ZTNA administrator want to deploy a VMWare based connector image using the Symantec provided OVA files.

When installing such an appliance, who is responsible for updating the ZTNA connectors? Who is responsible for patching the OS?

Does the ZTNA admin need to manually provision connector image on a regular basis?

OVA deployment installs Alpine Linux with a minimal set of packages to run the connector.

OVA connector.

Deployed an image that is supported when organizational machines do not support dockers for technical or compliance reasons.

n/a

To update the Alpine linux OS and packages, run the following command from the console:

sudo apk update

This command can be added to a cron job so that it is updated regularly with latest security updates.

This apk package manager can also be used to install some useful tools e.g. to add the curl and bash packages required to install the connector keys, run the following commands:

sudo apk add curl
sudo apk add bash

In terms of updating the connectors, this is done automatically by the ZTNA service. The hosts running the connector have websocket connections to the service, and when an update is available the back end service initiates the update. Updates are always performed during maintenance windows documented on the ZTNA status page.