.. _installing-policy-server: Installing Policy Server ======================== Deployment Models ----------------- You can install the Policy Server in two ways depending on scale and management method. .. list-table:: :header-rows: 1 :widths: 20 80 80 * - Type - Description - Note * - **On-premises** - Install the Policy Server inside your network to manage policies and network resources. - * - **Cloud managed** - Deploy a virtual Policy Server in a cloud environment. Administrators manage policies and networks via the cloud console and Web UI. - Before deploying in the cloud, prepare the cloud environment (VPC, subnets, security groups) per your provider's documentation. Prepare the Environment ----------------------- | You can install the Policy Server on a physical system or a virtual machine. | Refer to :ref:`Install Ubuntu OS ` to prepare **Ubuntu OS 24.04.4 LTS**. .. note:: | You can install the Policy Server on a virtual machine. | ZTNA supports various hypervisors such as VMware, VirtualBox, and XenServer. Prepare Network Connectivity ---------------------------- | Genian ZTNA requires at least one static IP address for network connectivity. | For an on-premises deployment, that interface can be used as the management interface. | Genian ZTNA connects to the network broadcast domain to monitor all broadcast packets. | If the target network is reachable only over a WAN, you need a separate, physically placed Network Sensor. .. note:: | When using a virtual machine, select the network interface type as **Bridge** mode. | If you plan to use VMware ESXi with an `802.1Q`_ trunk port, enable VGT mode. See https://kb.vmware.com/s/article/1004252 Install the Policy Server ------------------------- **Step 1: Switch to the root account** .. code-block:: text genian@genian:~$ sudo su [sudo] password for genian: root@genian:/home/genian# **Step 2: Update and upgrade packages** .. code-block:: text root@genian:/home/genian# apt-get update root@genian:/home/genian# apt-get upgrade **Step 3: Install curl (required for installation)** .. code-block:: text root@genian:/home/genian# apt install curl **Step 4: Install Genian ZTNA Policy Center** .. code-block:: text curl -sSLk https://bit.ly/4fX6bQ8 | sudo PROMPT=0 SSHALLALLOW=1 SSHPORT=22 TARGET=GPC DEB=ztna LOCALE=en bash - Configure the Policy Server --------------------------- **Step 1: Access Ubuntu and gnlogin** After installation completes, access Ubuntu and run gnlogin for initial setup. .. code-block:: bash genian@genian:~$ sudo su [sudo] password for genian: root@genian:/home/genian# # Obtain root privileges root@genian:/home/genian# gnlogin # Enter Genian Shell .. note:: | You must have root privileges to apply interface settings properly. **Step 2: Configure interfaces** Configure the default interface of the device. 1. Enter global configuration mode with the "enable" command. 2. Enter configuration mode with the "configure terminal" command. 3. Set the interface IP address and subnet mask. 4. Set the interface default gateway. 5. Set the device default gateway. 6. Set the device DNS server. 7. Set the device NTP server. .. code-block:: bash genian> enable Password : (contact Technical Support for the enable password) genian# configure terminal genian(config)# interface [interface-name] address [IP] [Subnetmask] genian(config)# interface [interface-name] gateway [IP] genian(config)# ip default-gateway [IP] genian(config)# ip name-server [IP] genian(config)# ntp server [IP] // If you configured interfaces during Ubuntu installation, some IP-related settings may already be present. **Step 3: Configure the Database server** Set up the Database server. 1. Set the DB account. 2. Enable the DB server. 3. Set the DB access password. 4. Configure DB access permissions. .. code-block:: bash genian(config)# data-server username [DB-username] genian(config)# data-server enable genian(config)# data-server password [DB-password] **Step 4: Configure the Log Server** Start the Log Server. .. code-block:: bash genian(config)# log-server version 6 genian(config)# log-server enable genian(config)# log-server publish-port [interface-name] **Step 5: Configure Web UI and SOAP Server** 1. Enable the Web UI. 2. Enable the SOAP server. .. code-block:: bash genian(config)# interface [interface-name] management-server enable genian(config)# interface [interface-name] node-server enable **Step 6: Create an administrator account** Create the administrator account for the Genian |product_name| Web UI. This can be set only once. 1. Create the Web UI account. .. code-block:: bash genian(config)# superadmin [admin-id] [admin-password] [admin-email] .. note:: | The administrator password must be at least 9 characters and include letters, numbers, and special characters. **Step 7: Access the Web UI** After completing the steps above, log in to the Genian |product_name| Web UI and verify the installation. .. note:: | For Web UI information, see :doc:`console`. Unsupported hardware -------------------- If installation does not proceed normally, contact your partner engineer or `Technical Support`_. .. note:: If storage devices or network interfaces are not recognized in a virtual environment, change the storage type to SATA or change the network interface driver to an Intel family such as E1000. .. toctree:: :maxdepth: 1 report-unsupported-hw .. _802.1Q: https://en.wikipedia.org/wiki/IEEE_802.1Q .. _Technical Support: https://genians.slack.com/