Agents
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Agents

      Moving Linux-Hosted ZeroLock® Agents between ZeroLock® Management Consoles

      How to re-associate a ZeroLock Agent with a new ZeroLock® Management Console.

        Moving a ZeroLock Agent (ZA) from one ZeroLock Management Console (ZMC) to another requires only that both ZMCs have network connectivity to the ZA and that the Agent be version 2.0.8 or later.

        Re-associate the ZeroLock Agent with the new ZMC

        The first step is to stop the ZA that you want to move to another ZMC.  If the Lockdown Rule, “Anti-Tampering,” is enabled, it must be disabled for the service to be stopped.

        Stopping the ZeroLock service is done by opening an SSH session to the target ZA and running the command:

        sudo systemctl stop zerolock.service

        Image_1_Stop zerolock service

        To verify that the service is stopped, open another SSH session to the agent and enter the command:

        sudo systemctl status zerolock.service
        Image_2_Inactive status

         

        At this point, the new Collector IP address and token must be entered.  The IP address is the destination ZMC.  In this example, the IP address is 10.0.0.5.  The token may be found on the Deploy homepage of that ZMC.

        Image_3_Target Deploy Page Token

         

        When the ZeroLock service stops, the SSH session is terminated, so you must open another session to the agent.  From the Deploy homepage, copy the new token (see above).

        Once this has been done, enter the following commands to update the ZA with the new settings.

        sudo /usr/bin/zerolock-tyr -update -host <server2-collector> -token <server-2-token>

        Restart the ZeroLock service with:

        sudo systemctl start zerolock.service

        Image_4_Update and Start commands

        Verify Agent

        There are two (2) methods to verify if a ZeroLock Agent is active.

        1. The first is to run the ‘status’ command on the agent as we did earlier.
          Image_5_Status_Active

        2. The second method is to look at the Endpoint homepage of the destination ZeroLock Management Console.  The moved endpoint should be added, and a green indicator in the STATUS column reflects a successful ZeroLock Agent installation.
          Image_7_Endpoints Shows Active

        Key Commands:

        stop service

        sudo systemctl stop zerolock.service

        update server info

        sudo /usr/bin/zerolock-tyr -update -host <server2-collector> -token <server-2-token>

        start service

        sudo systemctl start zerolock.service

        service status

        sudo systemctl status zerolock.service