Getting Started with ZeroLock
      Back to home
      1. Vali Cyber Knowledge Base
      2. Product Support
      3. Getting Started with ZeroLock

      ZeroLock® Management Console Installation Guide

      How-to correctly install the ZeroLock® Management Console.

      ZeroLock Management Console

      ZeroLock Management Console (ZMC) is the backend component of the ZeroLock security suite. The ZMC performs command and control for ZeroLock Agent software that runs on protected endpoints.

      The ZMC is comprised of several components, including ux-server, collector, and database.

      These components run in a containerized environment on various host operating systems.

      The Installer prepares the host operating system (starting with a fresh install) to run the ZMC.

      The Installer identifies the latest previous version of the ZMC, (optionally) backs it up, copies the database, and then migrates the copied database to the latest schema.

      Verify Minimum Environment Requirements

      Before proceeding with installing the server ensure that the environment is prepared correctly by verifying the minimum physical requirements and proper network port configuration are in place.

      Minimum System Requirements

      ZeroLock Server Requirements

      RAM

      		 16GB
      Disk Space 512GB (dependent on number of endpoints and data retention duration)
      CPU Cores 6 or more recommended
      Installation Requirements
      • Self-deployment: Latest version of Docker
      • OVA-deployment: ESXi 7.0 or later

       

      ZeroLock Endpoint Agent Requirements

      OS

      		 Linux Kernel v3.5 or higher. Distribution agnostic.
      Processor x86-64, ARM-64 (coming soon)
      Memory 50MB
      Disk Space 100MB
      Kernel Mods No kernel modifications or modules required
      VM/Container Support ZeroLock runs on bare metal, virtual machines, and containers (including public / private / hybrid cloud instances)
      Installation Methods
      • ESXi - Signed Component Installer
      • curl-based command line installer
      • wget-based command line installer
      • tar.gz file-based installer
      • bash script self-extracting file-based installer
      • deploy via containers (e.g. Docker)
      • deploy via orchestrated containers (e.g. Kubernetes or OpenShift)
      Pre-Installation Requirements

      RPM-based systems (Fedora and CentOS):

      • Checkpolicy
      • Iproute
      • util-linux
      • policycoreutils or policycoreutils-python. 

      Debian-based systems (Ubuntu):

      • iproute2
      • util-linux 

       

      Port Configuration

      Port requirements for ZeroLock Management Console (Server) and Agent communications. The local firewall must allow those ports/protocols inbound.

      Administrative access to ZeroLock Management Console (Server) 7443
      ZeroLock Agent to ZeroLock server communications 443

       

      Docker Set Up

      Download and install the latest Docker.  Ensure the User that will be launching the ZMC containers is not root but is part of the docker group, allowing the User to launch docker without sudo access.  

      Note:   At this time, Podman is not supported.

      ZeroLock Management Console Download

      Vali Cyber® Support Teams will provide access to the current version of ZeroLock.

      ZeroLock Containers Installation 

      The ZeroLock Management Console (ZMC) ships as a tgz (compressed tar) file, named zerolock-server-<version number>.tgz.

      1. Determine where the ZMC files will be installed. The ZMC should run as a regular (non-root) user. We recommend installing the ZMC in the distribution’s default user home directory (e.g., /home/ubuntu, /home/ec2-user, etc.), or else in the home directory of a user created specifically to run ZMC (e.g., /home/zerolock). 
      2. Move the ZMC tgz file to the home directory.


      3. Extract the file.
        tar xzf zerolock-server-<version number>.tgz  
      4. Note the new subdirectory zerolock-server-<version number>.


      5. Change to the new directory.  
        cd zerolock-server-<version number>


      6. Run the installer.
      bash install-zerolock-server.sh
      Command line options are outlined below.
      -h --help Displays help options.
      -v   Produces more verbose output. It may be used multiple times -v -v -v or -vvv to increase the level.
      -n --no Answer “no” to all installation questions and will produce a dry run.
      -y --yes Answers “yes” to all questions and is useful for automation of the installation.
      --previous   Explicitly specifies the previous installation of ZeroLock™ Management Console. By default, if not specified, the previous installation will be determined automatically.

      7.   Enter y to the confirm continue with installation prompt.



      8.  The newly installed ZMC is symlinked:
      zerolock-server -> zerolock-server-<version number> to identify the latest installation’s subdirectory.



      Final steps - startup system and verify connectivity

      Refer to the Console Startup to start the ZeroLock Management Console

      Refer to Iptables configuration to limit access to the ZeroLock Management Console