Skip to content

Installation

EnforceGate vX ships in two installation shapes — both deploy the same runtime (engine + Squid + connector + captive portal + TLS terminator) and accept the same operator workflow afterwards. The two shapes differ in the host they run on, and that difference has direct security consequences.

The virtual appliance is the recommended and fully supported deployment

The virtual appliance is the deployment method Exosys recommends for every production environment. The appliance ships with a hardened, immutable host operating system that is delivered, validated, and updated by Exosys — read-only root filesystem, minimal attack surface, no customer-installed packages, and a curated SSH and sudo policy.

The Docker bundle runs the same containers on a host OS that you provision and maintain. The container payload is identical, but the host security posture — kernel version, package set, SSH and auth hardening, user accounts, audit configuration, log shipping, patching cadence — is your responsibility. A weak host weakens the whole deployment. Use the Docker bundle when you have an established Linux hardening baseline (CIS, STIG, or equivalent) and operational discipline to keep it that way; otherwise prefer the appliance.

  • Virtual appliance   (recommended)

    Pre-built OVA / qcow2 / vhdx for VMware, KVM, and Hyper-V. Boots into a hardened, immutable host with Docker pre-installed and the standalone bundle pre-pulled. Patched and signed by Exosys.

    Virtual appliance

  • Docker — Guided installer

    Standalone bundle for an existing Linux host you maintain. A guided full-screen terminal installer (install.sh) walks through EULA acceptance, license credentials, network, and SSL inspection. Host hardening is the operator's responsibility.

    Docker (installer)

  • Docker — manual

    Scripted/headless install path: load the image, hand-edit .env, bring the stack up with docker compose. For Ansible, Terraform, or CI-driven provisioning where the installer's terminal UI cannot run. Same host-hardening responsibility as the guided installer.

    Docker (manual)

After install, see upgrade for the shared upgrade procedure across all three shapes.