Getting Started with Trust Service

9 min

introduction the nile trust service can be activated on both new (greenfield) and existing (brownfield) deployments to provide zero trust enforcement across the enterprise network this section outlines the prerequisites, configuration steps, and best practices to help administrators enable and operationalize the trust service efficiently preparing for deployment before enabling the nile trust service, administrators should review their network design, existing policy configurations, and upstream integrations preparation ensures a smooth transition from traditional segmentation models to identity based zero trust enforcement prerequisites ensure all sites are running the latest nile service block software version that supports the trust engine confirm that essential network services such as dhcp, dns, radius, and identity providers (idp) are reachable and configured verify that users and devices can be identified through either scim, radius, or device fingerprinting for enterprise tier deployments, review plans for continuous validation and upstream firewall or sse integrations recommended setup sequence review network segments document existing network segments and associated user/device categories define policy groups create baseline user, device, and application groups representing the enterprise environment set up infrastructure services validate that dns, dhcp, radius, and idp ip addresses are included in the infrastructure services application group create initial service profiles configure profiles for onboarding, dns, and essential protocols build initial policies establish basic connectivity rules such as employee access to the internet or iot devices to intranet applications enabling trust service in new deployments for new nile sites, the trust service core tier is automatically enabled as part of the nile access service administrators can further configure and refine zero trust policies through nile control center key setup tasks network infrastructure configuration ensure that infrastructure app groups are properly defined to support client onboarding quarantine policy setup modify or create policies defining what quarantined devices can access (for example, remediation servers) the default quarantine policy blocks internet access until remediation is complete intranet and internet groups confirm that the intranet group accurately reflects the organization’s rfc 1918 address space all other destinations are treated as internet by default user and device groups define employee, guest, contractor, and iot device groups properly defined groups allow immediate classification upon onboarding initial policies create policies for essential communications such as employees to internet (controlled by internet service profile) it staff to printers or iot management interfaces guests to internet (restricted protocols) once configured, these policies apply automatically across all service blocks in the tenant migrating existing deployments existing nile access service customers can migrate to the trust service with minimal disruption the trust engine automatically preserves essential operations during the upgrade process migration overview automatic activation the trust engine is enabled upon software upgrade existing traffic continues to flow based on prior configurations until explicit policies are defined policy conversion segment based rules from previous versions are automatically converted into equivalent policy group based rules validation checks the system performs compatibility checks to ensure throughput and performance expectations align with the new trust engine capabilities administrator review after upgrade, administrators can refine or remove automatically created rules to optimize policy sets migration steps review auto generated policy groups and validate their match criteria review migrated policies and adjust service profiles or actions as needed test critical workflows (e g , user onboarding, device connectivity, and internet access) enable enterprise tier features such as microsegmentation or sse forwarding once baseline connectivity is verified monitoring and verification after enabling the trust service, use nile control center to validate configuration and monitor activity key verification tasks confirm that all expected users and devices are classified correctly into their policy groups verify that default policies (infrastructure, quarantine, internet access) are active and functional review policy logs for denied flows or misclassifications validate connectivity to upstream systems if using hybrid or centralized enforcement models best practices for initial rollout start with a minimal set of policies focused on critical business workflows gradually expand policies to cover additional applications or devices once validation is complete avoid overly broad open service profiles; refine them to least privilege configurations as you stabilize operations regularly review unclassified and quarantine lists to address anomalies early summary the nile trust service simplifies the journey to zero trust by automating classification, onboarding, and policy enforcement across all network layers whether deployed in a new environment or integrated into an existing one, it provides a secure and flexible foundation for modern enterprise connectivity next migration overview — learn how existing nile access service deployments transition to the new trust engine with identity based microsegmentation