Skip to content

Getting started

To get a VSatellite connected to your TLS Protect Cloud account, you'll need to download and run a binary setup utility on a Linux server within your target network.

Prerequisites

Before you install a VSatellite, carefully review these important prerequisites:

  • You'll need root privileges

    You'll need permission to run commands with root privileges. The following options are available:

    • Use sudo

      If the sudo command is available on your target Linux machine you can use that to install VSatellite. Alternative privilege elevation utilities, like dzdo, are not supported and may result in installation failure.

    • Use a root shell

      If you are already logged in as the root user you will not need the sudo command. In that case, you can omit sudo whereever you see it used with vsatctl in the documentation.

    Why are root privileges required?

    The vsatctl install command installs k3s in /usr/local/bin, which is owned by the root user.

    If you are installing VSatellite on RHEL, Oracle, or Rocky Linux, the vsatctl install command will install the k3s-selinux RPM package. Installing RPM packages requires root privileges.

    Other vsatctl subcommands connect to the VSatellite cluster, requiring access to credentials stored in /etc/rancher/k3s/k3s.yaml. This file is only accessible to the root user.

  • If you plan to install on Red Hat Enterprise Linux (RHEL), carefully review these special considerations.

  • If you plan to use a proxy, note that TLS MITM is not supported as a proxy mechanism.

  • The target computer where you plan to install VSatellites should not have any existing K8s installed or running. If there are, you must first uninstall them as they will create a conflict during the VSatellite installation.

  • Allowlist FQDNs rather than IP addresses to ensure connectivity between VSatellites and Venafi Control Plane. Learn more

  • Ensure that your target machine meets all system requirements.