The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Trusted Network Detection

Trusted network detection (TND) enables the UCC to work with Umbrella virtual appliances (VAs) so that a network (for example, an on-premise network) protected by VAs can be trusted by the UCC.

With TND enabled, a Chromebook-specific policy can take precedence over other policies by using the Chromebook user's identity.

How trusted network detection works

When the UCC detects a VA in a network, it sends the Chromebook user's identity to the VA and then deactivates. The VA continues to handle DNS requests from Chromebooks by appending the users' identities to all requests to Umbrella resolvers.

When the UCC fails to detect a VA, the UCC directly sends DNS requests to Umbrella resolvers.

Prerequisites

Software Requirements

The following minimum software versions are required.

  • UCC extension 1.2.0
  • UCC app 1.2.5
  • VA 2.3.2

Network Access

The following network access is required for TND to work.

Port and Protocol
Destination
Description

443 (TCP)

Virtual Appliances

The UCC uses port 443 to communicate with VAs on the network.

Before you Begin

Deployment

To deploy trusted network detection, follow the instructions in the Umbrella Chromebook client deployment guide, with these exceptions:

  • Use search strings above
  • Add the section "vaIPs" (see below) to the downloaded configuration file.

To use trusted network detection, your configuration file must include the "vaIPs" values shown in this sample (add IP values for each VA in your network—this example shows a network with two VAs). IP values must be each enclosed in double quotes, separated by a comma:


{  
  "organizationInfo":{  
     "Value":{  
        "organizationId":1234567,
        "regToken":"GtTYPQfgSzQtGzYUrINmbjgTu5XriDtn"
     }
  },
  "vaIPs":{  
     "Value":[  
        "192.168.100.10",
        "192.168.100.11"
     ]
  }
}

To use the G Suite identity service, update your config file with the G Suite flag as shown below:

{  
  "organizationInfo":{  
     "Value":{  
        "organizationId":1234567,
        "regToken":"GtTYPQfgSzQtGzYUrINmbjgTu5XriDtn"
     }
  },
  "vaIPs":{  
     "Value":[  
        "192.168.100.10",
        "192.168.100.11"
     ]
  },
  "googleDirectoryService": {
   	 "Value": true
  }
}

Trusted Network Detection


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.