Skip to content

Appliance Manager (Cockpit UI)

The Appliance Manager is a critical component of the SecretZero ecosystem. It is a rebranded version of Cockpit tailored for managing and administering the Debian-based appliance, including all components and services packaged in the OVA. This tool provides administrators with a powerful interface to manage the appliance, even in scenarios where core application components are offline or require upgrades.

Accessing the Appliance Manager

To access the Appliance Manager, follow these steps:

  1. Navigate to the Appliance Manager URL:
  2. Open a web browser and go to:
    https://<IP Address of Appliance>:9090

  3. Replace <IP Address of Appliance> with the actual IP address assigned to the appliance.

  4. Login Credentials:

  5. Use the credentials generated during the bootstrap process:
    • Username: user0_bgl
    • Password: (refer to the bootstrap output for this password).

  6. This step also serves as a test to validate the user0_bgl credentials.

  7. Accessing the Full Appliance Manager Interface:

  8. Upon successful login, the full Appliance Manager (Cockpit UI) will be displayed.

Downloading the Appliance Manager Executable

The Appliance Manager can also be used locally via a Windows executable. To download the executable:

  1. Navigate to the File System:
  2. In the left-hand pane of the Appliance Manager, click on the Navigator tab.

  3. Wait for the file system to load completely.

  4. Locate the Executable:

  5. Navigate to the following directory:
    /home/user0/utils/

  6. Download the Executable:

  7. Right-click on the file named ApplianceManager1.0.exe.

  8. Select Download to save the executable to your local system.

  9. Usage of the Executable:

  10. The downloaded executable allows administrators to manage the appliance locally without requiring the user0_bgl password.
  11. Important: This executable must only be distributed to administrators and not end-users.

Authentication in Appliance Manager

The Appliance Manager embraces SecretZero’s core philosophy of eliminating static passwords and leveraging short-lived token-based authentication:

Token-Based Authentication:

  • Tokens eliminate the need for static passwords and enhance security.
  • A short-lived token can be generated by a user with the Administrator role:
  • Log in to the Appliance Manager on the main appliance.
  • Generate a token from the appropriate section of the Appliance Manager interface.

Fallback to user0_bgl Credentials:

  • In scenarios where token generation is unavailable (e.g., critical failures or during certain upgrades), the user0_bgl credentials must be used.
  • Important: The user0_bgl password should be securely stored and only used as a last resort.

Purpose of the Appliance Manager

The Appliance Manager is designed to address the following key requirements:

  1. Management During Downtime:

  2. Ensures administrators can manage the appliance even when core application components are offline or undergoing maintenance.

  3. Application Upgrades:

  4. The application cannot be upgraded from within the application itself. The Appliance Manager allows upgrades and maintenance operations without relying on the main application.

  5. Administrator-Only Tool:

  6. The Appliance Manager is strictly for administrators. It should not be distributed to end-users to maintain the security of the appliance.

Summary

The Appliance Manager is a robust and versatile tool for managing the SecretZero appliance. By supporting token-based authentication and offering a fallback to the user0_bgl credentials, it ensures secure and uninterrupted management of the appliance under all circumstances. Administrators are encouraged to leverage this tool for upgrades, maintenance, and troubleshooting while adhering to strict distribution policies.

For more details regarding features of this Appliance Manager and how to user - Please refer to detailed documentation.