"></figure><ul><li>Replication request: Once you submit the replication request, the replica will not be accessible until the replication process is finished</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/4_fabfe0201b.png"></figure><h3>3- Managing Replication</h3>From The Source VM&nbsp;<ol style="list-style-type:decimal;"><li>Replication Table:&nbsp;The replication table displays the activities performed based on your replica regime, including the date, time, status and output</li><li>Disable Replication:&nbsp;By entering the confirmation word and clicking “Yes, Make Standalone” you will disable replication and convert the destination VM into a standalone VM [1]</li></ol>&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/5_1440d4dbdc.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/6_7244dd9c13.png"></figure>3- Limited Actions:<ul><li>Network interfaces cannot be added or removed.</li><li>Each source VM [2] is limited to a single replica. This means for every VM you have, you can create only one corresponding replicated VM.&nbsp;</li><li>Source VM cannot be deleted, until the replication is off&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/7_d86421e9c6.png"></figure>&nbsp;<h3>4- Managing The Replica</h3>From The Replica VM&nbsp;<ul><li>Make Standalone [1]</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/8_d3d90ea102.png"></figure><h2>Allowed Actions on Replica&nbsp;</h2>1- Firewall Rules: The firewall rules are not replicated from the source VM [2] and must be managed manually. you can add, delete, and edit firewall rules as needed<ol style="list-style-type:decimal;"><li>Add a Firewall Rule: Allows you to manually add a firewall rule, which will only applied to the replica&nbsp;</li><li>Import from VM: Enables you to import firewall rules from other VMs, not just from the source VM you replicated. you can also choose which specific rules from those VMs to import&nbsp;</li></ol><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/9_7815d3490c.png"></figure><ul><li>Remove the Firewall Rules you don't want</li><li>Press "Import" to apply the selected rules&nbsp;&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/10_1341fa8591.png"></figure>2- Firewall Logs: This tab allows you to monitor your network traffic flowing through your VDC, refer to <a href="https://docs.cloud.site.sa/MyCloudPortal/firewall-logs" target="_blank" rel="noopener noreferrer">Firewall Logs Documentation</a> for more info.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/11_4069a63c92.png"></figure>3- Networks: This panel displays the network information of the replica VM and allows you to manage IPs using “Manage IP” button, for more info refer to <a href="https://docs.cloud.site.sa/MyCloudPortal/allocate-ip-and-assign-i-ps-to-vm" target="_blank" rel="noopener noreferrer">Allocate IPs Documentation</a>.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/12_be9aacd372.png"></figure>4- History: This panel shows the activities that has been done to the replica&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/13_ee12fa4d0e.png"></figure>5- Power On Replica: To power on your replica, press the "Action" button, then select “Power On”. Once the replica is powered on*Note:&nbsp;- The replication process will pause until you turn it off again&nbsp;- It's not recommended to leave the replica powered on for extended periods&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/14_2c6c6b9c2c.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/15_81d61637d9.png"></figure>5-Power Off Replica: Follow the same steps in point 4 to turn off the replica. you have two options:<ul><li>Sync Back: Reflect any changes made to the replica in source VM.&nbsp;</li></ul>&nbsp; &nbsp; &nbsp; &nbsp;*Note:&nbsp; &nbsp; &nbsp; &nbsp; - First you must turn off the source VM [2]&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; - Sync back is a very slow operation&nbsp;<ul><li>Power off Immediately: Turn off the replica without syncing any changes made to it&nbsp;</li></ul>&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/16_19aace72f6.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/17_bb7da6a006.png"></figure>6- Limited Actions:<ul><li>When Replica is on or syncing back the disks on source VM [2] cannot be changed&nbsp;</li><li>When replica is on or syncing back snapshots [3] cannot be reverted&nbsp;</li><li>When replica is syncing back you cannot make it standalone [1]&nbsp;</li></ul>&nbsp;<h3>Glossary:</h3>VM: Virtual Machine&nbsp;[1] Standalone VM: Convert the replica VM into independent entity, separate from the source VM. This allows the replica VM to operate on its own without relying on source VM for updates or synchronization.[2] Source VM: The primary VM that you are aiming to replicate[3] snapshots: A quick recovery point of a server (including its files, software and settings) at a particular point in time.[4]Disaster Recovery (DR): Is a second location where organizations store critical data to ensure quick recovery and business continuity in case the primary site becomes unavailable.

VM Replication 

<h2>Introduction</h2><h3>Overview</h3>Authoritative Domain Name System (DNS) provides a resilient and highly available domain hosting for your zones and records.<h3>Key Features</h3><ul><li>Manage multiple domain names</li><li>Support for all standard DNS record types (See below table for more details)</li><li>DNSSEC and DDoS protection</li></ul><h3>Supported Record Types</h3><figure class="table"><table><tbody><tr><td style="border-bottom-width:1.0pt;border-color:#A5A5A5;border-left-width:.5pt;border-right-width:.5pt;border-style:solid;border-top-width:.5pt;height:14.4pt;width:72pt;">Record Type</td><td style="border-bottom-width:1.0pt;border-color:#A5A5A5;border-left-width:.5pt;border-right-width:.5pt;border-style:solid;border-top-width:.5pt;width:200px;">Description</td><td style="border-bottom-width:1.0pt;border-color:#A5A5A5;border-left-width:.5pt;border-right-width:.5pt;border-style:solid;border-top-width:.5pt;width:380pt;">Example</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">A</td><td style="border:.5pt solid #A5A5A5;">The A record contains an IP address. It is stored as a decimal dotted quad string.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">10.1.2.3</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">AAAA</td><td style="border:.5pt solid #A5A5A5;">The AAAA record contains an IPv6 address.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">2001:db8:2000:bf0::1</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">AFSDB</td><td style="border:.5pt solid #A5A5A5;">AFS database record. Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">ALIAS</td><td style="border:.5pt solid #A5A5A5;">Works like a CNAME but it's resolved internally into an address allowing you to use it at your zone apex.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">webserver-01.example.com.</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">CAA</td><td style="border:.5pt solid #A5A5A5;">Certification Authority Authorization. DNS Certification Authority Authorization constraining acceptable CAs for a host/domain.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">CERT</td><td style="border:.5pt solid #A5A5A5;">Certificate record. Stores PKIX SPKI PGP etc.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">CNAME</td><td style="border:.5pt solid #A5A5A5;">Canonical name record. Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">webserver-01.example.com.</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">DHCID</td><td style="border:.5pt solid #A5A5A5;">DHCID identifier. Used in conjunction with the FQDN option to DHCP.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">DNAME</td><td style="border:.5pt solid #A5A5A5;">Delegation Name. Alias for a name and all its subnames unlike CNAME which is an alias for only the exact name. Like a CNAME record the DNS lookup will continue by retrying the lookup with the new name.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">DNSKEY</td><td style="border:.5pt solid #A5A5A5;">DNS Key record. The key record used in DNSSEC. Uses the same format as the KEY record.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">DS</td><td style="border:.5pt solid #A5A5A5;">Delegation signer. The record used to identify the DNSSEC signing key of a delegated zone.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">KX</td><td style="border:.5pt solid #A5A5A5;">Key Exchanger record. Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">LOC</td><td style="border:.5pt solid #A5A5A5;">Location record. Specifies a geographical location associated with a domain name.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">51 56 0.123 N 5 54 0.000 E 4.00m 1.00m 10000.00m 10.00m</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">MX</td><td style="border:.5pt solid #A5A5A5;">The MX record specifies a mail server for a domain. Each mail exchanger also has a priority or preference. The lower the number the higher its priority.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">10 mail.example.com.</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">NAPTR</td><td style="border:.5pt solid #A5A5A5;">Naming Authority Pointer. Allows regular-expression-based rewriting of domain names which can then be used as URIs further domain names to lookups etc.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">NS</td><td style="border:.5pt solid #A5A5A5;">Name server record. Delegates a DNS zone to use the given authoritative name servers.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">ns1.example.com.</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">OPENPGPKEY</td><td style="border:.5pt solid #A5A5A5;">OPENPGPKEY is used to associate an end entity OpenPGP Public Key with an email address.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">PTR</td><td style="border:.5pt solid #A5A5A5;">Reverse pointer used to specify the host name belonging to an IP or IPv6 address.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">www.example.com.</td></tr><tr><td>SOA</td><td>The DNS ‘start of authority’ (SOA) record stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, and how long the server should wait between refreshes.</td><td style="vertical-align:top;">&nbsp;</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">SRV</td><td style="border:.5pt solid #A5A5A5;">Service locator. Generalized service location record used for newer protocols instead of creating protocol-specific records such as MX.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">0 5 5060 sipserver.example.com.</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">SSHFP</td><td style="border:.5pt solid #A5A5A5;">SSH fingerprint.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">2 1 123456789abcdef67890123456789abcdef67890</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">TLSA</td><td style="border:.5pt solid #A5A5A5;">Used to bind a SSL/TLS certificate to named hosts and ports.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">1 1 8755CDAA8FE24EF16CC0F2C918063185E433FAAF1415664911D9E30A924138C4</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">TXT</td><td style="border:.5pt solid #A5A5A5;">Text record. Originally for arbitrary human-readable text in a DNS record. Since the early 1990s however this record more often carries machine-readable data such as specified by RFC 1464 opportunistic encryption SPF DKIM DMARC DNS-SD etc. Make sure to put quotes around the text content.</td><td style="background-color:#EDEDED;border:.5pt solid #A5A5A5;vertical-align:top;">"any text"</td></tr><tr><td style="border:.5pt solid #A5A5A5;height:14.4pt;vertical-align:top;">URI</td><td style="border:.5pt solid #A5A5A5;">The URI record is used to publish mappings from hostnames to URIs.</td><td style="border:.5pt solid #A5A5A5;vertical-align:top;">10 1 "http://www.example.com/path"</td></tr></tbody></table></figure><h3>Common Use Cases</h3><ul><li>Website Hosting: Hosting a website with apex domain support, <code>example.com</code>.</li><li>Email Service: Configuring email service using your own exchange server or a third-party provider.</li></ul><h2>Prerequisites</h2><ol style="list-style-type:decimal;"><li>Make sure you have the necessary DNS actions permissions for your account</li><li>Registered Domain name(s)</li><li>Basic understanding of DNS concepts</li></ol><hr><h3>Getting Started</h3><h4>Accessing DNS Management</h4><ol style="list-style-type:decimal;"><li>Log in to your Cloud Portal</li><li>Navigate to Networking → DNS &nbsp;<img class="image_resized" style="width:75%;" src="/uploads/chrome_9_G_Poy8xd_MS_97939700a4.png"> &nbsp;</li></ol><h4>Adding Your First Domain/Zone</h4><ol style="list-style-type:decimal;"><li>Click “Create” from the top-right corner<img src="/uploads/Screenshot_2024_12_12_134552_cef8dd78ba.png"></li><li>Select your <code>Tenant</code> and <code>Business Group</code></li><li>Type your registered domain name under <code>Zone</code> field</li><li>(Optional) Add <code>Description</code> to your zone</li><li>Click “Submit” <img src="/uploads/Screenshot_2024_12_12_134648_4133dcee9a.png"></li></ol>&nbsp;<h4>Adding DNS Records</h4><ol style="list-style-type:decimal;"><li>Select your domain/zone from the table <img src="/uploads/Screenshot_2024_12_12_134928_142c029f45.png"></li><li>Under the “DNS Records” tab, click “Add Record” <img src="/uploads/Screenshot_2024_12_12_135001_e081821596.png"><img src="/uploads/Screenshot_2024_12_12_135017_0fd23506ed.png"></li><li>Choose Record <code>Type</code></li><li>(Optional) Add <code>Name</code> to create record for a subdomain, or leave it empty to create record for the root/apex domain</li><li>Enter Record <code>Value</code>, for multiple record values, enter one record value per line</li><li>Enter Record <code>TTL</code> duration in seconds (Used by DNS recursive resolvers to cache information about this record)</li><li>Click “Submit” <img src="/uploads/Screenshot_2024_12_12_135145_2c992d04f3.png"></li></ol>&nbsp;<h4>Managing Existing Records</h4><ul><li>View all records in the domain/zone details page</li><li>Edit records by hovering over a record, and clicking “Edit” button <img src="/uploads/Screenshot_2024_12_12_135257_e226b412f7.png"></li><li>Delete records by hover over a record, and clicking “Delete” button <img src="/uploads/Screenshot_2024_12_12_135314_724c35d2ab.png"></li></ul>&nbsp;<h3>Advanced Use Cases</h3><h4>Bulk-adding DNS records</h4><ol style="list-style-type:decimal;"><li>Navigate to Tools → Bulk Actions</li><li>From the actions dropdown, select <code>Create Record</code> action</li><li>Enter the following information per record<ol><li><code>zoneId</code>: the ID of your DNS Zone, you can view your zone ID in the details section under your zone page.</li><li><code>bgId</code>: the ID of the business group (e.g., <code>T001-BG001</code>).</li><li><code>type</code>: the type of the DNS record (refer to the above list of supported types).</li><li><code>name</code>: the full name of the DNS record with the zone (e.g., <code>poc.acme.sa</code> or <code>*acme.sa</code> for root domain records).</li><li><code>content</code>: the DNS record's content. For multi-line content, join the two lines with the <code>&amp;</code> (Ampersand character) to form the multi-line record.</li><li><code>ttl</code>: time-to-live amount in seconds.</li></ol></li></ol><h4> Example Record &nbsp;</h4><code>1,T001-BG001,MX,poc.acme.sa,10 exchange.acme.sa&amp;20 exchange.acme.sa,3600</code>&nbsp;<h4>Notes</h4>Some record types (like <code>TXT</code> records), require special characters in their value (in the case of <code>TXT</code> it's surrounding the value with quotation marks), add the same format in bulk actions: <code>2,T001-BG001,TXT,poc.acme.sa,"test record"&amp;"test2 record",3600</code>

First we will start with the rule generator.&nbsp;<h4>What is Rule Generator?</h4>As the name implies, it is a tool used to generate firewall rules. This tool can help with generating firewall rules, and applying them with the help of Bulk Actions.&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_7b612ca354.png"></figure><h4>&nbsp;</h4><h4>How to use Rule Generator?</h4>The process of using the rule generator is straightforward. As shown below, there are many fields that need to be filled in the correct order.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/image_0c07501c0d.png"></figure>We will go over the fields in the correct order below:<ol style="list-style-type:decimal;"><li>Tenant: Choose the required tenant.</li><li>Environment: Choose the required environments (if applicable)</li><li>Policy Type: This will determine the direction of the policies and the zones (SSA, HSA, MAN. INET)</li><li>Source Subnet: The source subnets or IPs. You can add multiple IPs by separating them with commas.</li><li>Source Nodes: This option might be greyed out depending on the policy type (only required for nodes within SITE Cloud)</li><li>Destination Subnet: The destination subnets or IPs. You can add multiple IPs by separating them with commas.</li><li>Destination Nodes: This option might be greyed out depending on the policy type (only required for nodes within SITE Cloud)</li><li>Services: Add the required services or ports. You can choose from the dropdown list, or add your own ports.<ol><li>TCP Ports: tcp/xxx</li><li>UDP Ports: udp/xxx</li></ol></li><li>Description (Optional): You can add a description for additional clarification.</li></ol>&nbsp;For more information on firewall rules, you can refer to the following guide <a href="https://docs.cloud.site.sa/MyCloudPortal/firewall-rules" target="_blank" rel="noopener noreferrer">https://docs.cloud.site.sa/MyCloudPortal/firewall-rules</a>&nbsp;Once the required fields are filled, the generated rules will appear in the bottom text box, and you can use the copy button on top right corner to copy the generated rules.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/rule_gen_d5667ef272.png"></figure>Once the newly generated rules are copied, they can be applied using Bulk Actions.&nbsp;&nbsp;<h4>What is Bulk Actions?</h4>Bulk actions is a tool used to create or make changes in bulk.The actions that can be done include, but are not limited to: Creating VMs, Rebooting VMs, Creating firewall rules, and more.&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_238bd2a41b.png"></figure>&nbsp;For this case, we will use the bulk actions to apply firewall rules that were generated using Rule Generator.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/image_f7eca33e7d.png"></figure>&nbsp;From the dropdown menu, you can choose the “Create Firewall Rule” option.After that, you can paste the previously copied rules from rule generator, and click on the “Submit” button.Shortly after, you will see the firewall rule requests appear in the “Request List”.

Firewall Rule Generator & Bulk Actions

<h2>Overview</h2>TLS Inspection allows you to securely inspect encrypted TLS/HTTPS traffic that enters your cloud resources. The system decrypts the traffic, applies security inspection using an Intrusion Prevention System (IPS), and then re-encrypts the traffic before forwarding it to the destination.This enables protection against threats hidden inside encrypted traffic while maintaining end-to-end security.<hr><h2>How TLS Inspection Works</h2>Incoming TLS/HTTPS traffic reaches the firewall rule.Traffic is temporarily decrypted using a certificate you provide.Security inspection is applied using IPS policies.Traffic is re-encrypted and forwarded to your Virtual Machine or Load Balancer.<hr><h2>Inspection Method</h2>Intrusion Prevention System (IPS) IPS policies are applied during inspection to detect and prevent malicious traffic before it reaches your workload.<hr><h2>When TLS Inspection Can Be Enabled</h2>TLS Inspection is available only for:&nbsp;1- Incoming firewall rules&nbsp;2- Traffic originating from: Internet or Shared Area&nbsp;<hr><h2>Prerequisites</h2>Before enabling TLS Inspection:A valid certificate must exist in Certificate Manager.The firewall rule must be an incoming rule from internet or shared.You must have permission to modify firewall rules.<hr><h2>Enabling TLS Inspection</h2>TLS Inspection can be enabled from:<ul><li>Virtual Machine → Firewall Rules</li><li>Load Balancer → Firewall Rules</li></ul>&nbsp;<h3>Steps</h3>Navigate to the firewall rules page.Locate the incoming rule you want to modify.Enable TLS Inspection by selecting a certificate from the Certificate Manager.Click Submit. &nbsp;The certificate is associated with the firewall rule and inspection becomes active immediately.&nbsp;<hr><h2>Certificate Associations</h2>You can view where a certificate is used from Certificate Manager.The Associated To column displays usage such as:<code>1 firewall rule in VM: &lt;vm_name&gt;</code><code>8 firewall rules in LB: &lt;lb_name&gt;</code>Clicking the association redirects you to the corresponding resource.The certificate overview also lists all associated firewall rules.<hr><h2>Logging and Visibility</h2>Traffic inspected through TLS Inspection appears in Firewall Logs, consistent with other firewall rule logs. No additional configuration is required.

TLS Inspection

<h3>Version 2.2.0</h3>&nbsp;<ol><li>Introducing new sections:&nbsp;<ol><li>Security</li><li>Storage&nbsp;</li></ol></li><li>Introducing new products:<ol><li>Bare-metal</li><li>DNS</li><li>Mail Gateway</li><li>PAM</li><li>S3</li></ol></li><li>Virtual Machines now have two types of storage: High-Performance and Standard-Performance.</li><li>Pricings updates across existing products.</li><li>“Fileshare and archive” product is now deprecated and replaced by “SMB” and “NFS” under “Storage”.</li><li>App layout enhancements.</li></ol>

Estimate the cost on on-boarding a new workload

Calculator

Release Notes 2.2.0

<h2>Definition</h2>An Application Load Balancer distributes incoming traffic across multiple servers or virtual machines (VMs), ensuring applications remain fast, reliable, and secure. It helps optimize performance, improve availability, and protect applications by applying rules and security features.<hr><h2>Features</h2><h4 style="margin-left:0px;">Traffic Distribution</h4>Distributes client requests across multiple backend servers to avoid overload and ensure high availability.<h4 style="margin-left:0px;">Service Support</h4>Supports multiple protocols (HTTP, HTTPS, TLS, TCP, …) for different application needs.<h4 style="margin-left:0px;">Managing SSL Certificates</h4><ul><li>Easily attach and manage SSL certificates for encrypted traffic.</li><li>SSL Certificates cannot be added to non-secure load balancers (e.g., HTTP or TCP).</li></ul><h4 style="margin-left:0px;">TLS Termination</h4>Provides secure traffic handling by encrypting and decrypting connections directly at the load balancer.<h4 style="margin-left:0px;">Persistence Methods</h4>Ensures client requests are consistently routed to the same backend server using different methods:<ul><li>Cookies: Session-based persistence (only for HTTP/HTTPS).</li><li>Hash: Consistent routing based on a calculated value (e.g., request content).</li><li>Source Address: Routes clients based on their IP address.</li></ul><h4>Connection Reuse &nbsp;</h4>Optimizes performance by reusing existing connections between the LB and backend servers (up to 1000 reuses, max age 24 hours). Only available for HTTP/HTTPS load balancers.<h4 style="margin-left:0px;">Security Controls</h4><ul><li>Firewall Rules: Define incoming and outgoing firewall rules.</li><li>Web Application Firewall (WAF): Protects applications against common attacks.</li><li>Blocked URIs: Restrict specific paths or endpoints.</li></ul><h4 style="margin-left:0px;">Default Certificates for Secure Services</h4>All secure load balancers (HTTPS, TLS, SMTPS, FTPS) are automatically assigned a free self-signed certificate upon creation.Users can replace this default certificate with their own at any time.<h4 style="margin-left:0px;">Flexible IP Management</h4>Supports both Public IPs (accessible from the internet with proper firewall rules) and Shared IPs for cross-network communication<hr><h2>Use Cases</h2><ul><li>High Availability: Keep web applications online by balancing traffic across multiple servers.</li><li>Scalability: Seamlessly add backend servers as traffic grows.</li><li>Security: Terminate TLS, enforce firewall rules, and block malicious requests with WAF.</li><li>Cost Efficiency: Share one LB across multiple applications while managing resources centrally.</li></ul><hr><h2>Step-by-Step Guide</h2><h3>1. Create an Application Load Balancer</h3>Navigate to Networking → App Load Balancers from the Cloud Portal.Click Create in the top-right corner.Fill in the form:<ol style="list-style-type:decimal;"><li>Tenant: Select the tenant.</li><li>Business Group: Choose the relevant business group.</li><li>Environment: Select the environment.</li><li>VPC: Choose the virtual cloud.</li><li>Name &amp; Description: Enter details for identification.</li><li>Service: Select the service (e.g., HTTP, HTTPS, TLS, TCP).</li><li>Virtual IP &amp; Port: Define the VIP and port.</li></ol> Why it matters: These settings define how traffic reaches your applications.<hr><h3>2. Manage Members Configuration</h3><ol style="list-style-type:decimal;"><li>Open the created Load Balancer.</li><li>Go to the Members tab.</li><li>Configure the following settings:<ol style="list-style-type:lower-latin;"><li>Member Service: Define the backend service type (e.g., HTTP, HTTPS, TCP).</li><li>Load Balancing Method: Choose between Round Robin, Least Connections, or Hash.</li><li>Health Monitor: Choose between TCP, HTTP or PING.</li><li>Enable/Disable Connection Reuse: Toggle reuse connections for efficiency (not available for all protocols).</li></ol></li></ol><hr><h3>3. Manage Security</h3>Firewall Rules: Define incoming and outgoing firewall rules.WAF: Enable to protect your application from common web attacks such as SQL injection and cross-site scripting. (only for HTTP/HTTPS).Blocked URIs: Add or remove endpoints to block malicious or unwanted requests. (only for HTTP/HTTPS).<hr><h3>4. Manage Certificates</h3>Secure LBs (HTTPS/TLS) are automatically assigned a free default certificate.To replace default certificate:<ol style="list-style-type:decimal;"><li>Navigate to the SSL Certificates tab.</li><li>Upload or select your own certificate.</li><li>Attach it to the load balancer.</li></ol>⚠️ Certificates cannot be added to non-secure load balancers (HTTP, TCP).<hr><h3>5. Manage Network</h3>You can control how your Load Balancer is reached by assigning the appropriate IP address type:<ul><li>Public IP Address: Use this if you want the Load Balancer to accept incoming traffic from the internet.</li><li>Shared IP Address: Use this if you only need access within the cloud environment or across connected VPCs, without exposing the Load Balancer to the internet.</li><li>HTTP Version: configured for HTTPS load balancers only. Using HTTP/2 requires associating SSL certificate, as this version cannot be used with the Site Cloud Default Certificate.</li></ul><hr><h2>FAQs</h2><ul><li>Q: Can I edit the service (HTTP/HTTPS/TLS) after creating a Load Balancer? No, the service type cannot be changed once the LB is created. You must create a new one if the service changes.</li><li>Q: Why can’t I attach a certificate to my HTTP or TCP Load Balancer? Certificates are only supported on secure load balancers (HTTPS, TLS).</li><li>Q: What happens if I delete a Load Balancer member? The load balancer will immediately stop routing traffic to that server.</li><li>Q: I want to perform SSL termination on my VM instead of the Load Balancer. How can I do this? Create a TCP Load Balancer. In this mode, the Load Balancer will simply forward encrypted traffic directly to the backend members without decrypting or offloading it at the LB level.</li><li>Q: How can I ensure traffic is always encrypted from the client all the way to the VM? To fully encrypt traffic end-to-end: 1- Client to Load Balancer traffic: Attach an SSL certificate to the Load Balancer so client connections (e.g., from a browser) are encrypted. 2- Load Balancer to Members traffic: From the Members Configuration, set the backend members to use a secure service (e.g., HTTPS or TLS). This ensures the Load Balancer forwards traffic securely to the VMs.</li></ul><hr><h2>Glossary</h2>VIP (Virtual IP): The private IP address assigned to the load balancer.Members: Backend servers (VMs) receiving traffic from the LB.Persistence Profile: Ensures client requests stick to the same server.TLS Termination: LB decrypts traffic before passing it to servers.WAF: Web Application Firewall for security.Blocked URIs: Specific paths denied access through the LB.Connection Reuse: Reusing an open connection between LB and backend servers to improve efficiency.

Application Load Balancer

<h2>Disclaimers</h2>SITE deploys the file share service with industry-leading known security mechanisms. The client and all of its users acknowledge and understand that File Share service (“the Service” or “the Platform”) is accessible from the Internet as is, with all the inherent risks. SITE makes no warranty that any information, software, files, or other materials uploaded to and downloaded from File Share are free from viruses, Trojan horses, or other harmful components. End-users must encrypt and password-protect files classified as SECRET and TOP SECRET on their local devices before uploading them to file-sharing services, in compliance with the National Cybersecurity Authority (NCA) National Cybersecurity Strategy (NCS) guidelines.password for encrypted files should be shared with the recipient through a separate communication channel—such as sending the file link via email and the password via SMS. SITE shall not be liable for any security breaches, data loss, damage, or compromise of data resulting from users’ failure to adequately encrypt files or to take any other required security measures. By using our file share service, the clients and all of its users acknowledge and agree to assume all the risks inherent in the public use of a file share service.&nbsp;<h2>Confidentiality</h2>SITE Share may contain sensitive information intended solely for the designated recipients. This information must not be shared with anyone other than its intended audience. No individual or entity may disclose, distribute, or utilize the contents of this product without the express written consent of the owner. Any unauthorized use, disclosure, dissemination, duplication, or distribution is strictly prohibited and may be unlawful. If you have received this content in error, please delete all copies from your system, destroy any printed versions, and promptly notify the Saudi Information Technology Company (SITE).&nbsp;<h2>Copyright</h2>Unless otherwise stated, the content of this product is the proprietary and exclusive property of the Client/Saudi Information Technology Company (SITE). Regardless of its intended use, no portion of this content—whether in whole or in part—may be reproduced, stored, transmitted, or utilized for any purpose without prior written authorization from the Client/SITE.

SITE Share Legal Notices

<h2>Overview</h2>The current generation of AI agents is largely stateless: each interaction is treated as an isolated event, with little to no durable memory of past conversations, decisions, or learned preferences. As a result, agents repeatedly ask for the same information, lose context over time, and struggle to improve through experience, especially when interactions are separated by long time gaps.Agentic Memory addresses this fundamental limitation by introducing persistent, semantic memory as a first-class capability for agentic systems. Instead of relying solely on short-lived context windows or brittle prompt-based workarounds, agents can store meaningful information once and recall it later based on relevance and intent, even months after the original interaction.By externalizing memory into a managed, long-term store, our Agentic Memory product enables AI systems to behave more like knowledgeable assistants than transactional tools. Agents can accumulate understanding over time, reconnect past knowledge with new situations, and deliver experiences that feel continuous, informed, and increasingly intelligent, regardless of session boundaries or interaction frequency.<hr><h2>Core Concepts</h2><h4>Memory Space</h4>A Memory Space is the top-level container that represents an application, product, or use case. It provides logical isolation and governance boundaries for memory data.Key characteristics:<ul><li>Groups related Memory Stores under a single context</li><li>Scoped to a tenant and business group</li><li>API access is managed at the Memory Space level</li><li>Creation and deletion are managed through the Cloud Portal</li><li>Deleting a Memory Space removes all associated Memory Stores and their memories</li></ul>&nbsp;<h4>Memory Store</h4>A Memory Store is an individual collection of memories within a Memory Space. It is typically scoped to a specific entity such as a user, agent, session, or workflow.Key characteristics:<ul><li>Contains the actual stored memories</li><li>Supports adding, retrieving, listing, searching, and deleting memories</li><li>Can be created and deleted by authorized clients using the Memory Space’s credentials</li></ul>&nbsp;<h4>Memory</h4>A Memory is a single stored text entry.<hr><h2>Key Capabilities</h2>Agentic Memory provides a focused set of high-level capabilities:<ul><li>Create and delete Memory Stores within a Memory Space</li><li>Add memories as plain text without managing embeddings manually</li><li>Retrieve memories individually or as a list</li><li>Search memories using semantic similarity against a text query</li><li>Delete memories when they are no longer relevant</li></ul>All embedding, indexing, and query optimization is handled by the product.<hr><h2>Limits</h2>The default limits are:<ul><li>Up to 100 Memory Stores per Memory Space</li><li>Up to 1,000 memories per Memory Store</li></ul>Custom limits can be configured per instance to support larger-scale or specialized use cases; please reach out to your designated Service Delivery Manager for more information.<hr><h2>Typical Use Cases</h2><h4>1. Personalized AI Assistants</h4>Scenario Each end user of an AI assistant is assigned a dedicated Memory Store within a Memory Space.How it works<ul><li>A single Memory Space represents the application</li><li>A Memory Store is created for each user</li><li>User-specific preferences, past interactions, and long-term context are stored as memories</li><li>Searches are scoped to the user’s Memory Store only</li></ul>Benefits<ul><li>Strong isolation between users</li><li>Personalized responses based on historical context</li><li>Simple lifecycle management when users are created or deleted</li><li>An ideal pattern for chatbots, copilots, and digital assistants that need long-term personalization.</li></ul>&nbsp;<h4>2. Workflow- or Agent-Centric Memory for Task Automation</h4>Scenario Memory Stores scoped to workflows, agents, or processes.Examples<ul><li>A customer support automation system uses one Memory Store per support queue or issue type</li><li>An autonomous agent system uses one Memory Store per agent role (e.g., researcher, planner, executor)</li></ul>How it works<ul><li>A Memory Space represents the overall system</li><li>Memory Stores represent shared knowledge for a workflow or agent</li><li>Memories include resolved issues, learned patterns, summaries, or decisions.</li></ul>Benefits<ul><li>Shared institutional knowledge across agents or executions</li><li>Improved consistency and decision-making over time</li><li>An ideal pattern for autonomous agents, RAG pipelines, operational intelligence, and decision-support systems.</li></ul><hr><h2>Example Use Case: Per-User Memory for a Booking Assistant</h2>ScenarioAn AI-powered booking assistant helps users plan and manage travel. Users may interact with the assistant over longer periods that can sometimes span weeks or months, but still expect it to remember their preferences and past decisions.Each user is assigned a dedicated Memory Store within a shared Memory Space for the application.What Is Stored as Memory<ul><li>Preferred airlines, hotels, or seat types</li><li>Past destinations and recurring travel patterns</li><li>Loyalty program memberships or seating preferences</li><li>Constraints such as budget ranges or preferred travel times</li><li>Notes from previous conversations (e.g. "I prefer aisle seats on long flights")</li></ul>How It Works Over Time<ul><li>On each interaction, the assistant retrieves relevant memories from the user’s Memory Store</li><li>New or updated information is added as additional memories</li><li>Searches are semantic, allowing the assistant to recall relevant context even if phrased differently</li><li>Memory persists across sessions, devices, and long periods of inactivity</li></ul>User Experience Benefits<ul><li>No need to repeat preferences or background information</li><li>More personalized and consistent recommendations</li><li>Conversations feel continuous rather than reset-driven</li><li>Increased trust in the assistant’s usefulness over time</li></ul>Why Agentic Memory Is a Good Fit<ul><li>Strong isolation between users through per-user Memory Stores</li><li>Scales naturally as the user base grows</li><li>Supports long-term personalization without bloated prompts</li><li>Enables agents to improve through accumulated experience</li></ul><hr><h2>Summary</h2>Agentic Memory provides a low-ops, production-ready foundation for persistent, semantic memory in agentic and AI-driven systems. By abstracting away embeddings, vector storage, and scaling, it allows teams to focus on building intelligent behavior rather than managing infrastructure.

Agentic Memory

<h2>SITE Cloud CDN</h2>SITE Cloud CDN is a web service designed to speed up the delivery of your static and dynamic web content, such as .html, .css, .js, and image files, to users. It also adds an extra layer of security by offloading traffic and serving as a protective barrier between the end user and the origin server. The service distributes content through a regional network of data centers in Riyadh and Jeddah. When a user requests content from SITE Cloud CDN, the request is directed to the edge location with the lowest latency, ensuring optimal performance for content delivery.<ul><li>If the content is already in the edge location, SITE Cloud CDN delivers it immediately.</li><li>If the content is not in that edge location, SITE Cloud CDN retrieves it from an origin that you've defined.</li></ul>&nbsp;&nbsp;<h2>Features</h2><ul><li>Extra Security Layer Protects against DDoS attacks, malicious traffic through advanced security mechanisms that help defend against various online threats .</li><li>Content Caching for Reduced Latency Stores and delivers cached content from the edge server, reducing load times and bandwidth usage.</li><li>Load Balancing for High Availability Distributes traffic across multiple nodes to prevent overload and ensure continuous uptime.</li><li>Free SSL Certificate: SITE Cloud CDN offers a free SSL certificate, ensuring secure connections and boosting user trust with HTTPS.</li><li>Free Domain: An option offered by SITE Cloud CDN to enhance your website's presence.</li><li>Customizable Caching Rules &amp; Expiration Control Allows users to define which paths to cache, exclude specific content, and set cache expiration durations for better control over freshness and storage efficiency.</li><li>Real-Time Analytics and Monitoring – Offers visual insights into your CDN instance, helping you track and optimize performance. (<a href="https://docs.cloud.site.sa/MyCloudPortal/cdn-insights" target="_blank" rel="noopener noreferrer">Check CDN Insights Documentation</a>)</li></ul>&nbsp;&nbsp;<h2>Step-by-Step Guide</h2>&nbsp;<h3>Prerequisites&nbsp;</h3><ul><li>An App Load Balancer with Web Application Firewall (WAF) enabled and an assigned shared IP.</li></ul>*Refer to the <a href="https://docs.cloud.site.sa/MyCloudPortal/application-load-balancers" target="_blank" rel="noopener noreferrer">App Load Balancer Documentation </a>for detailed instructions on setting up an App Load Balancer.&nbsp;1.Navigating to CDN: In the side menu, navigate to the Networking section and select “CDN”.2- Create a CDN&nbsp;<ul><li>Click on "Create" to create a new CDN&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDN_1_859cfb84b5.png"></figure>2.1 To create a new CDN, you need to fill in the following information:<ul><li>Business Group</li><li>Domain&nbsp;</li><li>Subdomain is not mandatory unless you choose SITE's free domain.&nbsp;</li><li>Origin: choose from the list an app load balancer with WAF and shared IP enabled.</li><li>Protocol: http or https</li><li>Cache Expiration Duration: set an expiration duration for the cached content.&nbsp;</li><li>Paths to Exclude: provide paths to be excluded from getting cached. you can use * to exclude all paths under a directory, Eg: example/*</li></ul>Note: You need to allow Incoming firewall rules from these shared IPs (100.64.32.32 and 100.80.0.109).<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDN_2_47f04918e9.png"></figure>3- Manage your CDN&nbsp;After creating a CDN, click on your CDN to view detailed information about the instance.3.1 Insights Tab check <a href="https://docs.cloud.site.sa/MyCloudPortal/cdn-insights" target="_blank" rel="noopener noreferrer">CDN Insights Doc</a> for more info<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDN_2_2f2e54175c.png"></figure>3.2 Details Tab provides comprehensive information about your CDN instance, including its configuration and status.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDN_4_5f54687a51.png"></figure><ul><li>By clicking on the Edit icon, you can easily modify the Origin, Cache Expiration Duration, and Paths to Exclude, allowing you to customize your CDN settings as needed.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDN_5_cadcea60c4.png"></figure>3.3 History Tab displays a complete log of all changes and actions performed on this CDN instance, providing a detailed record for tracking modifications and updates.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDN_6_376401766c.png"></figure>3.4 Actions Button<ul><li>Purge Cache button clears cached content immediately, ensuring users get the latest version from the origin server without waiting for the Cache Expiration Duration to update it automatically.</li><li>Delete button permanently removes the CDN instance, including its configuration and cached content. This action cannot be undone.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDN_8_a6ecacf52a.png"></figure>

CDN 

<h2>SITE CDN Insights</h2>SITE CDN visuals provide real-time insights into your CDN instance’s performance and traffic, helping track trends, identify issues, and optimize content delivery, speed, and resource use.&nbsp;<ol><li>Performance Tracking Monitors traffic and response times to enhance website speed and performance.</li><li>User Behavior Insights Analyzes traffic sources, devices, and popular content for better targeting.</li><li>Real-Time &amp; Historical Data Analysis Provides live and past performance trends for data-driven decisions.</li><li>Reduced Downtime &amp; Faster Troubleshooting Identifies errors and inefficiencies for quick resolution.</li><li>User-Friendly &amp; Insightful Design Provides intuitive filters and visual insights for seamless CDN management.</li></ol>&nbsp;<h2>Breakdown of CDN Dashboard Visuals</h2>The CDN dashboard includes a time range filter that lets you analyze performance over different periods (last 24 hours, Last 7 days, Last 30 days, Last 6 months, or Last year) to track trends and optimize content delivery. In this section, we’ll walk through each visual and how it helps you monitor, optimize, and enhance your content delivery.&nbsp;&nbsp;1. Total Requests (Line Chart) Displays the total number of requests over the specified time period.2. Total Bandwidth (Line Chart) Displays the total amount of egress bandwidth (the data sent from the CDN edge servers to end users) over the specified time period.Both visuals show the total based on the selected time range:<ul><li>Last 24 hours – Total per hour.</li><li>Last 7 days – Total every 6 hours.</li><li>Last 30 days – Total per day.</li><li>Last 6 months – Total per week.</li><li>Last year – Total every 2 weeks.</li></ul>These insights help you monitor traffic trends, optimize resource usage, and detect unusual spikes or drops in CDN activity.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDNI_1_7524bc1720.png"></figure>3. Request by Country (Geomap) Displays an interactive visual representation of where requests originate. Hovering over a country shows the total number of hits from each country.4. Request by Country (Table) Presents the same data in a structured table format, listing each country alongside the number of requests.These visuals help you understand geographic traffic distribution, and detect unusual access patterns.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDNI_2_e89f13e12d.png"></figure>5. Average Latency (Heatmap) groups data into buckets, where each bucket represents:<ul style="list-style-type:disc;"><li>Number of Requests – The color intensity darkens as the number of requests in the bucket increases.</li><li>Latency Range – Requests within the bucket fall into a specific latency range.</li><li>Time Interval – The bucket’s time range is based on the selected time filter:<ul style="list-style-type:circle;"><li>Last 24 hours – Buckets per hour.</li><li>Last 7 days – Buckets every 6 hours.</li><li>Last 30 days – Buckets per day.</li><li>Last 6 months – Buckets per week.</li><li>Last year – Buckets every 2 weeks.</li></ul></li></ul>This visual helps users detect performance trends, identify latency spikes, and optimize response times efficiently.&nbsp;6. Top Visited Paths (Table) Displays each path or page within your origin along with the number of visits in a tabular format. This helps you compare high-traffic and low-traffic pages, allowing you to adjust your content strategy accordingly.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDNI_3_01535df323.png"></figure>7. HTTP Errors (Pie Chart) displays the total number of 4xx client-side errors and 5xx server-side errors based on the selected time range filter. This visual helps you quickly identify error trends, troubleshoot issues, and improve request handling to enhance the overall user experience.8. Unique Visitors (Spark Line) Shows the total count of unique IPs that have accessed your website during the selected time range. This interactive chart allows you to hover over each point to view detailed data, helping you track how many different users are visiting your content and at what times.9. Top Requests by IP (Table) displays the total number of requests made by each IP address within the selected time range. This helps you identify high-traffic sources, detect potential abusive or suspicious activity to enhance security and performance.10 &amp; 11. Operating System Overview and Browser Overview visuals show the percentage of requests as well as the total count of requests based on the operating system and web browser used. These insights help you understand which platforms and browsers users are using to access your content.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/CDNI_4_2d44c7d68c.png"></figure>

CDN Insights 

<h2>Purpose&nbsp;</h2>This document describes the end-to-end process by which users enable and register Multifactor Authentication (MFA) in Outlook on Windows 11 and macOS/iOS. Microsoft refers to MFA and secure authentication supported as “Modern Authentication” hence future references may use this terminology as well.&nbsp;This document covers the supported Outlook channels and versions, explains the sign-on flow using SITE Authenticator, and provides clear, step-by-step instructions for activating user sign-in, and the technical requirements needed prior to enabling Modern Authentication. “Site Authenticator” guide and download links are available&nbsp;<a href="https://docs.cloud.site.sa/CloudAuthentication/site-authenticator">here</a>.&nbsp;<h2>Operating Systems &amp; Clients Prerequisites for MFA</h2>This section highlights the supported requirements needed to be implemented prior to enabling Multifactor Authentication (MFA).&nbsp;Enabling MFA without ensuring the configuration below taken place will result in services interruptions.&nbsp;&nbsp;<h2>Operating Systems Compatibility&nbsp;</h2><h3>Supported Operation Systems:</h3><ul><li>Windows 11 and above</li><li>macOS 15 Sequoia and above</li><li>iPhone iOS 17.6.1 and above</li></ul><h3>Not Supported Operating Systems:</h3><ul><li>Window 10 and older</li><li>macOS 14 Sonoma and older</li><li>iPad all versions</li><li>Android all versions</li></ul>&nbsp;<h2>Email Clients Compatibility</h2><h3>Windows 11 and Above</h3><ul><li>Outlook in Microsoft 365 Apps&nbsp;<ul><li>Insider Channel, (version 2304, build 16327.202) or above.</li><li>Current Channel, (version 2304, build 16327.20214) or above.</li><li>Monthly Enterprise Channel, (version 2304, build 16327.20324) or above.</li><li>Semi-Annual Enterprise Channel, (version 2402, build 17328.20184) or above.</li><li>Semi-Annual Enterprise Channel, (version 2402, build 17328.20452) or above.</li></ul></li><li>Outlook Retail/Volume<ul><li>Outlook 2021 (Retail), (version 2304, build 16327.20214) or above.</li><li>Outlook 2024 (Retail), (version 2410, build 18129.20158) or above.</li><li>Outlook 2024 (Volume), (version 2408, build 17932.20162) or above.</li></ul></li></ul><h3>macOS 15 Sequoia and Above</h3><ul><li>Apple Mail Native Client</li></ul><h3>iPhone iOS 17.6.1 and Above</h3><ul><li>iPhone Mail Native Client</li></ul>&nbsp;<h2>Required Email Client Configuration for MFA</h2><h3>Windows 11 and above&nbsp;</h3><h4>Windows Operating Systems Configuration</h4>If you have administrative privileges on your laptop, please proceed download and run the attached file “set-MFAclientPre.ps1” (you can find this at the bottom of this page) as it will automatically prepare your workstation with the required setup.In case you do not have the needed permissions, or your laptop is part of an Active Directory Domain, please share this Doc with your systems administrator:You may also perform the following actions if you are not able to run the attachment.Use group policy or PowerShell.&nbsp;Run the below commandNew-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains" -Force(Get-Item HKLM:).OpenSubKey("SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains", $true).CreateSubKey("https://id.cloud.site.sa/")(Get-Item HKLM:).OpenSubKey("SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains", $true).CreateSubKey("https://id.cloud.site.sa")&nbsp;&nbsp;Use registry editorHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains\https://id.cloud.site.sa/HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains\https:// id.cloud.site.sa&nbsp;Enable Modern Auth using PowerShellSet-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity" -Name "EnableExchangeOnPremModernAuth" -Value 1 -Type DWord&nbsp;<h4>Outlook Client&nbsp;Configuration</h4>Once your windows 11 has been successfully configured in the previous step, please ensure to follow the steps ahead to configure your email client:&nbsp;<ol style="list-style-type:decimal;"><li>In windows “start”, search for "Outlook", then click on "Outlook".&nbsp;</li><li>In following pop-up, click “Put Name” and click “Ok”<ul><li><img src="/uploads/image_c32f0138e6.png"></li><li><img src="/uploads/image_38829d22f7.png"></li><li><img src="/uploads/image_aaeeade1b8.png"></li></ul></li><li>In the following pop-up, type “Email Address” and click “Connect”<ul><li><img src="/uploads/image_0dd5a9a5e9.png"></li></ul></li><li>In the following option, Choose The “Exchange”<ul><li><img src="/uploads/image_347a45e64f.png"></li></ul></li><li>Modern Authentication will be Required at this stage<ul><li><img src="/uploads/image_0956bf88ac.png"></li></ul></li><li>Click “Registration”<ul><li><img src="/uploads/image_09659c4006.png"></li></ul></li><li>Click “Continue”<ul><li><img src="/uploads/image_54d6a09201.png"></li><li><img src="/uploads/image_7ddbbf28e7.png"></li></ul></li><li>Scan Using “Site Authenticator” the QR Code. “Site Authenticator” guide and download links are available&nbsp;<a href="https://docs.cloud.site.sa/CloudAuthentication/site-authenticator">here</a>.&nbsp;<ul><li><img src="/uploads/image_21bc51b101.png"></li></ul></li><li>After Successful Registration using the Authenticator, please enter the required Code<ul><li><img src="/uploads/image_a6340b47fb.png"></li></ul></li><li>Click “Finish”<ul><li><img src="/uploads/image_b948627a74.png"></li></ul></li><li>Click “Done”<ul><li><img src="/uploads/image_95f598cd89.png"></li></ul></li></ol>&nbsp;<h3>macOS 15 Sequoia and above</h3><h4>Apple Mail Native Client Configuration</h4>To configure the email service with MFA on an macOS Mail App, please follow the steps below:&nbsp;<ol style="list-style-type:decimal;"><li>Open the “Launchpad”</li><li>Click “MailApp”</li><li>Select “Microsoft Exchange”<ul style="list-style-type:disc;"><li><img src="/uploads/image_7aced3b828.png"></li></ul></li><li>Type “Name” and “Email Adress” &nbsp;</li><li>Click “Sign in”<ul><li><img src="/uploads/image_6b349ede9e.png"></li></ul></li><li>Click “Sign In”<ul><li><img src="/uploads/image_e6566f2a6e.png"></li></ul></li><li>Enter the “Code”</li><li>Click “Sign In”<ul><li><img src="/uploads/image_c5a3b33434.png"></li></ul></li><li>Click “Done”<ul><li><img src="/uploads/image_1be9f95ce2.png"></li><li><img src="/uploads/image_165aa0981d.png"></li></ul></li></ol>&nbsp;<h3>iPhone iOS 17.6.1 and above</h3><h4>Apple Mail Native Client Configuration</h4>To configure the email service with MFA on an iPhone, please follow the steps below:&nbsp;<ol style="list-style-type:decimal;"><li>Open the “Settings”</li><li>Open “Mail”<ul><li><img src="/uploads/image_091f4412e6.png"></li></ul></li><li>Click on “Account” and “Add account”<ul><li><img src="/uploads/image_c1767db679.png"></li><li><img src="/uploads/image_3365c112fb.png"></li></ul></li><li>Select “Microsoft Exchange”<ul><li><img src="/uploads/image_0cadb96f3a.png"></li></ul></li><li>In the window that will appear on the screen, enter the fields necessary for the connection&nbsp;<ul><li>E-mail: the email address of the account to be configured</li><li>Description: a description for the profile</li></ul></li><li>Click “Next”<ul><li><img src="/uploads/image_b1463b9593.png"></li></ul></li><li>Click “Sign In”<ul><li><img src="/uploads/image_a138b37e36.png"></li></ul></li><li>Enter User email address and password Click “Sign In”<ul><li><img src="/uploads/image_a503dadae0.png"></li></ul></li><li>Click “Registration” and “Continue”<ul><li><img src="/uploads/image_c25f02161f.png"></li><li><img src="/uploads/image_f2f4fc23e1.png"></li></ul></li><li>Scan with “Site Authenticator” Using the QR Code .“Site Authenticator” guide and download links are available&nbsp;<a href="https://docs.cloud.site.sa/CloudAuthentication/site-authenticator">here</a>.<ul><li><img src="/uploads/image_efa874b482.png"></li></ul></li><li>Enter the Code<ul><li><img src="/uploads/image_08f208aff0.png"></li></ul></li><li>Click “Finish”<ul><li><img src="/uploads/image_adb929de49.png"></li></ul></li><li>Click “Save”<ul><li><img src="/uploads/image_c4ec646212.png"></li></ul></li></ol>&nbsp;&nbsp;&nbsp;<h2>Downloads</h2>&nbsp;&nbsp;

set-MFAclientPre.zip

Email Multifactor Authentication (MFA) Onboarding Guide 

<h2>Definition</h2>Object Storage (S3) is a data storage architecture that stores data as objects, where each object includes the data, associated metadata, and a unique identifier. It enables easy access through APIs, supports large-scale storage of unstructured data such as images, videos, backups, and logs, and offers high scalability, durability, and efficient metadata management.&nbsp;<h2>Features</h2><ul><li>Scalability: Supports massive amounts of data, scaling from terabytes to petabytes and beyond.</li><li>Durability: Ensures high data durability through data replication or erasure coding across multiple locations or devices.</li><li>Metadata Support: Allows rich, customizable metadata for each object, enabling advanced search and organization.</li><li>Access Management: Allows access control through Access Control Lists (ACLs). You can grant specific permissions to users at the bucket level, ensuring secure and controlled data access.</li><li>Cost Efficiency: Optimized for storing large volumes of infrequently accessed data at a lower cost.</li></ul>&nbsp;<h2>Use Cases</h2><ul><li>Backup and Archiving: Secure, long-term storage for system, application, and enterprise data with high durability and retention policies.</li><li>Media Storage: Ideal for hosting and delivering large volumes of images, videos, and audio used in digital platforms and streaming services.</li><li>Web and App Assets: Storing static assets such as HTML files, JavaScript, CSS, and multimedia for front-end delivery.</li><li>Centralized Data Repository: Serving as a central repository for structured and unstructured data.</li></ul>&nbsp;<h2>Prerequisites</h2><ul><li>A provisioned and running Virtual Machine (VM)</li></ul>&nbsp;&nbsp;<h2>Step-by-Step Guide</h2><h3>1- Navigate to Object Storage (S3)</h3><ul><li>Access Through Storage Section: On the side menu, through Storage section select “Object Storage (S3)”.</li><li>Create a new Object Storage (S3) Bucket: If you don't have an existing bucket you can press “Create” to make a new one.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/1_aac8475cc8.png"></figure><h3>2- Create Object Storage (S3) bucket</h3>2.1 After clicking "Create", a modal will appear prompting you to fill in the required fields, including a unique bucket name; once completed, click "Submit" to initiate the creation of your bucket.Note: you must open the firewall rules as suggested in the warning message that will appear after filling the form.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/2_5a4cd265d8.png"></figure><h3>3- Access Bucket Details</h3>3.1 By clicking on the bucket name, a Details Tab will appear showing general information about your bucket and its storage configuration. From this tab, you can also edit your storage quota.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/3_c12f4250d5.png"></figure>3.2 The Access Keys Tab allows you to grant access to users and specify the access type—Read, Write, or both—by clicking “Add Key”. After filling in the required fields, click “Save” to generate the user.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/4_f043d52625.png"></figure>Note: The secret key will not be shown again for security reasons. Make sure to copy and store it securely.&nbsp;3.3 Backups Tab – please refer to <a href="https://docs.cloud.site.sa/MyCloudPortal/article-42" target="_blank" rel="noopener noreferrer">Object Storage Backup &amp; Restoration</a> for more information.&nbsp;3.4 History Tab displays a complete log of all changes and actions performed on your bucket, providing a detailed record for tracking modifications and updates.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/5_2d709440eb.png"></figure><h3>&nbsp;</h3>&nbsp;

Object Storage (S3)

<h2>Custom Load-Balancer Configuration</h2>You can optionally apply a custom SSL configuration to your Load Balancer if you require settings that differ from the default setup.<h3>Accessing the Configuration</h3>Navigate to the Load Balancers page.Select the Load Balancer you want to configure.Under the SSL Certificates section, locate the Configuration dropdown.<h3>Choosing a Custom Configuration</h3>To use a custom configuration:First, submit a support request detailing the custom settings you need (e.g., specific ciphers, protocols, etc.).Once the configuration is prepared by our support team, return to the Load Balancer page.In the Configuration dropdown, select Custom.<blockquote>Note: It is strongly recommended to stick with the Default configuration unless you have a specific requirement. Default settings are regularly updated to reflect best security practices and broad compatibility.</blockquote>

Custom Load-Balancer Configuration

Object Storage (S3) Backup and Restoration refers to the process of creating a copy of an existing bucket and its contents to safeguard against accidental deletion, data corruption, or system failure. This approach enables restoration of the bucket and its objects to a previous state when necessary.&nbsp;<h2>Features</h2><ul><li>Full Bucket Backup: Creates a complete copy of all objects and metadata within the bucket.</li><li>Scheduled or On-Demand: Supports both scheduled and on-demand backup creation.</li><li>Bucket Restoration: Allows recovery of the entire bucket to a newly created restored bucket.</li><li>Storage Isolation: Stores backups in a centralized backup repository, along with other resources, to ensure separation from the original bucket and enhance recovery reliability.</li></ul>&nbsp;<h2>Use Cases&nbsp;</h2><ul><li>Accidental Deletion Recovery: Recovers data mistakenly deleted from a bucket.</li><li>Disaster Recovery: Restores critical data after system outages or data loss incidents.</li><li>Development/Test Cloning: Duplicates production data for use in non-production environments.</li><li>Data Integrity Protection: Maintains clean, restorable copies in case of corruption or unauthorized changes.</li></ul>&nbsp;<h2>Step-by-Step Guide</h2>1- Access your bucket, navigate to the “Backups” tab, and click the “Manage Backup” button. If you do not have an existing bucket, please refer to the <a href="https://docs.cloud.site.sa/MyCloudPortal/article-41" target="_blank" rel="noopener noreferrer">Object Storage (S3)</a> documentation for guidance on creating one.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/BU_1_f05f5b69c2.png"></figure>2- When the “Manage Backup” modal appears:<ul><li>Select the backup repository where you want your bucket to be stored. (For more information, refer to the <a href="https://docs.cloud.site.sa/MyCloudPortal/backup-repository" target="_blank" rel="noopener noreferrer">Backup Repository Documentation</a>)</li><li>Choose a backup regime: Disable Backup, Daily, Weekly, or Monthly.</li><li>Use the On-Demand Backup option to immediately back up your bucket, regardless of the selected backup regime. (Note: Running an on-demand backup will not affect your configured backup regime.)</li></ul>Then, click “Save” to apply your changes.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/BU_2_e666cdaf6e.png"></figure>3- On the desired backup version, click the three-dot menu on the right and select Restore Bucket.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/BU_3_4e69052322.png"></figure>4. A "Restore to a New Bucket" modal will appear, prompting you to enter the name and description for the new restored bucket.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/BU_4_314b2521e8.png"></figure>5. Return to the Buckets list, where you will find your newly restored bucket.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/BU_5_661e344475.png"></figure>

Object Storage (S3) Backup and Restoration

What is SITE Inform?SITE Inform is a whistleblowing platform that allows employees to anonymously report unethical and illegal misconduct within their organization.Main Roles:System Admin The system admin adds users, creates question templates, categories of cases, and their status.Supervisor The supervisor performs a supervisory role only, by reviewing the reports and their details. He can also activate/deactivate any user added to the same category that he supervises.Case ManagerThe role of the case manager in the system is to process the cases and communicate directly with the whistleblower, In the presence of a new case, the system assigns the case automatically via the “robin-round” feature.Observer The observer role is to only observe without taking any action on the dashboard page or cases.WhistleblowerThe whistleblower can report a new case or track their case. &nbsp;Key Features:<ul><li>Simple reporting flow through a secure web portal.&nbsp;</li><li>Flexible and detailed reporting and dashboard.</li><li>Bilingual language support (Arabic and English).</li><li>High level of security, data privacy and anonymity.</li><li>Configurable case management and dynamic questionnaires creation.</li><li>Supervisor approval workflow.</li></ul><ul style="list-style-type:disc;"><li>Will be hosted on SITE’s cloud environment.&nbsp;</li><li>Whistleblower can use the generated case number to access the case to:<ul style="list-style-type:circle;"><li>Track the case updates.</li><li>Read the case manager’s comments.</li><li>Leave comments on the case.</li><li>Upload further details.</li></ul></li></ul>&nbsp;SITE Inform Benefits:Empowering Ethical BehaviorBy providing an accessible and efficient tool for reporting misconduct, the platform reinforces the company's commitment to maintaining an ethical work environment.Increase Trust&nbsp;allowing anonymous reporting, the platform builds an environment of trust, empowering employees to voice concerns without any fears.User-Friendly platformA simple flow through a secure web portal ensures that employees can effortlessly report any concerns without complications.Comprehensive OversightOffering flexible and detailed reporting and dashboards, the platform provides organizations with a clear picture of reported issues.Inclusive Communication&nbsp;With bilingual language support in both Arabic and English, the platform ensures that a wider range of employees can access and use it without language barriers, promoting inclusivity.Customizable Reports&nbsp;Inform configurable case management and dynamic questionnaire creation allow organizations to tailor the reporting process according to their specific needs and industry requirements.

SITE Inform

SITE Inform Overview

What is SITE Ray?A secure virtual meeting and conferencing platform that provides fast and reliable conferencing capabilities designed for non-mission critical business meetings.<ul style="list-style-type:circle;"><li>24/7 Network Operation Center.</li><li>24/7 Managed Detect and Response.</li><li>Secure by Design Sovereign Cloud Hosting.</li></ul>RAY Capabilities:-Audio/Video Conferencing.High quality audio and video through responsive web or mobile application.-Screen Sharing.Ability to share a single application window or the entire desktop with meeting participants.-Meeting Recording.Ability to record audio, video, and other content of a meeting for future reference or sharing purposes.-Whiteboard Function.Collaborative whiteboard that can be used for annotations with other participants.-Bilingual language support.It supports multi-languages (Arabic and English).-Chat.One to one and group Instance messages with the meeting participants.-Email Plugin.Seamlessly schedule and join meetings directly from email outlook.-Polling.Launch a poll question during your meeting and see the response from the participants.-Brand Customization. Ability to personalize SITE Ray to reflect a client brand's visual identity.-Multi-Deployment/Connectivity Model.Ray can be deployed as Multi Tenancy, dedicated, hydride or air gapped Model.Security Features:<ul style="list-style-type:circle;"><li>MFA Using SITE Authenticator.</li><li>Meeting Password.</li><li>Room Lock.</li><li>Waiting Room.</li><li>Three Layers of encryption.</li><li>TLS/DTLS encryption.</li><li>End-To-End encryption.</li><li>IP Sec VPN encryption (Optional)</li></ul>

SITE Ray

SITE RAY Overview

<h2>User Management</h2><h3>Overview</h3>this new feature will greatly enhance your user management experience and provide you with greater control and flexibility. With the latest update, you will now be able to perform the following actions within SITE Cloud Portal to Manage User:<ol><li>Create, Modify, Delete, and Activate Users: Easily manage user accounts and make necessary updates as per your requirements.</li><li>Grant Authorization for SITE Cloud Services: You can now assign access rights to various essential portals and services, including the Monitor Portal, Support Portal, Cloud Portal, Cloud Billing, and Site Access.</li><li>Streamline Notifications: Ensure that the right individuals receive operation and security notifications by setting up personalized notification preferences.</li><li>User Role Definition: Define specific roles for users based on their responsibilities. Choose from roles such as Technical Owner, Business Owner, or Security Representative L1 or L2 to align user access with their respective roles.</li></ol>&nbsp;<h3>Pre-requests</h3><ul><li>created tenant on SITE Cloud</li><li>created business groups</li></ul>&nbsp;<h3>step-by-step guide&nbsp;</h3><ul><li>first go to user management tab under settings group on the left side menu:</li></ul><figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Capture_f7c4061e62.PNG"></figure>&nbsp;<ul><li>click create on the top right corner and fill the required Fields and chose the right Authorization then click submit:</li></ul><figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Capture1_d11f17b02e.PNG"></figure>&nbsp;&nbsp;<ul><li>hovering on the user you can edit user information and authorization:</li></ul><img src="https://cms.cloud.site.sa/docs/uploads/Screenshot_2_7d97c51179.png"><ul><li>and clicking the three dots you can reset user password or deactivate/activate user:</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Capture3_73bdd25c35.PNG"></figure>

User Management

<h3 style="margin-left:0in;">Page Overview</h3>A User Manual provides a description of how end users interact with the system (SITE Inform).&nbsp;o <a href="https://docs.cloud.site.sa/SITEInform/article-11" target="_blank" rel="noopener noreferrer">System Admin</a>o <a href="https://docs.cloud.site.sa/SITEInform/article-12" target="_blank" rel="noopener noreferrer">Supervisor</a>o <a href="https://docs.cloud.site.sa/SITEInform/article-13" target="_blank" rel="noopener noreferrer">Case Manager</a>o <a href="https://docs.cloud.site.sa/SITEInform/article-6" target="_blank" rel="noopener noreferrer">Whistleblower</a>o <a href="https://docs.cloud.site.sa/SITEInform/article-14" target="_blank" rel="noopener noreferrer">Observer</a>&nbsp;<h3 style="margin-left:0in;">System Overview</h3>&nbsp;<h4 style="margin-left:0in;">Login Page</h4>The system consists of a login page that represents the front interface for all users (System Admin, Supervisor, Case Manager, and Observer) except Whistleblowers. Each user is directed to the dashboard page to view get an overview of the system.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_103939_9ba1e57186.png"></figure>&nbsp;&nbsp;<h4 style="margin-left:0in;">System dashboard</h4>The dashboard gives the user an overview of the number of cases in the system and their status.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_155836_59d3f6e42a.png"></figure>&nbsp;&nbsp;<h4 style="margin-left:0in;">System Home Page</h4>Through the home page, the whistleblower can follow up on a previous case, or create a new case.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_155950_1d77568457.png"></figure>&nbsp;&nbsp;

System Overview 

Login Page:Visit SITE Ray login page to create or join a meeting.Click on Login as Employee.&nbsp;&nbsp;<img src="/uploads/image_af94a1702a.png">&nbsp;&nbsp;Schedule and Create MeetingThrough SITE RAY Main PageFrom the main page, click on "Create a new room" or “Create Live Stream” or join a meeting through Meeting URL.<figure class="image"><img src="/uploads/image_3a3df67f4c.png"></figure>Add meeting details, then Click on "Host" to start the meeting.<figure class="image"><img src="/uploads/image_aaa2050333.png"></figure>From meeting Setting, view Room Information and Click Copy next to “Meeting Link (for access)” to Share meeting URL with participants.<figure class="image"><img></figure>Schedule and Create MeetingThrough Email PluginOpen your outlook inboxClick on SITE RAY’s "Schedule Meeting" from the top toolbar.<figure class="image image-style-align-left image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_e2b6c6da4a.png"></figure>Or from your outlook calendar click new meeting then SITE RAYS ’s "Add a Meeting" from the top toolbar.The meeting room details will appear in the body of the message.<figure class="image image-style-align-left image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_cec596dd6e.png"></figure>Add your meeting information then share the invitation with participants.Join MeetingYou can join a meeting through the browser or mobile app. Click on the meeting invite link to join the meetingAllow permission for your microphone and camera, then enter the room settings.Enter you nameToggle your microphone and camera on or offIf you are a participant, enter the room password and encryption keyClick on Join to join the meeting.<figure class="image"><img src="/uploads/image_b61066006e.png"></figure>Meeting Features<figure class="image"><img src="/uploads/image_ba8ec191a0.png"></figure><figure class="image image-style-align-left image_resized" style="width:50%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_3263682e22.png"></figure>&nbsp;

SITE Ray Manual

&nbsp;<h3 style="margin-left:0in;">SITE Inform&nbsp;</h3>Is a whistleblowing platform that allows employees and other stakeholders to anonymously report unethical, illegal, or fraudulent activities or behaviors.&nbsp;<ul><li>Simple reporting flow through a secure web portal.</li><li>Flexible and detailed dashboard and reports.&nbsp;</li><li>Configurable case management and dynamic questionnaire creation&nbsp;</li><li>Hosted and operated Locally in Saudi Arabia.</li></ul>&nbsp;<h3 style="margin-left:0in;">Homepage&nbsp;</h3>The whistleblower can create a new report or follow up on a previous report.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_155950_1d77568457.png"></figure>&nbsp;<h3 style="margin-left:0in;">How to blow the whistle</h3>When you click on Report a New Case, You have to fill a form and the case will be treated confidentially.<ul><li>Choosing Category</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_163006_e3f8261666.png"></figure>&nbsp;<ul><li>Answer the questions displayed after choosing the category</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_163321_553d8020c5.png"></figure>&nbsp;<ul><li>Agree on the terms and conditions</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_163605_97d6ad5112.png"></figure>&nbsp;<ul><li>Your Case now is submitted, keep the case reference number to follow up</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_05_163833_4a0091499d.png"></figure>&nbsp;&nbsp;<h3 style="margin-left:0in;">How to track your case</h3><ul><li>Enter the case reference number</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_29_1_3ca0c6ada3.png"></figure>&nbsp;<ul><li>Case Details: You can see the case details, case number, status, date and last update.<ul style="list-style-type:circle;"><li>Case Details Tab</li></ul></li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_30_1_247b626e4d.png"></figure>&nbsp;<ul style="list-style-type:circle;"><li>Conversation Tab: you can contact the case manager directly.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_06_101359_b089149b22.png"></figure>&nbsp;<ul style="list-style-type:circle;"><li>Timeline Tab: You can see latest updates of your case.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_06_101513_dfca82472f.png"></figure>&nbsp;

Whistleblower View

<figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_6870d19975.png"></figure><figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_44b3016eb5.png"></figure><figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_5ce4b25892.png"></figure><figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_6908f634e0.png"></figure><figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_ead0c60504.png"></figure>&nbsp;

SITE RAY Meeting Features

System Admin The system admin adds users, creates question templates, categories of cases, and their status.&nbsp;User Management&nbsp;<ul><li>The System Admin can add, edit, or delete users in the system by assigning them one of three roles—Observer, Supervisor, or Case Manager—and associating them with a specific category.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_30_2_35bbc7b4f9.png"></figure><ul><li>The Users interface allows the admin to manage user access levels, modify roles or categories as needed, and remove users who are no longer active.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_31_1_cf4bf44b6e.png"></figure><ul><li>Allowing NDA upon first login for new users, can be activated, deactivated, or customized by contacting customer support. Additionally, the System Admin can view a list of users who have agreed or not agreed to the NDA.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_32_1_41c8743782.png"></figure>&nbsp;Adding Categories<ul><li>Adding Categories: Allows adding new categories, which will serve as the basis for dividing cases within the case management system. This structure allows for better organization and segmentation of cases.</li><li>Template Selection: Enables selecting a question template, which defines the set of questions that the whistleblower will need to answer when submitting a case. This template ensures that all necessary information is captured in a structured format</li><li>SLA: Adding a new category allows you to set the number of implementation days (SLA) so that if a case is created and the case manager did not open it, an alert will be sent to the supervisor and case manager of the report.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_33_1_682112dc05.png"></figure><ul><li>List of categories, The system admin can temporarily disable some categories or modify their data.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_34_1_a3ee009507.png"></figure>&nbsp;Adding Question TemplatesThe system admin designs and creates question templates that will be attached to the categories so that when the whistleblower choose the category the system displays the question template that was created for that category, there is also default question template.<ul><li style="text-align:justify;">On the question templates page, the system admin can add, delete and modify question templates.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_35_9e82303e81.png"></figure><ul><li>The system admin adds a new question template, with two default questions, or can choose any of the following types to create questions as is explained in the figure below:</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_35_1_0076d2aaaa.png"></figure><ul><li style="text-align:justify;">The system admin fills out the questions and answers and determines the mandatory requirements for each of them. After that, the admin clicks on Save Template, and he can add the template to any of the categories that will be created.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_11_17_162640_1_869b7a8e73.png"></figure>&nbsp;&nbsp;Adding Case Status<ul><li>The system admin creates status for the cases and determines their order, the default status are: ( New – Open – &nbsp;In progress – Closed ).</li><li>When a new case is created it will be NEW, after the case manager open the case its status will directly be OPEN.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_36_1_d8bd76c76a.png"></figure>Note: The new created status will apply to all the cases in all categories.

System Admin View

<figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_0405cb472d.png"></figure>&nbsp;<figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_cda25df5c1.png"></figure><figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_934bf42e7e.png"></figure><figure class="image image-style-align-center image_resized" style="width:75%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_7cdf84224f.png"></figure>&nbsp;

SITE RAY Room Settings

Supervisor The supervisor performs a supervisory role only, by reviewing the reports and their details. He can also activate or deactivate any user added to the same category that he supervises. Additionally, the supervisor must approve the closing of the case after the case manager has resolved and marked it as closed.&nbsp;Users Page<ul><li>The users page lists all the case managers assigned to the supervisor, along with their associated details and roles.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_38_1_fcdd1d2917.png"></figure>&nbsp;Cases List Page<ul><li>The cases interface displays all the cases within the same category/ies assigned to the supervisor. The supervisor can also assign any case to another case manager of the same category through the list of cases.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_40_1_24c0a90572.png"></figure><ul><li>Supervisors can export the details of all cases using the "Export Cases" button. This feature generates an Excel file containing all cases consolidated into a single table for easy tracking and reporting.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_41_1_d9cb50659a.png"></figure>&nbsp;Case DetailsThe case is divided into three sections1.The first tab, "Case Details" provides an overview of the case itself, including the whistleblower's answers. Additionally, it allows access to settings for updating the case status and modifying certain characteristics as needed.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_42_2_72bb63cdac.png"></figure>2.The conversations are divided into two parts:a. Conversation between the Whistleblower and the case manager.b. A private conversation between the Case Manager who is handling the report and the Supervisor (which the whistleblower does not see).<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/image_65_72a182a547.png"></figure>3.Timeline of the case (any changes that occur to the case, the system automatically adds them to the timeline)<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/image_66_b329dc204e.png"></figure>Lastly, when the case manager marks a case as "Closed" the supervisor must review and either approve or reject the closure. This ensures that the case undergoes oversight by more than one person, adhering to the "four-eye principle" for added accountability.

Supervisor View

Case ManagerThe case manager's primary role is to handle and resolve cases directly. In the system, the case manager is responsible for processing cases and maintaining direct communication with the whistleblower to ensure effective case resolution.&nbsp;Cases List Page<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_43_3_bf8964830e.png"></figure>&nbsp;Case detailsThe case is divided into three sections1.The first tab, "Case Details" provides an overview of the case itself, including the whistleblower's answers. Additionally, it allows access to settings for updating the case status and modifying certain characteristics as needed.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_44_2_9599065c37.png"></figure>2.The conversations are divided into two parts:a. Conversation between the Whistleblower and the Case Manager.b. A private conversation between the Case Manager and the Supervisor (which the whistleblower does not see).&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_45_2_d29cd51ce9.png"></figure>3.Timeline of the case (any changes that occur to the case, the system automatically adds them to the timeline)<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_46_cb1d1bf884.png"></figure>&nbsp;Case Settings&nbsp;The case manager updates the following:&nbsp;&nbsp;is divided into three sections1.Case status2.Case substantiation (Substantiated, partially substantiated, Unsubstantiated)3.Case priority (High, Medium, Low)4.Case tag<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_47_1_e0230ef201.png"></figure>&nbsp;&nbsp;&nbsp;

Case Manager View

<h2>Introduction</h2> Firewall Logs feature provides a comprehensive visibility into network traffic flowing through your Virtual Datacenter (VDC). This powerful monitoring and analysis tool captures detailed information about connections between your resources, giving you insights into communication patterns, security events, and network performance.By surfacing Perimeter and Micro-segmentation Next-Generation Firewall (NGFW) logs, they enable administrators, network engineers, and security analysts to understand the complete picture of network communications, troubleshoot connectivity issues, identify potential security threats, and ensure compliance with security policies.<hr><h3>Key Features</h3><ul><li>Comprehensive Traffic Visibility: Diagnose firewall traffic, through both perimeter (North-South) and micro-segmentation (East-West) firewalls&nbsp;</li><li>Advanced Filtering: Quickly narrow down traffic by direction, policy type, source/destination, service, and firewall action.</li><li>Detailed Connection Information: View complete details including timestamp, source and destination IPs, &nbsp;sent/received bandwidth usage, firewall action, and more.&nbsp;</li><li>Security Context: Understand the security implications with firewall action details, and policy identification</li><li>Internal Service Monitoring: Track communication between internal services to understand application dependencies and detect unauthorized lateral movement &nbsp;</li></ul><h3>Common Use Cases</h3><ul><li>Application Troubleshooting: Diagnose connectivity issues between services by filtering for specific sources, destinations, or error messages</li><li><a href="http://cloudflare.com/learning/access-management/what-is-shadow-it/" target="_blank" rel="noopener noreferrer">Shadow IT Detection</a>: Discover unauthorized services or unexpected external connections using our NGFW</li><li>Performance Monitoring: Identify bandwidth-intensive connections and unusual traffic patterns that may impact performance</li><li>Compliance Verification: Confirm that sensitive systems are properly isolated and access controls are functioning as expected</li><li>Security Incident Investigation: Trace the path of potential security breaches by examining denied connections and high-risk traffic</li><li>Network Architecture Planning: Understand communication flows to inform decisions about segmentation and security boundaries</li></ul><hr><h2>Getting Started</h2><h3>Accessing Traffic Logs</h3><h4>Virtual Machines</h4><ol style="list-style-type:decimal;"><li>Navigate to the Virtual Machines page using the side navigation menu</li><li>Click on any virtual machine to view its logs<ol><li>To view a specific firewall rule's logs, click More Actions button, and then click View Traffic Logs</li></ol></li><li>Select Firewall Logs tab</li><li>The view displays an empty space with query filters on the side to be filled.</li></ol><figure class="image"><img src="/uploads/chrome_Q_Bqehto_YYQ_6b42b87f71.png"></figure><h4><img src="/uploads/chrome_w_P_Brw_Cl_Gdb_8db87d0d10.png"></h4><h4><img src="/uploads/chrome_2_Yxw_Gwc_Qax_21fb282fa2.png"></h4><h4>Load Balancers</h4><ol style="list-style-type:decimal;"><li>Navigate to the Load Balancers page using the side navigation menu</li><li>Click on any load balancer to view its logs.<ol><li>To view a specific firewall rule's logs, click More Actions button, and then click View Traffic Logs</li></ol></li><li>Select Firewall Logs tab</li><li>The view displays an empty space with query filters on the side to be filled.</li></ol><figure class="image"><img src="/uploads/chrome_u_AZD_Tp9z_E0_df2f5764c8.png"></figure><figure class="image"><img src="/uploads/chrome_CXR_6o_BZ_Pp7_86ee563677.png"></figure><figure class="image"><img src="/uploads/chrome_gy_Bi8_P_Nw_Mt_d2395b3b94.png"></figure><hr><h3>Understanding the Interface</h3>The Firewall Logs interface consists of several key components:<ul><li>Filter Panel: Located at the right-side of the screen, used to initiate and refine visible logs</li><li>Log Table: The main display showing individual traffic log entries</li><li>Action Bar: Tools for exporting logs, quick searching existing logs, and configuring table columns display options</li></ul><h3>Filtering Traffic Logs</h3><h4>Available Filters</h4><ul><li>Direction: Show <code>Incoming</code> or <code>Outgoing</code> traffic directions</li><li>Type: Filter by Physical Perimeter (North-South) or Micro-segmentation (East-West) firewalls</li><li>Source/Destination: Filter by specific IP addresses, subnets, known entities, or any by leaving it empty (depends on the Direction selection).</li><li>Services: Filter by a pre-defined service, a custom pair of protocol/port, or all services by leaving it empty.</li><li>Firewall Action: Show <code>Allowed</code>, <code>Denied</code>, or both by leaving it empty.&nbsp;</li><li>Time: Filter by showing logs within:<ul><li>Last 5 minutes</li><li>Last 30 minutes</li><li>Last hour</li><li>Last 12 hours</li><li>Last 24 hours</li></ul></li><li>Records: Limit the number of records shown</li></ul><h4>Filter Best Practices</h4><ul><li>Start with a reasonable time range to limit the volume of logs</li><li>Add additional filters incrementally to narrow down to relevant traffic</li><li>Use the Firewall Type filter early to focus on either external or internal communications</li><li>For micro-segmentation analysis, start with specific services or application tiers</li><li>Combine Direction and Firewall Type filters for precise investigation workflows</li></ul><h3>Understanding Log Data</h3><h4>Log Table Columns</h4><ul><li>Timestamp: When the log entry was created</li><li>Source: Origin IP address initiating the request</li><li>Destination: Target IP address receiving the request</li><li>Port: Port number on the destination server</li><li>Service: Recognized service name</li><li>Firewall Action: Whether traffic was <code>Allowed</code> or <code>Denied</code> by the firewall</li><li>Message: Detailed information about the connection status, possible values:<ul><li><code>Closed</code>: The connection was properly terminated by either the client or server following normal network protocols.</li><li><code>Accepted</code>: The connection was successfully established and traffic was allowed to flow through the firewall.</li><li><code>Client Reset</code>: The client (source) abruptly terminated the connection by sending a TCP reset packet.</li><li><code>Server Reset</code>: The server (destination) abruptly terminated the connection by sending a TCP reset packet.</li><li><code>Destination Timeout</code>: The connection exceeded the maximum allowed time limit and was terminated by the firewall.</li><li><code>Rejected</code>: The firewall explicitly blocked the connection attempt based on security policies.</li><li><code>Timeout</code>: Communication between internal services exceeded the allowed time limit and was terminated</li></ul></li><li>Sent/Received: Data volume sent and received during the connection</li></ul><h2>Common Workflows</h2><h3>Investigating Denied Connections</h3><ol style="list-style-type:decimal;"><li>Set the Firewall Action to <code>Denied</code></li><li>Look for patterns in Source, Destination, or Service</li><li>Examine the Message for specific denial reasons</li><li>Check if the denied connections are expected based on your security policies</li><li>For micro-segmentation denials, verify if the communication should be allowed between internal services</li></ol><h3>Monitoring External Access</h3><ol style="list-style-type:decimal;"><li>Filter by Direction, <code>Incoming</code> or <code>Outgoing</code> as needed</li><li>Set the Firewall Type to <code>Physical Perimeter</code> (North-South)</li><li>Review the source and destination entities in the logs to verify expected traffic patterns</li><li>Examine traffic volume and bandwidth for anomalies</li></ol><h3>Analyzing Internal Service Communication</h3><ol style="list-style-type:decimal;"><li>Filter by Direction, <code>Incoming</code> or <code>Outgoing</code> as needed</li><li>Set the Firewall Type to <code>Micro-segmentation</code> (East-West)</li><li>Filter for specific services or applications of interest</li><li>Review communication patterns between internal services</li><li>Look for unexpected connections that might indicate:<ol><li>Configuration issues</li><li>Unauthorized lateral movement</li><li>Compliance violations</li></ol></li></ol><h2>Related Documentation</h2><a href="https://docs.cloud.site.sa/MyCloudPortal/firewall-rules" target="_blank" rel="noopener noreferrer">Managing Firewall Rules</a>

Firewall Logs

ObserverThe Observer role is restricted to viewing the dashboard and permitted case categories without taking any actions.DashboardThe dashboard provides an interactive overview of the cases, displaying the number of cases by status, priority, place of incident, substantiation, identity disclosure, and category, along with case management details and supervisors. All visuals are filterable, enabling users to customize views and analyze data efficiently.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/image_71_a9606c2283.png"></figure>Case listThe Observer will only be able to:<ul><li>View all case categories.</li><li>Access case details, conversations, and timelines for their assigned categories only.</li><li>Observe without making any changes or participating in conversations.</li></ul>&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_1000004892_c1fd8fa098.png"></figure>&nbsp;&nbsp;

Observer View

These descriptions offer a structured approach to understanding and resolving each issue encountered during meetings on SITE Ray.&nbsp;&nbsp;<ul style="list-style-type:square;"><li>Issue: Corporate Firewall Policies<ul><li>Description: Your meeting experience on SITE Ray is suboptimal due to restrictions imposed by your corporate firewall policies. These policies prevent direct connections to the SITE Ray Media Server, leading to the utilization of a relay server (TURN) for communication.</li><li>Resolution Steps: To improve your meeting experience, consider the following steps:<ul><li>Consult your IT department to review and potentially adjust firewall policies to allow direct connections to the SITE Ray Media Server.</li><li>Ensure that the following IP address and port range are allowed through your firewall:<ul><li>SITE Ray Media Server IP: 176.105.148.218/</li><li>Port Range: 20000 to 50000 UDP/TCP</li></ul></li></ul></li></ul></li></ul>&nbsp;&nbsp;<ul style="list-style-type:square;"><li>Issue: High CPU Utilization<ol><li>Description: Your meeting experience on SITE Ray is hindered by high CPU utilization, impacting performance and overall quality.</li><li>Resolution Steps: To address high CPU utilization during meetings, consider the following actions:<ol><li>Check for background processes or applications consuming excessive CPU resources and close them if possible.</li><li>Upgrade hardware if necessary to better handle meeting demands.</li></ol></li></ol></li></ul>&nbsp;&nbsp;<ul style="list-style-type:square;"><li>Issue: Limited Internet Bandwidth<ul><li>Description: Your meeting experience on SITE Ray is affected by limited internet bandwidth, causing issues such as lag, buffering, or poor audio/video quality.</li><li>Resolution Steps: To mitigate bandwidth limitations during meetings, consider implementing the following strategies:<ul><li>Close unnecessary applications or browser tabs consuming bandwidth.</li><li>Upgrade your internet plan to a higher bandwidth tier, if feasible.</li><li>Prioritize video and audio traffic by using Quality of Service (QoS) settings if available on your network.</li></ul></li></ul></li></ul>&nbsp;&nbsp;<ul style="list-style-type:square;"><li>Issue: Unidentified Reason<ul><li>Description: Your meeting experience on SITE Ray is suboptimal due to an unidentified reason. Further investigation is needed to pinpoint the exact cause of the issue.</li><li>Resolution Steps: To diagnose and address the unidentified issue affecting your meeting experience, follow these steps:<ul><li>Check for any recent updates or changes to your system, network, or software that may have contributed to the problem.</li><li>Test your meeting experience on different devices or networks to isolate the issue.</li><li>Contact technical support or your IT department for assistance in troubleshooting and resolving the issue.</li></ul></li></ul></li></ul>&nbsp;&nbsp;

SITE Ray Meeting Experience Issues

A Network File System (NFS) is a distributed file system used for storing files on a network. It allows users and devices to access files and directories.&nbsp;On SITE Cloud, the NFS is accessed through Shared IPs.For VMs to access an NFS, a shared IP needs to be assigned to them.You can refer to the following page for more information: <a href="https://docs.cloud.site.sa/MyCloudPortal/how-to-assign-i-ps-from-cloud-portal" target="_blank" rel="noopener noreferrer">Assign IPs on SITE Cloud</a>&nbsp;&nbsp;<h3>Creating an NFS</h3>1. In order to create an NFS, navigate to “Storage” section and click on NFS.&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_5bf8aa97e6.png"></figure>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;2. You should see the FS Zone for your environment.&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_f0b690e8e9.png"></figure>&nbsp;&nbsp;3. Click on the FS Zone and click on “Create” button to create a new share.&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_d2281972bb.png"></figure>&nbsp;&nbsp;4. Fill in the needed details.&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_2725ecfbc6.png"></figure>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Note: Allowed shared IPs should contain the shared IPs for the VM that require access to the NFS.&nbsp;&nbsp;&nbsp;After creating a share, you can click on the “Edit” icon for instructions on mounting the NFS and the required firewall rules.&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_b92f22003f.png"></figure>

Network File System (NFS)

<h2>Definition:</h2>Backup Repo is a centralized storage management feature designed to aggregate and manage backups from multiple sources, including virtual machines (VMs), S3, Network File System (NFS), and Server Message Block (SMB).<h2>&nbsp;</h2><h2>Features:</h2>· Unified Backup Repository Management: A single repository can store and manage backups from multiple Portal items and services (e.g., Virtual Machines, Databases, Applications). This centralization simplifies backup operations, allowing users to view, restore, and manage backups from different sources in one place.· Quota-Based Billing: Customers are billed based on the repository quota they define, rather than actual backup usage.· Utilization Tracking: Displays the percentage of quota used, helping customers optimize storage allocation.· Flexible Quota Management: Customers can adjust their repository quota as needed, ensuring cost predictability.Use Cases:· Cost Optimization: Users can set a quota to control spending while maintaining necessary backup storage.· Scalability: Customers can increase or decrease repository quotas based on business needs.· Simplified Billing: Instead of tracking individual backup sizes, users receive a single bill based on their repository quota.· Utilization Monitoring: Customers can track backup storage usage and adjust quotas accordingly.&nbsp;<h2>Step-by-Step Guide</h2>&nbsp;<h3>&nbsp;</h3><h3>&nbsp;Create a Backup Repository</h3><ol style="list-style-type:decimal;"><li>Navigate to Backups page from left menu</li><li>Click on create button on the top right corner</li><li>Fill the information of the form:<ol><li>Business Group:&nbsp;</li><li>Name: name of the backup repository</li><li>Description: words to describe your repository&nbsp;</li><li>Quota: defines the maximum amount of storage (in GB) allocated to a backup repository. This represents the total capacity available for storing backups within the repository.</li></ol></li></ol>Why it matters: The quota ensures that your backup repository has enough space to store your backups while controlling storage costs.Billing: You are charged based on the quota you select, calculated per GB. The billing is based on the allocated storage size.For example, if you set a quota of 1000 GB, you will be billed for 1000 GB of storage, regardless of the actual usage within that quota.&nbsp;<h3>&nbsp;Manage Backup on a Virtual Machine</h3><ol style="list-style-type:decimal;"><li>Navigate to Virtual Machines page from the left menu</li><li>Click on the name of the targeted virtual machine</li><li>Go to Backups tab</li><li>Click on Manage Backup button on the top right corner</li><li>Select the targeted Backup Repository and choose the regime for the backup or you can use on-demand backup for a one time backup.</li></ol>&nbsp;<h3>&nbsp;Monitor and Manage Backup Repository</h3><ol style="list-style-type:decimal;"><li>Navigate to Backups page from the left menu</li><li>Click on the targeted backup repository</li><li>From there, you can monitor the usage or check the associated resources from the resources tab</li></ol>&nbsp;<h3>How to Move Resources to Another Repository</h3>If you'd rather balance storage by moving some backup-enabled items to a different repository:<ol><li>Go to the Portal Item (e.g., Virtual Machine, Database) you want to move.</li><li>Navigate to its Backup tab.</li><li>Click Edit Backup Settings.</li><li>Under Backup Repository, select the new target repository.</li><li>Save your changes.</li></ol>&nbsp;<h2>Managing Backup Repository Alerts</h2>When a backup repository exceeds the warning threshold (e.g., 80%), you will receive an email alert.<h3>How to Increase the Backup Repository Quota</h3><ol><li>Log in to the Portal.</li><li>Navigate to the Backup section under Storage.</li><li>Locate the repository that triggered the alert.</li><li>Click Edit from the right side of the row or select ⋮ (More Options).</li><li>Enter a new quota size that accommodates future backup growth.</li><li>Click Submit to apply the changes.</li></ol>&nbsp;&nbsp;Tip: We recommend setting the quota to 3× your current usage to avoid frequent alerts and ensure room for growth.&nbsp;Glossary<ul><li>Backup Repository: A storage location where backups are stored.</li><li>Quota: A limit set by the user to control backup storage usage and associated costs.</li><li>Utilization: The percentage of quota currently used by backups within a repository.</li><li>Usage: The sum of disk space used by all backups in a repository.</li><li>Retention Policy: The duration for which backups are stored before being automatically deleted.</li></ul>&nbsp;

Backup Repository

<h2>How to Integrate your Fileshare with your Mobile&nbsp;</h2>This guide provides simple, step-by-step instructions to help you connect your fileshare account to your mobile application using the QR code method. By completing the steps below, you’ll be able to access your files directly from your mobile device.&nbsp;<h2>Step-by-step Guide</h2>1- Install Nextcloud App<ul><li>The fileshare service is running on Nextcloud.</li><li>Download the Nextcloud app from the App Store (iPhone) or Google Play Store (Android).</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/sc1_0e0315e276.png"></figure>2- Open the App and Start the Login Process<ul><li>After installation, open the app and tap “Log in”.</li><li>You will see a field asking for the server address.</li><li>Alternatively, below that field, there’s an option to “Scan QR code” — this is the method used in this guide.</li></ul><figure class="image image-style-align-center"><img src="https://cms.cloud.site.sa/docs/uploads/Group_23_682a9d9c40.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_24_42714b96af.png"></figure>3- Access Your Fileshare Account from Desktop<ul><li>On your computer, log in to your fileshare account via your web browser.</li></ul>&nbsp;4- &nbsp;Navigate to Your Personal Settings<ul><li>In the top-right corner, click the circle icon (usually displaying your initials).</li><li>Select “Settings” from the dropdown menu.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_25_fbc53a847c.png"></figure>5- &nbsp;Go to the Security Section<ul><li>On the new page, you’ll find several tabs on the left side.</li><li>Click on “Security”.</li></ul>&nbsp;6- Create a New App Password<ul><li>Scroll down until you see the “App name” field.</li><li>Enter a name for this connection (for example: “My Phone”).</li><li>Click “Create new app password”.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_26_846c989247.png"></figure>7- Generate the QR Code<ul><li>A new section will appear with several fields, but you can ignore most of them.</li><li>Click on “Show QR code for mobile apps” — a QR code will be displayed on your screen.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_27_d00bf9e876.png"></figure>&nbsp;8- Return to the Mobile App and Scan the QR Code<ul><li>Go back to your phone and select “Scan QR code” (as mentioned in Step 2).</li><li>If prompted, allow camera access for the app.</li></ul>&nbsp;9- Scan the QR Code<ul><li>The camera will open — point it at the QR code displayed on your desktop screen.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_28_d72015a1e0.png"></figure><h3>All Done!</h3>Your fileshare account is now successfully linked to your mobile app. You can start accessing your files directly from your phone.<hr>Need Assistance?If you face any issues, please don’t hesitate to reach out through our support ticketing system:&nbsp; <a href="https://support.cloud.site.sa">https://support.cloud.site.sa</a> &nbsp;

Fileshare Mobile Integration

<h2>Definition</h2>Permission Profile enables you to organize users and resources based on access rights, making access management easier for administrators.&nbsp;&nbsp;<h2>Step-by-Step Guide</h2>&nbsp;<ul><li>How to Create Permission Profile</li></ul><ol style="list-style-type:decimal;"><li>Go to Permissions page from the side menu under settings list.</li><li>Click Create from the Top-Right corner.</li><li>A pop-up will show-up, Fill it with the details of the profile you want, then click submit &nbsp; &nbsp;&nbsp;</li></ol>&nbsp;<figure class="image image-style-align-left image_resized" style="width:22.63%;"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_05_07_083017_29ad37b796.png"></figure>&nbsp;<ul><li>How to add permissions to a permission profile</li></ul>&nbsp;&nbsp; &nbsp; &nbsp; &nbsp;<img class="image_resized" style="width:41.22%;" src="https://cms.cloud.site.sa/docs/uploads/image_4c827d5432.png">&nbsp;NOTE: In order to be able to assign permissions to a profile, you need to have the following permissions assigned to your tenant &amp; BG:<ul style="list-style-type:circle;"><li>Manage profile Permissions</li><li>Get Profile Permissions</li><li>Get Profiles</li><li>Edit Profile</li><li>Create Profile</li><li>Delete Profile</li><li>Delete User Profile</li><li>Assign Profile</li></ul>&nbsp;In this page you can choose any action/read-only you want to assign to your desired permission profile.Feel free to explore the permissions and click include any one you want to your profile with the exact Business Group/Groups.&nbsp;<ul><li>How to assign a User to Permission Profile&nbsp;</li></ul>&nbsp;In the permission page, Click The number of users assigned to it.&nbsp;<figure class="image image-style-align-left image_resized" style="width:71.71%;"><img src="https://cms.cloud.site.sa/docs/uploads/Manage_Users_Permission_Profile_75c95c4c97.png"></figure>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The following pop-up window will appear, you can any user on your environment that has access to cloud portal to the permission profile you want.&nbsp;(for more on how to gain access to cloud portal for other users please visit <a href="https://docs.cloud.site.sa/MyCloudPortal/user-mgmt" target="_blank" rel="noopener noreferrer">Users Management Guide</a>)

Permission Profiles

<h4>Definition</h4>The Restore to New Virtual Machine feature enables users to restore a backup to a newly created Virtual Machine instance without affecting the original VM. This is useful for cloning, testing, recovery, and troubleshooting scenarios.&nbsp;<h4>Use Cases</h4><ul><li>Fault Tolerance: Restore a backup into a fresh Virtual Machine when the original Virtual Machine is corrupted or inaccessible.</li><li>Testing &amp; Development: Quickly spin up a replica of a production Virtual Machine to a test environment.</li><li>Cloning &amp; Scaling: Create Virtual Machine clones from a known state for load testing or scaling.</li></ul>&nbsp;<h4>Prerequisites</h4><ol><li>User must have permission to Restore a Virtual Machines.</li><li>The source Virtual Machine must have DHCP enabled to ensure correct IP configuration in the restored Virtual Machine.</li><li>Restoring to a new Virtual Machine requires at least one free IP address in the same network as the original Virtual Machine.</li></ol>&nbsp;<h4>Step-by-Step Guide</h4><h4>Step 1: Locate the Backup</h4><ul><li>Navigate to the Virtual Machine page &gt; Backup tab.</li><li>Find the relevant backup entry in the table.</li></ul><h4>Step 2: Select "Restore to New Virtual Machine"</h4><ul><li>Click the 3-dots menu next to the backup.</li><li>Select "Restore to New Virtual Machine".</li></ul><h4>Step 3: Fill VM Details</h4><ul><li>In the modal, complete the following:</li><li>&nbsp; &nbsp;New Virtual Machine Name (required)</li><li>&nbsp; &nbsp;Description (optional)</li></ul><h4>Step 4: Review Warnings &amp; Acknowledge</h4><ul><li>Read and acknowledge the two warnings:</li></ul><ol><li>&nbsp; &nbsp; &nbsp; &nbsp; DHCP Warning: Confirms DHCP is enabled on the original VM to avoid dual network loss.</li><li>&nbsp; &nbsp; &nbsp; &nbsp; EDR Warning: Reminds to reinstall the EDR agent post-restore.</li></ol><ul><li>Check both boxes to enable the Restore button.</li></ul><h4>Step 5: Submit</h4><ul><li>Click Restore.</li><li>Wait for the confirmation message or error notice.</li></ul><h4>Step 6: Monitor Progress</h4><ul><li>Go to the Request List in the header .</li><li>View real-time status of the restore operation.</li></ul><h4>Step 7: Post-Restore</h4>The new VM appears in the VM list and supports all the Standard operations including Further backups<h4>&nbsp;</h4>&nbsp;<h4>EDR Visibility Requirement</h4><ul><li>For proper EDR visibility and functionality, you must reinstall the EDR agent on the newly restored Virtual Machine. Follow the step-by-step instructions in the official guide: <a href="https://docs.cloud.site.sa/MyCloudPortal/edr-and-epp-installation-and-configra">EDR &amp; EPP Installation Guide</a></li></ul>&nbsp;<h4>How to enable DHCP</h4><h4>For Windows:</h4>1.Open Network Settings:<ul><li>Go to Control Panel → Network and Sharing Center → Change adapter settings.</li></ul>2.Right-click your network adapter → Properties.3.Select Internet Protocol Version 4 (TCP/IPv4) → Properties.4.Choose:<ul><li>Obtain an IP address automatically</li><li>Obtain DNS server address automatically</li></ul>5.Click OK to save and restart the network adapter.<hr><h4>For Ubuntu - Debian (Netplan):</h4><ul><li>File:&nbsp;/etc/netplan/01-netcfg.yaml</li></ul>Modify to use DHCP:network:&nbsp; version: 2&nbsp; ethernets:&nbsp; &nbsp; all-interfaces:&nbsp; &nbsp; &nbsp; match:&nbsp; &nbsp; &nbsp; &nbsp; name: en*&nbsp; &nbsp; &nbsp; dhcp4: trueApply the changes:sudo netplan apply<hr><h4>For Red Hat - CentOS - Rocky - AlmaLinux:</h4>Use&nbsp;nmcli to configure DHCP:sudo nmcli connection add type ethernet ifname "*" con-name "default-dhcp" ipv4.method autosudo nmcli connection modify default-dhcp connection.autoconnect yessudo nmcli connection modify default-dhcp connection.multi-connect multipleApply the configuration:sudo nmcli connection up default-dhcp<hr><h4>For Oracle - Linux:</h4>Same procedure as Red Hat:sudo nmcli connection add type ethernet ifname "*" con-name "default-dhcp" ipv4.method autosudo nmcli connection modify default-dhcp connection.autoconnect yessudo nmcli connection modify default-dhcp connection.multi-connect multipleApply the configuration:sudo nmcli connection up default-dhcp<hr><h4>For SUSE - openSUSE:</h4>If using&nbsp;NetworkManager:sudo nmcli connection add type ethernet ifname "*" con-name "default-dhcp" ipv4.method autosudo nmcli connection modify default-dhcp connection.autoconnect yessudo nmcli connection modify default-dhcp connection.multi-connect multipleApply the configuration:sudo nmcli connection up default-dhcpIf using wicked (older versions):sudo vi /etc/sysconfig/network/ifcfg-eth0Set:BOOTPROTO='dhcp'STARTMODE='auto'Apply the changes:sudo systemctl restart wicked<hr><h4>For Linux:</h4>sudo nmcli connection add type ethernet ifname "*" con-name "default-dhcp" ipv4.method auto sudo nmcli connection modify default-dhcp connection.autoconnect yes sudo nmcli connection modify default-dhcp connection.multi-connect multiple&nbsp;&nbsp;<h4>Additional Notes:</h4><ul><li>If DHCP is disabled on the original VM it will lead to unexpected behavior or network failure.</li><li>If the agent is not reinstalled, the restored VM EDR status may not appear accurately in your MDR monitoring system.</li></ul>&nbsp;<h4>Glossary</h4>VM (Virtual Machine): A virtual computer with its own OS and resources.Backup: A saved copy of a VM’s state.DHCP (Dynamic Host Configuration Protocol): Auto-assigns IP addresses to VMs.EDR (Endpoint Detection and Response): Security tool for detecting and responding to threats.Audit Trail: Log of user actions for tracking.Request Log: List of user actions with status and details.&nbsp;

Restore Backup to New Virtual Machine

<h3 style="margin-left:0in;">Quarantine Logs Viewer</h3>View detailed logs explaining why an email was quarantined in your Mail Gateway. This feature provides transparency into all filtering phases the email went through, such as spam detection, antivirus scanning, and other security checks.&nbsp;<h3 style="margin-left:0in;">What’s New?</h3>When you open a quarantined email, you’ll now see a log view showing:<ul><li>A breakdown of each stage the message passed through</li><li>The exact reason the message was flagged or blocked</li><li>Details from spam engines, antivirus scans, and any custom rules</li></ul>This makes it easier to investigate issues and understand the behavior of the filtering engine.&nbsp;<h3 style="margin-left:0in;">How to Access</h3><ol><li>From Cloud Portal left menu, go to Mail Gateway</li><li>Select the relevant domain</li><li>Navigate to the Quarantine tab</li><li>Find and click the email you want to inspect</li></ol><figure class="image"><img src="/uploads/image_c9d8e89581.png"></figure>&nbsp;The log view will open in a modal with detailed event-level data on how the message was handled.&nbsp;<h3 style="margin-left:0in;">Use Cases</h3><ul><li>Troubleshooting false positives</li><li>Understanding which rule or engine caused a quarantine</li><li>Verifying security actions for compliance or audit purposes</li></ul>

Quarantine Logs

<h2>Introduction</h2>The Security Posture Dashboard provides comprehensive visibility into your infrastructure's security health through real-time monitoring and risk assessment. This centralized view aggregates security signals across your cloud environment to help you identify, prioritize, and remediate security gaps before they become incidents.&nbsp;Unlike traditional security tools that generate overwhelming alert volumes, our dashboard contextualizes security data to surface actionable insights. Each visualization is designed to answer a specific security question and guide you toward concrete remediation steps, enabling both security teams and operations engineers to maintain a strong security posture without specialized expertise.&nbsp;<h2>Key Features</h2>&nbsp;<h4>Multi-Layer Security Monitoring</h4><ul style="list-style-type:disc;"><li>Endpoint Protection Visibility: Real-time status of EPP (Endpoint Protection) and EDR (Endpoint Detection and Response) coverage across your virtual machines</li><li>Expiration Tracking: Automated monitoring of certificate expiration and compliance deadlines with advance warning</li><li>Configuration Validation: Identifies risky firewall rules, exposed services, and misconfigured security controls</li><li>WAF Protection Status: Load balancer configurations and Web Application Firewall policy enforcement monitoring</li></ul>&nbsp;<h2>Common Use Cases</h2>&nbsp;<h4>Security Operations Teams</h4><ul style="list-style-type:disc;"><li>Monitoring Security Metrics: Review coverage percentages (EPP/EDR) and exposed VMs to identify gaps requiring immediate attention</li><li>Certificate Lifecycle Management: Track certificate expiration timelines to schedule renewals before service disruptions occur</li><li>Firewall Rule Audits: Identify risky port configurations that expose administrative or database services to broader networks</li></ul>&nbsp;<h4>Delivery &amp; Infrastructure Engineers</h4><ul style="list-style-type:disc;"><li>Deployment Validation: Verify new VMs have EPP and EDR installed, and certificates are properly configured.</li><li>Infrastructure Hardening: Review exposed VM list to ensure only intended services are publicly accessible.</li><li>WAF Policy Management: Monitor load balancer configurations to confirm traffic is encrypted and WAF is enabled and in Blocking mode</li></ul>&nbsp;<h2>Understanding Your Security Posture</h2>&nbsp;<h4>Dashboard Overview</h4>The Security Posture Dashboard consists of core widgets organized into multiple security coverage metrics, network security controls, infrastructure configuration, and operational status. All data shown is scoped by tenant selection, and can be filtered by Business Group.&nbsp;Under the majority of widgets, you can dive deeper into their insights by clicking on the external link icon to get redirected to the related product page.&nbsp;&nbsp;<h3>Widget Reference Guide &nbsp;</h3><h4>1. EPP Coverage</h4>EPP (Endpoint Protection) Coverage shows the percentage of your powered-on virtual machines with antivirus/anti-malware protection (with status either Online or Not Applicable). This metric reveals gaps in your first line of defense against malware, ransomware, and other endpoint-based threats. Low coverage indicates vulnerable endpoints that attackers can easily compromise without detection.&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>Identify Unprotected VMs: Click the metric to get redirected to EPP Status widget and view which VMs lack EPP protection, and prioritize by criticality (internet-facing web/application servers, database servers, jump boxes first; development/testing environments lower priority)</li><li>Install EPP Agent: Install the agent from Cloud Portal, by <a href="https://docs.cloud.site.sa/MyCloudPortal/edr-and-epp-installation-and-configra" target="_blank" rel="noopener noreferrer">following this guide</a>. Alternatively, raise a ticket to Cloud Support to help you with the process of installation.</li></ol>&nbsp;<h4>2. EDR Coverage</h4>EDR (Endpoint Detection and Response) Coverage indicates the percentage of powered-on VMs with advanced threat detection, investigation, and response capabilities (with status either Online or Not Applicable). EDR offers behavioral analysis, threat hunting, and forensic investigation tools essential for detecting sophisticated attacks that bypass traditional antivirus.&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>Identify Unprotected VMs: Click the metric to get redirected to EDR Status widget and view which VMs lack EDR protection, and prioritize by criticality (internet-facing web/application servers, database servers, jump boxes first; development/testing environments lower priority)</li><li>Install EDR Agent: Install the agent from Cloud Portal, by <a href="https://docs.cloud.site.sa/MyCloudPortal/edr-and-epp-installation-and-configra" target="_blank" rel="noopener noreferrer">following this guide</a>. Alternatively, raise a ticket to Cloud Support to help you with the process of installation.</li></ol>&nbsp;<h4>3. Exposed VMs</h4>&nbsp;What Risk Does This Communicate?This metric indicates the count of virtual machines with public IP addresses, and open incoming firewall rules from the internet with source as <code>ANY</code>. Exposed VMs represent your attack surface - any vulnerability on these systems can be exploited by attackers worldwide without needing to breach your network perimeter first.&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>Exposure Justification Review: Click the widget to get redirected to view "Exposed VMs" table. For each VM, determine if internet exposure is required, if this is the correct VM to expose (should traffic route through load balancer instead?), and if all security controls are in place.</li></ol> Remediation Options:<ol style="list-style-type:decimal;"><li>Option 1 (Preferred) - Remove public IP and route traffic through load balancer with WAF protection&nbsp;</li><li>Option 2 - Restrict access with firewall rules to specific source IPs only or apply geo restriction.</li></ol>&nbsp;<h4>4. Overview (Multi-Domain Risk Visualization)</h4>&nbsp;What Risk Does This Communicate?The Overview chart provides a visual summary of security findings across five key domains: SSL Certificates, Firewall Rules (Ports), WAF Coverage, Load Balancer Public Traffic, and Users. Each stacked bar uses green and red color coding to indicate risk severity within that domain, with green representing compliant/secure configurations and red indicating issues requiring attention.&nbsp;This widget serves as your "security at a glance" view, allowing you to quickly identify which security domains have the most critical issues requiring investigation.&nbsp;Risk Indicators:<ul style="list-style-type:disc;"><li>Predominately red bars: Critical security gaps in that domain requiring immediate remediation</li><li>Large red segments: High volume of security issues suggesting systematic problems rather than isolated incidents</li><li>Multiple domains showing red: Widespread security management challenges indicating insufficient security processes or resources</li></ul>&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>SSL Certificates: Red portion indicates expired certificates, potentially causing service disruptions and breaking user trust. Click bar to drill into "Certificates Status" table below for specific expired certificates.</li><li>Firewall Rules: Red portion indicates risky firewall rule configurations exposing administrative services. Click bar to drill into "Risky Firewall Ports" widget to dive deeper into the service categories.</li><li>WAF Coverage: Red portion indicates published load balancers without WAF protection. Click bar to drill into "WAF and Public Load Balancer Configurations" widget for more details.</li><li>LB Public Traffic: Large red portion indicates significant plaintext traffic load balancers with no SSL Certificates. Assign SSL Certificates and use secure services like HTTPS, FTPS, SMTPS and TLS, for a secure connection.</li><li>Users: Red portion indicates inactive or dormant user accounts. Click bar to drill into "Users Overview" widget for users with "Never" last login status, implement periodic access reviews.</li></ol>&nbsp;<h4>5. Risky Firewall Ports</h4>&nbsp;What Risk Does This Communicate?This widget identifies firewall rules that permit traffic on ports commonly associated with security risks within Virtual Machines and Load Balancers. The visualization breaks down risky ports by service category.&nbsp;<ul style="list-style-type:circle;"><li>Administrative &amp; Remote Access Protocols<ul style="list-style-type:square;"><li>Ports: SSH (tcp/22), RDP (tcp/3389), Telnet (tcp/23), VNC (tcp/5900)</li><li>Risk: Direct remote system access enabling privilege escalation, lateral movement, and full system compromise through credential attacks and protocol vulnerabilities.</li></ul></li><li>Database Services<ul style="list-style-type:square;"><li>Ports: MSSQL (tcp/1433, tcp/1434), MySQL (tcp/3306), PostgreSQL (tcp/5432)</li><li>Risk: Direct database access leading to data theft, manipulation, and destruction. Highly targeted by attackers for sensitive data extraction and ransomware deployment.</li></ul></li><li>File Transfer &amp; Sharing Protocols<ul style="list-style-type:square;"><li>Ports: FTP (tcp/21), SMB (tcp/445, udp/445, tcp/137-139, udp/137-139)</li><li>Risk: Unauthorized file access, data exfiltration, and malware distribution. SMB particularly vulnerable to worm propagation and lateral movement attacks.</li></ul></li><li>Email Services<ul style="list-style-type:square;"><li>Ports: SMTP (tcp/25)</li><li>Risk: Email system compromise enabling spam distribution, phishing campaigns, and business email compromise (BEC) attacks.</li></ul></li><li>Web Application Services<ul style="list-style-type:square;"><li>Ports: HTTP (tcp/80)</li><li>Risk: Web application attacks including injection, application-layer DDoS, and eavesdropping. Entry point for most web-based exploits.</li></ul></li><li>Network Infrastructure Services<ul style="list-style-type:square;"><li>Ports: DNS (tcp/53, udp/53)</li><li>Risk: DNS poisoning, cache poisoning, and DDoS amplification attacks. Critical infrastructure service disruption affecting all dependent services.</li></ul></li><li>Unrestricted Network Access<ul style="list-style-type:square;"><li>Ports: All TCP (tcp/1-65535), All UDP (udp/1-65535)</li><li>Risk: Complete network exposure enabling reconnaissance, service enumeration, and attacks against any running service. Maximum attack surface exposure.</li></ul></li></ul>&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>Administrative &amp; Remote Access Ports: Remove direct internet access across all administrative access and utilize a secure access mechanism such as SITE Light PAM that enforces the use of strong authentication, limited access, secure protocols, audit trails, session recordings, and segmentation.</li><li>Database Services: Remove direct internet access to DB services and implement A three-tier application architecture.</li><li>File Transfer &amp; Sharing Protocols: Utilize an encrypted protocol rather than plain text (e.g., FTP to SFTP) and utilize secure versions e.g., SMB 3.1.1 (or newer) for its superior security (encryption, pre-authentication integrity), and restrict access to specific IPs.</li><li>Email Services: Ensure you have deployed a secure mail gateway like SITE Cloud's Secure Mail Gateway to protect your organization's mail servers and users' inboxes.</li><li>Web Application Ports: Move all public web traffic through load balancers with WAF enabled, ensure HTTPS-only.</li><li>Network Infrastructure Services: Implement DNSSEC to prevent cache poisoning and DNS spoofing.</li><li>Unrestricted Network Access: Delete the rule and only expose the needed services in separate firewall rules with clear business justification. &nbsp;</li></ol><h4>6. Certificates Status</h4>&nbsp;What Risk Does This Communicate?This table provides detailed visibility into individual SSL/TLS certificates deployed across your load balancers, showing the common name, number of load balancers using each certificate, and current expiration status. This granular view is essential for prioritizing renewal efforts and understanding the blast radius if a certificate expires.&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>Expired Certificates: Determine if production or test environment, obtain new certificates immediately, test installation in staging first for production certificates</li><li>90-Day Until Expiration: Begin renewal process, especially the ones utilized by multiple load balancers.</li></ol>&nbsp;<h4>7. WAF and Public Load Balancer Configurations</h4>&nbsp;What Risk Does This Communicate?This widget monitors two critical security aspects of your public-facing infrastructure: (1) whether Web Application Firewall (WAF) protection is active and blocking attacks, and (2) whether traffic is encrypted in transit.It's recommended to have enabled WAF and in blocking mode for published load balancers to mitigate possible attacks.&nbsp;Risk Indicators:<ul style="list-style-type:disc;"><li>Transparent mode: WAF monitors but doesn't block attacks</li><li>Disabled WAF: Exposed and unprotected load balancer</li><li>Plaintext traffic: Data transmitted unencrypted, vulnerable to interception</li><li>Few protected load balancers: Inconsistent security posture</li></ul>&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>Enable WAF: For all load balancers with disabled WAF, enable WAF and select a WAF policy, make sure it's in Blocking mode if no learning is required.</li><li>Transparent WAF: For load balancers with WAF in transparent mode, make sure that sufficient learning is done, and immediately change its enforcement mode to Blocking.</li><li>Fix Plaintext Traffic: Implement HTTP-to-HTTPS redirect, or disable listening on HTTP entirely.</li><li>Review WAF Policy Regularly: Validate policy learning suggestions and refine as needed.</li></ol>&nbsp;<h4>8. Users Overview</h4>&nbsp;What Risk Does This Communicate?This table lists user accounts with their last login status. Dormant accounts represent unnecessary access risk, potential for compromised credentials, and compliance concerns.&nbsp;Risk Indicators:<ul style="list-style-type:disc;"><li>High "Never" Logged-in count: Many accounts created but never used</li><li>Long-inactive accounts (≥ 45 days): Potential departed employees retaining access, possible risk</li></ul>&nbsp;How to Address This Risk:<ol style="list-style-type:decimal;"><li>Identify Dormant Accounts: Review all users showing "Never" or 45+ days inactive status. Cross-reference with HR systems to identify departed employees, unused service accounts, and inactive contractors.</li><li>Cleanup Actions: Deactivate accounts for departed employees immediately, and "Never" used accounts, reset passwords for inactive accounts before re-enabling.</li><li>Ongoing Governance: Implement quarterly access reviews where managers revalidate team member access.</li></ol>&nbsp;<h3>Recommended Review Cadence</h3><ul style="list-style-type:disc;"><li>Daily: Check for expired certificates, new exposed VMs, offline EPP/EDR agents</li><li>Weekly: Review risky firewall ports, certificate expirations within 90 days</li><li>Monthly: Full dashboard review covering all widgets</li><li>Quarterly: Access reviews</li></ul>

Security Posture

<h2>Introduction</h2>Our Vector Store product provides a scalable and efficient way to manage, query, and retrieve high-dimensional vector data for applications such as semantic search, retrieval-augmented generation (RAG), and recommendation systems. It allows you to seamlessly store, index, and search embeddings generated from our Inference APIs or other sources, without needing to manage infrastructure or scaling manually.&nbsp;With just an API key, you can connect your application to the Vector Store and start building intelligent, context-aware systems that rely on vector similarity search.&nbsp;<hr>&nbsp;<h2>Overview</h2>Here’s an overview of what you can do with Vector Store:<h3>Store and Manage Vectors</h3>Ingest your vector data and metadata into a managed store optimized for similarity search. Each vector entry can include associated metadata, making it easy to filter and query based on both semantic meaning and structured attributes.<h3>Perform Similarity Search</h3>Execute fast and accurate similarity searches across vectors to find the most relevant vectors for your input query.<h3>Integrate with Other AI Platform Products</h3>Vector Store integrates seamlessly with our Embedding Inference and Document Parsing products. Extract text from documents, generate embeddings from the extracted text, then immediately store them for efficient retrieval in downstream RAG pipelines.&nbsp;<hr>&nbsp;<h2>Getting Started: Creating an API Key</h2>To start using the Vector Store, you’ll need to create an instance and get an API key. Follow the steps below to get started in the Cloud Portal.&nbsp;<h3>Step 1: Open the Product Page</h3><figure class="image"><img src="/uploads/Vector_Store_1_15585005f8.png"></figure>In the Cloud Portal, navigate to Vector Store to view and manage your existing stores, then click Create.&nbsp;<h3>Step 2: Start Creating a New Vector Store</h3><figure class="image"><img src="/uploads/Vector_Store_2_5405bd24df.png"></figure>Fill in the required details, and an optional description. In the Dimensions field, enter the vector dimensions that matches the output of the embedding model you intend to use with the Vector Store.&nbsp;Note: Only a single embedding model should be used with each Vector Store; otherwise, similarity search performance will suffer.&nbsp;<h3>Step 3: Copy Your Key and Endpoint</h3><figure class="image"><img src="/uploads/Vector_Store_4_cd67fd3132.png"></figure>And that's it! Once created, your API key and endpoint will be displayed.&nbsp;<blockquote>A default Read &amp; Write API key will be created by default. You can always create additional Read or Read &amp; Write keys form the Vector Store details page.</blockquote>&nbsp;<hr>&nbsp;<h2>Creating Additional API Keys with Specific Permissions</h2>In addition to the default API key, you can create additional API keys with specific permission levels to better manage access to your Vector Store.&nbsp;<h3>Step 1: Navigate to the API Keys Tab</h3><figure class="image"><img src="/uploads/Vector_Store_5_a450618801.png"></figure>From your Vector Store details page, go to the API Keys tab, then click Create.&nbsp;<h3>Step 2: Provide Key Details and Set Permissions</h3><figure class="image"><img src="/uploads/Vector_Store_6_f47a8ce055.png"></figure>Fill out the following fields:Name: The name of the API key.Description (optional): Add context or usage notes.Permission: Choose one of the following options:<ul><li>Read: Allows read-only access (e.g., for search or retrieval operations).</li><li>Read &amp; Write: Allows both read and write access (e.g., for inserting, updating, or deleting vectors).</li></ul>&nbsp;<h3>Step 3: Confirm and Copy Your Key</h3><figure class="image"><img src="/uploads/Vector_Store_7_30f1544bfb.png"></figure>After you create the key, it will appear in your list of API keys.&nbsp;<hr>&nbsp;<h2>Limits</h2>The default limit is 500,000 records per Vector Store instance.Custom limits can be configured per instance to support larger-scale or specialized use cases; please reach out to your designated Service Delivery Manager for more information.

Vector Store

<h2>Introduction</h2>Our Document Parsing product enables reliable extraction of text and structural information from a wide range of document formats, including PDFs, scanned files, and images. With minimal setup, you can convert raw documents into structured, machine-readable outputs ideal for downstream AI and retrieval workflows.&nbsp;Each variant of Document Parsing is optimized for a specific use case, from simple OCR extraction to rich multimodal understanding of visual documents.&nbsp;<hr>&nbsp;<h2>Overview</h2>Here’s an overview of the available Document Parsing variants:&nbsp;<h3>Docling OCR</h3>The Docling OCR variant extracts text and structural information from documents using advanced Optical Character Recognition (OCR). It’s ideal for processing PDFs, and supports many other document types.&nbsp;<h3>Docling OCR – Chunking</h3>The Chunking version of Docling OCR automatically splits the parsed document into smaller semantic chunks, optimized for Retrieval-Augmented Generation (RAG) workflows. These chunks can be easily embedded and stored in a Vector Store for efficient semantic search and retrieval.<blockquote>Note: When chunking is enabled, images are excluded from the output to ensure clean, text-focused chunk generation.</blockquote>&nbsp;<h3>Docling Vision</h3>Docling Vision extends parsing capabilities to multimodal documents that combine text and images. This variant not only extracts textual content but also analyzes and describes visual elements within the document.&nbsp;&nbsp;<h3>Docling Vision – Chunking</h3>Docling Vision –&nbsp;Chunking extends the Vision variant by enabling chunking for multimodal documents.&nbsp;<hr>&nbsp;<h2>Input Format</h2>The Document Parsing endpoint accept files as base64-encoded input. You should encode your document (e.g., PDF, PNG, JPG) into a base64 string before sending it in the request body.&nbsp;Example (simplified JSON structure):&nbsp;<code>{ &nbsp;"base64_string": JVBERi0xLjUKJdDUxdgKNSAwIG9iago8PC9UeXBlIC9..." }&nbsp;</code>&nbsp;<hr>&nbsp;<h2>Supported File Formats</h2>The Document Parsing API supports a wide range of file types across text, document, and image formats. You can upload any of the following formats for processing:Documents: <code>pdf</code>, <code>docx</code>, <code>pptx</code>, <code>xlsx</code>, <code>html</code>, <code>md</code>, <code>csv</code>Images: <code>jpeg</code>, <code>png</code>These formats cover most use cases for text extraction, document analysis, and multimodal parsing.&nbsp;<hr>&nbsp;<h2>Getting Started: Creating an API Key</h2>To begin using Document Parsing, you’ll first need to create an API key in the Cloud Portal.&nbsp;<h3>Step 1: Open the Product Page</h3><figure class="image"><img src="/uploads/Document_Parsing_1_40de3bd25d.png"></figure>In the Cloud Portal, navigate to Document Parsing to view and manage your existing API keys, then click Create.&nbsp;<h3>Step 2: Create a New API Key</h3><figure class="image"><img src="/uploads/Document_Parsing_2_68d72a2efe.png"></figure>Now, select the variant you’d like to use.&nbsp;<h3>Step 3: Provide Key Details</h3><figure class="image"><img src="/uploads/Document_Parsing_3_ceb84be658.png"></figure>Enter:Name: A unique identifier for your key.Description (optional): A short note to describe its use.&nbsp;<h3>Step 4: Copy Your Key and Endpoint</h3><figure class="image"><img src="/uploads/Document_Parsing_4_925bcd107d.png"></figure>And that's it! Once created, your API key and endpoint will be displayed.

Document Parsing

SITE Cloud Autoscaling Service ensures your applications always have the optimal compute capacity to handle peak loads efficiently, while optimizing costs during quiet periods. It is designed to dynamically adjust your infrastructure, guaranteeing high availability and performance right here in the Kingdom, with data sovereignty guaranteed.&nbsp;Key Features and Benefits<ul><li>Automatically adds or removes Virtual Machine (VM) nodes based on real-time operational metrics eliminating latency and timeouts during sudden traffic spikes.</li><li>Scales down compute resources when demand is low, reducing operational expenditure. Pay only for the resources you actively use, improving ROI.</li><li>Ensures your application remains highly available and resilient against unexpected load surges.</li><li>All scaling logic and data management remains within the trusted and secure Sovereign Cloud environment meeting regional data residency (Riyadh and Jeddah) and governance requirements.</li></ul>&nbsp;How Autoscaling Groups WorkThe core of the service is the Autoscaling Group (ASG). An ASG is a collection of VMs managed as a single logical unit. When defining an ASG, you establish the boundaries and performance triggers that dictate how and when scale-in, scale-out actions occur. SITE Cloud autoscaling is based on warm pools strategy.&nbsp;Autoscaling Warm Pools.&nbsp;Unlike traditional ASG instances, which are either fully active (serving traffic) or cold (completely terminated), warm pools allow instances to exist in a pre-initialized state. This means they can be quickly transitioned into service without the delay of instance boot time and initialization and quickly enter service when demand increases, significantly reducing the lag that often accompanies scaling events. By having instances in a warm state, organizations can ensure faster response times while optimizing costs, especially during high-demand scenarios.&nbsp;Configuration ParametersWhen setting up your Autoscaling Group, you will define the following mandatory parameters to customize its behavior:<ul><li>Name &amp; Description: Assign a unique name for easy identification and a description detailing the application or function it supports.</li><li>Minimum Node Count (Min): The smallest number of running VMs the ASG must maintain. This ensures baseline availability.</li><li>Maximum Node Count (Max): The highest number of VMs the ASG can scale up to. This acts as a budget and resource control guardrail.</li><li>Scaling Thresholds (The Triggers): These metrics define the conditions under which the ASG must add/remove a new node if any one of these metrics goes above or below the threshold.<ul style="list-style-type:circle;"><li>CPU Utilization (%): If the average CPU across the group exceeds this percentage for a defined period, a new VM will be added and if average CPU goes below this percentage VM will be removed.</li><li>Memory Utilization (%): If the average memory usage across the group exceeds this percentage for a defined period, a new VM will be added and if average memory usage goes below this percentage VM will be removed.</li></ul></li></ul>&nbsp;Managing VM MembershipThe service provides unique flexibility in managing the VMs within your ASG:<ul style="list-style-type:disc;"><li>Add Existing VMs: You can seamlessly select and attach currently running, configured VMs to a newly created or existing Autoscaling Group. This is ideal for quickly integrating pre-tested application instances.</li><li>Remove VMs: You retain the ability to detach VMs from the ASG. Detached VMs are not terminated; they transition to being standard, standalone instances under your direct management.</li></ul>

Autoscaling

Multi PAT Feature Documentation&nbsp;1. DefinitionMulti PAT (Port Address Translation) is a feature that enables users to assign a PAT at the environment level to multiple virtual machines (VMs) for outbound traffic. This allows VMs to share the same IP address when accessing external networks. The PAT can be configured as either a shared IP, for accessing a shared area, or a public IP for accessing internet. By using the same IP for multiple VMs, this feature helps streamline traffic flow and provides consistency in outgoing communication.<figure class="image image_resized image-style-align-center" style="width:47.04%;"><img src="/uploads/multiple_pat_ed67061bc5.png"></figure>2. Sample Use Cases&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Centralized Outbound Traffic: When multiple VMs within an environment need to connect to the same external service, using Multi PAT allows all traffic to originate from a single IP, simplifying network management and logging.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Controlled Access Zones: Multi PAT can facilitate access to shared resources or public networks while keeping outgoing traffic consistent, making it ideal for secure or compliance-focused environments.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Cost-Effective Public IP Use: Instead of assigning a public IP to each VM, Multi PAT lets multiple VMs share one public IP, reducing the overall public IP allocation and cost.3. Step-by-Step Guide: Setting Up Multi PATStep 1:&nbsp;Log in to My Cloud Portal&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Access your cloud account and navigate to the&nbsp;Environment page from the left menu.<figure class="image"><img src="/uploads/Annotation_2024_11_04_175013_29a837ff84.png"></figure>Step 2:&nbsp;Access Multi PAT Configuration&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inside Environment page, find the environment you want to manage multi PAT on and click on Manage IPs action from the row actions menu<figure class="image"><img src="/uploads/Annotation_2024_11_04_180158_2cf3d574d0.png"></figure>Step 3:&nbsp;Create a New PAT&nbsp;&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Select the type of the PAT you are creating.&nbsp;&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Select the IP Address you want to use. The dropdown will list the already <a href="https://docs.cloud.site.sa/MyCloudPortal/allocate-ip-and-assign-i-ps-to-vm" target="_blank" rel="noopener noreferrer">allocated IPs</a>.<figure class="image"><img src="/uploads/image_ce9721e312.png"></figure>Step 4:&nbsp;Review and Apply the Configuration&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Double-check the configuration details before applying. Once confirmed, the PAT setup will be effective immediately.Step 5:&nbsp;Assign the PAT to a virtual machine&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;From virtual machine details page - network tab, click on Manage IPs&nbsp;<figure class="image"><img src="/uploads/image_4b81d7bd50.png"></figure>&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Select the PAT in order to make the virtual machine use it for its outgoing traffic<figure class="image"><img src="/uploads/image_7043f69775.png"></figure>&nbsp;&nbsp;

Multiple PAT

<h2>Introduction</h2>Our Serverless Inference products provide easy access to powerful models across different domains. With just an API key and endpoint, you can start running inference without worrying about the underlying infrastructure, scaling, or deployment.&nbsp;<hr>&nbsp;<h2>Overview</h2>Here is an overview of our Serverless Inference products:LLM InferenceLLM Inference gives you access to large language models for a wide range of text-based tasks. Whether you need to build chatbots, summarize documents, generate structured output, or perform custom NLP operations, LLM Inference provides a reliable and scalable way to integrate language models into your applications and workflows.&nbsp;Vision (VLM)Vision Inference enables multimodal capabilities by combining language and vision understanding. Use Vision to analyze images with natural language queries, describe visual content, or perform multimodal reasoning where both text and images are inputs. This is particularly useful for captioning, classification, and multimodal chat applications.&nbsp;EmbeddingEmbedding Inference lets you generate high-quality vector embeddings for text or other data. These embeddings can then be used for semantic search, clustering, retrieval-augmented generation (RAG), recommendation systems, and more. By leveraging embeddings, you can create meaningful representations of data for downstream applications and tasks.&nbsp;RerankingReranking Inference improves the quality of search and retrieval pipelines by reordering candidate results based on semantic relevance. Given an initial list of results and a query, the reranker ensures that the most contextually relevant results surface to the top, improving user experience and retrieval accuracy.&nbsp;ModerationModeration Inference helps you detect, classify, and manage unsafe or undesired content across text-based inputs and outputs. It enables applications to automatically identify categories such as harmful language, abuse, policy violations, or sensitive content before it reaches users or downstream systems. By integrating moderation directly into your AI workflows, you can enforce safety standards, comply with governance requirements, and build trustworthy AI experiences without manual review overhead.&nbsp;Audio (Speech-to-Text)Audio Inference provides speech-to-text capabilities that convert spoken audio into accurate, structured text. This enables applications to process voice inputs for transcription, analysis, and downstream language understanding tasks. Speech-to-text can be combined with other inference products, such as LLM Inference, Embedding, or Moderation, to build voice-enabled assistants, meeting transcription services, call analytics, or multimodal agent experiences where spoken input becomes actionable data.&nbsp;<hr>&nbsp;<h2>Getting Started: Creating an API Key</h2>The process of creating an API key is the same for all of our Serverless Inference products. In this example, we’ll walk through the steps for LLM Inference.Step 1: Open the Product Page<figure class="image"><img src="/uploads/Group_3_c01a826526.png"></figure>In the Cloud Portal, navigate to the product you want to use (here we’ve selected LLM Inference) to view and manage your API keys, then click Create to open the creation modal<hr>&nbsp;Step 2: Start Creating a New API Key<figure class="image"><img src="/uploads/Group_4_153d6b2f9d.png"></figure>Now, select the model you’d like to use from the available list.<hr>&nbsp;Step 3: Provide Key Details<figure class="image"><img src="/uploads/Group_5_1cc853f379.png"></figure>Fill in the required details, and an optional description.<hr>&nbsp;Step 4: Copy Your Key and Endpoint<figure class="image"><img src="/uploads/Group_6_da08612283.png"></figure>You’re all set! Your API key and Endpoint are ready. You can now begin making requests to your chosen Serverless Inference product.

Inferences

<h2>Allocate IP and Assign it to VM.</h2>SITE Cloud has 3 types of IP; Private, Public and Shared IP. Each one of them can be assigned to the network interface from the portal.<ul><li>Private IP: can be assign to VM network interface for network communication.</li><li>Public IP: can be assign to VM network interface for internet communication.</li><li>Shared IP: can be assign to VM network interface for communicate with other tenant.</li></ul>Note that Public IP can’t be assigned on HSA zone.<h2>1. Allocate IP.</h2>Before assign any type of IP we need to allocate an available IP first to assign it to VM.First Login to Cloud Portal.From Cloud Portal go to “IPs” tab in Networking.&nbsp;<img src="https://cms.cloud.site.sa/docs/uploads/1_d8d2eba50c.jpg" alt="image 1">&nbsp;Go to “Allocate”.&nbsp;<img src="https://cms.cloud.site.sa/docs/uploads/2_fe524064e2.jpg" alt="2.jpg">&nbsp;Fill up the required fields. Tenant, Business Group, Region and IP Type. Then chose the Network subnet that you want to allocate the IP from. Then select the IP.&nbsp;<h4><img src="https://cms.cloud.site.sa/docs/uploads/3_d5b4ef461b.jpg" alt="3.jpg"></h4>&nbsp;Now you can assign the IP to the VM.&nbsp;<h2>2. Assigning IP to the VM.</h2>From “Compute” go to “Virtual Machines”.&nbsp;Search for your VM using VM ID.&nbsp;<img src="https://cms.cloud.site.sa/docs/uploads/4_602c71bbf6.jpg" alt="4.jpg">&nbsp;Go to “Networks” and hover on the network adapter that the IP will be assigned to.&nbsp;<img src="https://cms.cloud.site.sa/docs/uploads/5_ead4647bfb.jpg" alt="5.jpg">&nbsp;&nbsp;Note If the interface (Network adapter) is not shown you can add new interface from “Add interface”Go to “Manage IPs” button and you can find the IP, assign it to the VM private, public or shared IP as you need.&nbsp;&nbsp;<img src="https://cms.cloud.site.sa/docs/uploads/6_bec0998444.jpg" alt="6.jpg">&nbsp;You can also find Unassign option from “Manage IPs” button.&nbsp;

Allocate IP and Assign IPs to VM

<h3 style="margin-left:0in;">Static Route Feature Documentation</h3>&nbsp;&nbsp;<h3 style="margin-left:0in;">1. Definition</h3>A static route is a manually configured path that defines how network traffic should travel to a specific destination. Unlike dynamic routing, which automatically adjusts based on network conditions, static routes offer fixed paths that require manual configuration. This provides more control and predictability in traffic flow.&nbsp;<h3 style="margin-left:0in;">2. Sample Use Cases</h3><ul><li>Custom routing requirements: In SITE Cloud environment, when multiple routes are available, the oldest environment in the routing table takes precedence unless explicitly overridden by adding a new static route. This feature adds stability and reliability, especially in multi-environment or long-term setups.</li><li>Replication Network prioritization: Advertise the replica network in the replication destination environment to ensure it takes precedence over the source environment's network.</li><li>VPN Traffic Routing: Static routes are essential in VPN configurations where network traffic needs to be routes through secure tunnels.</li></ul>&nbsp;<h3 style="margin-left:0in;">3. Step-by-Step Guide: Setting Up a Static Route</h3>&nbsp;<h4 style="margin-left:0in;">Step 1:&nbsp;Log in to My Cloud Portal</h4>&nbsp;&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Access your cloud account and navigate to the networking category.&nbsp;<h4 style="margin-left:0in;">Step 2:&nbsp;Access Static Route Page</h4>&nbsp;&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; click on Static Route item that is inside Networking category from the side menu navigation.&nbsp;<figure class="image"><img src="/uploads/static_route_table_6f9bf12df2.png"></figure><h4 style="margin-left:0in;">Step 3:&nbsp;Add a New Static Route</h4>&nbsp;&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Select “Create” from the static route page.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Environment: Input the target Environment.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VPC: Input the target VPC.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Subnet: Input the target Subnet. This subnet needs to be part of an existing Cloud Subnet specified in the Subnet Page.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Next Hop Gateway: Define the next hop, such as another VM or VPC gateway.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Description: Optional free text field for your description and comments.&nbsp;<figure class="image"><img src="/uploads/image_e4a9bc4040.png"></figure>&nbsp;<h4 style="margin-left:0in;">Step 4:&nbsp;Review and Apply the Route</h4>&nbsp;&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Verify all route details before applying the configuration. Once confirmed, the static route will be applied immediately.&nbsp;<h3 style="margin-left:0in;">4. Best Practices</h3>&nbsp;&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Regularly review your static routes to ensure they align with your network architecture and any infrastructure changes.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Use descriptive names for static routes to simplify future troubleshooting and management.&nbsp;&nbsp; •&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Be mindful of the precedence rule for the oldest environment when setting up or modifying routes.

Static Routes

<h2 style="margin-left:0px;">Overview</h2><h4 style="margin-left:0px;">ISO/IEC 27018 provides guidance for cloud service providers on protecting personally identifiable information (PII) based on ISO/IEC 27002 and in alignment with privacy principles. It establishes cloud-specific controls and best practices for PII.</h4><h4 style="margin-left:0px;">Certification demonstrates that SITE Cloud implements controls for PII protection as required by ISO/IEC 27018.</h4>&nbsp;&nbsp;<h3 style="margin-left:0px;">SITE Cloud and ISO/IEC 27018</h3>&nbsp;<ul><li>SITE Cloud has achieved ISO/IEC 27018 certification for its implementation of privacy controls for PII.</li></ul><h4 style="margin-left:0px;">&nbsp;</h4><ul><li>The SITE Cloud ISO/IEC 27018 certificate validates compliance with PII protections.</li></ul><h4 style="margin-left:0px;">&nbsp;</h4><ul><li>Clients can leverage SITE Cloud's ISO/IEC 27018 certification to support compliance for workloads involving PII stored on the SITE Cloud.</li></ul>&nbsp;&nbsp;<h3 style="margin-left:0px;">Scope of Certification</h3>&nbsp;The SITE Cloud ISO/IEC 27018 certification applies to the following in-scope cloud services:&nbsp;<ul><li>Cloud Virtual Datacenter(VDC)</li><li>Cloud Disaster Recovery</li><li>Cloud Managed IT</li><li>Cloud Managed IT SME</li></ul>&nbsp;&nbsp;<h3 style="margin-left:0px;">Audit Certificates</h3><ul><li>The SITE Cloud ISO/IEC 27018 certificate is available upon request via SITE Cloud Support Portal.</li></ul>&nbsp;&nbsp;&nbsp;<h2 style="margin-left:0px;">Frequently Asked Questions:</h2>&nbsp;<ul><li>Who does ISO/IEC 27018 apply to?</li></ul>ISO/IEC 27018 provides guidance specifically for cloud service providers processing PII on behalf of clients.&nbsp;<ul><li>How can I access SITE Cloud's ISO/IEC 27018 audit documentation?</li></ul>&nbsp;Certificates can be requested through the SITE Cloud Support Portal.&nbsp;<ul><li>Can I use SITE Cloud's certification to support my ISO/IEC 27018 compliance?</li></ul>Yes, SITE Cloud's ISO/IEC 27018 certification can help demonstrate compliance for PII processed and stored on the cloud. Clients remain responsible for compliance of their cloud implementation and internal controls.

ISO/IEC 27018 - SITE Cloud Compliance

ISO/IEC 27017 provides guidance on information security controls for cloud services based on ISO/IEC 27002. It offers additional guidance and controls to address security issues specific to the cloud computing environment.ISO/IEC 27017 is applicable to both cloud service providers and cloud clients. It assists organizations in implementing a secure cloud computing information security management system.<h4>SITE Cloud and ISO/IEC 27017</h4>SITE Cloud has achieved ISO/IEC 27017 certification for its implementation of cloud-specific information security controls.The SITE Cloud ISO/IEC 27017 certificate validates compliance with key controls for cloud security.Clients can leverage SITE Cloud's ISO/IEC 27017 certification to support compliance for workloads and data stored on the SITE Cloud.<h4>Scope of Certification</h4>The SITE Cloud ISO/IEC 27017 certification applies to the following in-scope cloud services:<ul><li>Cloud Virtual Datacenter(VDC)</li><li>Cloud Disaster Recovery</li><li>Cloud Managed IT</li><li>Cloud Managed IT SME</li></ul><h4>Audit Certificates</h4><ul><li>The SITE Cloud ISO/IEC 27017 certificate is available to clients upon request via SITE Cloud Support Portal.</li></ul>&nbsp;<h4>Frequently Asked Questions:</h4>&nbsp;<h4>Who does ISO/IEC 27017 apply to?</h4>ISO/IEC 27017 provides guidance for both cloud providers and cloud clients. It assists organizations in implementing secure cloud computing environments.<h4>How can I access SITE Cloud's ISO/IEC 27017 audit documentation?</h4>Audit certificates is available through the SITE Cloud Support Portal.<h4>Can I leverage SITE Cloud's ISO/IEC 27017 certification for my compliance efforts?</h4>Yes, SITE Cloud's certification can be used to demonstrate compliance for client workloads hosted on the platform. However, clients are responsible for compliance of their own cloud implementation and internal controls.

ISO/IEC 27017 - SITE Cloud Compliance

ISO/IEC 27701 is an extension of ISO/IEC 27001 for managing personal data privacy. It specifies requirements for a Privacy Information Management System (PIMS) to help organizations implement controls for privacy regulations like GDPR.ISO/IEC 27701 provides a framework for managing personal data that applies to both data controllers and processors. Certification demonstrates an audited approach to privacy controls and compliance.<h4>SITE Cloud and ISO/IEC 27701</h4>SITE Cloud has achieved ISO/IEC 27701 certification for its privacy information management system.The SITE Cloud ISO/IEC 27701 certificate validates compliance with privacy controls.Clients can leverage SITE Cloud's ISO/IEC 27701 certification to support regulatory compliance for workloads involving personal data.<h4>Scope of Certification</h4>The SITE Cloud ISO/IEC 27701 certification applies to the following in-scope cloud services:<ul><li>Cloud Virtual Datacenter(VDC)</li><li>Cloud Disaster Recovery</li><li>Cloud Managed IT</li><li>Cloud Managed IT SME</li></ul><h4>Audit Reports and Certificates</h4><ul><li>SITE Cloud's ISO/IEC 27701 certificate is available through the SITE Cloud Support Portal.</li><li>&nbsp;</li></ul><h4>Frequently Asked Questions:</h4>&nbsp;<h4>How does ISO/IEC 27701 help meet privacy regulations?</h4>ISO/IEC 27701 provides a universal framework of privacy controls that can be mapped to requirements for regulations like GDPR and CCPA. This allows for efficient implementation and audit of regulatory compliance.<h4>How can I access SITE Cloud's ISO/IEC 27701 audit documentation?</h4>Certificates can be requested through the SITE Cloud Support Portal.<h4>Can I use SITE Cloud's ISO/IEC 27701 certification for my compliance?</h4>Yes, SITE Cloud's certification helps demonstrate compliance for client workloads involving personal data on the Cloud. However, clients maintain responsibility for compliance of their implementation.

ISO/IEC 27701 - SITE Cloud Compliance

The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) registry provides a free, publicly accessible registry for cloud providers to publish information security and compliance reports.The STAR Self-Assessment allows cloud providers to document their security controls based on the CSA Cloud Controls Matrix (CCM) using the Consensus Assessments Initiative Questionnaire (CAIQ).<h4>SITE Cloud and CSA STAR</h4>SITE Cloud publishes a CSA STAR Self-Assessment documenting its implementation of security controls per the CCM.Clients can review SITE Cloud's CAIQ to evaluate security risks and compare providers using CSA best practices.SITE Cloud undergoes annual audits to update the CAIQ assessment based on the latest CCM version.<h4>CAIQ Report Access</h4>The SITE Cloud CSA STAR Self-Assessment is publicly available on the CSA STAR Registry https://cloudsecurityalliance.org/star/registry/saudi-information-technology-company-siteSITE Cloud publishes updated CAIQ reports annually after each audit is completed.&nbsp;<h4>Frequently Asked Questions:</h4><h4>&nbsp;</h4><h4>What standards does the CCM align to?</h4>The CCM maps to various security standards like ISO 27001, PCI DSS, and NIST 800-53 to provide a baseline set of cloud security best practices.<h4>Why is the CSA STAR Self-Assessment valuable?</h4>It enables transparent documentation of SITE Cloud's security controls implementation per industry best practices. Customers can review and compare providers.

CSA STAR Self-Assessment - SITE Cloud Compliance

The Center for Internet Security (CIS) publishes consensus-based configuration benchmarks and best practices for securely configuring IT systems.CIS benchmarks provide guidance on baseline security settings for software, operating systems, networks, and cloud platforms.<h4>SITE Cloud and CIS Benchmarks</h4>The benchmark covers recommendations for secure configuration of SITE Cloud resources and services.Clients can use the CIS SITE Cloud Foundations Benchmark as a base when deploying workloads on SITE Cloud.SITE Cloud also offers pre-configured CIS Hardened Images that align to CIS benchmark recommendations.<h4>CIS SITE Cloud Foundations Benchmark</h4>It provides two levels of security recommendations:<ul><li>Level 1: Basic security settings with minimal functionality impact</li><li>Level 2: Strict security settings for high-risk environments</li></ul><h4>CIS Hardened Images on SITE Cloud</h4>SITE Cloud offers CIS Hardened Images for Linux and Windows on the SITE Cloud Portal. The images are pre-configured per CIS benchmarks.

Center for Internet Security (CIS) Benchmarks - SITE Cloud

Overview&nbsp;<ul><li>ISO 22301 is an international standard that specifies requirements for a business continuity management system (BCMS).&nbsp;</li><li>Helps organizations protect against, prepare for, and recover from disruptive incidents.&nbsp;</li><li>SITE Cloud has established a BCMS aligned to ISO 22301 and achieved ISO 22301 certification, demonstrating a commitment to business continuity and disaster recovery.&nbsp;</li></ul>&nbsp;SITE Cloud and ISO 22301&nbsp;<ul><li>SITE Cloud has implemented a BCMS that conforms to the ISO 22301 standard.&nbsp;</li><li>SITE Cloud has received ISO 22301 certification, validated through independent audits.&nbsp;</li><li>Clients can leverage SITE Cloud's ISO 22301 certification as evidence of business continuity controls.&nbsp;</li></ul>&nbsp;Scope of Certification&nbsp;The SITE Cloud ISO 22301 certification applies to the following in-scope cloud services:&nbsp;<ul><li>Cloud Virtual Datacenter(VDC)&nbsp;</li><li>Cloud Disaster Recovery&nbsp;</li><li>Cloud Managed IT&nbsp;</li><li>Cloud Managed IT SME&nbsp;</li></ul>&nbsp;Audit Documentation&nbsp;<ul><li>The SITE Cloud ISO 22301 certificate is available via the SITE Cloud Support Portal.</li></ul>

ISO 22301 - SITE Cloud Compliance

<h2>Contact Information</h2>This page will allow users to view the contact information of the team member responsible for providing access to billing details. This information is crucial for inquiries or clarifications regarding billing permissions and access.&nbsp;<h3>Information Displayed&nbsp;</h3><ul><li>Name: The full name of the employee who granted access to the billing information.</li><li>Email: The official email address of the employee, used for direct communication.</li><li>Phone Number: A contact number where the employee can be reached for urgent or detailed discussions.</li><li>Details/Notes: Any additional information or notes that may provide context, such as the reason for granting access, specific billing details, or other relevant comments.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_10_1_6869d8d7c2.png"></figure><h3 style="margin-left:0px;">Additional Considerations</h3><ul><li>This page serves as a point of reference for billing-related inquiries.</li><li>The contact details are essential for smooth communication between teams regarding billing access.</li><li>Users should ensure the accuracy of the contact information for timely responses to billing queries.</li></ul>&nbsp;<hr>If you need to grant or revoke access to billing information, please raise a ticket through our <a href="https://support.cloud.site.sa" target="_blank" rel="noopener noreferrer">Support Portal&nbsp;</a>&nbsp;

Measure your SITE cloud billing and utilization

Billing

Billing Contact Information 

<h2>Consumption Report&nbsp;</h2>This feature allows to view and generate detailed reports on consumption data. This report helps track usage over time, view billing information, and analyze specific consumption periods.&nbsp;The Consumption Report option in the menu. The report is divided into several sections for ease of use.&nbsp;<h3 style="margin-left:0px;">Sections of the Report&nbsp;</h3>&nbsp;First Section: Historical Consumption Data This section provides a summary of consumption data over a historical period, helping users analyze long-term usage trends and patterns&nbsp;Second Section: Specific Period Consumption Here, select a specific period for detailed consumption analysis. By entering the following details, view usage within a defined timeframe:<ul style="list-style-type:circle;"><li>Tenant Name</li><li>Business Group</li><li>Resources</li><li>Date Range (from - to)</li></ul>Third Section: Billing Information This section presents the billing details associated with consumptions during the selected period, including costs related to devices and resources used.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_11_d16ec20774.png"></figure>Fourth Section: One-Time Payments (If Available) If only one-time payments have been made, they will be displayed in this section. It provides details about any additional or out-of-cycle charges.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_15_b909e072f1.png"></figure><h3 style="margin-left:0px;">&nbsp;</h3><h3 style="margin-left:0px;">Additional Considerations</h3>&nbsp;<ul><li>This report is a valuable tool for tracking and managing consumption.</li><li>Customize the data view based on specific periods and resources.</li><li>It helps in both financial forecasting and resource allocation planning.</li></ul> &nbsp;

Billing Consumption Report 

<h2>Contracts&nbsp;</h2>This page provides access to view contract details for both ongoing and past projects. It allows viewing of information regarding previous contracts and their associated details.&nbsp;<h3>Information Displayed</h3>&nbsp;<ul><li>Active Contracts: View details about current contracts related to ongoing projects, including start and end dates, contract terms, and key obligations.</li><li>Past Contracts: Access historical information about contracts related to completed projects, including terms, project scope, and duration.</li><li>Contract Details: This section includes specific contract details such as project scope, pricing, deliverables, and any special clauses or conditions agreed upon during the contract. &nbsp;</li></ul><h3>Contract Sections Displayed</h3> 1. System ID: A unique identifier for the system associated with the contract. 2. Contract ID: A unique identifier for the specific contract. 3. Project Manager: The name of the project manager overseeing the project. 4. Account Manager: The name of the account manager responsible for the client relationship. 5. Start Date: The official start date of the contract. 6. Activation Date: The date when the contract became active. 7. End Date: The date when the contract is set to expire or has expired. 8. Details/Notes: Any additional details or notes that provide context, such as contract modifications, special terms, or other relevant information.&nbsp;<h3><img src="https://cms.cloud.site.sa/docs/uploads/Group_12_990b732517.png"> Additional Considerations</h3><h3>&nbsp;</h3><ul><li>This page helps manage and review project agreements for better tracking of commitments and obligations.</li><li>It provides an easy reference for historical contracts to understand the terms of past engagements.</li><li>The information can be used to compare contract terms and improve future project agreements. &nbsp;</li></ul>&nbsp;

Billing Contracts

<h2>Credit&nbsp;</h2>It's the details about available credit and any limits related to project scope. While credit information can be viewed here, any modifications require administrative support. &nbsp;<h3> Credit Information</h3>&nbsp;<ul><li>View Credit Details: This section allows access to view the current credit balance and associated limits relevant to the project.</li><li>Project Scope Adjustments: Credit is directly tied to the scope of the project, but increasing the scope requires changes to the credit allocation. &nbsp;</li></ul><h3 style="margin-left:0px;">Sections Displayed:</h3><ol><li>Contract System ID: A unique identifier for the system associated with the contract and credit.</li><li>One-Time Payment: If there is any one-time payments related to the project.</li><li>Type: Specifies the type of credit or payment (e.g., Invoice, Reward Points, etc.).</li><li>Amount: The total amount of credit or payment made.</li><li>Payment: Displays the payment method or transaction details.</li><li>Created By: The name of the person who created the credit entry or payment record.</li><li>Created At: The date and time when the credit entry or payment record was created.</li><li>Details: Any additional information or context related to the credit, payment, or project scope.</li><li>Status: The current status of the credit or payment (e.g., Active, Inactive).</li></ol>&nbsp;<img src="https://cms.cloud.site.sa/docs/uploads/Group_13_65c52a6dfe.png"> &nbsp;&nbsp;<hr><h3>Important Notes</h3><ul><li>No Direct Additions: It's important to note that additional amounts cannot be directly added to the account via this page.</li><li>Modifications or Adjustments: If credit modifications are required or there are inquiries related to increasing the project scope, kindly raise a ticket through our <a href="https://support.cloud.site.sa" target="_blank" rel="noopener noreferrer">Support Portal</a>&nbsp;</li></ul>&nbsp;

Billing Credit 

<h2>Excluded Resources&nbsp;</h2>This page provides visibility into the resources that have been excluded from financial calculations. This helps maintain clarity on what is not factored into overall costs and financial assessments.<h3>Information Displayed</h3>&nbsp;<ul><li>Type: Specifies the category of the excluded resource (e.g., VM, Network, etc.).</li><li>Resource: Lists the name of the resource that has been excluded from financial calculations.</li><li>From - To: Indicates the date range during which the resource was excluded.</li><li>Details/Notes: Provides additional context or explanations regarding the exclusion, including reasons or specific conditions related to the resource.</li></ul>&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_14_9632fac19a.png"></figure><h3 style="margin-left:0px;">&nbsp;</h3><h3 style="margin-left:0px;">Additional Considerations</h3>&nbsp;<ul><li>This page is essential for understanding financial assessments by clarifying which resources are not included in the cost calculations.</li><li>Keeping track of excluded resources can help in financial planning and decision-making for future projects.</li></ul> &nbsp;

Billing Excluded Resources 

<h2>Definition</h2>Business Groups (BGs) serve as an essential organizational framework within a cloud environment, enabling the efficient management and allocation of resources across various departments or teams within a tenant. This flexibility fosters collaboration and enhances overall resource management.Business groups are responsible for managing metadata about resources while focusing on permissions and resource allocation. This shift encourages a collaborative environment where resource sharing is optimized, and operational efficiency is improved<h3>Features:</h3><ul><li>Flexible Resource Sharing: Resources can be shared across multiple business groups, eliminating bottlenecks and improving resource utilization.</li><li>Granular Access Control: Access to Business Groups can be restricted by users, ensuring only authorized personnel can make changes.</li><li>Enhanced Workload Separation: Business Groups allow customers to group workloads, making management easier and improving communication within each business group.</li></ul><h3>Sample Use Cases&nbsp;</h3><ul><li>Managing Permissions Business Groups is used to manage user permissions. for more info, refer to the following link: <a href="https://docs.cloud.site.sa/MyCloudPortal/Permission-Profiles">Permission Profiles</a>.</li><li>Project-Based Resource Management: Business Groups can be created for specific projects, allowing each project team to manage its resources independently.&nbsp;</li><li>Departmental Resource Allocation: Business Groups can be assigned based on departments (e.g., HR, Finance, R&amp;D), allowing each to manage its workloads independently.&nbsp;</li><li>Cost Management and Optimization: Business Groups help segment costs by business unit, project, or application. Each Business Group can have a budget or cost-tracking mechanism, making it easier to analyze and control cloud expenses across different areas.</li></ul>&nbsp;<h2>Step-by-Step Guide</h2><h3>Navigation to Business Groups</h3><ul><li>Access Through Settings Section: On the side menu, through settings section select “Business Groups”</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_1_11_6114a305fd.png"></figure><ul><li>Viewing Existing Business Group Information: If you already have a BG, press on it to preview the information about it</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_2_3_1e6ba3e235.png"></figure><ul><li>Creating New Business Group: If you want to create a new one, press “Create”, and fill up the required information&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_3_7_2baa25adb1.png"></figure>

Business Groups

<h3>Definition</h3>Global Load Balancing (GLB) is a powerful technology designed to enhance the performance, reliability, and availability of web applications on a global scale. By distributing incoming traffic across a network of servers located in various geographic locations, GLB optimizes response times and reduces the likelihood of downtime for users around the world. This ensures consistent, high-quality user experiences regardless of location.<h3>Features</h3><ul><li>Intelligent Traffic Distribution: GLB smartly allocates web traffic across multiple servers based on location and server load, reducing latency and improving network efficiency.</li><li>Health Monitoring and Fault Tolerance: GLB continuously checks server health. If a server fails, it reroutes traffic to maintain uptime, ensuring reliable performance.</li><li>Dynamic Failback Mechanism: When a failed server recovers, GLB seamlessly reintroduces it to the traffic flow, optimizing resource use.</li><li>DNS-based Load Distribution: GLB leverages DNS to balance loads, often using round-robin or other methods to distribute traffic evenly.</li><li>Cloud Integration Requirement: Hosting the DNS zone in SITE Cloud maximizes GLB performance for seamless traffic management.</li></ul><h3>Use Cases</h3><ul><li>High-Traffic Websites and Applications: Distributes traffic across servers to prevent overload, ideal for large websites or apps.</li><li>Disaster Recovery and Continuity: GLB redirects traffic during server outages, ensuring service continuity.</li><li>Geo-Location Based Content Delivery: Directs users to the nearest server, improving speed for global audiences.</li><li>Enterprise-Scale Applications: Balances load for large platforms, ensuring fast, reliable access for all users.</li></ul>Note: The above are sample of many add-ons, and they are not limited to these examples.<h3>&nbsp;</h3><h3>Prerequisites:</h3><ul><li>&nbsp;The DNS zone must be hosted within SITE Cloud</li></ul>&nbsp;<h3>Step-by-Step Guide&nbsp;</h3>1. Access the Networking Section: In the side menu, navigate to the Networking section and select Global Load Balancer.2. Create a new GLB: To set up a new GLB, press Create on the top right corner.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_1_12_61d64fe786.png"></figure>2.1 To create a new GLB, you need to fill in the following information:<ul><li>Enter Member IP: Input the IP address of the server.</li><li>Choose DNS Zone: Select the appropriate DNS zone for the GLB.</li><li>Select Load Balancing Method: Pick the desired traffic distribution method.</li><li>Set Health Check Parameters: Configure health checks for members.</li><li>Click "Submit" to finalize and create GLB.</li></ul>Note: Only Public and Shared IPs are supported in member health checks.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_3_8_2ec3a970b9.png"></figure>3. Manage Global Load Balancer3.1 After creating a Global Load Balancer, click on your GLB to view detailed information about the instance.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_5_4_936cc5bc84.png"></figure>3.2 To edit your GLB, click the edit button located on the far left of the instance.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_6_4_dbf4d3aa4a.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_8_5_2d90cfd2f1.png"></figure>&nbsp;<h3>Supported Health Check Types</h3>Configuring firewall rules is required for all health check IPs regardless of the type.<ol><li>HTTP Health Check : Commonly used for web applications.</li><li>HTTPS Health Check : Commonly used for secure web applications.</li><li>TCP Health Check : Commonly used for non-HTTP services like databases and custom applications.<ol><li>&nbsp;If one member is set to TCP, all health check members must also use TCP (this change will be applied by default, and the option to change it will be disabled).</li><li>Path, health check IP, and port are disabled for TCP. For the health check IP, the same member IP is &nbsp; used. For the port, all health check members use the same port, which is the port of the first item in the &nbsp;active group.</li></ol></li></ol>&nbsp;<h3>&nbsp;</h3>&nbsp;Note: When editing your instance you cannot edit the Name, Zone, and Load Balancing Method.

Global Load Balancer

<h3>Definition</h3>A secure virtual meeting and conferencing platform that provides fast and reliable and business focused meeting capabilities&nbsp;&nbsp;<h3>Features</h3><ol style="list-style-type:decimal;"><li>Instance Creation and Management: User-friendly setup for quick instance creation</li><li>Editing and Personalization: Options to edit instance names, logos, and welcome messages and the ability to set unique meeting URLs and add branding</li><li>Monitoring and Analytics: Real-time monitoring dashboard for active meetings, participant count, and duration analytics on meeting frequency, average duration, and participant engagement</li><li>Comprehensive Meeting Logs: A detailed log of all completed meetings, capturing essential data for improved oversight and tracking.</li></ol>&nbsp;<h3>Step-by-Step Guide</h3>1. Access Through Applications Section: On the side menu, through Application section select “SITE Ray”2. Create a new Instance: To create a new SITE Ray instance press Create on the top right corner.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_15_4_fe5d03ce09.png"></figure>2.1 Fill in the required filed Which include:<ul style="list-style-type:circle;"><li>Configure Instance Details:<ul style="list-style-type:circle;"><li>Tenant: Select the appropriate tenant for the instance.</li><li>Business Group: Choose the relevant business group under which this instance will reside.</li><li>Instance Name: Provide a unique name for the instance.</li><li>Instance URL: Specify the URL through which the customer will access their instance.</li></ul></li><li>Licensing:<ul style="list-style-type:circle;"><li>Set the number of users requiring access to the instance. Each user logging in consumes one license, but guest participants in meetings are not counted toward license consumption.</li><li>The maximum number of licenses is 1,000. For custom licensing needs, please&nbsp;contact support@site.sa.</li></ul></li><li>Method:<ul style="list-style-type:circle;"><li>Choose the preferred authentication method. The options are:<ul style="list-style-type:circle;"><li>SITE Single Sign-On: Standard SITE SSO integration.</li><li>Email OTP: Login via a one-time password sent to the user's email.</li><li>Custom Single Sign-On: If selected, additional details are required, including:<ul><li>Mobile App Redirection Domain</li><li>SAML Identity Provider URL</li><li>Token Signing Certificate</li></ul></li></ul></li></ul></li><li>Allowed Domains:<ul style="list-style-type:circle;"><li>Add the desired Email Domains that are permitted for user logins, ensuring that only users with emails from these domains can access the instance.</li></ul></li><li>Customization:</li><li>Customize the instance’s visual appearance by uploading a primary and secondary color scheme.</li><li>Add logos for both default and dark mode to match your branding requirements.</li><li>Note: the logo should be .png and 500x500 pixels</li><li>Click Submit to complete creating your instance</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_16_1_d06b76bf1b.png"></figure>3. &nbsp;Access Instance3.1 To access the instance, users can click on the Instance URL, which opens the instance directly, allowing them to begin using Ray without any additional steps.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_19_3_d94149f418.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_18_5b6b3ebf01.png"></figure>4. Manage Instance&nbsp;4.1 Usage and Analytics Tab: Access a comprehensive details and analytics for each instance. This includes:<ul style="list-style-type:disc;"><li>Instance Information: A complete overview of the instance's configuration, settings, and associated attributes.</li><li>Detailed Dashboard:<ul style="list-style-type:circle;"><li>License Consumption: Visual insights into license usage, showing the number of active licenses and trends in license consumption over time.</li><li>Activities: A log of recent activities within the instance, providing visibility into user actions and system events.</li><li>Participants: Data on participant engagement, allowing users to monitor attendance and participation levels.</li></ul></li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_19_4_ef6be8c3f8.png"></figure>4.2 Meetings Tab: Displays a detailed log of ended meetings for the selected instance. This log includes essential information such as the Slug, Meeting Date, Started At, Ended At, Host, and Participants Number. This detailed view provides users with valuable insights into past meetings, allowing for efficient tracking and management of meeting activities within the instance.In addition, after meetings end, users can download the meeting quality report in PDF format. Enabling users to troubleshoot meeting and participants issues.<figure class="image"><img src="/uploads/SITE_Ray_Meetings_Tab_3da10dce9b.png"></figure>4.3 History Tab: provides a detailed record of actions taken on the instance. This log includes key information such as the Date of the action, the specific Action performed, the Requested By (the user who initiated the action), the Request Key (any associated ID), and whether the action has been Completed or is still Pending. This comprehensive history allows users to track changes and updates made to the instance, enhancing transparency and accountability.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_27_af642fb9f4.png"></figure>5. Action Buttons on the far right of the instance, you will find three dots representing the action buttons, which offer the following options:<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_24_1_5dd5d5b6b4.png"></figure>5.1 Edit: Allows modifications to the instance Name, URL, license, Method, Allowed Domains, and Customizations, enabling quick adjustments as needs evolve.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_25_1_644cb966d9.png"></figure>5.2 Download Outlook Manifest: button to download an XML file to integrate the instance with Microsoft Outlook, streamlining access to instance features directly within the email interface.5.3 Activate/Deactivate: button to toggle the instance’s operational status, granting flexibility to enable or disable access as needed without affecting stored settings or data.&nbsp;

SITE Ray Management

&nbsp;<figure class="table"><table><tbody><tr><td style="background-color:#E8F2DD;border:1.0pt solid #05EA7D;padding:0in;width:98.75pt;">Abbreviation</td><td style="background-color:#E8F2DD;border-bottom-style:solid;border-color:#05EA7D;border-left-style:none;border-right-style:solid;border-top-style:solid;border-width:1.0pt;padding:0in;width:427.5pt;">Description</td></tr><tr><td style="border-bottom-style:solid;border-color:#05EA7D;border-left-style:solid;border-right-style:solid;border-top-style:none;border-width:1.0pt;padding:0in;width:98.75pt;">2FA</td><td style="border-bottom:1.0pt solid #05EA7D;border-left-style:none;border-right:1.0pt solid #05EA7D;border-top-style:none;padding:0in;width:427.5pt;">Two-Factor Authentication</td></tr><tr><td style="border-bottom-style:solid;border-color:#05EA7D;border-left-style:solid;border-right-style:solid;border-top-style:none;border-width:1.0pt;padding:0in;width:98.75pt;">Dashboard Access</td><td style="border-bottom:1.0pt solid #05EA7D;border-left-style:none;border-right:1.0pt solid #05EA7D;border-top-style:none;padding:0in;width:427.5pt;">The section of the platform where users view and manage resources</td></tr><tr><td style="border-bottom-style:solid;border-color:#05EA7D;border-left-style:solid;border-right-style:solid;border-top-style:none;border-width:1.0pt;padding:0in;width:98.75pt;">LOGIN</td><td style="border-bottom:1.0pt solid #05EA7D;border-left-style:none;border-right:1.0pt solid #05EA7D;border-top-style:none;padding:0in;width:427.5pt;">Access point for entering credentials</td></tr><tr><td style="border-bottom-style:solid;border-color:#05EA7D;border-left-style:solid;border-right-style:solid;border-top-style:none;border-width:1.0pt;padding:0in;width:98.75pt;">Performance Analyzer</td><td style="border-bottom:1.0pt solid #05EA7D;border-left-style:none;border-right:1.0pt solid #05EA7D;border-top-style:none;padding:0in;width:427.5pt;">&nbsp;Tool for viewing historical performance details and metrics for virtual machines</td></tr><tr><td style="border-bottom-style:solid;border-color:#05EA7D;border-left-style:solid;border-right-style:solid;border-top-style:none;border-width:1.0pt;padding:0in;width:98.75pt;">Registration</td><td style="border-bottom:1.0pt solid #05EA7D;border-left-style:none;border-right:1.0pt solid #05EA7D;border-top-style:none;padding:0in;width:427.5pt;">Process of scanning a code to enroll in two-factor authentication</td></tr><tr><td style="border-bottom-style:solid;border-color:#05EA7D;border-left-style:solid;border-right-style:solid;border-top-style:none;border-width:1.0pt;padding:0in;width:98.75pt;">VM</td><td style="border-bottom:1.0pt solid #05EA7D;border-left-style:none;border-right:1.0pt solid #05EA7D;border-top-style:none;padding:0in;width:427.5pt;">Virtual Machine</td></tr></tbody></table></figure>&nbsp;How to access SITE Monitor?&nbsp;<ol><li>Monitor website should be accessed via<a href="https://monitor.cloud.site.sa/">&nbsp;https://monitor.cloud.site.sa/&nbsp;</a>&nbsp;</li></ol>&nbsp;<h3>Registering 2FA Token&nbsp;</h3>&nbsp;<h4>Step 1</h4>Access the website and click on “LOGIN WITH CLOUD ID.”<figure class="image image_resized" style="width:50%;"><img src="/uploads/Group_2_1_8a9d2688b8.png"></figure><h4>Step 2</h4>Log in using your username and password.<figure class="image image_resized" style="width:50%;"><img src="/uploads/image_bb52eb0b4f.png"></figure>&nbsp;<h4>Step 3</h4>Click on “Registration” &amp; Scan the QR code using an authenticator app to enroll.<figure class="image image_resized" style="width:50%;"><img src="/uploads/image_6e953e5c17.png"></figure><h4>Step 5</h4>Enter the authentication code generated by the app.<figure class="image image-style-align-left image_resized" style="width:75%;"><img src="/uploads/image_7f951dacfa.png"></figure>&nbsp;<h3>&nbsp;</h3><h3>Dashboard Access</h3>&nbsp;<figure class="image"><img src="/uploads/image_a94e6c1889.png"></figure>In the top-right corner, click on the magnifying glass icon to search for any virtual machine (VM).<figure class="image"><img src="/uploads/image_1437fedd30.png"></figure>&nbsp;The search results will display a list of available VMs. Click on any VM to view its details.<figure class="image"><img src="/uploads/image_075167c0e4.png"></figure>&nbsp;Once you click on any virtual machine, you can see and examine its details.<figure class="image"><img src="/uploads/image_ed330983b7.png"></figure>&nbsp;On the left panel, click on the storage tab.<img src="/uploads/image_fa5310bb83.png">A Storage and Volume performance details page will open.<figure class="image"><img src="/uploads/image_0efa04754a.png"></figure>&nbsp;To view historical performance data for the selected VM:Click the Performance Analyzer button on the main VM page.<figure class="image"><img src="/uploads/image_a4249d7185.png"></figure>&nbsp;A chart will display performance metrics from the past 12 hours.&nbsp;&nbsp;&nbsp;&nbsp;To explore additional performance metrics:Click the arrow in the upper-left to expand a side pane, which contains other available metrics for detailed analysis.<figure class="image"><img src="/uploads/image_82bb6c9208.png"></figure>

Monitoring

Monitor User Manual

<h2>Introduction</h2>&nbsp;The Bridge Gateway provides intelligent network bridging through automated virtual switch provisioning. This service eliminates manual firewall management to deliver self-service network control for hybrid cloud deployments.Unlike traditional network gateways that require operations team involvement for every configuration change, our automated Bridge Gateway ensures instant provisioning and real-time rule management while maintaining enterprise-grade security and performance.&nbsp;<h3>Key Features</h3>&nbsp;<h4>Network Management</h4>&nbsp;<ul style="list-style-type:disc;"><li>Self-Service Firewall Control: Configure and modify firewall rules directly through the Cloud Portal without tickets or delays</li><li>Automated Provisioning: Bridge Gateways deploy instantly as VMs with pre-configured network settings</li><li>Real-time Traffic Monitoring: View comprehensive traffic logs with filtering by IP, subnet, and time range</li></ul>&nbsp;<h4>Infrastructure Integration</h4>&nbsp;<ul style="list-style-type:disc;"><li>Many-to-Many Architecture: Connect multiple bare metal servers to multiple gateways for flexible network topologies</li><li>Hybrid Cloud Bridging: Seamlessly integrate legacy bare metal systems with Virtual Data Center (VDC) resources</li><li>VPC Integration: Native compatibility with existing Virtual Private Cloud configurations</li></ul>&nbsp;<h4>Security and Compliance</h4>&nbsp;<ul style="list-style-type:disc;"><li>Enterprise Firewall Capabilities: Granular traffic control with allow rules, port management, and protocol filtering using deny-by-default security model</li><li>Network Isolation: Maintain strict separation between environments while enabling controlled connectivity through explicit allow rules</li><li>Audit Trail Management: Complete logging of all configuration changes and traffic patterns</li></ul>&nbsp;<h3>Common Use Cases</h3><h4>&nbsp;</h4><h4>Infrastructure Modernization</h4>&nbsp;<ul style="list-style-type:disc;"><li>Legacy System Integration: Connect existing bare metal infrastructure to cloud services without hardware changes</li><li>Hybrid Cloud Architecture: Bridge physical and virtual environments for unified infrastructure management</li><li>Data Center Migration: Gradually migrate workloads while maintaining connectivity between old and new systems</li><li>Multi-Cloud Connectivity: Enable secure communication between different cloud environments and on-premises systems</li></ul>&nbsp;<h4>High-Performance Applications</h4>&nbsp;<ul style="list-style-type:disc;"><li>Mission-Critical Workloads: Provide dedicated network pathways for applications requiring bare metal performance</li><li>High-Performance Computing: Enable low-latency networking for GPU clusters and compute-intensive workloads</li><li>Database Clustering: Connect distributed database systems across bare metal and cloud infrastructure</li><li>Real-Time Processing: Support applications with strict latency requirements and high throughput needs</li></ul>&nbsp;<h4>Compliance and Security</h4>&nbsp;<ul style="list-style-type:disc;"><li>Regulated Workloads: Maintain network isolation while enabling controlled connectivity for compliance requirements</li><li>Financial Services: Meet strict security standards while enabling hybrid cloud operations</li><li>Government Applications: Satisfy security clearance requirements with controlled network segmentation</li><li>Enterprise Systems: Ensure regulatory compliance while connecting critical business systems to modern cloud platforms</li></ul>&nbsp;<h2>Getting Started</h2>&nbsp;<h3>Basic Bridge Gateway Setup for Development Environment</h3>This example demonstrates creating your first Bridge Gateway for a development environment. You'll learn how to provision a gateway, configure basic firewall rules, and prepare for bare metal server connections while understanding the fundamental workflow.&nbsp;<h4>Step 1: Prerequisites and Planning</h4>&nbsp;Scenario: Your development team needs to connect a legacy application running on bare metal servers in Riyadh to cloud-based services. The application requires HTTPS access and database connectivity while maintaining security isolation from production systems.&nbsp;Requirements Analysis:<ul style="list-style-type:disc;"><li>Security Requirements: Define explicit allow rules for required traffic, leveraging deny-by-default security model</li><li>Network Requirements: HTTPS (port 443), and database access (port 3306) from development subnet</li><li>Environment: Development environment with controlled access through explicit allow rules</li><li>Timeline: Immediate deployment needed for upcoming sprint work</li></ul>&nbsp;Resource Requirements:<ul style="list-style-type:disc;"><li>Active tenant account with Bridge Gateway creation privileges</li><li>Development environment access in target region</li><li>Planned IP address ranges for bare metal servers</li><li>Firewall rule requirements documented</li></ul>&nbsp;<h4>Step 2: Create Bridge Gateway</h4><ol style="list-style-type:decimal;"><li>Navigate to Bridge Gateway Section<ol><li>Log into the Cloud Portal</li><li>Navigate to Network → Bridge Gateways</li><li>Verify you see the Bridge Gateways listing page with Create button</li></ol></li><li>Initiate Gateway Creation<ol><li>Click the Create button in the top-right corner</li><li>Confirm you see the Bridge Gateway creation form</li><li>Expected interface shows Region, Environment, VPC, and Subnet fields</li></ol></li><li>Configure Basic Settings<ol><li>Region: Select “Riyadh” from the dropdown menu</li><li>Environment: Select any development environment from the dropdown menu</li><li>VPC: Choose SSA VPC from available options</li><li>Subnet: Select a predefined subnet within the selected VPC from the dropdown menu</li></ol></li></ol>&nbsp;<h4>Step 3: Review Network Configuration</h4><ol style="list-style-type:decimal;"><li>Verify Automatic Assignments<ol><li>Subnet Assignment: Choose an available subnet from the selected VPC</li><li>Private IP: Note the assigned IP address after successfully creating the bridge gateway</li><li>Virtual IP Pool: Review the allocated virtual IP range for future bare metal connections</li><li>Expected format: Gateway receives private IP for management, pool shows list of available private IPs within the selected subnet.</li></ol></li><li>Validate Configuration<ol><li>Confirm all settings match your requirements</li><li>Verify subnet doesn't conflict with existing infrastructure</li><li>Document assigned IPs for future reference</li></ol></li></ol>&nbsp;<h4>Step 4: Submit Creation Request</h4><ol style="list-style-type:decimal;"><li>Final Review and Creation<ol><li>Review configuration summary</li><li>Click Create Bridge Gateway button</li><li>Monitor status indicator showing provisioning progress</li></ol></li><li>Validate Successful Creation<ol><li>Confirm gateway appears in Bridge Gateways listing</li><li>Status shows as "Active" with green indicator</li><li>Gateway details page accessible by clicking gateway name</li></ol></li></ol>&nbsp;<h4>Step 5: Configure Initial Firewall Rules</h4><ol><li>Access Firewall Management<ol><li>Navigate to your newly created gateway details page</li><li>Click Firewall Rules tab</li><li>Verify you see empty rules list ready for configuration</li></ol></li><li>Create HTTPS Rule<ol><li>Click Add Rule button</li><li>Direction : Incoming</li><li>Policy Type: NET -&gt; SSA (for public internet access)</li><li>Sources: 0.0.0.0/0 (any source for development), or a specific Public IP range of your headquarter (recommended)&nbsp;</li><li>Destinations: Your gateway subnet</li><li>Services: HTTPS (port 443) from predefined services list</li><li>Description: “Allow HTTPS traffic from internet to development servers”</li></ol></li></ol>&nbsp;<h4>Step 6: Configure Database Access</h4><ol style="list-style-type:decimal;"><li>Create Internal Database Rule<ol><li>Direction: Incoming</li><li>Policy Type: SSA -&gt; SSA (internal network communication)</li><li>Sources: Your application subnet range (e.g., 10.10.0.0/16)</li><li>Destinations: Database server IPs</li><li>Services: MySQL (port 3306) from predefined services list</li><li>Description: “Allow application servers to access MySQL database”</li></ol></li><li>Configure On-Premises Connectivity<ol><li>Direction: Incoming</li><li>Policy Type: ON-PREM -&gt; SSA (if connecting to on-premises systems)</li><li>Sources: On-premises network range</li><li>Destinations: Database servers</li><li>Services: Custom protocol/port if needed</li><li>Description: "Allow on-premises systems to access cloud databases"</li></ol></li></ol>&nbsp;<h4>Step 7: Test and Validate Configuration</h4><ol style="list-style-type:decimal;"><li>Verify Rule Creation<ol><li>Confirm all allow rules appear in firewall rules list</li><li>Check rule parameters match intended configuration</li><li>Validate policy types correctly reflect network architecture &nbsp;</li></ol></li></ol><h3>General Bridge Gateway Creation Summary</h3>&nbsp;For All Use Cases:<ol style="list-style-type:decimal;"><li>Planning and Prerequisites - Assess network requirements, security policies, and define necessary allow rules for deny-by-default architecture</li><li>Gateway Provisioning - Configure basic settings and review automatic network assignments for accuracy</li><li>Firewall Configuration - Implement explicit allow rules following least-privilege principles within deny-by-default security model</li><li>Validation and Testing - Confirm gateway functionality, verify only authorized traffic flows are permitted through allow rules</li></ol>&nbsp;Important Notes:<ul style="list-style-type:disc;"><li>Bridge Gateway uses deny-by-default security model - only configure allow rules for required traffic</li><li>Firewall rule changes take effect immediately without service interruption</li><li>Contact technical support for assistance with complex multi-gateway architectures or compliance requirements</li></ul>&nbsp;<h2>Related Documentation</h2><h3>Configuration and Setup</h3><ul style="list-style-type:disc;"><li><a href="https://docs.cloud.site.sa/MyCloudPortal/bare-metal" target="_blank" rel="noopener noreferrer">Bare Metal Server User Guide</a> - Complete guide for requesting and managing bare metal servers</li><li><a href="https://docs.cloud.site.sa/MyCloudPortal/firewall-rules" target="_blank" rel="noopener noreferrer">Firewall Rules Reference</a> - Advanced firewall configuration options and rule syntax</li></ul>

Bridge Gateway

<h2>Introduction</h2>The Bare Metal Server service provides dedicated physical servers through a request-based provisioning workflow. This service delivers full hardware control and maximum performance for applications that require direct access to physical resources without virtualization overhead.Unlike virtualized infrastructure that shares resources, our Bare Metal Servers ensure complete hardware isolation with dedicated CPU, memory, storage, and network resources while integrating seamlessly with your cloud infrastructure through Bridge Gateway connectivity.&nbsp;<h3>Key Features</h3><h4>&nbsp;</h4><h4>Performance and Control</h4><ul style="list-style-type:disc;"><li>Dedicated Hardware Access: Full control over physical server resources without virtualization overhead or resource sharing</li><li>Maximum Performance: Direct hardware access for compute-intensive workloads requiring optimal performance</li><li>Custom Hardware Configurations: Choose from various CPU, memory, OS storage, and network specifications to match workload requirements</li><li>GPU-Enabled Hardware: Select your preferred setup from our various GPU configurations, built-in within our hardware.</li><li>Rack Space Rental: Rent dedicated rack space by rack units (RU) for custom hardware deployment (Bring Your Own) and colocation requirements</li></ul>&nbsp;<h4>Integration and Connectivity</h4><ul style="list-style-type:disc;"><li>Bridge Gateway Integration: Seamless connection to existing cloud infrastructure through automated network bridging</li><li>Hybrid Cloud Architecture: Combine bare metal performance with cloud flexibility for comprehensive infrastructure solutions</li><li>Network Isolation: Maintain security boundaries while enabling controlled connectivity to cloud services</li></ul><h4>&nbsp;</h4><h4>Operational Management</h4><ul style="list-style-type:disc;"><li>Request-Based Provisioning: Professional installation and configuration handled by expert operations team</li><li>Status Monitoring: Real-time visibility into server status, power state, and connectivity information</li><li>Lifecycle Management: Complete server lifecycle support from provisioning through decommissioning</li></ul><h3>&nbsp;</h3><h3>Common Use Cases</h3><h4>&nbsp;</h4><h4>High-Performance Computing</h4><ul style="list-style-type:disc;"><li>Database Workloads: Mission-critical databases requiring maximum I/O performance and dedicated resources</li><li>Compute-Intensive Applications: Scientific computing, financial modeling, and analytics requiring sustained high performance</li><li>GPU Computing: Machine learning, AI training, and graphics processing workloads requiring dedicated GPU resources</li><li>Real-Time Processing: Applications with strict latency requirements and consistent performance needs</li></ul><h4>&nbsp;</h4><h4>Legacy System Integration</h4><ul style="list-style-type:disc;"><li>Application Migration: Modernize legacy applications while maintaining performance characteristics of physical infrastructure</li><li>Compliance Requirements: Meet regulatory requirements for physical isolation while enabling cloud connectivity</li><li>Specialized Software: Run applications that require specific hardware configurations or cannot operate in virtualized environments</li><li>Hardware-Dependent Systems: Support systems requiring direct hardware access for licensing or performance reasons</li><li>Custom Equipment Deployment: Deploy customer-owned hardware in rented rack space for specialized requirements and legacy system integration</li></ul><h4>&nbsp;</h4><h4>Enterprise Workloads</h4><ul style="list-style-type:disc;"><li>Production Databases: Oracle, SQL Server, and other enterprise databases requiring dedicated resources and optimal performance</li><li>ERP Systems: SAP, Oracle ERP, and other mission-critical business applications requiring consistent performance</li><li>Custom Hypervisor Platforms: Deploy specialized virtualization platforms like OpenShift by Red Hat, VMware vSphere, or Proxmox requiring direct hardware control</li><li>Development Environments: Provide development teams with dedicated resources matching production infrastructure</li></ul><h2>&nbsp;</h2><h2>Getting Started</h2><h3>&nbsp;</h3><h3>Basic Bare Metal Server Request for Database Workload</h3>This example demonstrates requesting your first bare metal server for a production database environment. You'll learn how to select appropriate hardware specifications, connect to an existing Bridge Gateway, and understand the provisioning workflow from request through activation.<h4>&nbsp;</h4><h4>Step 1: Prerequisites and Planning</h4>&nbsp;Scenario: Your organization needs to migrate a mission-critical PostgreSQL database from a virtualized environment to dedicated hardware for improved performance and compliance requirements. The database serves a high-traffic web application requiring consistent low-latency responses.&nbsp;Requirements Analysis:<ul style="list-style-type:disc;"><li>Performance Requirements: High-performance database workload requiring dedicated CPU and memory resources</li><li>Hardware Requirements: Minimum 32 CPU cores, 128GB RAM, OS Storage 480GB NVMe SSD with additional storage 2TB NVMe SSD for optimal database performance</li><li>Network Requirements: Connection to existing application infrastructure through Bridge Gateway integration</li><li>Provisioning Requirements: Request-based provisioning handled by professional operations team</li></ul>&nbsp;Resource Prerequisites:<ul style="list-style-type:disc;"><li>Active Bridge Gateway already created and operational (required before bare metal request)</li><li>Documented hardware specifications matching database performance requirements</li><li>Network architecture planning including IP address assignments and connectivity requirements</li><li>Cloud Support coordination for installation scheduling and access requirements</li></ul><h4>&nbsp;</h4><h4>Step 2: Navigate to Bare Metal Request</h4><ol style="list-style-type:decimal;"><li>Access Bare Metal Section<ol><li>Log into the Cloud Portal</li><li>Navigate to Compute → Bare Metals</li><li>Verify you see the Bare Metal listing page with available actions</li></ol></li><li>Initiate Server Request<ol><li>Click the Request Bare Metal button</li><li>Confirm you see the bare metal request form</li><li>Verify prerequisite check shows at least one active Bridge Gateway</li></ol></li></ol><h4>&nbsp;</h4><h4>Step 3: Configure Hardware Specifications</h4><ol style="list-style-type:decimal;"><li>Select Server Configuration<ol><li>Size: Choose "Standard" from available configurations</li></ol></li><li>Network Configuration<ol><li>Bridge Gateway: Select your existing active Bridge Gateway from dropdown</li><li>IP Assignment: Review planned IP address allocation within Bridge Gateway subnet</li></ol></li></ol><h4>&nbsp;</h4><h4>Step 4: Specify Operational Requirements</h4><ol style="list-style-type:decimal;"><li>Installation Details<ol><li>Configuration Notes: Document any specific configuration requirements for Cloud Support in the description field. For example, specifying a preferred OS (Ubuntu 24.04 LTS, RHEL 10, Windows Server 2025), or requesting additional storage to the existing OS storage.</li></ol></li></ol><h4>&nbsp;</h4><h4>Step 5: Review and Submit Request</h4><ol style="list-style-type:decimal;"><li>Configuration Review<ol><li>Hardware Summary: Verify all specifications match requirements</li><li>Cost and Provisioning Confirmation<ol><li>Review estimated costs for hardware configuration from Cloud Calculator</li><li>Confirm understanding of request-based provisioning process</li><li>Verify all requirements are clearly documented for our team</li></ol></li></ol></li></ol><h4>&nbsp;</h4><h4>Step 6: Submit and Track Request</h4><ol style="list-style-type:decimal;"><li>Request Submission<ol><li>Click Submit Request to initiate provisioning workflow</li><li>A ticket will be created in Cloud Support Portal for tracking and communication with our Cloud Support team</li><li>Confirm request appears in Bare Metal listing with "Pending Provisioning" status</li></ol></li><li>Monitor Request Status<ol><li>Track request progress through status updates&nbsp;</li><li>Pending Provisioning: Request being analyzed, in which physical hardware installation and configuration will start after</li><li>Active: Installation complete, awaiting activation</li></ol></li></ol><h4>&nbsp;</h4><h4>Step 7: Activation and Validation</h4><ol style="list-style-type:decimal;"><li>Cloud Support Coordination<ol><li>Operations team handles physical installation and basic configuration</li><li>Network connectivity established with specified Bridge Gateway</li><li>Operating system installation and initial security configuration completed</li></ol></li><li>Server Activation<ol><li>Operations team activates server after successful installation validation</li><li>Status changes to "Active" with billing initiation</li><li>Server appears in listing with status information</li></ol></li><li>Connectivity Validation<ol><li>Verify server connectivity through Bridge Gateway integration</li><li>Confirm network access matches planned architecture</li></ol></li></ol>&nbsp;&nbsp;<h3>General Bare Metal Request Summary</h3>&nbsp;For All Use Cases:<ol style="list-style-type:decimal;"><li>Prerequisites Validation - Ensure active Bridge Gateway exists and hardware requirements are documented</li><li>Hardware Selection - Choose appropriate specifications based on workload requirements and performance needs</li><li>Network Integration - Plan connectivity through Bridge Gateway integration and network architecture</li><li>Request Submission - Submit detailed hardware and configuration requirements to Cloud Support</li><li>Installation Coordination - Work with operations team throughout provisioning timeline</li><li>Activation and Validation - Verify server functionality and integration after professional installation</li></ol>&nbsp;Important Notes:<ul style="list-style-type:disc;"><li>Bare Metal Server requests require at least one active Bridge Gateway before submission</li><li>Physical hardware provisioning is handled through request-based workflow with Cloud Support coordination</li><li>Specialized hardware (GPUs, high-memory configurations) may require additional coordination and validation</li><li>Operations team handles all physical installation, basic configuration, and initial connectivity setup</li><li>Server activation initiates billing and transitions server to customer management responsibility</li></ul>&nbsp;<h2>Related Documentation</h2><h3>Configuration and Setup</h3><ul style="list-style-type:disc;"><li><a href="https://docs.cloud.site.sa/MyCloudPortal/bridge-gateway" target="_blank" rel="noopener noreferrer">Bridge Gateway User Guide</a> - Complete guide for creating and managing Bridge Gateways required for bare metal connectivity</li></ul>

Bare Metal

<h2 style="margin-left:0px;">Introduction</h2>Welcome to the SITE Ray Onboarding Guide. This guide is designed to help you get started with SITE Ray, our premier online collaboration and meeting platform. Whether you are a new user or an experienced team member, this guide provides essential information to ensure a smooth and efficient onboarding process.For detailed navigation and usage instructions, please refer to the <a href="https://docs.cloud.site.sa/SITERay">SITE Ray User Guide</a>.<h2 style="margin-left:0px;"> How to Login &amp; Use</h2><ul style="list-style-type:disc;"><li>Access the platform at: <a href="https://xxx.ray.sa/">https://xxx.ray.sa</a></li><li>Sign in using your organization email (e.g., <a href="mailto:user@organization.sa">user@organization.sa</a>)</li><li>A one-time password (OTP) will be sent to your inbox for verification</li><li>Optional: ADFS Single Sign-On (SSO) with MFA is supported upon request</li></ul><h2 style="margin-left:0px;">&nbsp;</h2><h2 style="margin-left:0px;">Ray Applications and Accessibility</h2>The service is also accessible via mobile applications:&nbsp;<a href="http://apps.apple.com/sa/app/site-ray/id1603047613"><img src="https://ray.sa/img/apple_store.svg"></a>&nbsp; <a href="https://play.google.com/store/apps/details?id=sa.site.SITEBEAM"><img src="https://ray.sa/img/google_play.svg"></a>&nbsp;<ul style="list-style-type:disc;"><li>Admin Portal Access: Can be granted upon request for managing users and settings.</li><li>Outlook Integration Plugin: Available upon request to enable calendar and meeting scheduling integration.</li></ul><h2>&nbsp;</h2><h2 style="margin-left:0px;">Firewall and Communication Requirements</h2>To ensure uninterrupted access and a seamless experience, please apply the following configurations:<figure class="table" style="width:853.354px;"><table style="background-color:rgb(255, 255, 255);"><thead><tr><th style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">IPs/Domains</th><th style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">Ports</th><th style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">Affected Controls for End-Users</th></tr></thead><tbody><tr><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">176.105.148.217</td><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">443 TCP</td><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;" rowspan="5">Endpoint management, networking devices, firewalls, proxy, any inspection services that may impact real-time applications (streaming and conferencing)&nbsp;&nbsp;&nbsp;</td></tr><tr><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">176.105.148.218</td><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">20000 to 50000 UDP/TCP</td></tr><tr><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">176.105.149.38</td><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">TCP/443 &amp; UDP/5394 &amp; UDP/3478</td></tr><tr><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">176.105.148.221</td><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">TCP/443 &amp; UDP/5394 &amp; UDP/3478</td></tr><tr><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">*.<a href="http://ray.sa/">ray.sa</a></td><td style="border:1px solid rgba(9, 30, 66, 0.14);padding:7px 10px;vertical-align:top;">Whitelist on Corporate firewall / polices</td></tr></tbody></table></figure><h2 style="margin-left:0px;">Client ADFS Integration Requirements</h2>The provisioning allows three authentication methods; namely Email OTP, SITE SSO, and Custom SSO. For a client that requires Custom SSO having their own AD integrated to their provisioned instance, following are the directions required:<ul style="list-style-type:circle;"><li>Provide ADFS Certificate file [.cer]</li><li>Provide (LS) endpoint URL</li><li>On your ADFS Configuration of Relying Party Trusts, on its properties:<ul style="list-style-type:circle;"><li>Add/Edit Identifier:<ul style="list-style-type:square;"><li>https://&lt;tenant_subdomain&gt;.<a href="http://meet.sa/_saml/metadata.xml">ray.sa/_saml/metadata.xml</a></li></ul></li><li>Add/Edit Endpoint:<ul style="list-style-type:square;"><li>https://&lt;tenant_subdomain&gt;.<a href="http://meet.sa/_saml/metadata.xml">ray.sa/_saml/metadata.xml</a><ul style="list-style-type:disc;"><li>as POST, preferably index 0</li></ul></li><li>https://&lt;tenant_subdomain&gt;.<a href="http://meet.sa/_saml/metadata.xml">ray.sa/_saml/metadata.xml</a><ul style="list-style-type:disc;"><li>as Redirect, preferably index 1</li></ul></li><li>In Edit Claim Issuance Policy:<ul style="list-style-type:disc;"><li>Two rules are needed:<ul style="list-style-type:circle;"><li>Send Claims Using a Custom Rule Claim rule name: LDAP</li></ul></li></ul></li></ul></li></ul></li></ul>c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] =&gt; issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"), query = ";mail,givenName,sn,userPrincipalName,sAMAccountName;{0}", param = c.Value); <a href="https://chat.site.sa/site/messages/@c.ahussain"><img src="https://confluence.sitco.sa/download/attachments/354554208/Screen%20Shot%202025-10-13%20at%2012.03.45%20PM.png?version=1&amp;modificationDate=1760346283165&amp;api=v2" alt=""></a><img class="image_resized" style="width:1.9%;" src="/uploads/Screen_Shot_2025_10_13_at_1_32_15_PM_22844044f1.png"><ul style="list-style-type:circle;"><li>&nbsp;Transform an Incoming Claim</li></ul>&nbsp;&nbsp;<img src="/uploads/Screen_Shot_2025_10_13_at_12_00_05_PM_eb500d94db.png"><img src="https://confluence.sitco.sa/download/thumbnails/354554208/Screen%20Shot%202025-10-13%20at%2012.00.05%20PM.png?version=1&amp;modificationDate=1760346263736&amp;api=v2" alt="">&nbsp;&nbsp;&nbsp;<h2 style="margin-left:0px;">How to Get Support</h2>For assistance, you may reach out via any of the following channels:<ul style="list-style-type:disc;"><li>Phone: +966 11 813 1100</li><li>Email: <a href="mailto:support@site.sa">support@site.sa</a></li><li>Support Portal: <a href="http://support.cloud.site.sa/">support.cloud.site.sa</a></li><li>User Guide for Support: <a href="https://docs.cloud.site.sa/Support/User-Manual">https://docs.cloud.site.sa/Support/User-Manual</a></li></ul>

SITE Ray - Onboarding Guide

<h3>Definition&nbsp;</h3>A virtual machine (VM) is a digital version of a physical computer, and fundamentally a virtualization emulation of a computer system. VMs can run programs and operating systems, store data, connect to networks, and do other computing functions. VMs offer several advantages over physical machines, they are more scalable, flexible, and easy to manage and maintain.<h3>Built in Add-ons:</h3><ul><li>Encryption at Rest: Protects stored data by encrypting it when not in use, ensuring security even if unauthorized access occurs.</li><li>Hardening: Secures VMs by disabling unnecessary services, closing ports, and applying security patches to reduce vulnerabilities.</li><li>EDR (Endpoint Detection and Response): Detects and responds to suspicious activities, enabling quick analysis and threat resolution.</li><li>EPP (Endpoint Protection Platform): Prevents threats like malware and ransomware with continuous monitoring and real-time protection.</li></ul>Note: The above are sample of many add-ons, and they are not limited to these examples.<h3>Prerequisites:</h3><ol><li>Business group</li><li>Environment</li><li>Subnet&nbsp;</li></ol><h3>Step-by-Step Guide</h3>1- Navigation to Virtual Machines<ul><li>Access Through Compute Section: On the side menu, through Compute section select “Virtual Machine”</li></ul>2- Create A Virtual Machine&nbsp;<ul><li>Click on "Create" to create a new VM&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_1_fcf8287d54.png"></figure><ul><li>Operating System: Choose the OS of the VM from the Available options</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_2_231a0d16f0.png"></figure><ol style="list-style-type:decimal;"><li>VM Type: Choose the type of the VM (General Purpose, CPU Optimizes, Memory Optimized, or GPU Optimized)</li><li>T-Shirt Size: Choose the CPU and Memory size from the available pre-defined sizes.</li></ol><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_3_edc825bd6d.png"></figure>Fill in the required Virtual Machine details:<ol style="list-style-type:decimal;"><li>Tenant&nbsp;</li><li>Business Group (BG): BGs are used for managing your environment, it can be used to organize VMs and subnets based on uses, projects, etc..</li><li>Region: Choose the location (Riyadh, or Jeddah).</li><li>Environment: Choose the proffered Environment.</li><li>VPC: There are two zones, High Security Assurance (HSA), and Standard. Security Assurance (SSA). HSA is highly secured and cannot have access to or from the internet, and SSA can have internet access.</li><li>Subnet: chooses the preferred subnet from the available subnets in the chosen BG and environment.</li><li>Virtual Machine Specifications: Fill in the new VM name and password (Complexity requirements can be found once you click on password field).</li><li>Storage: Select the preferred capacity of the VM's main storage/disk, additional storage/disks can be added after the VM gets created.</li><li>Backup Configuration: Choose “Backup Repository” to store your backup in with your preferred “Backup Regime”.</li><li>Advanced Options:</li></ol><ul><li>Specifying Private IP: You can select specific private IP for this Virtual Machine or use the next available IP.</li><li>Custom Scripts (Optional): You can add custom scripts that will directly execute after VM creation (either using Bash or PowerShell). DISCLAIMER: You are fully responsible for the scripts you want to execute, which may or may not cause an issue with the virtual machine.</li></ul>Press "Submit" to start creating a Virtual Machine&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_4_6390d893a9.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_5_7c9966889e.png"></figure>&nbsp;<ul><li>To view the progress of your request, click on “Request List” in the top right corner. Once the creation request is completed, your new virtual machine will appear in the “Virtual Machine” tab</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_6_6e18f9ecce.png"></figure><ul><li>After the VM has been created, you can click on it to view its details.</li></ul>&nbsp;3- Access your VM<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_7_f8ae910652.png"></figure>You have three approaches to access your VM:1- Direct Link is a physical cable connection from your Organization directly to your VM, providing the safest way to access your VM2- Light PAM is the recommended approach, as it provides a safer way to access your VM through a Jump Server, If you need a step-by step guide, click the following link: <a href="https://docs.cloud.site.sa/MyCloudPortal/article-20" target="_blank" rel="noopener noreferrer">Light PAM</a>3- Access Through Public IP is not recommended as it poses a security risk, allowing access to your VM through the internet. If you still want to proceed and need a step-by-step guide, click the following link: <a href="https://docs.cloud.site.sa/MyCloudPortal/how-to-assign-i-ps-from-cloud-portal" target="_blank" rel="noopener noreferrer">How to Assign IPs from Cloud Portal</a>3.1- Access Through Public IP&nbsp;<ul><li>Firewall Rule: Make sure you have the necessary firewall rule set up, because firewall rules have a default of denying access until given a rule to access.</li><li>For More Info click the following guide: <a href="https://docs.cloud.site.sa/MyCloudPortal/firewall-rules" target="_blank" rel="noopener noreferrer">Firewall Rules</a><ul style="list-style-type:circle;"><li>Incoming traffic</li><li>RDP (tcp/3389) for remote desktop access</li></ul></li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VM_8_bf5a835dbf.png"></figure>3.1.1 - If your VM is operating in Windows OS&nbsp;<ul><li>Go to “Remote Desktop Connection” on you computer&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_3_6_e6c2753c28.png"></figure>&nbsp;<ul><li>For Computer, type your VM public IP&nbsp;</li><li>For User Name, type “Administrator”</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_1_9_7147a18641.png"></figure><ul><li>Last step, input the same password for the VM that you set during its creation</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_2_2_f1684450d4.png"></figure>3.1.2 - If your VM operates in an open source operating systems&nbsp;<ul><li>Go to “Command Prompt (Terminal)” on you computer&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Annotation_2024_10_09_115037_4dccd2b5bf.png"></figure><ul><li>Create a firewall rule as follows, Incoming, NET → SSA, Destination (you VM's public IP), SSH protocol.</li><li>Type the following command: ssh root@"your public IP" and press Enter.</li><li>Next, enter your VM password and press Enter again to log in to your VM</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_5_2_dd3e660160.png"></figure>3.2.1 - Access through a direct link&nbsp;You have to create a firewall rule as follows, &nbsp;Incoming, MAN → SSA, Destination (you VM's private IP), SSH protocol.&nbsp;<ul><li>for Windows OS access through “Remote Connect Desktop” by you VM private IP (Point 3.1.1)</li><li>for open source OS access through “Command Prompt” by your VM private IP (Point 3.1.2)</li></ul>&nbsp;

Virtual Machine 

<h4>Here you have a steps to operate your request details and you can making the decision to accept or delete.</h4><img src="https://cms.cloud.site.sa/docs/uploads/Support_ID_0fe08e56d2.jpg" alt="Support ID.jpg">1- Login to Cloud Portal.2- Dashboard bar menu.3- Click WAF under security section.<img src="https://cms.cloud.site.sa/docs/uploads/WAF_1d08f9656b.jpg" alt="WAF.jpg">4- Blocking Event.<img src="https://cms.cloud.site.sa/docs/uploads/Blocking_Event_c56b17a8e0.jpg" alt="Blocking Event.jpg">5- Your information (Tenant - Business Group - Environment - Support ID).<img src="https://cms.cloud.site.sa/docs/uploads/View_d447b75df6.JPG" alt="View.JPG">6- Click Submit.<img src="https://cms.cloud.site.sa/docs/uploads/Submit_688ea037d0.JPG" alt="Submit.JPG">7- You can operate your request to Accept or Delete and Export or Copy.<img src="https://cms.cloud.site.sa/docs/uploads/Acc_Dele_13de9ab1e5.jpg" alt="AccDele.jpg">

How to operate request rejected?

The ISO/IEC 27000 family of standards provides a framework for information security policies and procedures, including legal, physical, and technical controls involved in an organization's risk management processes.ISO/IEC 27001 is an information security standard that specifies requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). It includes requirements for documentation, management responsibilities, internal audits, corrective actions, and more. Certification helps organizations comply with regulatory and legal requirements related to information security.SITE Cloud undergoes regular independent third-party audits to maintain compliance with ISO/IEC 27001.<h4>SITE Cloud and ISO/IEC 27001</h4>SITE Cloud has achieved ISO/IEC 27001 certification for its information security management system (ISMS).The SITE Cloud ISO/IEC 27001 certificate and audit reports demonstrate compliance and provide details on the audit scope.Clients can use SITE Cloud's ISO/IEC 27001 certification to support compliance for their own systems and services built on SITE Cloud.<h4>Scope of Certification</h4>The SITE Cloud ISO/IEC 27001 certification applies to the following in-scope cloud services:<ul><li>Cloud Virtual Datacenter(VDC)</li><li>Cloud Disaster Recovery</li><li>Cloud Managed IT</li><li>Cloud Managed IT SME</li></ul><h4>Audit Certificates</h4><ul><li>The SITE Cloud ISO/IEC 27001 certificate is available to clients upon request through SITE Cloud Support Portal.</li></ul>&nbsp;<h4>Frequently Asked Questions: &nbsp;</h4><h4>Why is ISO/IEC 27001 important?</h4>Compliance demonstrates that SITE Cloud follows best practices for information security, validated by an accredited third-party auditor. This provides assurance to clients that data is appropriately protected.<h4>Can I use SITE Cloud's certification for my own ISO/IEC 27001 compliance?</h4>Yes, SITE Cloud's ISO/IEC 27001 certification can be used to support compliance for customer systems and services built on the SITE Cloud platform. However, customers are responsible for compliance of their own implementation and internal controls.<h4>What resources does SITE Cloud provide to assist with compliance?</h4>In addition to making audit certificates available, SITE Cloud provides compliance documentation within SITE Cloud Docs portal to help clients to meet compliance requirements.

ISO/IEC 27001 - SITE Cloud Compliance

<h3>Mail Gateway</h3><h4>Definition</h4>A Mail Gateway is a type of email server that serves as a protective barrier between an organization's internal email servers and external networks. Every incoming and outgoing email pass through the mail gateway, where it is inspected and filtered for potentially malicious content, such as spam or malware. This server is designed to analyze large volumes of email flow to identify and block harmful messages, ensuring the security and integrity of the organization's email communication.<h4>Features</h4><ul><li>Changes History: Ability to track and view the history of any changes on the mail gateway via SITE portal.</li><li>Managing Whitelist Senders: Ability to add or remove email addresses or IP addresses to be whitelisted.</li><li>Managing Blacklist Senders: Ability to add or remove email addresses or IP addresses to be blacklisted.</li><li>Release Personal Quarantine Emails: Ability to search for any personal quarantine email and take action to release the email.</li><li>Generate a Key Selector for DKIM Record: Ability, when creating a new domain, to generate a key selector for the new domain to be added to the DKIM[1] record.</li><li>Create New Domain: Ability to create a new domain or add additional domains to the mail gateway.</li></ul><h4>Use Cases</h4><ul><li>Email Encryption: Encrypting email communications to ensure that sensitive information remains secure during transmission.</li><li>Data Loss Prevention: Monitoring and blocking emails containing sensitive or confidential information from being sent outside the organization.</li><li>Malware Protection: Scanning incoming and outgoing emails for malicious attachments or links, helping to prevent malware infections.</li><li>Spam Filtering: Filtering out unwanted spam emails to protect users from unnecessary and potentially harmful messages.</li></ul><h4>Prerequisites</h4><ul><li>To create a new domain, the MX[2] record must be mapped to SITE Cloud MX records.</li><li>To create a new domain, an incoming rule must be established from Mail Gateway IPs to Mail Server VM/LB[3] IPs.</li><li>To create a new domain, an outgoing rule must be established from Mail Gateway IPs to Mail Server VM/LB[3] IPs.</li></ul><h3 style="margin-left:0px;">Step-by-Step Guide&nbsp;</h3><h3>Navigation to Mail Gateway&nbsp;</h3><ul><li>Access Through Security Section: On the side menu, through security section select “Mail Gateway”.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_1_6_1b09ac7fe0.png"></figure><h4>Access Domain</h4>&nbsp;Existing Domain: If there is already registered domain, the settings can be accessed by clicking on the domain name, which will be directed to the domain management interface.<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_1_7_9984ba40ed.png"></figure>&nbsp;Create a New Domain: Click on “Create”, fill in the required information, and then &nbsp; &nbsp;press “Submit”.<ul><li>&nbsp; &nbsp; Choose your Tenant&nbsp;</li><li>&nbsp; &nbsp; Choose the Business Group for the new domain&nbsp;</li><li>&nbsp; &nbsp; Select the range for the number of users &nbsp;</li><li>&nbsp; &nbsp; Enter your new domain&nbsp;</li><li>&nbsp; &nbsp; Add a description&nbsp;</li><li>&nbsp; &nbsp; Enter your Primary SMTP[4] server IPs for inbound emails&nbsp;</li><li>&nbsp; &nbsp; Enter your Secondary SMTP[4] server IPs for inbound emails&nbsp;</li><li>&nbsp; &nbsp; Enter your allowed SMTP[4] sever IPs list that allowed to be accepted to send from your domain for outbound emails&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_2_8_92ee02e9b9.png"></figure><h3>Generate Key Selector for DKIM Record&nbsp;</h3><ul><li>Click on the New domain that you have created from list of domains (Point 2.1)</li><li>Click on "DKIM"[1] tab and then "Create"</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_3_5_28d53cc3e5.png"></figure><ul><li>Type a name for your key selector, and press “Submit”&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_4_3_f59e07cde1.png"></figure><ul><li>From the three dots click on “Activate DKIM file”, and confirm that you generated key selector&nbsp;</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_5_3_b4bb51a6d6.png"></figure><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_6_1_177138f749.png"></figure><ul><li>You can download the new DKIM[1] by clicking on the three dots and "Download DKIM" and add it to the client DNS record</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_7_3_0944c5a7d8.png"></figure><hr><h3>Manage Quarantine Policies</h3>This describes two key features related to email security and user-quarantine. These features designed to give both administrators and end-user control over emails that has been flagged as suspected spam, phishing, or malicious content.Navigation Path<ul><li>Go to Mail Gateway</li><li>Select the appropriate Domain</li><li>Click the Policies tab</li><li>Navigate to the Resources section</li></ul><h4>Send Quarantine Report</h4>Sends quarantine reports to recipients. These reports include only emails found in the User Quarantine.<figure class="image image_resized" style="width:83.74%;"><img src="https://cms.cloud.site.sa/docs/uploads/q1_0a6175e050.PNG"></figure>Enabled<ul><li>If Send Quarantine Report is enabled, the user will receive an email containing their quarantine report.</li></ul><figure class="image image_resized" style="width:84.38%;"><img src="https://cms.cloud.site.sa/docs/uploads/q2_7bfd34986c.PNG"></figure>Disabled<ul><li>If Send Quarantine Report is disabled, the user will not receive any email regarding the quarantine report</li></ul><h4>Email Release</h4>Adds the option to release quarantined emails within the quarantine report. This is only for emails in User-Quarantine.<figure class="image image_resized" style="width:77.66%;"><img src="https://cms.cloud.site.sa/docs/uploads/q3_63778ef472.PNG"></figure>Enabled<ul><li>If Send Quarantine Report is enabled, then only Email Release can be enabled, and users will be able to release emails directly from the quarantine report.</li></ul><figure class="image image_resized" style="width:77.98%;"><img src="https://cms.cloud.site.sa/docs/uploads/q4_fc04990510.PNG"></figure>Disabled<ul><li>If Send Quarantine Report is enabled but Email Release is disabled, users will receive the report but will not be able to release emails from it.</li></ul><figure class="image image_resized" style="width:77.6%;"><img src="https://cms.cloud.site.sa/docs/uploads/q5_b3fa84fc9f.PNG"></figure><ul><li>If Send Quarantine Report is disabled, Email Release will be disabled by default, and users will not receive the report or be able to release any emails.&nbsp;</li></ul>For further to know about Quarantine Email Mangement ref - <a href="https://docs.cloud.site.sa/MyCloudPortal/Quarantine-Email-Management" target="_blank" rel="noopener noreferrer">Click here&nbsp;</a><hr><h3>Release Personal Quarantine Emails&nbsp;</h3><ul><li>From tabs click “Quarantine Emails”</li><li>Type the email address to view the quarantined emails</li><li>Once the quarantine emails are listed, select which email you would like to release, check the boxes on the right of the email</li><li>Click "Release"</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_8_1_e43f303ab3.png"></figure><h3>Managing Blacklist Senders&nbsp;</h3><ul><li>From tabs click on “Blacklist”</li><li>Click on “Add Policy” for policies creation</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_10_3_0a5aa1c7b4.png"></figure><ul><li>Select the type of blocking either email address or IP address&nbsp;</li><li>Enter the email address or IP address&nbsp;</li><li>Example for blocking domain ( *@test.sa )&nbsp;</li><li>Example for blocking email address ( test1@test.sa )&nbsp;</li><li>Example for blocking IP address ( 192.168.1.1 )&nbsp;</li><li>Write comment for reference for the blocking</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_11_3_94ca7042ff.png"></figure><h3>Managing Whitelist Senders</h3><ul><li>From tabs click on “Whitelist”</li><li>Click on “Add Policy” for policies creation</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_12_2_c7af5e993d.png"></figure><ul><li>Select the type of whitelisting, either email address or IP address&nbsp;</li><li>Enter the email address or IP address</li></ul>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Example for whitelisting domain ( *@test.sa )&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Example for whitelisting email address ( test1@test.sa )&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Example for whitelisting IP address ( 192.168.1.1 )&nbsp;<ul><li>Write comment for reference for the whitelisting</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_13_1_2b6ca4225e.png"></figure><h3>Track Updates and Modifications&nbsp;</h3><ul><li>From the tab click on History and you will see all the changes that have been made</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_14_2_a5cfb8a21a.png"></figure><h3>Glossary</h3>[1] DKIM: DomainKeys Identified Mail, is an email authentication method that uses a digital signature to verify the legitimacy of an email's sender.&nbsp;[2] MX Record: Based on&nbsp;its value, it will directs emails to the specified mail server/gateway, such as SITE Mail Gateway in this case.[3] LB: Load Balancer, distributes incoming network traffic across multiple servers to ensure efficient utilization, maximize availability, and enhance application performance. &nbsp;[4] SMTP: Simple Mail Transfer Protocol, is an internet standard for transmitting electronic mail between servers and other message transfer agents.

Mail Gateway

<h2>What is Billing System?</h2>A Cloud Billing Portal is a system that enables users to manage and track costs associated with cloud services and products provided by SITE. It generates detailed usage reports, automates billing processes, manages user accounts, and ensures accurate invoicing based on resource consumption, helping organizations gain transparency into their cloud spending and make informed financial decisions. The platform also features a real-time dashboard, contact information for support, contract management, credit tracking, and excluded resource tracking, giving users full control and visibility over &nbsp;&nbsp;<h3>Features:&nbsp;</h3><ul><li>Cost Forecasting: Use predictive analytics to forecast future expenses based on historical usage, improving budget planning accuracy.</li><li>Cost Allocation: Easily allocate costs to departments, projects, or teams, helping you track spending and optimize budgets.</li><li>Real-Time Monitoring: Access real-time data on cloud usage and costs, allowing you to adjust resources and avoid unexpected charges.&nbsp;</li></ul><hr><h2>Billing Profile Guide</h2>&nbsp;<h3 style="margin-left:0px;">1.1 Main Page</h3>Upon logging into the billing portal, you will have immediate access to your profile page, where you can directly view your billing details, invoices, and account information.&nbsp;&nbsp;<h3 style="margin-left:0px;">1.2 Navigation Menu</h3>In your profile, the navigation menu is located on the left side, allowing for easy navigation between different pages. Each page has a specific function.&nbsp;Click on the Page name to direct you to the guide.&nbsp;1.2.1 <a href="https://docs.cloud.site.sa/billing/article-28" target="_blank" rel="noopener noreferrer">Dashboard</a>1.2.2 <a href="https://docs.cloud.site.sa/billing/article-29" target="_blank" rel="noopener noreferrer">Contact Information</a>&nbsp;1.2.3 <a href="https://docs.cloud.site.sa/billing/article-30" target="_blank" rel="noopener noreferrer">Consumption Report</a>1.2.4 <a href="https://docs.cloud.site.sa/billing/article-31" target="_blank" rel="noopener noreferrer">Contracts</a>&nbsp;1.2.5 <a href="https://docs.cloud.site.sa/billing/article-32" target="_blank" rel="noopener noreferrer">Credit</a>&nbsp;1.2.6 <a href="https://docs.cloud.site.sa/billing/article-34" target="_blank" rel="noopener noreferrer">Excluded Recourses</a>&nbsp;<hr><h2>&nbsp;</h2><h3>For further support, please raise a ticket through our <a href="https://support.cloud.site.sa/" target="_blank" rel="noopener noreferrer">support portal</a></h3>&nbsp;

Cloud Billing 

<h2>Billing Dashboard</h2>The Billing Dashboard serves as the main page where key information related to your account is displayed. It offers an overview of your account's credits, usage, and remaining balance, while also providing detailed statistics and a visual chart to help you track your consumption over time.&nbsp;&nbsp;<h3>Dashboard's Key Points</h3><ul><li>Customer Information: Displays customer name, short name, tenant info, business group (BG), and a details section.</li><li>Modification History: Shows the last modification made by a specific person, including the date of the change.</li><li>Total Credits: Reflects the total contract value or the amount available for use.</li><li>Consumption: Indicates the amount of credits used since the project started.</li><li>Remaining Credits: Shows the credits you still have available.</li><li>Monthly Statistics:<ul style="list-style-type:circle;"><li>Current month’s bill: Total billed amount for services used this month.</li><li>Usage for the current month: Credits consumed so far, tracking your budget usage.</li><li>Estimated bill: Projected bill based on set monthly limits to manage costs.</li><li>Remaining balance: Credits left for use before reaching your limit.</li></ul></li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Group_9_1_9fc10fead5.png"></figure><ul><li>Consumption Chart: Visual representation of your usage over time for easy tracking.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Consumption_chart_69ff8b6886.png"></figure>&nbsp;&nbsp;&nbsp;

Billing Dashboard

<h2>Introduction</h2> The Dedicated GPU Service provides enterprise-grade GPU acceleration for your cloud virtual machines through a structured request-based provisioning system. This service delivers guaranteed performance, flexible multi-GPU configurations, and seamless integration with your existing cloud infrastructure.&nbsp;Unlike shared GPU resources, our dedicated service ensures that each GPU is exclusively allocated to your virtual machine, providing consistent performance for demanding AI, machine learning, and visualization workloads.&nbsp;<hr><h3> Key Features</h3><h4> Request-Based Provisioning</h4><ul style="list-style-type:disc;"><li>&nbsp;Manual Review Process: All GPU requests are reviewed and provisioned by our SITE Cloud team.</li><li>Guaranteed Allocation: Once approved, GPUs are exclusively dedicated to your VM.</li></ul><h4> Multi-GPU Support</h4><ul><li>Up to 8 GPUs per VM: Scale your parallel processing capabilities within a single virtual machine.</li></ul>&nbsp;<h3>Common Use Cases</h3>&nbsp;<h4>AI Model Training</h4><ul><li>Large Language Models: Train transformer models with substantial memory requirements.</li><li>Distributed Training: Utilize multiple GPUs for parallel model training.</li><li>Computer Vision: Process large datasets for image classification and object detection.</li><li>Deep Learning Research: Experiment with complex neural network architectures. &nbsp;</li></ul><h4>Professional Visualization</h4><ul><li>3D Rendering: Accelerate architectural and product visualization workflows.</li><li>CAD/CAE Applications: Run complex engineering simulations and designs.</li><li>Media Production: Process high-resolution video content and visual effects.</li><li>Scientific Visualization: Generate complex scientific and research visualizations.</li></ul><h4> High-Performance Computing</h4><ul><li>Cryptographic Operations: Perform intensive encryption workflows.</li><li>Scientific Computing: Accelerate mathematical and scientific computations.</li><li>Simulation Workloads: Execute physics, weather, and engineering simulations.</li><li>Financial Modeling: Run complex risk analysis and trading algorithms.</li></ul>&nbsp;<h3>Getting Started</h3>&nbsp;<h4>Requesting GPU(s) for a Virtual Machine</h4> Below are the step-by-step guide to request one or more GPUs for your critical workloads: &nbsp;<ol style="list-style-type:decimal;"><li>Navigate to the Virtual Machines page using the side navigation menu.</li><li>Click on the virtual machine you would like to request GPUs for.</li><li>Select GPU tab.</li><li>Click on Request button to open the request form.</li><li>Select the type of GPU and the number of GPUs.</li><li>Click on Submit.</li><li>A request is sent to our team through Cloud Support portal to attach the GPU, you can follow-up with the team through our platform. <img src="/uploads/request_gpu_vms_list_340099aad4.png"> <img src="/uploads/request_gpu_vm_d7fb861ed7.png"> <img src="/uploads/request_gpu_tab_35082cd5ff.png"> <img src="/uploads/request_gpu_modal_4d156bc5d8.png"> <img src="/uploads/request_gpu_pending_f428cbcdfb.png"> &nbsp; &nbsp;</li></ol><h4>Utilizing your newly configured GPU(s)</h4> After your GPU status is shown as Active in Cloud Portal, you can start utilizing the GPU by:<ol style="list-style-type:decimal;"><li>Installing the necessary drivers for your GPU. <a href="https://www.nvidia.com/en-us/drivers/" target="_blank" rel="noopener noreferrer">Visit Nvidia</a> to download and install the drivers on your Virtual Machine.</li><li>Verify that your GPUs are detected, by running the following CLI command: <code>nvidia-smi</code>, it should display your configured GPUs.</li></ol>&nbsp;<h4>Removing an existing GPU from your Virtual Machine</h4> Given that your GPU is active and you no longer need it, and would like to remove it:<ol style="list-style-type:decimal;"><li>Navigate to the Virtual Machines page using the side navigation menu.</li><li>Click on the virtual machine you would like to remove GPUs from.</li><li>Select GPU tab.</li><li>Go over the GPU you would like to remove, click on Remove GPU from the actions dropdown menu.</li><li>A request is sent to our team through Cloud Support portal to remove the GPU, you can follow-up with the team through our platform. <img src="/uploads/request_remove_gpu_40076881d8.png"> <img src="/uploads/request_remove_gpu_confirm_184ddf7571.png"> <img src="/uploads/request_remove_gpu_pending_4dc142276a.png"> &nbsp;</li></ol>&nbsp;<h3>Notes</h3><ul><li>If the virtual machine has Backup or Replication regimes enabled, you can't request GPUs on that virtual machine.</li><li>You can have up to 8 GPUs per virtual machine.</li><li>You can only use a single type of GPU at a time on a virtual machine, you can't combine two different types.</li><li>Once you have GPUs on your virtual machine, you can't enable Backups, Snapshots, nor Replication.</li><li>GPU pricing will be added in Cloud Billing once our Cloud Operations team activate the GPU on your virtual machine.</li><li>GPU pricing will be stopped in Cloud Billing once our Cloud Operations team confirms the removal of the GPU from your virtual machine.</li><li>The virtual machine with the GPU can only be deleted once GPUs are successfully removed.</li></ul>

Dedicated GPU Service

<h3>Network interfaces</h3>&nbsp;&nbsp;<h4>Adding vNICs/Network interfaces to your VM:&nbsp;</h4>&nbsp;1-Choose the VM you would like to modify.&nbsp;2-Click on Networks tab.&nbsp;3-Click on “+ Add interface”&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/docs_753e37a8ec.png"></figure>Choose the subnet and the desired IP.&nbsp;Please note: if you don't find any IPs you can allocate a new private IP, please refer to <a href="https://docs.cloud.site.sa/MyCloudPortal/how-to-assign-i-ps-from-cloud-portal" target="_blank" rel="noopener noreferrer">https://docs.cloud.site.sa/MyCloudPortal/how-to-assign-i-ps-from-cloud-portal</a>&nbsp;<h4>Deleting vNICs/Network interfaces to your VM:&nbsp;</h4>&nbsp;1- Choose the VM you would like to modify.&nbsp;2-Click on Networks tab.&nbsp;3-highlight the interface you would like to delete, and click on the delete icon.&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/delete_interface_36437d9351.png"></figure>&nbsp;Note: a VM must have at least 1 network interface.

Managing VM interfaces

<h2>Definition</h2>Light PAM is a lightweight and flexible tool for Managing Privileged Access, ensuring that only authorized users can access critical systems and data. It is designed to provide essential access management features with minimal overhead, enhancing security without compromising performance.<h2>&nbsp;</h2><h2>Features:</h2><ol><li>Centralized Authentication Management: Simplifies and standardizes authentication policies.</li><li>Fine-Grained Access Control: Precise control over user access.</li><li>Audit and Logging Capabilities: Tracks and logs authentication events for auditing and monitoring.</li><li>Lightweight and Efficient: Minimal impact on system performance.</li></ol>&nbsp;<h2>Use Cases:</h2><ol><li>Securing Remote Access: Ensures authorized remote access to critical systems.</li><li>Compliance with Security Regulations: Provides detailed logging for regulatory compliance.</li><li>Centralized Authentication for Diverse Systems: Consistent authentication across varied IT environments.</li><li>Protecting High-Value Assets: Enforces strict access controls for sensitive data.</li><li>Enhancing Security for Cloud Environments: Secures cloud infrastructure and resources.</li></ol>&nbsp;&nbsp;<h2>Step-by-Step Guide</h2>&nbsp;<h4>Prerequisites</h4><ul><li>Ensure you have setup the following&nbsp;<ul><li>Assign Jump server</li><li>Assign Jump server Users</li><li>Create Firewall rules to control access permissions.</li></ul></li><li>Ensure you an access to a Windows VM with a shared IP .</li></ul>&nbsp;<h3>1. Navigating to Light PAM</h3><ol><li>Access the Security Section: In the side menu, navigate to the Security section and select Light PAM.</li></ol>&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Light_Pam_55ed118482.png"></figure><h3>&nbsp;</h3><h3>2.Filtering and Managing Data</h3><ol><li>Filter by Tenant or BG: Use the filter options to view data by tenant or business group (BG).</li><li>Search: Utilize the search function to find specific records.</li><li>Export Table: Click the export button to download the table data as an Excel sheet.</li></ol><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Filtering_1_951311837b.png"></figure><h3>3.Assigning a Jump Server</h3><ul><li>Click Assign Jump Server: In the top right corner, click the "Assign Jump Server" button.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Assign_66a0a8910b.png"></figure>&nbsp;In our current setup, users can assign a jump server that is configured with only Windows VMs. Each jump server is assigned a shared IP to facilitate secure access.<ul><li>Windows VMs: Utilized as the primary environment for jump servers.</li><li>Assigned Shared IP: Ensures a controlled and secure access point.</li><li>Create Rules Automatically: Creates the required rules automatically for the resource to function properly. (the dash underline indicate to hoverable item )</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Modal_a72086e51f.png"></figure><h3>4.Viewing Request Progress</h3><ol><li>Access Request List: Navigate to the request list at the top right of the page.</li><li>View Requests: See the progress of the "Assign Jump Server" and "Create Firewall Rule" requests.</li><li>Explore Details: Click on each request to explore its details.</li></ol><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Requist_List_50451ae1f2.png"></figure>&nbsp;&nbsp;&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/request_list_1_488ba55d6f.png"></figure><h2>&nbsp;</h2><h3>5. Managing the Light PAM&nbsp;</h3>View Data Table: The table displays all relevant data including VM, ID, BG ID, and Shared IP.Action Button: For each row, use the action button to perform the following actions:<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Actions_9a6bb8e34d.png"></figure><ul><li>Sessions: View active sessions associated with the selected VM. This includes details such as session duration, active user, and any ongoing activities.</li></ul><figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Sessions_2750e68eab.png"></figure>&nbsp;<ul><li>Manage User: Manage users associated with the VM. This includes adding or removing users.</li></ul>&nbsp;<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/Manage_users_1_71b48646cc.png"></figure>&nbsp;&nbsp;&nbsp;<ul><li>Unassign: Unassign the jump server from the VM. This will remove the assigned shared IP and revoke access, This will not delete The VM or the automatically created Firewall .</li></ul><h2>&nbsp;</h2><h2>Glossary</h2><ul><li>PAM (Privileged Access Management): A framework that integrates multiple access management methods.</li><li>VM (Virtual Machine): A software-based emulation of a physical computer.</li><li>Jump Server: A special-purpose computer used to manage devices in a separate security zone.</li><li>Shared IP: An IP address that is shared among multiple devices for controlled access.</li></ul>&nbsp;<h4>Guided Steps for Using SITE PAM Access</h4>If you need guided steps for using SITE PAM Access, please see <a href="https://docs.cloud.site.sa/MyCloudPortal/site-pam-access">this link</a>.

Light PAM 

<h2>Definition&nbsp;</h2>SITE Cloud Mail Gateway Policy Builder enables administrators to manage rules that control the flow of email traffic within an organization. This ensures security, compliance, and efficient email management.&nbsp;<h3>Features:</h3><ol style="list-style-type:decimal;"><li>Configure Spam Prevention Policies: Offers an advanced spam filtering techniques&nbsp;</li><li>Configure Virus Prevention Policies: Automated virus detection, attachment scanning and filtering</li><li>Configure Quarantine Actions: Present a preferred method for managing end-user interaction with User-Quarantine</li><li>User-friendly interface: for policy rule management</li><li>Compliance and Security: Policy enforcement for regulatory compliance</li></ol>&nbsp;<h3>Use Cases:</h3><ol style="list-style-type:decimal;"><li>Preventing Spam and Phishing Attacks: Utilize multi-vector mechanisms including SPF (Sender Policy Framework), DMARC, DKIM, Threat intelligence, sender validation and many more to mitigate unsolicited or harmful emails, reducing the risk of phishing attacks on employees.</li><li>Protecting Against Malware and Viruses: Real-time scanning for emails to detect and quarantine suspicious content, ensuring that malware does not reach user inboxes.</li><li>Handling Spammed IP Addresses : Checking the history of the IP address for spam, malicious activity, and compliance with IP reputation check.</li><li>URL Detection and Analysis: Scan for malicious links within email content, blocking or quarantining emails with suspicious URLs to protect users from phishing and other threats.</li><li>Email Quarantine Management: Isolate emails flagged for spam, viruses, or other threats, allowing users or administrators(based on the policy action selected) to review and decide on further actions. &nbsp;</li></ol>&nbsp;<h2>Step-by-Step Guide&nbsp;</h2>&nbsp;<h3>Prerequisites:</h3><ol><li>Domain Selection:</li></ol>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- Existing Domain: Choose an already created domain.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- New Domain: Register and configure a new domain through the portal.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; these are the required fields to create a new domain:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1- &nbsp;Tenant&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2- &nbsp;Business Group&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3- &nbsp;Number of Users&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;4- &nbsp;Domain Name (should be mapped to site MX records)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5- &nbsp;Primary SMTP Server IP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;6- &nbsp;Allowed IPs List&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;7- &nbsp;FW Rules (either click the checkbox for automatic creation by the Portal or manually open the FW Rules to ensure traffic between the Mail Exchange Server and SITE Mail Gateway)&nbsp;&nbsp;<h3>1- Navigation to Mail Gateway Policy Builder</h3><ul><li>Access Through Security Section: On the side menu, through security section select “Mail Gateway”.</li></ul><figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_25_1ec41eca39.png"></figure>&nbsp;&nbsp;&nbsp;<h3>2- Domain Management&nbsp;</h3><ul><li>Existing Domain: If there is already registered domain, the settings can be accessed by clicking on the domain name, which will be directed to the domain management interface.</li></ul><figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_3_3f7f4a1c99.png"></figure>&nbsp;&nbsp;&nbsp;<ul><li>Create a New Domain: Click on “Create”, fill in the required information, and then press “Submit”.</li></ul><figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_5_4a7e54c5ab.png"></figure>&nbsp;&nbsp;&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_26_a29aa51068.png"></figure>&nbsp;&nbsp;&nbsp;<h3>3- Access Policy Builder&nbsp;</h3><ul><li>Policies Tab: To access the policy management interface, click the policies icon.</li></ul><figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_10_7ffe10cb0f.png"></figure>&nbsp;&nbsp;&nbsp;<h3>4- Customize Policy&nbsp;</h3>Users have three categories for managing domain policies:&nbsp;&nbsp; &nbsp; &nbsp; 1. Spam Prevention: Employs and provides the ability to configure 14 types of spam controls<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_14_83b192216e.png"></figure>&nbsp;&nbsp;&nbsp; &nbsp; &nbsp;&nbsp;2. Virus Prevention: Employs and provides the ability to configure 16 types of virus&nbsp;controls&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_16_3d530e451b.png"></figure>&nbsp;&nbsp;&nbsp; &nbsp; &nbsp;&nbsp;3. Resources: Employs and provides the ability to configure&nbsp;User-Quarantine email actions&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_18_8075634d08.png"></figure>&nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp;4. Tip: Each policy in the Policy Builder includes a self-descriptive paragraph beneath it. Additionally, each action (e.g., Tag as Spam, Pass, etc.) has a description that appears when you hover over it.<img src="https://cms.cloud.site.sa/docs/uploads/Group_28_8ac4455fd1.png"> &nbsp;<h3>5- Finish Setting Up The Policies&nbsp;</h3>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;1. The final step is to click "Apply Changes" after configuring your preferred policies.&nbsp; &nbsp; &nbsp; &nbsp; 2. The "Set to SITE Cloud Defaults" button is used to revert all policies and settings to the default configurations provided by the SITE cloud. This can be useful if you want to reset your changes or ensure that your settings align with the standard default options.<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Group_27_5043672f3e.png"></figure>&nbsp;&nbsp;<h3>Glossary&nbsp;</h3><ul><li>Mail Gateway: A server that safeguards an organization's or user's internal email servers. It acts as a gateway, processing every incoming and outgoing email.</li><li>MX Record: Based on&nbsp;its value, it will directs emails to the specified mail server/gateway, such as SITE Mail Gateway in this case.</li><li>SPF Record: Specifies the mail servers and domains authorized to send email on behalf of a specific domain.</li></ul>

Mail Gateway Policy Builder

<h3>Introduction</h3>When emails are suspected to be spam, phishing, or containing malicious content (or any configuration you've set <a href="https://docs.cloud.site.sa/MyCloudPortal/article-21" target="_blank" rel="noopener noreferrer">in the Policy Builder</a>), they are flagged and placed in an isolated environment for your action (to either release or ignore/delete).&nbsp;There are three ways for your organization employees to manage their quarantined emails:<ol style="list-style-type:decimal;"><li>Through the Email Quarantine Portal (Recommended, instant visibility)</li><li>Through the Cloud Portal's Mail Gateway (limited to users that have access to the Cloud Portal)</li><li>Through an email notification</li></ol>&nbsp;<hr><h3>Email Quarantine Portal</h3>A <a href="https://quarantine.cloud.site.sa/" target="_blank" rel="noopener noreferrer">dedicated email quarantined portal</a> for your organization to instantly access, view, and manage their quarantined emails with ease.&nbsp;&nbsp;Depending on your <a href="https://docs.cloud.site.sa/MyCloudPortal/article-21" target="_blank" rel="noopener noreferrer">Policy Builder configurations</a>, users can only release emails that are flagged as “Personal Quarantine”, not “Admin Quarantine” for security purposes.&nbsp;Note: users will able to manage their Personal Quarantine emails after your organization administrator enables the option "Email Release” in the “Policies” tab under your organizations mail gateway instance in Cloud Portal.&nbsp;Here's how to start using the Email Quarantine Portal:<ol style="list-style-type:decimal;"><li>Go to <a href="https://quarantine.cloud.site.sa" target="_blank" rel="noopener noreferrer">https://quarantine.cloud.site.sa</a></li><li>Enter your work email to login<ol><li>You will receive a one-time passcode in your inbox</li></ol></li><li>Enter the OTP you received to login</li><li>Review and search for the quarantined email</li><li>If your administrator gave the organization permissions, you will be able to view and release “Personal Quarantine” emails</li></ol>&nbsp;&nbsp;<h3>Cloud Portal</h3>Users who have access to the Cloud Portal, can manage their quarantine emails in a single unified portal.&nbsp;&nbsp;Here's how to do it:&nbsp;<ol style="list-style-type:decimal;"><li>Go to Mail Gateway page</li><li>Select your mail domain instance</li><li>Go to Quarantine Emails tab</li><li>Select either User Quarantine or Admin Quarantine, and enter the recipient's email address handle.</li><li>Click on Show button to fetch quarantined emails.</li><li>You can then release false-positive emails.</li></ol>&nbsp;<h3>&nbsp;</h3><h3>Quarantined Email Notification</h3>After an email is detected and flagged, our system will automatically send a quarantined email notification to the user's inbox to take action.&nbsp;Note: users will get these emails after your organization administrator enables the option “Send Quarantine Report” in the “Policies” tab under your organizations mail gateway instance in Cloud Portal.&nbsp;The notification usually includes details such as&nbsp; &nbsp; &nbsp; - &nbsp;The sender of the quarantined email.&nbsp; &nbsp; &nbsp; - &nbsp;The subject of the email.&nbsp; &nbsp; &nbsp; - &nbsp;Instructions or a link for the recipient to review and release the email if it is safe<figure class="image"><img src="https://cms.cloud.site.sa/docs/uploads/VAITHI_1bcb456834.png"></figure>The actions that can be taken:<ul><li>Release the Email: If you trust the sender and the email appears legitimate, you can release it from quarantine. This will deliver the email to your inbox.&nbsp;</li><li>Delete: If you identify the email as spam, phishing or harmful, delete it from quarantine.</li></ul>&nbsp;<hr><h3>Email Awareness</h3>To recognize the signs that point to a malicious email&nbsp;&nbsp;The Push Phishing emails are designed to get the victim to do something. If an email elicits a sense of urgency or pushes a particular action, then it may be malicious.&nbsp;Tone and Grammar Phishing emails won't sound right and may include spelling and grammar issues.&nbsp;Mismatched Links Check the target of a link in an email on a computer by hovering over it with your mouse. If the link doesn't go where it should, the email is likely to be malicious.&nbsp;Odd Attachment Type Phishing emails are frequently used to spread malware. If you an "invoice" that is a ZIP file, an executable, or something else unusual then it's probably malware. &nbsp; &nbsp;

Quarantine Email Management

<h3>Overview</h3>Certificate Manager is a centralized dashboard that allows you to manage SSL/TLS certificates across your cloud infrastructure. You can import certificates issued by any Certificate Authority (CA), associate them with cloud resources such as load balancers, and update them when renewed.This tool helps maintain service availability and security by giving you full visibility into certificate status and associations.<figure class="image image_resized" style="width:75%;"><img src="/uploads/certificate_manager_d890c35255.png"></figure>&nbsp;<h3>Getting Started</h3><h4>Accessing Certificate Manager</h4>Log in to your Cloud Dashboard.Navigate to Certificate Manager under the Security section.<hr><h3>Key Features</h3><h4>1. Certificate Manager Inventory</h4>The main dashboard provides an overview of all your imported certificates. Each entry includes:Certificate NameStatus: Valid, Expiring Soon(certificate has less than 3 months), ExpiredAssociated ResourcesExpiration DateYou can filter and sort the table to quickly locate certificates by status or association.<hr><h4>2. Adding a certificate</h4>You can add new certificates issued by third-party CAs, or CAs you trust, or your own self-signed certificates.<h4>Steps to Add new certificate:</h4>Click on the Add Certificate Button.<ul><li>Select the method for adding the certificate<ul><li>Add PFX Certificate – Upload a .pfx file that contains both the certificate and its private key. A password will be required to complete the import.</li><li>Add Certificate using Private Key – Import an existing certificate along with its private key. Use this if certificate and private key are already available.</li><li>Generate CSR and Import Certificate – Choose this if you need to generate a Certificate Signing Request (CSR) before importing the certificate. Save CSR for later button can be used if the signed certificate is not ready yet.&nbsp;</li><li>Add Certificate Using Saved CSR – Add certificate by selecting one of your saved for later CSRs. Use this option if you have generated the CSR earlier.</li></ul></li><li>Fill the certificate general information:<ul><li>Business Group</li><li>Certificate Name</li><li>Description</li></ul></li><li>Fill Certificate Signing Request (only applicable if you choose “Generate CSR and Import Certificate” method</li><li>Fill Certificate Key Chain information</li></ul>&nbsp;Click Save to complete adding the certificate.*Private keys are securely stored and not exposed after adding the certificate.<hr><h4>3. Managing Certificates</h4>From the associate/manage action on each certificate, you can:<ul><li>View certificate details</li><li>Update the certificate after external renewal</li><li>Associate certificate with other resources</li><li>Disassociate the certificate from a resource</li></ul><hr><h4>4. Monitoring Expiration</h4>Each certificate shows its expiration date and current status:<ul><li>Active: Valid and not nearing expiration</li><li>Expiring Soon: Nearing the expiration date (less than 3 months)</li><li>Expired: The certificate is no longer valid</li></ul>The Certificate Manager does not automatically renew certificates. You must handle renewal externally with your CA and then update the certificate in the system.<hr><h3>Updating a Certificate After Renewal</h3>When a certificate is renewed through your Certificate Authority:<ol style="list-style-type:decimal;"><li>Import the update certificate to the Certificate Manager.</li><li>Click on the actions button for the targeted certificate.</li><li>Click Manage.</li><li>Dissociate the existing certificate</li><li>Associate the new certificate.</li><li>Save changes.</li></ol><hr><h3>Best Practices</h3>Maintain external reminders for renewal at least 90 days before expiration.Periodically review certificates for expiration and relevance.Ensure the full certificate chain is included during import or update.Disassociate and delete unused certificates to keep your inventory clean.<hr><h3>Support</h3>For questions or assistance, please refer to the Support Center or contact our support team directly.

Certificate Manager

<h3 style="margin-left:0px;">User Permission Guide</h3>&nbsp;&nbsp;Follow these steps to manage user permissions effectively:&nbsp;User Management:<ul><li>Navigate to the User Management under Settings section on SITE cloud portal.</li></ul>&nbsp;Select the User:<ul><li>Find and select the user you want to manage.</li><li>Click on the "…" button &nbsp;to access additional options.</li></ul>&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/Cloud_Docs3_328065c82b.png"></figure>&nbsp;Manage Authorities:<ul><li>Select "Manage Authorities" from the list of options.</li></ul>&nbsp;<figure class="image image-style-align-left"><img src="https://cms.cloud.site.sa/docs/uploads/image_9229b90d03.png"></figure>&nbsp;<ul><li>Choose the appropriate permissions you want to assign or modify for the user.</li></ul>&nbsp;<figure class="image image-style-align-left image_resized" style="width:29.5%;"><img src="https://cms.cloud.site.sa/docs/uploads/image_3048796e0d.png"></figure>&nbsp;Submit Changes:&nbsp;<ul><li>After making the necessary adjustments, click "Submit" to save the changes.</li></ul>

IPs/Domains	Ports	Affected Controls for End-Users
176.105.148.217	443 TCP	Endpoint management, networking devices, firewalls, proxy, any inspection services that may impact real-time applications (streaming and conferencing)
176.105.148.218	20000 to 50000 UDP/TCP
176.105.149.38	TCP/443 & UDP/5394 & UDP/3478
176.105.148.221	TCP/443 & UDP/5394 & UDP/3478
*.ray.sa	Whitelist on Corporate firewall / polices