Skip to content

Setting up an official nzyme WiFi Tap Kit

Info

The official nzyme hardware kits are currently in an early pilot phase. Reach out to us if you are interested in pre-assembled and pre-provisioned sensors for nzyme.

Operating System

The taps come pre-installed with Raspberry Pi OS and have had their packages updated before during provisioning. Remember that it is your responsibility to run and maintain the taps. Considering that every operator has different security policies, we have not performed any specific hardening of the operating system.

Before you get started

The provided WiFi adapters will arrive already plugged in to the Raspberry Pi. Do not change the USB ports the adapters are plugged in to. If you change the ports, you have to adapt the nzyme-tap.conf file to reflect the now different names of the WiFi interfaces.

The fan on top of the PoE module will spin up automatically when required. It may not spin up immediately after the tap powers on and this is normal behavior.

Do not run any other significant workload on the taps. They are designed and optimized to only run the nzyme tap process for WiFi security use-cases.

Plugging in the tap

A PoE (Power over Ethernet) tap will automatically power on and boot after it is plugged in to a PoE-enabled port. A tap without PoE support is powered using the provided USB-C AC adapter.

The tap will attempt to acquire an IP address via DHCP automatically. The hostname is nzyme-tap-01, with the number counting up with each tap that was part of your order.

Logging in using SSH

You can log in with SSH on port 22, using the user nzyme and the SSH key your provided to us when ordering the tap.

Finishing the Operating System Setup

Walk through these steps once you are logged in with SSH. It is crucial to not skip any of the steps.

  1. Change the password of the nzyme Linux user using passwd. The default password is nzyme. (Note that SSH logins are only possible using the provided SSH key and password authentication is disabled)
  2. Run apt update and apt upgrade to make sure you have the latest versions of all installed packages.
  3. Adapt the timezone and locale using raspi-config
  4. Integrate it according to corporate IT and security policies like any other network-connected Linux device in your environment.

Connecting nzyme

The nzyme-tap configuration is complete, except for the nzyme-node connection parameters. Please make sure that you have created the tap in your nzyme web interface before proceeding.

Please edit the /etc/nzyme/nzyme-tap.conf configuration file and change the following variables:

Variable Description
general.leader_secret The leader secret for this tap, copied from the tap details page in the nzyme web interface
general.leader_uri The HTTPs address of your nzyme-node or load balancer
general.accept_insecure_certs Set to true or false. The default TLS certificate of nzyme-node is self-signed and considered insecure. Either set this to true and accept the risk or install your own TLS certificate.

Make sure that yout nzyme-node instances are reachable from the tap.

You can now enable the local nzyme tap service to make it start up automatically on system boot:

sudo systemctl enable nzyme-tap

Next, start the service:

sudo systemctl start nzyme-tap

The output of sudo systemctl status nzyme-tap should show the tap as running. You will see it marked as online in the nzyme web interface within 30 seconds.