Starting with Elisity Cloud Control Center release 15.2, you can now apply user definable labels to any device.
Device Labels serve as a powerful and flexible tool to differentiate devices, even when they appear identical or very similar across various environments or sites. These labels are user-definable, allowing you to assign unique identifiers based on parameters like location name, manufacturing line name, device owner, zone name, or any custom string of text. The label is not tied to any specific type of device or network attribute, it is fully customizable. The primary objective of the Device Label is to offer an additional mechanism to distinctly identify a device or a set of devices. For instance, in a scenario where an environment houses multiple identical devices, Device Labels can be invaluable. By matching these identify attributes in a policy group, users can segregate these devices into distinct policy groups, each governed by its unique set of policies.
Example A: Imagine a manufacturing company with identical PLCs across multiple production lines. While the PLCs are identical in function, they might be used for different tasks based on the production line and require unique security policies. By using Device Labels like "Line A" or "Line B", the company can easily categorize these PLCs and apply specific policies to each group, ensuring smooth operations and enhanced security.
Example B: A Device Label can also be used to architect your device groupings and policies to meet specific standards as they pertain to segmentation. For example, IEC 62443 Zones, Sub-Zones and Conduits can be defined by associating a label (Zone/Sub-Zone or any custom name) with a device and then matching on that Device Label in a policy group to design the segmentation of the network to meet the security requirements of the business.
Elisity offers complete flexibility when it comes to match criteria for a Policy Group. In this scenario, we are only using manually defined attributes such as Site Label and Device Label to group devices into their respective segments. These two attributes, when leveraged together take things further and allow you to differentiate between similar environments across different sites. Site Label and Device Label are static attributes and do not change unless manually adjusted, meaning the classification of the device will never change dynamically.
Steps to Configure Device Labels
Step 1: Log into Cloud Control Center and navigate to the Devices section. Select the device or devices you want to apply a label to and then select Edit/Bulk Edit.
Step 2: Under the Manual Device Attributes Configuration section, define your custom Device label in the Label box and select Save Changes.
After saving the changes you can select the device you just added the label to and see that it is reflected under the Manually Configured section.
Step 3: Now that the Device Label has been defined, you can reference it as match criteria in a policy group. Any device that matches all conditions of the policy group, including the label, will be classified into that policy group and receive all associated policies. Specify the Device label as a part of your match criteria and select Create.
Here you can see the full set of match criteria for this particular example.
Updating Device Label by Spreadsheet Import
You can update the Device Labels for a list of select devices by uploading a spreadsheet with the Device Label field filled out. One mandatory field that must be populated in the spreadsheet and match the discovered devices you want to update is MAC Address.
Step 1: Navigate to the Devices page in Cloud Control Center and select Onboard Devices > Add Multiple Devices.
Step 2: In the slide out drawer, select Download Sample and open the spreadsheet. Fill out the mandatory field and add the Device Label to all of the devices and save the changes.
Step 3: Go back to the Add Multiple Devices page and select Click to upload, and upload the spreadsheet. Click Submit.