The Change Guardian server appliance is a ready-to-run software appliance. The appliance combines a hardened SUSE Linux Enterprise Server (SLES) operating system and the Change Guardian server software integrated update service to provide an easy and seamless user experience that allows you to leverage existing investments. You can install the software appliance on a virtual environment.
NOTE:If you change the IP address of the Change Guardian server, there is a break down of communication between the server and agent. This requires reconfiguration of the server to restore communication. Therefore, consider using static IP addresses in your Change Guardian deployment.
Prerequisite: Ensure the following:
the machine meets the hardware requirements. For hardware information, see the System Requirements page.
NTP synchronized your computer time with the network time.
To install:
Download the base appliance image to a local server from the Downloads website.
The OVF file name is change_guardian_appliance_<version>.ovf.tar.gz
The ISO file name is change_guardian_appliance_<version>.iso
The VHD file name is change_guardian_appliance_<version>.zip
(Conditional) If you are using VMware, use the OVF template to complete the following steps:
Extract the appliance image to your local server.
If you are extracting to a Windows server, you need a program, such as WinRar:
If you are extracting to a Linux server, use the following command:
tar -zxvf <filename>
Log in to the vSphere client and deploy the OVF template. For more information, see the VMware documentation.
(Conditional) If you are installing directly to hardware, use the ISO image to complete the following steps:
Burn the ISO file to a DVD or mount the image.
NOTE:Change Guardian does not support mounting the ISO image from a network share.
Start or reboot your computer and check the BIOS configuration of your machine. The BIOS should allow you to start from the CD/DVD drive and change the order of the media.
(Conditional) If you have not mounted the image, boot the DVD.
(Conditional) If you are using Hyper-V, see Configuring Microsoft Hyper-V Appliance.
Power on the appliance server.
Select the language and keyboard layout.
Read and accept the SUSE End User License Agreement.
Read and accept the Change Guardian End User License Agreement.
On the Change Guardian Appliance Passwords and Time Zone screen, specify the following:
Change Guardian root and vaadmin passwords
NTP server details
Region and time zone of the virtual machine
On the Change Guardian Server Configuration screen, specify the following:
Global admin password
NOTE:Until Change Guardian 6.2 version, while setting the admin password, only the following non-alphanumeric characters are allowed:` ! @ $ ^ _ { } [ ] \ : " , . / ?. From version 6.2.1.0, all non-alphanumeric characters are allowed to be used to set the password.
cgadmin user password
Deselect Use IP Address for event routing
Change Guardian server should be able to resolve the hostname.
(Optional) If you want to email reports, configure the default email server:
Specify the full name, including the domain name, of the email server as the SMTP server hostname. This is the server from which you want to send email notifications.
Change Guardian server should be able to resolve the hostname.
Specify the SMTP server port. The default port is 25. Use port 587 for a secure connection.
Specify the return address in From Address.
Specify the SMTP username and password to connect to the SMTP server.
On the Change Guardian Appliance Network Settings, specify the hostname and the mechanism to assign the IP address of the virtual machine.
Optionally, you can configure the network proxy.
The script checks whether your system meets the minimum requirement of CPU core and memory. Specify Next to continue or Abort to stop the installation.
(Conditional) If javos service does not run after completing this step, reconfigure Change Guardian by using configure.sh.
This completes the Change Guardian server installation. To install the Change Guardian components, see Installing Change Guardian Components.
NOTE:If the server time appears out of sync immediately after the installation, restart NTP:
service ntp stop
service ntp start
You can install Change Guardian appliance on Hyper-V 2016 and Hyper-V 2019.
NOTE:Change Guardian documentation provides the third-party configuration steps for ease of use. For more information about the third-party products or for any issues with the configuration, see their documentation.
To configure:
Log in to the host server either locally or from a remote workstation.
You can use Windows Remote Desktop to log in to the host server from a remote workstation.
Create a new directory in the location where you want the virtual machine to reside.
As a best practice, use the same name for the directory and the appliance virtual appliance.
Download the software to the new directory, and extract the Change Guardian appliance.zip file.
Open Hyper-V Manager.
On the left pane, right-click the host name and click New > Virtual Machine.
This is the host where you want to create the new virtual machine.
Follow the wizard and provide the following information:
Specify the name of the virtual machine
In Specify Generation page specify the generation as Generation 1
In Assign Memory page, specify the amount of memory (in MB) to allocate to the virtual machine. For details, see the Change Guardian System Requirements page.
In Configure Networking page, specify the connection mechanism.
In Connect Virtual Hard Disk page, select Use an existing virtual hard disk, and browse to the .vhd file.
Right-click on the newly created virtual machine, and click Settings > Processor and specify the number of virtual processors.
Right-click on the virtual machine and click Connect to open it.
Right-click on the virtual machine and click Start.
Continue to step 6 to complete installing the Change Guardian appliance.
NOTE:Change Guardian Hyper-V appliance deploys a virtual machine with 100 GB disk. To expand the disk space, check the recommended disk space in the System Requirements page. You must expand the disk immediately after installing the Change Guardian Hyper-V appliance. To expand the /var/opt partition, see Expanding Disk Space in Hyper-V Virtual Machine.
You must register the Change Guardian appliance with the appliance update channel to receive Change Guardian and latest operating system updates. To register the appliance, you must first obtain your appliance registration code or the appliance activation key from the Customer Care Center.
To register the appliance for updates:
Log in to the Change Guardian Appliance Management Console as vaadmin or root.
Click Home > Online Update > Register Now.
In the Email field, specify the email ID to which you want to receive updates.
In the Activation Key field, enter the registration code.
Click Register.
Verify whether updates are available.
To view the registration status of the appliance, click Register.
NOTE:When you apply appliance patches on Change Guardian appliance using Management console, you will see a conflict for 2 OS patches (SUSE-SU-2021:3649, SUSE-SU-2022:0323). Switch to command-line method to proceed with the upgrade. For more information, refer from step 6 in Applying Updates Using Zypper.
Use the following steps to register the appliance using the command line:
Log in to the Change Guardian Appliance Console as root: https://IP_Address_Change_Guardian_server:9443.
Clean existing registrations for SLES (11 and 12) based clients:
suse_register -E
Register the server for SLES (11 and 12) based clients:
suse_register -a regcode-change-guardian="<registration_code>" -a email="<email_ID>"
Verify whether updates are available.