ZeroLock® Agent Installation: Signed Component Installer on ESXi

A guide to installing the ZeroLock Agent onto the ESXi Hypervisor using a signed Component Installer.

 Note: The settings contained are only supported on ZeroLock Agents v3.x or later. 

 

The ZeroLock Agent (ZA) supports the following ESXi versions:

  1. ESXi 6.7
    • Must be patched with ESXi670-202102001 which installs the signed VIB on systems with secureboot enabled.
    • The version that contains this patch is VMware ESXi 6.7.0 build-17499825.
    • To determine the version on your system, use the command: vmware -v 
  2. ESXi 7.x
  3. ESXi 8.x

Advanced Settings

Regardless of the installation method, some settings must be made before installing any agent. These Advanced Settings vary depending on your environment and the agent version you intend to install. To install using Component Installer, ensure that you select the ESXi environment and that the Deploy – ESXi screen is visible before proceeding with agent installation. Use this link to access these settings: Advanced Settings.

Adv Settings ESXi selection 3.x-1


Component Installer Installation 

  1. Before installation, the ESXi host must be in Maintenance mode.  Please review the VMware article Place a Host in Maintenance Mode for the necessary steps. Once the host is in maintenance mode, you may proceed to Step 2.
  2. With the Advanced Settings complete, and you are back on the Deploy-ESXi home screen, under Download, select Component Installer to download the installer file, then copy it to a data location on the target endpoint(s). One option is to use the scratch directory.
    Deploy v3.5.6
  3. Use the Copy Install Instructions button to copy the installation command. In a terminal session to the target system, cd to the location the installer file was uploaded to (scratch folder) and execute the copied command to install. The ESXi server must be rebooted to 
    enable the ZeroLock Agent. Rebooting is a VMware requirement.

Install Success_Reboot-2


Validating Agent Installation 

Regardless of the installation method, the Agent installation should always be validated.  This is a simple process of selecting the Endpoints tab on the left menu. The new endpoint will be listed; the green dot in the status column indicates a successfully installed agent on the endpoint system. 

Validating Installed Endpoint 3.5.6

 Note: When you SSH into the endpoint an MFA alert setting should generate an alert.  


To get information about the installed ZeroLock VIB Package:

          esxcli software vib list | grep val_zerolock

 

esxcli software vib get -n val_zerolock