Getting Started with Relay

Welcome to Relay. Our goal is to provide you with tools that help you monitor and secure web activity on your network. But before you jump into the Relay interface, follow these three simple steps to get started:

  1. 1. Add Users and Groups
  2. 2. Create your filtering policy
  3. 3. Deploy Relay software to devices

Of course, you need to log in to Relay before getting started.

Step 1- Add Users and Groups

Start by adding (importing) users and groups from the Google Admin Console to Relay. Click the Go button on the Relay Getting Started page, or navigate to the Settings > User & Group Management page.

Import Users and Groups from the Google Admin Console

Note: You need to enable API Access for Google sync to work.

In the Google Admin console, navigate to Security > API Reference and check the Enable API Access box under API access.

Follow these steps to authorize Google to import users and groups:

Navigate to the User & Group Management page by clicking Settings > User & Group Management from the left-side naviagtion menu.

Click the Authorize button. You will be redirected to a Google page that will prompt you for permission to allow Lightspeed Systems to view organizational units on your domain.

This opens a Google page that prompts you to allow Lightspeed Systems to view organizational units on your domain. Click Allow.

A new set of importing options are listed below Google Import. Configure your import settings based upon the following options:

  • Data – Import the Structure Only or Structure & Users.
  • Organizations – Select the organizaitions you want imported into Relay.
  • Nightly Import – Select this option if you want Relay to import your Data and Organizations nightly. Click Import Now to import this data immediately.

Other Import Methods

There are other options for importing users into Relay. Refer to these documents for :

Step 2- Create your filtering policy

The second step in this Getting Started process is to create your filtering policy. We suggest reviewing Relay’s default internet access categories to begin crafting your internet policy.

Review Categories

Relay classifies websites into various categories. By default, most of these categories are blocked.

Navigate to Internet Access > Default Rules section and scroll through the list of Categories. Determine which categories need to be blocked or unblocked. Each category provides a brief description of the type of sites within it. Click on the on/off icon to the left of the category name to toggle a category on or off.

  • 15 – indicates the category is on and accessible.
  • 16 – indicates the category is off and blocked.

Search for a Site’s Category
To search for a site’s category, scroll to the top of the Rules page and enter the website URL in the Enter a website to check… search bar, then click Check.

Example: In the following example we searched for www.facebook.com and the results show that Facebook is blocked and categorized as forums.social_networking. Click on the icon to the left of the category name to make the category (and Facebook) accessible.

Step 3- Deploy Relay software to devices

After you’ve imported users and created your filtering policy, you are ready to deploy Relay to your devices (Chrome, Mac, Windows)

Minimum OS Version

Before deploying Relay to any devices on your network, ensure that the device(s) is running this version of the operating system:

  • Windows– Windows 10, x64, build 1709
  • Mac– High Sierra, x64
  • iOS– 11.2

Chrome Devices

Open the Google Admin console and navigate to Device Management.

Click Chrome Management from the left-side menu (Device Settings), then click User Settings.

Choose your organization from the left menu (Organizations), then scroll down to Apps and Extensions > Force-installed Apps and Extensions. Click on Manage force-installed apps. Click on Specify a Custom App.

Enter your organization-specific App ID and URL in the ID and URL fields. Then click Add.

Note: Refer to the Relay (or Classroom) Getting Started page and click Details (Relay- Step 3, see the example below. or Classroom- Step 2.) for the App ID and URL. You can also find your organization-specific App ID and URL on Relay’s Settings > Chrome Extension page.

Once added, the App ID is listed in the Total to force install list. Click Save to push the extension.

Mac OS Devices

Prerequisites

  • macOS High Sierra, x64

To install a Smart Agent on a Mac, follow these steps:

  1. 1. Working from the target workstation as an Administrator, prepare a local copy of your Smart Agent .dmg file that you received from Lightspeed Systems.
  2. 2. Open SmartAgent.dmg and complete the installer.

    Windows Devices

    Prerequisites

    • Windows machine running Windows 10, x64, build 1709

    To install a Smart Agent on a Windows machine, follow these steps:

    1. 1. Working from the target workstation as a Local Administrator, prepare a local copy of your Smart Agent .msi file that you received from Lightspeed Systems.
    2. 2. From an administrator command prompt, navigate to the folder where your Smart Agent .msi file is located and launch it using the command: msiexec /i  Smart Agent .msi.
      • Example: msiexec /i SmartAgentx64.msi

    iOS Devices

    Prerequisites

    • Device must be running iOS 11.2
    • Device cannot be running any other iOS filtering software and cannot have a global proxy configured.
    • Device must be enrolled in a mobile device manager and owned by the user that you are filtering with Relay.

    Smart Agents for iOS should be installed using Managed Distribution. For more information on Managed Distribution, click here.

    Following installation, you need to configure the Web Content Filter settings within your MDM.

    Lightspeed Systems Mobile Manager

    Follow these instructions to configure the Web Content Filter settings in Lightspeed Systems Mobile Manager.

    • Click Device Management > Policies in the left-side navigation.

    • Click Web Content Filter in the Policies list

    • In the Web Content Filter policy, set Filter Type to Plug-In and Vendor to Lightspeed (Relay).

    Third-Party MDM

    If you’re using a third-party MDM, you’ll need to configure the following settings:

    Filter Type: Plugin
    Filter Name Lightspeed Relay
    Identifier com.lightspeedsystems.iosrelayfilter
    Organization Provided by Customer (ex: Relay – Content Filter)
    User Name email address – must match the email address in Relay/Launch
    Password Leave blank
    Certificate None
    Filter WebKit Traffic Checked
    Filter Socket Traffic Checked

    Custom Data

    Key Type Value
    UDID String UDID of the device
    customerID String Lightspeed Customer ID

    Here’s an example of the settings using Apple Configurator as a third-party MDM:

    Required Open (Unblocked) URLs

    Additional Steps

    When running Relay in Google Chrome, we recommend enabling these settings (if not already) to prevent users from bypassing or compromising the web-filtering service:

    Caution:Make sure you select the correct organization from the list of Organizational groups (User Settings left-menu) when making these changes.

    Add Chrome Flags & Inspect Tools to the URL Blacklist

    Google Chrome Flags (list of experimental features) provide savvy users the ability to bypass web filtering in Chrome. Disable any opportunity to bypass web filters by adding these pages to your list of blocked URLs in Google’s Admin console.

    To add the Chrome Flags and Inspect Tool URLs to the URL Blacklist from the Google Admin console, navigate to the URL Blacklist settings (Device Management > Chrome > User settings > Content > URL Blocking > URL Blacklist) enter the following URLs in the URL Blocking Field. Click Save to apply this setting.

    Ensure Extensions are Allowed

    Our web-filtering services (for Chrome) are deployed to devices via a Chrome Extension. By default, Extensions should be allowed, but if you have issues pushing the extension to a device, ensure that this setting is enabled.

    To verify that extensions are allowed from the Google Admin console, navigate to the list of Allowed Types of Apps and Extensions (Device Management > Chrome > User settings > Apps and Extensions > Allowed types of Apps and Extensions) and ensure that the box next to Extension is marked. Click Save to apply this setting.

    Disallow Incognito Mode

    Chrome’s Incognito Mode allows users to browse the Internet privately. While user activity isn’t hidden in Incognito Mode, it’s best to disallow this feature when setting up your web-filtering service.

    To disallow Incognito Mode from the Google Admin console, navigate to Incognito Mode (Device Management > Chrome > User settings > Security > Incognito Mode) and select Disallow Incognito Mode from the drop-menu. Click Save to apply this setting. Click Save to apply this setting.

    Never Allow Developer Tools

    Chrome’s built-in developer tools give users access to the browser’s (and other web applications) internal code. It’s best to never allow users access to the browser’s built-in developer tools.

    To never allow access to Chrome’s built-in developer tools, from the Google Admin console, navigate to Development Tools (Device Management > Chrome > User settings > User Experience > Developer Tools) and select Never allow use of built-in developer tools from the drop-menu. Click Save to apply this setting.