Dome9 Frequently Asked General Questions
We also have a pricing-specific FAQ, and answers
to your questions on Dome9 SecOps for AWS
Can’t find your question? Drop us a line at firstname.lastname@example.org.
Q – What is Dome9?
A - Dome9 is the world’s first, secure firewall management as a service for cloud, hosted VPS & dedicated servers.
Q – Why use Dome9?
A – Dome9 is the best solution available today that lets you manage your cloud/hosted servers security policies, remotely without leaving any open ports on your servers for SSH or Remote Desktop. All other techniques require that you leave open holes on the server firewall, for remote SSH or Remote Desktop access to your cloud servers. These holes, which let you login to your cloud servers, are used by attackers to penetrate your systems.
Q – How does Dome9 protect my server?
A – While user names and passwords are just not enough today, Dome9 turns your hosted cloud, VPS and dedicated servers practically invisible to attackers. For example, a Web Server would only answer to the http (port 80) and all administrative communication attempts to it would fail, unless you authorize them through the Dome9 system. So even if you have your SQL database on it along with some remote access solution like Remote Desktop, VNC or SSH, no attacker can remotely access them.
Q – How do I sign up for Dome9?
A – Simply log on to https://secure.dome9.com and click the green squarish “Register now” button. At that point, you will be transferred to our registering page. Once finished, make sure to follow the installation wizard exactly as directed.
Q – Do you offer a FREE trial of Dome9?
A – Yes, we do. Anyone interested in Dome9′s firewall management solution can get and try a fully functional 30 days free trial for all of our plans.
Q – Do I need to give my credit card number in order to use Dome9 for the trial Period?
A- No. Your first 30 days of service are free, and do not require a credit card.
Q- What happens after the trial period is over?
A – A few days before the end of your trial period you’ll get an email from Dome9 reminding you that you need to choose a plan and enter your payment information. If you do not choose a plan by the end of the 30th day, you’ll automatically be enrolled in the free, Lite Cloud plan.
Q – Do I need to install anything to use Dome9?
A – It depends. If you’d like to adequately protect your servers on all hosting/cloud environments, Dome9 lightweight Agent installation is generally required. Simply download the Dome9 Agent Installer into your server in order to start a secure conversation with Dome9 Central.
HOWEVER, if you are using Amazon EC2 as your cloud environment, you could enable Dome9 without installing any agents. Simply provide Dome9 Central with your Amazon AWS API key and we’ll enable all the great Dome9 features through EC2 Security Groups without installing anything!
Q – How long does it take to Install the Dome9 Agent?
A – The installation process is very fast and takes less than a minute.
Q – Will Dome9 slow down my servers?
A – Absolutely not. There are no bandwidth or latency issues since the remote clients are connected directly to your servers (and not tunneled through Dome9). This method eliminates all bandwidth, privacy and latency problems. Thus, as we use the well tested OS firewalls that are always enabled anyway, the impact on any machine is zero.
Q – Is my server data exposed to Dome9? Can you see my traffic?
A – No. We only help you in automating the firewall capabilities of your cloud server. No traffic is routed through Dome9.
Q – Can I turn Dome9 off anytime I want?
A – Yes. Removing the agent from any server is just as simple as uninstalling any other application. Dome9 Agent will revert back to the pre-installation security policy. We strongly suggest users to review their cloud server firewall security policy.
Q – What is Emergency Mode and what does Emergency Mode Timer means?
Emergency Mode defines a state where where a Dome9 Agent can’t reach Dome9 Central service. Reasons could be: DDOS on Dome9, DDOS on your server and/or ISP network, Dome9 downtime etc. In order to allow administrators access to their servers we have created an Emergency Policy, this is the security policy (firewall rules) that an Agent switches to, after a predetermined time of not communicating with Dome9 Central service.
The default Emergency Policy is to open all the On Demand ports of the normal policy. I.e. if the Dome9 policy is to allow http (tcp80) from anywhere and ssh (tcp22) only On-Demand then the Emergency Policy is to allow both http and ssh from anywhere.
Default for Emergency Mode time out is 30 minutes, meaning that the emergency policy will only be activated after 30 minutes of not communicating with the Dome9 Central Service.
Note that the Agent tries to connect to Dome9 Central constantly, and once successful it retrieves the current policy (non-emergency) and resets the time out timer back to zero again.