Getting started
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Getting started
To get a VSatellite connected to your Next-Gen Trust Security account, you'll need to download and run a binary setup utility on a Linux server within your target network.
Prerequisites
Before you install a VSatellite, carefully review these important prerequisites:
- You'll need root privilegesYou'll need permission to run commands with root privileges. The following options are available:
- Use sudoIf the sudo command is available on your target Linux machine, you can use it to install VSatellite.Alternative privilege elevation utilities, such as dzdo, are not supported and may result in installation failure.
- Use a root shellIf you are already logged in as the root user, you do not need the sudo command.In this case, you can omit sudo wherever it appears with vsatctl in the documentation.
Why are root privileges required?The vsatctl install command installs k3s in /usr/local/bin, which is owned by the root user.If you are installing VSatellite on RHEL, Oracle, or Rocky Linux, the vsatctl install command installs the k3s-selinux RPM package. Installing RPM packages requires root privileges.Other vsatctl subcommands connect to the VSatellite cluster and require access to credentials stored in /etc/rancher/k3s/k3s.yaml. This file is accessible only to the root user. - If you plan to install on Red Hat Enterprise Linux (RHEL), carefully review these special considerations.
- If you plan to use a proxy, note that TLS MITM is not supported as a proxy mechanism.
- The target computer where you plan to install VSatellites must not have any existing Kubernetes distributions installed or running. If present, uninstall them first to avoid conflicts during the VSatellite installation.
- Allowlist FQDNs rather than IP addresses to ensure connectivity between VSatellites and Next-Gen Trust Security. Learn more.
- Ensure that your target machine meets all system requirements.