Container-Based Deployment Overview
Container-based deployment is available in NPS-D 2.22.13, 26.03.1, or later.
Container-based deployment lets you deploy Privilege Secure Discovery (NPS-D) on standard Ubuntu
machines without using the ISO appliance image. The deployment uses a single shell script
(secureone.sh) and a configuration package (secureone.tar.gz), both bundled in a versioned
quickstart archive available on the Netwrix releases server.
This method supports both single-node and three-node high-availability cluster deployments.
The entire deployment process is transparent — the secureone.sh script contains all logic with
no hidden components. The tarball (secureone.tar.gz) provides the installation directory
structure and default configuration files.
Deployment Steps
- Create one Ubuntu machine (single-node) or three Ubuntu machines (cluster). These can be virtual machines.
- Install OS prerequisites on each machine.
- Configure AWS credentials on each machine to authenticate with the Netwrix container registry (Amazon ECR).
- Download the quickstart bundle onto each machine and run
secureone.shon the primary machine. - Verify the deployment using Docker Swarm monitoring commands.
Single-Node vs. Cluster
| Single-node | Cluster | |
|---|---|---|
| Machines required | 1 | 3 |
| High availability | No | Yes |
| Downtime on OS update | Yes | No |
| MongoDB replication | No | Yes (replica set) |
Use a single-node deployment for proof-of-concept or low-risk environments. Use a three-node cluster for production environments that require high availability.