ZeroLock® Management Console Installation Guide

How-to correctly install the ZeroLock® Management Console.

ZeroLock Management Console

ZeroLock Management Console (ZMC) is the backend component of the ZeroLock security suite. The ZMC performs command and control for ZeroLock Agent software that runs on protected endpoints.

The ZMC is comprised of several components, including ux-server, collector, and database.

These components run in a containerized environment on a variety of host operating systems.

The Installer prepares the host operating system (starting with a fresh install) to run the ZMC.

The Installer identifies the latest previous version of the ZMC, (optionally) backs it up and copies the database, and then migrates the copied database to the latest schema.

Verify Minimum Environment Requirements

Before proceeding with installing the server ensure that the environment is prepared correctly by verifying the minimum physical requirements and proper network port configuration are in place.

Minimum System Requirements

ZeroLock Server Requirements

RAM

8GB
Disk Space 100GB (dependent on number of endpoints and data retention duration)
CPU Cores 4 (min) or more (recommended)
Installation Requirements Latest version of Docker

 

ZeroLock Endpoint Agent Requirements

OS

Linux Kernel v3.5 or higher. Distribution agnostic.
Processor x86-64, ARM-64 (coming soon)
Memory 50MB
Disk Space 100MB
Kernel Mods No kernel modifications or modules required
VM/Container Support ZeroLock™ runs on bare metal, virtual machines, and containers (including public / private / hybrid cloud instances)
Installation Methods
  • curl-based command line installer
  • wget-based command line installer
  • tar.gz file-based installer
  • bash scrip self-extracting file-based installer
  • deploy via containers (e.g. Docker)
  • deploy via orchestrated containers (e.g. Kubernetes or OpenShift)
Pre-Installation Requirements

RPM-based systems (Fedora and CentOS):

  • Checkpolicy
  • Iproute
  • util-linux
  • policycoreutils or policycoreutils-python. 

Debian-based systems (Ubuntu):

  • iproute2
  • util-linux 

 

Port Configuration

Port requirements for ZeroLock Management Console (Server) and Agent communications. The local firewall must allow those ports/protocols inbound.

Administrative access to ZeroLock Management Console (Server) 7443
ZeroLock™ agent to ZeroLock server communications 443

 

Docker Set Up

Download and install the latest Docker.  Ensure the User that will be launching the ZMC containers is not root but is part of the docker group, allowing the User to launch docker without sudo access.  

Note:   At this time, Podman is not supported.

ZeroLock™ Management Console Download

Vali Cyber® Support Teams will provide access to the current version of ZeroLock.

ZeroLock Containers Installation 

The ZeroLock Management Console (ZMC) ships as a tgz (compressed tar) file, named zerolock-server-<version number>.tgz.

  1. Determine where the ZMC files will be installed. The ZMC should run as a regular (non-root) user. We recommend installing the ZMC in the distribution’s default user home directory (e.g., /home/ubuntu, /home/ec2-user, etc.), or else in the home directory of a user created specifically to run ZMC (e.g., /home/zerolock). 
  2. Move the ZMC tgz file to the home directory.


  3. Extract the file.
    tar xzf zerolock-server-<version number>.tgz  
  4. Note the new subdirectory zerolock-server-<version number>.


  5. Change to the new directory. 
    cd zerolock-server-<version number>


  6. Run the installer.
bash install-zerolock-server.sh
Command line options are outlined below.
-h --help Displays help options.
-v   Produces more verbose output. It may be used multiple times -v -v -v or -vvv to increase the level.
-n --no Answer “no” to all installation questions and will produce a dry run.
-y --yes Answers “yes” to all questions and is useful for automation of the installation.
--previous   Explicitly specifies the previous installation of ZeroLock™ Management Console. By default, if not specified, the previous installation will be determined automatically.

7.   Enter y to the confirm continue with installation prompt.



8.  The newly installed ZMC is symlinked:
zerolock-server -> zerolock-server-<version number> to identify the latest installation’s subdirectory.




Final steps - startup system and verify connectivity

Refer to the Console Startup to start the ZeroLock Management Console

Refer to Iptables configuration to limit access to the ZeroLock Management Console