A guide to install the ZeroLock Agent onto the ESXi Hypervisor using the command-line script with the signed Component Installer.
NOTE: The settings contained are only supported on ZeroLock Agents v3.x or later.
The ZeroLock Agent (ZA) supports the following ESXi versions:
|
ESXi 6.7 |
ESXi 7.x |
ESXi 8.x |
|
|
|
|
|
ESXi670-202102001 or Higher |
All versions |
All Versions |
|
VMware ESXi 6.7.0 build-17499825 |
|
|
Installing ZeroLock via Command Line Using the Signed Component Installer
Installing the ZeroLock Agent via the command line on an ESXi host using the signed component installer ensures a secure, policy-compliant deployment — even in environments where vCenter is not available. Here's why this is the preferred method for standalone or scripted installations:
- No Acceptance Level Changes Required:
The signed component is trusted under the default PartnerSupported acceptance level, eliminating the need to lower the host’s security posture to install the agent. - Maintains Component Integrity:
The installer is digitally signed to ensure it hasn't been modified, assuring that the deployed package is authentic and tamper-free. - CLI-Friendly Deployment:
Ideal for edge, lab, or air-gapped environments, the signed installer can be deployed using standard esxcli commands without requiring vCenter or GUI interaction. - Compatible with Future vCenter Integration:
Even when installed manually, using the signed version allows for future upgrades or management through vSphere Lifecycle Manager (vLCM) should the host later be added to a managed cluster. - Clear Installation Logging and Auditability:
Because the package is signed and validated, the installation is logged cleanly within the ESXi host — supporting audit requirements and change tracking in enterprise environments.
Together, these benefits make the signed command-line installer a secure, efficient, and forward-compatible option for installing ZeroLock on ESXi hosts outside of vCenter-managed infrastructure.
Advanced Settings
Before installing any ZeroLock® agent, certain advanced settings must be configured, regardless of the installation method used. These settings may vary depending on the deployment environment and the specific agent version being installed. When using the Component Installer, ensure that the ESXi environment is selected and click Save as Default. After saving the deployment method, ensure the Deploy – ESXi screen is displayed before proceeding with the agent installation.
Component Installer Installation
- Place the ESXi Host in Maintenance Mode:
Before beginning the installation, ensure the ESXi host is placed in Maintenance Mode. Once the host is successfully in Maintenance Mode, you can proceed to Step 2. - Download and Copy the Component Installer:
After completing the Advanced Settings and returning to the Deploy – ESXi home screen, notice the Download section. The Download section contains the VIB (VMware Installation Bundle) that has been signed by VMware by Broadcom. Select and download the Component Installer .zip file.
- Click Copy Install Instructions to copy the installation command.
- Run the Installation Command
Copy the signed ZeroLock component to the ESXi host’s scratch folder (e.g., scratch/). Then, in a terminal session on the target system, run the copied installation command or script to begin the installation. Once the installation is complete, a reboot of the ESXi host is required to activate the ZeroLock Agent.
Validating Agent Installation
To validate a successful installation, follow the instructions provided by the following link: Validating Agent Installation. Additionally, ensure the ESXi host has been rebooted and that the ZeroLock Agent is running as expected.
To perform additional checks and confirm that the ZeroLock VIB package was installed correctly, you’ll need to temporarily deactivate endpoint protection in the ZeroLock Management Console (ZMC).
Skipping the deactivation step may cause the ZMC to interpret your verification commands as tampering, which could result in your SSH session being automatically terminated.
- In the ZMC console, navigate to Endpoints and select the endpoint to verify that the ZeroLock VIB was correctly installed.
- Click the Actions drop-down menu and click Deactivate Endpoint Protection.
- Verify that endpoint protection has been successfully turned off in the ZMC. The status of the endpoint will change to yellow, indicating that protection is currently deactivated.
- Once the endpoint is deactivated, verify the installed ZeroLock VIB package, run the following command on the ESXi host: esxcli software vib get -n val_zerolock
- Click the Actions drop-down menu and click Activate Endpoint Protection.
View ZeroLock Agent Logs on ESXi host
There are two primary components of the ZeroLock Agent: Tyr and Baldur.
- Tyr handles communication with the ZeroLock Management Console (ZMC).
- Baldur functions as the behavior analysis engine, responsible for detection, response, and telemetry, which it reports back to Tyr.
The output from relevant ZeroLock components is now consolidated into a single log file: val_zerolock.log, which is in the /var/log directory on the ESXi host.
To view and verify val_zerolock.log, enter the command below in the terminal window:
- ls -l /scratch/log | grep val_zerolock
For more information, please visit the Vali Cyber Support page.