EncrypTight User Guide
Table of Contents
Managing EncrypTight Users
Getting Started with Etems
Provisioning Appliances
Managing Appliances 117
Managing Key Management Systems
Managing IP Networks
Managing Network Sets
Creating Vlan ID Ranges for Layer 2 Networks
Policy Design Examples 211
Using Enhanced Security Features
Modifying the Etkms Properties File
Etep Configuration 299
302
Index 343
Preface
About This Document
Contacting Black Box Technical Support
Part I EncrypTight Installation and Maintenance
EncrypTight User Guide
EncrypTight Overview
Distributed Key Topologies
Network topologies
Topology Description
Layer 3 IP topologies
Layer 2 Ethernet topologies
EncrypTight Elements
Related topics
Policy Manager
EncrypTight Element Management System
Key Management System
Policy Enforcement Point
Single Etkms for multiple sites
Point-to-Point Negotiated Topology
Shared keys
Security within EncrypTight
Layer 2 Point-to-Point Deployment
Secure Communications Between Devices
Secure Key Storage within the Etkms
EncrypTight Deployment Planning
EncrypTight Component Connections
Management Station Connections
Etpm to Etkms Connections
Etpm and Etkms on Different Subnetworks
Etpm and Etkms on the Same Subnetwork
Etpm and Etkms in Layer 3 IP Policies
Out-of-band Etkms management in an Ethernet network
Connections for Backup ETKMSs
External Etkms to Etkms Connections
Connecting Multiple ETKMSs in an IP Network
Etkms to Etkms Connections in Ethernet Networks
Etkms to PEP Connections
Etkms to PEP Connections in IP Networks
Etkms to PEP Connections in Ethernet Networks
In-line Etkms to PEP communications in IP networks
Network Clock Synchronization
IPv6 Address Support
IPv6 address representations
Certificate Support
Address Format Address Representation
Network Addressing Options
Network Addressing for IP Networks
Addressing Method Description
Related topics
Installation and Configuration
Before You Start
Hardware Requirements
Software Requirements
EncrypTight management station requirements
Third party management station software
EncrypTight Software Installation
Installing EncrypTight Software for the First Time
To install the EncrypTight software
Firewall Ports
Uninstalling EncrypTight Software
To uninstall EncrypTight
Upgrading to a New Version of EncrypTight
Starting EncrypTight
Management Station Configuration
Exiting EncrypTight
To start Etems
Related topic
To enable the Microsoft FTP Server service
Securing the Management Interface
Enabling the Microsoft FTP Server
Etems communications options
Installing ETKMSs
Configuring ETKMSs
Configuring the Syslog Server
Etkms server connections
About Local ETKMSs
Basic Configuration for Local ETKMSs
Adding a Local Etkms
Launching and Stopping a Local Etkms
Starting the Local Etkms Automatically
To add a local Etkms
To launch a local Etkms
Configuring External ETKMSs
Prior to configuring the batch file do the following
To configure the batch file
Maintaining the start.bat file
Changing the Admin Password
To change the admin password
Logging Into the Etkms
To log into the Etkms
Changing the Root Password
To change the root password
Configure the Network Connection
To configure the network connection and hostname
Static IP Netmask Default Gateway IP address
IPv4
To configure the network interface
To set the hostname and IPv6 default gateway address
To set the default DNS server and configure the hosts file
IPv6
To set up time synchronization
Configure Time and Date Properties
To set the time zone
Ntpq -p command output
To restart the NTP daemon
To check the time source connection status
Field Description
Starting and Stopping the Etkms Service
Check the Status of the Hardware Security Module
Configuring Syslog Reporting on the ETKMSs
To check the status of the Etkms service
To configure syslog reporting on a Etkms
Checking the Status of the Etkms
Policy Enforcement Point Configuration
Default User Accounts and Passwords
Passwords to change
Managing Licenses
Etep Throughput Speeds
Installing Licenses
To install a license on the Etep
To enter EncrypTight licenses
Choose Tools Put License
Next Steps
Upgrading Licenses
Upgrading the EncrypTight License
Upgrading Etep Licenses
Next Steps
Installation and Configuration EncrypTight User Guide
Managing EncrypTight Users
Working with EncrypTight User Accounts
Task Administrator User
Configuring EncrypTight User Authentication
EncrypTight account types and privileges
Login Session Inactivity Timer
Password Authentication and Expiration
Common Access Card Authentication
DoD Login Banner
Login preferences default settings
EncrypTight user name and password conventions
Preference Setting
Parameter User Name Password
Changing an EncrypTight User Password
To change a password
To add an EncrypTight user account
To modify an EncrypTight user account
Example 1 Default EncrypTight user and default Etep user
Example 2 Setting up new EncrypTight and Etep users
How EncrypTight Users Work with Etep Users
Relationship between EncrypTight users and Etep users
Example 3 Adding a new Etep user to EncrypTight
Working with the EncrypTight Workspace
Maintenance Tasks
About the EncrypTight Workspace
To save a workspace to a new location
Saving a Workspace to a New Location
On the File menu, click Save Workspace To
Loading an Existing Workspace
To load an existing workspace
Moving a Workspace to a New PC
Deleting a Workspace
To move a workspace to a new PC
To delete a workspace
Installing Software Updates
Schedule the Upgrade
Prepare Etpm Status and Renew Keys
Upgrade the EncrypTight Software
Verify Etkms Status and Deploy Policies
Upgrade PEP Software
To deploy policies
On the Tools menu, click Upgrade Software
To upgrade software on the PEPs
FTP server site information for appliance software upgrades
Click Edit Multiple Configurations Software Version
Change the PEP Software Version and Check Status
To change the software version of the PEPs
To check the status of the PEPs
Upgrading External ETKMSs
Return Status Refresh and Key Renewal to Original Settings
To stop and remove the current Etkms software
To install the new Etkms software
To configure the new Etkms software
To mount the Cdrom drive
To start the Etkms software
Maintenance Tasks EncrypTight User Guide
Part II Working with Appliances using
Etems
EncrypTight User Guide
Getting Started with Etems
Defining Appliance Configurations
Etems Quick Tour
Pushing Configurations to Appliances
Interface configuration for a new ET1000A appliance
Comparing Configurations
Upgrading Appliance Software
Maintenance and Troubleshooting
Understanding the Etems Workbench
Policy and Certificate Support
Appliance Manager perspective Views
Editors
Toolbars
Perspectives
To open a perspective
Etems toolbar
Appliance Manager toolbar
Status Indicators
Certificate Manager toolbar
Appliance status indicators
Status Indicator Description
Understanding Roles
EncrypTight User Types
Function Administrator Ops
Modifying Communication Preferences
Appliance roles for ETEPs
To change communication preferences
General communication preferences
Strict authentication communication preferences
Preference Description
Ignore CRL access
Enable Certificate
CRL File Location
Policy Extensions
Provisioning Appliances
Provisioning Basics
Adding a New Appliance
New Appliance editor for the ET1000A To add a new appliance
Saving an Appliance Configuration
Saving appliance configurations
To push Etems configurations to appliances
On the Tools menu, click Put Configurations
Viewing Appliance Status
Put configuration status
Result Description
To configure automatic status checking
Appliances view
Etems
Filtering Appliances Based on Address
To apply a filter to the appliances in the Appliances view
Rebooting Appliances
To reboot appliances
Appliance User Management
Etep User Roles
Configuring the Password Enforcement Policy
Default user names and passwords on the Etep
Role Default user name Default password
Appliance roles for ETEPs v 1.4 and later
Strong Password Policy Conventions
Default Password Policy Conventions
User Name Conventions
Removing ETEPs From Service
Upgrading Software
Managing Appliance Users
Adding Etep Users
To add a user to the Etep
On the Tools menu, click Appliance User Add User
Password policy values
Default password Strong password Parameter Policy
Modifying Etep User Credentials
Deleting Etep Users
To modify Etep user credentials
On the Tools menu, click Appliance User Modify User
To delete a user from the Etep
Viewing Etep Users
On the Tools menu, click Appliance User Delete User
Working with Default Configurations
Customizing the Default Configuration
To customize the default configuration
On the Edit menu, click Default Configuration
Restoring the Etems Default Configurations
To return the default values to factory settings
On the Edit menu, click Default Configurations
Provisioning Large Numbers of Appliances
Creating a Configuration Template
Importing Configurations from a CSV File
To import appliance configurations to Etems
Attribute Description
Importing Remote and Local Interface Addresses
Remote and local keywords and attributes
Changing Configuration Import Preferences
Shutting Down Appliances
Checking the Time on New Appliances
Shutdown operational codes
To shut down the Etep
Editing Configurations
Managing Appliances
Changing the Address on the Appliance
Changing the Management IP Address
To change the management IP address on the appliance
Changing the Address in Etems
Change Management IP window Related topics
Changing the Date and Time
Operation failed message in response to management IP change
Changing Settings on a Single Appliance
Changing Settings on Multiple Appliances
To edit the configuration of a single appliance
To change the date and time
To update an appliance setting on multiple appliances
Deleting Appliances
Connecting Directly to an Appliance
Connecting to the Command Line Interface
Upgrading Appliance Software
To delete appliances
124 EncrypTight User Guide
To upgrade software
126 EncrypTight User Guide
Restoring the Backup File System
Canceling an Upgrade
What to do if an Upgrade is Interrupted
Checking Upgrade Status
To restore the appliance file system from a backup copy
Part III Using Etpm to Create Distributed Key Policies
130 EncrypTight User Guide
Getting Started with Etpm
Opening Etpm
About the Etpm User Interface
To open Etpm
Etpm perspective
EncrypTight Components View
Component Chapter
Editors
Etpm Status Indicators
Status indicators
Policy View
To edit an element from the policy view
Sorting and Using Drag and Drop
To enable or disable automatic status checking
Etpm Toolbar
Etpm Status Refresh Interval
Etpm toolbar
IP Policies
About Etpm Policies
Ethernet Policies
Policy Generation and Distribution
Policy generation and distribution
Key generation with one Etkms
Creating a Policy An Overview
Key generation with multiple ETKMSs
Network a
Network B
Network Set a
Network Set B
To create a policy
144 EncrypTight User Guide
EncrypTight User Guide 145
146 EncrypTight User Guide
Managing Policy Enforcement Points
Provisioning PEPs
Configuration Description
EncrypTight PEP configuration
Adding a New PEP in Etems
On the Features tab, select Enable passing TLS traffic
On the Advanced tab, select Enable Sntp Client
To add a new PEP using Etpm
Adding a New PEP Using Etpm
Adding Large Numbers of PEPs
Pushing the Configuration
To push Etems configurations to PEPs
To edit a PEP’s configuration
Editing PEPs
To change the NTP settings for multiple PEPs
Select Edit Multiple Configurations Sntp Client
Editing Multiple PEPs
Editing PEPs From Etpm
Deleting PEPs
Changing the IP Address of a PEP
Changing the PEP from Layer 3 to Layer 2 Encryption
To change the IP address of a PEP
To delete PEPs
Managing Key Management Systems
Etkms connections
Adding ETKMSs
To add an Etkms
Editing ETKMSs
Deleting ETKMSs
Etkms entries
To edit an existing Etkms
To delete an existing Etkms
Managing IP Networks
Adding Networks
To add a network
Network entries
Network IP
Address Network Mask
Advanced Uses for Networks in Policies
Grouping Networks into Supernets
Using Non-contiguous Network Masks
Networks definitions
IP Address Network Mask
Deleting Networks
Editing Networks
To edit an existing network
To delete a network
Managing IP Networks 166 EncrypTight User Guide
Managing Network Sets
Network Sets
IP address Mask 40.32.21.0 255.255.255.0
Types of Network Sets
IP address Mask 40.55.11.0 255.255.255.0
Network set for a collection of networks
IP address Mask
To add a Network Set
Adding a Network Set
Network Set fields
Key Management
System
Network Addressing
Mode
Importing Networks and Network Sets
Network Set editor
Networks and network sets import document format in Excel
Editing a Network Set
Deleting a Network Set
To import networks and network sets into Etpm
To edit a Network Set
To delete an existing network set
Managing Network Sets 176 EncrypTight User Guide
Adding a Vlan ID Range
Creating Vlan ID Ranges for Layer 2 Networks
To add a new Vlan ID Range
Lower Vlan ID
Vlan ID range entries
Upper Vlan ID
Editing a Vlan ID Range
Deleting a Vlan ID Range
To edit a Vlan ID range
To delete an existing Vlan ID range
180 EncrypTight User Guide
Creating Distributed Key Policies
Policy Concepts
Policy Priority
Schedule for Renewing Keys and Refreshing Policy Lifetime
Encapsulation
Policy Types and Encryption Methods
Layer 2 Ethernet payload encryption
Aria Encryption
Encryption and Authentication Algorithms
To use Aria in an encryption policy, do the following
Using Encrypt All Policies with Exceptions
Addressing Mode
Key Generation and ETKMSs
Encrypt all policy with exceptions
Policy Size and Etep Operational Limits
Policy Policy Type Priority Action Protocol Covered
Minimizing Policy Size
Adding Layer 2 Ethernet Policies
To add a new Layer 2 mesh policy
Layer 2 Mesh policy entries
Layer 2 Mesh policy editor
Adding Layer 3 IP Policies
Adding a Hub and Spoke Policy
To add a new hub and spoke policy
Hub and spoke policy entries
IPSec
Addressing
Minimize Policy
Size
Hub and spoke policy editor
Adding a Mesh Policy
To add a new mesh policy
Mesh policy entries
Specifies a method for reducing the policy size
Mesh policy editor
Adding a Multicast Policy
Multicast network example
To add a multicast policy
Multicast policy entries
Multicast
Network
Multicast policy editor
Adding a Point-to-point Policy
To add a point-to-point policy
Point-to-point policy entries
Point a
Network Set
Point a Ports
Point B
Adding Layer 4 Policies
Point-to-point policy editor
Verifying Policy Rules Before Deployment
Policy Deployment
To create a new Layer 4 policy
Setting Deployment Confirmation Preferences
To enable or disable the deployment warning
Deploying Policies
To verify policies
Editing a Policy
Deleting Policies
To edit an existing policy
Editing policies
To delete all policies
To delete an existing policy
Select Tools Clear Policies
Policy Design Examples
Basic Layer 2 Point-to-Point Policy Example
Setting PEP
Layer 2 Ethernet Policy Using Vlan IDs
Point-to-point Layer 2 encryption policy
Policy 2 Partner and Partner Portal Server
Policy 3 Discard All Other
Complex Layer 3 Policy Example
Encrypt Traffic Between Regional Centers
Network sets for mesh policy
Encrypt Traffic Between Regional Centers and Branches
Encrypt all mesh policy
Network sets for the hub and spoke policies
Region a hub and spoke policy
Region B hub and spoke policy
Region C hub and spoke policy
Region D hub and spoke policy
Field
Passing Routing Protocols
Pass protocol 88 in the clear mesh policy
EncrypTight User Guide 219
Policy Design Examples 220 EncrypTight User Guide
Part IV Troubleshooting
222 EncrypTight User Guide
Etems Troubleshooting
Possible Problems and Solutions
Symptom Explanation and possible solutions
Config to Appliance
Appliance Unreachable
Preferences
Appliance Configuration
Disable-trusted-hosts CLI command
Appliance Tools Reboot
Pushing Configurations
Compare Config to Appliance . Do one of the following
Software Upgrades
About upgrades show system-log and show upgrade Status
Pinging the Management Port
To ping the management port
Tools preferences To change the default ping tool
Retrieving Appliance Log Files
On the Tools menu, click Retrieve Appliance Logs
To retrieve log files from an appliance
FTP server site information for log retrieval
Viewing Diagnostic Data
Viewing Statistics
Etep Statistics
Statistic Description
Viewing Port and Discard Status
Exporting SAD and SPD Files
CLI Diagnostic Commands
To access the appliance CLI
Viewing the Application Log from within EncrypTight
Working with the Application Log
To view the log information
Sending Application Log Events to a Syslog Server
Setting Log Filters
Exporting the Application Log
Log File Actions
Other Application Log Actions
Icon Description
Learning About Problems
Etpm and Etkms Troubleshooting
Monitoring Status
Symptoms and Solutions
Etpm status problems and solutions
Policy Errors
Etep PEPs, see the EncrypTight User Guide
Status Errors
Renew Key Errors
Etpm Log Files
Viewing Log Files
Etkms Log Files
Etkms Troubleshooting Tools
Linux Commands
Command Description
Etkms Server Operation
PEP Troubleshooting Tools
Resetting the Admin Password
Optimizing Time Synchronization
Shutting Down or Restarting an External Etkms
To disable the Sntp client on multiple PEPs
Statistics
Etep PEP Policy and Key Information
To view statistics
Troubleshooting Policies
Replacing Licensed ETEPs
Checking Traffic and Encryption Statistics
To export SAD or SPD files from Etep PEPs
Placing PEPs in Bypass Mode
Solving Policy Problems
Viewing Policies on a PEP
Allowing Local Site Exceptions to Distributed Key Policies
Expired Policies
Solving Network Connectivity Problems
Cannot Add a Network Set to a Policy
Modifying EncrypTight Timing Parameters
Certificate Implementation Errors
Cannot Communicate with PEP
Invalid Certificate Error
Etkms Boot Error
Invalid Parameter in Function Call
To disable strict authentication on ETEPs
Enter strict-client-authentication disable
Etpm and Etkms Troubleshooting 252 EncrypTight User Guide
Part V Reference
254 EncrypTight User Guide
Modifying the Etkms Properties File
About the Etkms Properties File
Digital Certificate Configuration
Hardware Security Module Configuration
Logging Setup
Base Directory for Storing Operational State Data
Peer Etkms and Etpm Communications Timing
Policy Refresh Timing
PEP Communications Timing
PEP Communications Timing
Page
Using Enhanced Security Features
About Enhanced Security Features
About Strict Authentication
Prerequisites for Using Certificates with EncrypTight
How to Reference
Prerequisites
Order of Operations
Certificate Information
Setting Description
Distinguished name information
Using Certificates in an EncrypTight System
Usage, you type this string as follows
Changing the Keystore Password
Changing the EncrypTight Keystore Password
Changing the Etkms Keystore Password
To change the EncrypTight keystore password
Changing the Keystore Password on a Etkms
Changing the Keystore Password on a Etkms with an HSM
Changing the Password Used in the Etkms Properties File
To change the password listed in the Etkms properties file
Restart the Etkms Service To start the Etkms service
To configure the certificate policies extension for ETEPs
Configuring the Certificate Policies Extension
Click Enable Policy Extensions
To configure certificate policy extensions for ETKMSs
Click Enable Certificate Policy Extensions
Etkms Certificate Policies Entries
Parameter Description
EncrypTight User Guide 271
Working with Certificates for EncrypTight and the ETKMSs
Generating a Key Pair
Keytool genkeypair Command
Requesting a Certificate
To generate a key pair
To create the certificate request
To install a CA certificate
Importing a CA Certificate
Importing a CA Certificate Reply
Keytool Parameters for Importing a CA Certificate
Working with Certificates and an HSM
Configuring the HSM for Keytool
Exporting a Certificate
Importing CA Certificates into the HSM
Generating a Key Pair for use with the HSM
Generating a Certificate Signing Request for the HSM
Working with Certificates for the ETEPs
Importing Signed Certificates into the HSM
Understanding the Certificate Manager Perspective
To start the Certificate Manager do one of the following
Working with External Certificates
Certificate Manager Workflow
Obtaining External Certificates
To install an external certificate
Installing an External Certificate
To obtain a CA certificate from a CA
Working with Certificate Requests
Requesting a Certificate
282 EncrypTight User Guide
Installing a Signed Certificate
Viewing a Pending Certificate Request
Certificate usage
To view a pending certificate signing request
Canceling a Pending Certificate Request
Setting Certificate Request Preferences
To cancel a pending certificate request
To set certificate request preferences
Managing Installed Certificates
Certificate request preference fields
Viewing a Certificate
To export an installed certificate
Exporting a Certificate
Validating Certificates Using CRLs
Validating Certificates
Deleting a Certificate
To delete an external certificate
Configuring CRL Usage in EncrypTight and the ETKMSs
Configuring CRL Usage on ETEPs
To use CRLs with the EncrypTight software
To use CRLs with the Etkms
Validating Certificates Using Ocsp
To install a CRL on the Etep
Handling Revocation Check Failures
To view CRLs
To set up Ocsp in EncrypTight
Click Enable Online Certificate Status Protocol Ocsp
EncrypTight Ocsp Options
Options Description
To set up Ocsp in the Etkms
To set up Ocsp on the ETEPs
Click Enable Ocsp
Ocsp Settings
Enabling and Disabling Strict Authentication
To enable strict authentication in the EncrypTight software
To enable strict authentication on the Etkms
To enable strict authentication on PEPs
To disable strict authentication
Clear the Enable Strict Client Authentication box
To disable strict authentication from the command line
Removing Certificates
To remove certificates
Using a Common Access Card
Select Tools Clear Certificates
Enabling Common Access Card Authentication
Configuring User Accounts for Use With Common Access Cards
To add common names to the Etkms
To enable CAC Authentication on the Etep
Click XML-RPC Certificate Authentication
To enable CAC Authentication on the Etkms
To enable CAC Authentication in EncrypTight
To specify how to handle common name failures
Handling Common Name Lookup Failures
Using Enhanced Security Features 298 EncrypTight User Guide
Etep Configuration
Product Family and Software Version
Identifying an Appliance
Appliance Name
To configure appliance interfaces
Interface Configuration
Throughput Speed
ET0100A interfaces configuration Related topics
Management Port Addressing
IPv4 Addressing
IPv4 management port addressing
IPv6 Addressing
IPv6 management port addressing
Auto-negotiation All Ports
Link speeds on the management port
Transparent Mode
Remote and Local Port Settings
Link speeds on the local and remote ports
Policy Type Mode of operation
When to use transparent mode
Local and Remote Port IP Addresses
Default Gateway
Transmitter Enable
IP Address and Subnet Mask
Transmitter Enable settings on the Etep
Dhcp Relay IP Address
Reassembly Mode
Ignore DF Bit settings
Reassembly mode settings
Ignore DF Bit
Trusted Hosts
Trusted host list
Inbound trusted host protocols used by EncrypTight
To add a trusted host
Protocol
Outbound host Appliance Editor Tab
Snmp Configuration
System Information
Community Strings
Snmp system information
To define a community name
Under Community Strings, click Add
Traps reported on the Etep
Traps
Trap Description
SNMPv2 Trap Hosts
To configure a trap host
SNMPv3
SNMPv3 Configuration Related topics
Retrieving and Exporting Engine IDs
Generating the Engine ID
To retrieve engine IDs
Configuring the SNMPv3 Trap Host Users
Viewing SNMPv3 Engine IDs Related topics
SNMPv3 Trap Host configuration To configure a trap host user
SNMPv3 trap host users
Logging Configuration
Etep Logging tab
Log facilities
Log Event Settings
Facility Description
Defining Syslog Servers
Log priorities
To define a syslog server
Under Syslog Servers, click Add
Log File Management
Log file sizes
Log name File size
Internals logs
Advanced Configuration
Log files extracted from the Etep Related topics
Path Maximum Transmission Unit
Valid Pmtu ranges on Etep appliances
Pmtu and fragmentation behavior on the Etep
Packet Payload Size Layer 2 Etep Layer 3 Etep
CLI Inactivity Timer
Password Strength Policy
Non IP traffic handling configuration
Non IP Traffic Handling
XML-RPC Certificate Authentication
SSH Access to the Etep
Sntp Client Settings
To configure the NTP client
IKE Vlan Tags
Features Configuration
Ocsp Settings
Certificate Policy Extensions
IKE Vlan Tags
Fips Mode
Enabling Fips Mode
Fips approved encryption and authentication algorithms
Encryption algorithms Authentication algorithms
Policy Type Action upon entering Fips mode
Disabling Fips
Verifying Fips Status on the Etep
Operational Notes
EncrypTight settings
EncrypTight Settings
Setting Definition
Encryption policy settings
Encryption Policy Settings
Working with Policies
Creating Layer 2 Point-to-Point Policies
Using EncrypTight Distributed Key Policies
To launch Etpm from Etems
Etep Policy tab
Using Group IDs
Using Preshared Keys for IKE Authentication
Selecting a Role
Selecting the Traffic Handling Mode
How the Etep Encrypts and Authenticates Traffic
IKE Phase 2 Parameters
Parameter Value
Factory Defaults
Interfaces defaults
Interfaces Default Setting
Interfaces
Snmp defaults
Trusted hosts defaults
Trusted Hosts
Policy
Logging
Advanced
Features
Hard-coded Settings
Features defaults
Features Default Setting
Index
Numerics
Index
EncrypTight User Guide 345
Etpm
See also HSM Https TLS
348 EncrypTight User Guide
EncrypTight User Guide 349
350 EncrypTight User Guide
See also TLS trap configuration
352 EncrypTight User Guide
Black Box Tech Support FREE! Live /7