Installing Kaspersky IoT Secure Gateway 1000
To get started with Kaspersky IoT Secure Gateway 1000, install it on the Kraftway Rubezh-N device.
Installation of Kaspersky IoT Secure Gateway 1000 is performed by Kaspersky experts. The instructions described in this section are provided for information purposes.
To install Kaspersky IoT Secure Gateway 1000:
- Prepare a computer with Ubuntu version 20.04 or later for creating bootable USB drive with the Kaspersky IoT Secure Gateway 1000 image. All further actions must be performed on this computer.
- Install the
wget
andsha512sum
utilities by running the following command as root:sudo apt-get install wget coreutils
- Add the
docker
repository PGP key to the system by running the following commands as root:sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
- Add the
docker
repository address to the system by running the following commands:echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- Update package data and install
docker
by running the following commands as root:sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- Prepare
docker
to run with user permissions by executing the following commands as root:sudo groupadd docker
sudo usermod -aG docker
<system user name>
newgrp docker
- Verify that
docker
starts without errors by running the test image:docker run hello-world
- Connect a USB drive containing the
flasher
utility with a boot image script to your computer and copy it to a separate directory. - Go to the directory that contains the
flasher
utility. - Copy the Kaspersky IoT Secure Gateway 1000 firmware image to the
resources
directory. The image must have a name in the format kisg-<network device type>-<system version number>_ru_en.tar.gz, where <network device type> can bediode
for unidirectional gateway orrouter
for a network router, and <system version number> consists of four decimal numbers separated by dots, such as1.2.3.4
.You can place one installation image in the directory if you intend to use one type of network device only, or both installation images (for unidirectional gateway and network router) to be able to choose between the types of network device when installing Kaspersky IoT Secure Gateway 1000.
- Edit the
flasher.conf
configuration file, so that it contains only the following lines:set -eu
KISG_images=()
KISG_device=kraftway
- Verify that the
wget
utility can download a Debian OS image by running the following command:wget https://www.debian.org/CD/
If the
wget
utility fails to get the Debian OS image, place the Debian 11.4.0 image and SHA512 checksums into theresources
directoryhttps://get.debian.org/images/archive/11.4.0-live/amd64/iso-hybrid/debian-live-11.4.0-amd64-standard.iso. If there is no Internet connection on the computer with theflasher
utility, obtain a Debian docker image by runningdocker pull debian: bullseye
and copy the resulting image to theflasher
utility directory. - Build the boot image of Kaspersky IoT Secure Gateway 1000 by running the build script using the following command:
./build.sh
- Make sure that the boot image of Kaspersky IoT Secure Gateway 1000 is built successfully by running the following command:
file KISGFlasher.iso
- Connect a new USB drive to the computer with the
flasher
utility. - Write the Kaspersky IoT Secure Gateway 1000 boot image to the USB drive by running the following command with root privileges:
dd bs=4M if=$(pwd)/KISGFlasher.iso of=/dev/sdx status=progress oflag=sync
where
/dev/sdx
is the name of the USB drive to which you need to write the image. - Wait for the writing process to complete successfully and remove the USB drive.
- Connect the USB drive to the Kraftway Rubezh-N device.
- Connect the Kraftway Rubezh-N device through a COM port to a local computer using a cable with an RJ45-DB9 connector and start a COM port terminal application on the local computer.
All further actions must be performed in the terminal of the computer connected to the Kraftway Rubezh-N device.
- Click the on/off button in the left part of the Kraftway Rubezh-N front panel.
- While the device is starting, press DELETE on the console keyboard.
The main BIOS menu of the Kraftway Rubezh-N device opens in the console.
- Configure the settings for loading Kaspersky IoT Secure Gateway 1000 from a bootable USB drive:
- Select the Save & Exit tab.
- In the Boot Override section, use the ↑ and ↓ keys to select UEFI: <name of bootable USB drive>.
- Press ENTER to start booting from the USB drive.
- Wait for the image to load from the USB drive.
- In the
debian login
form that appears in the console, enter the default Debian Live CD user name and password to log in to LiveUSB. - If you have compiled a boot image for two network device types, select from the menu the Kaspersky IoT Secure Gateway 1000 image to install on the device (unidirectional gateway and network router) and press ENTER.
If you have compiled a boot image for one network device type only, installation starts automatically.
- Wait for the installation process to complete. After installation, the Kraftway Rubezh-N device shuts down.
- Remove the USB drive from the Kraftway Rubezh-N device.
- Click the on/off button in the left part of the Kraftway Rubezh-N front panel.
- While the device is starting, press DELETE on the console keyboard.
The main BIOS menu of the Kraftway Rubezh-N device opens in the console.
- Configure the boot order for Kaspersky IoT Secure Gateway 1000:
- Select the Boot tab.
- For Boot Option # 1, select UEFI OS.
- Exit BIOS while saving the changes:
- Select the Save & Exit tab.
- On the Save & Exit tab, select Save Changes & Exit.
- Wait for the download to complete and visually check that Kaspersky IoT Secure Gateway 1000 starts correctly.
After Kaspersky IoT Secure Gateway 1000 starts for the first time, it is recommended to configure the network, create and upload an administrator certificate, configure the date and time, and replace the web server certificate with the one that is used in your organization.