Quickstart process

Guardian Cloud (formerly known as Overwatch) is Medcrypt's web-based platform for managing device provisioning and certificates.

Step 1: Sign in
  1. Check your email for an invitation from your Medcrypt contact.

  2. Click the invitation link in your email.

  3. Set up your password using the secure link.

  4. Sign in at the Guardian Cloud URL provided by Medcrypt.

Step 2: Get started

Get started page

This is your central hub for getting Guardian up and running quickly. Jump right into configuring your system by selecting a use case that matches your architecture, then follow the guided wizard to get your devices securely communicating.

Choose your path: Start by selecting a use case to configure your system and generate your system provisioning package. You'll use this package with the Guardian library on your device to generate its provisioning request (PR) and begin secure operations.

Everything you need at your fingertips:

  • Download Guardian library: Find the library that matches your platform, language, and/or architecture needs.

  • Quickstart guides: Follow step-by-step walkthroughs for provisioning devices through the Guardian UI , API, or command line.

  • Security assessment: Take our cybersecurity maturity assessment to evaluate your current security posture, identify gaps, and receive a tailored roadmap from our FDA experts to strengthen your medical device security.

  • SBOM vulnerability management: Start a free trial of our comprehensive SBOM and vulnerability management tool, Helm.

  • Explore our pre-market and post-market services. We'd love to talk with you! Our comprehensive services have helped clients reduce FDA approval time from 180 to 45-60 days with a 100% approval rate across over 200 projects and 60 clients.

Get familiar with Guardian UI

Navigate Guardian easily with the top navigation bar (profile, theme toggle, breadcrumbs) and sidebar access to key pages:

  • Systems: View system configurations, download provisioning packages, and view certificate trust chain (Root of Trust).

  • Provisioning: For disconnected devices, upload a device provisioning request (PR) and download the device certified profile (CP). For connected devices, the PR will automatically be uploaded to Guardian, and the CP automatically sent to the device.

  • Devices: Manage device provisioning via automatic provisioning or manual approval steps.

  • Downloads: Download Guardian library

  • Help: Check out our extensive help center or contact us for support.

Step 3: Create your first system

There are two ways to create and start configuring your new system:

  • Select a use case from the Get started page. This displays when you first sign in, but if you've closed it, click the Get started item in the sidebar.

  • Click the Systems item in the sidebar, then click Add new system. This will launch the system creation wizard. If you need a custom integration not covered by these use cases, contact support.

Step 4: Configure your system
  1. After selecting a use case in the system creation wizard, you will be automatically moved to the next step where you can configure your system.

  2. Provide the system details, then click Continue. These will vary depending on the use case selected.

  3. If you're not ready yet, you can always click Save & continue later. You can then access your system at any time from the Systems item in the sidebar.

  4. In the next step, select the Guardian library file that meets your needs. You can filter by language, platform, or architecture. Download your file, then click Continue.

  5. In the following step, you can view and export security certificates. This is an optional step. Click Continue.

  6. In the final step, you can download the provisioning package for your system. You'll put this file in the Guardian Library file path that you defined. This will generate a provisioning request (PR), which will be sent to the Guardian server. Behind the scenes, we're creating the Root of Trust (RoT), HSM, and everything else you will need to get your devices up and running. Note that this could take some time, so we will notify you via email as soon as your provisioning package is ready for download.

Step 5: Download Guardian library if you haven't already

You can download your Guardian library from the Downloads item on the sidebar if you didn't do so during system configuration, or prefer to start with the library.

Step 6: Download system provisioning package
  1. After receiving your email that your provisioning package is ready, click Systems to view all systems and their current status.

  2. Click the Provisioning package link on your system. Any system that has an available provisioning package will show a Package ready badge, which you can also click to view the provisioning package.

  3. Click Download on the provisioning package.

Step 6a: Extract PR from device (disconnected devices only)

Field technician extracts the provisioning request ( .mcpr file) generated by the device.

Step 6b: Upload PR into Guardian Cloud (disconnected devices only)
  1. Click the Provisioning item in the sidebar.

  2. Click the Begin provisioning button. This will prompt you to upload a provisioning request. This is an .mcpr file.

Step 7: Monitor and approve PRs

All PRs, regardless of the method in which they were sent to Guardian Cloud, will appear in Devices page for approval/processing workflow

  • Systems with automatic approval: Guardian will automatically move device PRs through the approval process, then send each device's certified profile (CP) directly to the device.

  • Systems with manual approval: Your team will manually approve or reject, then manually complete provisioning.

Step 7a: Complete provisioning (connected devices only)

For both automatic and manual approval, the CP is automatically downloaded from Guardian and automatically installed on the device, then the device is automatically marked as Provisioned in Guardian.

For connected devices, this is the last step.

Step 8: Download profile (disconnected devices only)

When the provisioning request has been processed, you'll be prompted to download the certified profile or CP ( .mcp file) on the Provisioning page.

Step 8a: Upload CP to device (disconnected devices only)
  1. CP is manually installed on the device.

  2. Click Complete provisioning to mark it as Provisioned in Guardian.

Optional steps

View and export Root of Trust certificates
  1. After creating a new system, click Systems on the sidebar.

  2. Click the Certificates link on the system. This will display the Root of Trust (RoT) certificates (root and intermediate level).

  3. Click any root or intermediate certificate to expand all of its child certificates. Refer to Manage Root of Trust certificates for more information.

  4. Click each certificate card to view its details. You can also search on certificate common name and filter by certificate level.

  5. Click Export on each certificate you want to export. If you want to export a file for each of the certificates, click Export all. This will only export the filtered results.

View and export device-level certificates
  1. Click Devices on the sidebar.

  2. Click the Certificates tab.

  3. Click any certificate to view its children. Refer to Manage certificates for more information.

  4. Click each certificate card to view its details. You can also search on certificate common name and filter by certificate level.

  5. Click Export on each certificate you want to export. If you want to export a file for each of the certificates, click Export all. This will only export the filtered results.

Last updated

Was this helpful?