diff --git a/v2/fleet/twistlock-defender.service b/v2/fleet/twistlock-defender.service
new file mode 100644
index 0000000..35c10f3
--- /dev/null
+++ b/v2/fleet/twistlock-defender.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Install Twistlock Defender
+After=docker.service bootstrap.service
+Requires=docker.service
+
+
+[Service]
+Environment="twistlockusername=etcdctl get /twistlockusername"
+Environment="twistlockpassword=etcdctl get /twistlockpassword"
+Environment="twistlockparameter=etcdctl get /twistlockparameter"
+User=core
+TimeoutStartSec=0
+ExecStart=curl -sSL -k --header "authorization:Bearer \
+$(eval echo $(echo $(curl -s -H "Content-Type: application/json" \
+-d '{"username":"'$(eval echo $twistlockusername)'", "password":"'$(eval echo $twistlockpassword)'"}' \
+https://"$(eval echo $twistlockparameter)":443/api/v1/authenticate) | sed -ne 's/.*"token":"\([^,]*\)".*/\1/p'))" \
+https://"$(eval echo $twistlockparameter)"/api/v1/scripts/defender.sh \
+-o defender.sh && chmod a+x defender.sh && sudo ./defender.sh
+
+[X-Fleet]
+Global=true
+
diff --git a/v2/setup/twistlock.sh b/v2/setup/twistlock.sh
new file mode 100755
index 0000000..0c11275
--- /dev/null
+++ b/v2/setup/twistlock.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+source /etc/environment
+
+HOMEDIR=$(eval echo "~`whoami`")
+
+sudo docker run --rm \
+   -v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
+    us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlock
+
+while read line; do
+  etcdctl set $line
+done < ${HOMEDIR}/.twistlock
+
+sudo docker run --rm \
+   -v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
+    us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlockparameter
+
+
+while read line; do
+  etcdctl set $line
+done < ${HOMEDIR}/.twistlockparameter
+
+
+
+
+
diff --git a/v2/util-units/twistlock-client.service b/v2/util-units/twistlock-client.service
new file mode 100644
index 0000000..1b45860
--- /dev/null
+++ b/v2/util-units/twistlock-client.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Install Twistlock Client keys
+After=docker.service bootstrap.service cretae-users.service
+Requires=docker.service
+
+[Service]
+User=core
+TimeoutStartSec=0
+ExecStart=/usr/bin/sudo bash /home/core/mesos-systemd/v2/util/twistlock-user.sh
+
+[X-Fleet]
+Global=true
diff --git a/v2/util/twistlock-user.sh b/v2/util/twistlock-user.sh
new file mode 100755
index 0000000..c81d401
--- /dev/null
+++ b/v2/util/twistlock-user.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+source /etc/environment
+/usr/bin/bash /home/core/mesos-systemd/v2/util/twistlockclientcert.sh
+
+for i in `ls /home`;
+
+  do sudo cp -rf /home/core/.docker /home/$i
+
+
+done
diff --git a/v2/util/twistlockclientcert.sh b/v2/util/twistlockclientcert.sh
new file mode 100755
index 0000000..5fee4b7
--- /dev/null
+++ b/v2/util/twistlockclientcert.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+source /etc/environment
+
+HOMEDIR=$(eval echo "~`whoami`")
+
+sudo docker run --rm \
+    -v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
+     us-east-1 $CONTROL_TIER_S3SECURE_BUCKET ."$(echo $USER)"
+
+
+while read line; do
+  etcdctl set $line
+done < ${HOMEDIR}/."$(echo $USER)"
+
+
+twistlockclientusername=$(etcdctl get /twistlockclientusername)
+twistlockclientpassword=$(etcdctl get /twistlockclientpassword)
+twistlockparameter=$(etcdctl get /twistlockparameter)
+
+#steps to generate private cert for each ssh user in HOMEDIR/.docker
+
+curl -sSL -k --header "authorization:Bearer \
+$(eval echo $(echo $(curl -s -H "Content-Type: application/json" \
+-d '{"username":"'$(eval echo $twistlockclientusername)'", "password":"'$(eval echo $twistlockclientpassword)'"}' \
+https://"$(eval echo $twistlockparameter)":443/api/v1/authenticate) | sed -ne 's/.*"token":"\([^,]*\)".*/\1/p'))" \
+https://"$(eval echo $twistlockparameter)"/api/v1/cert/client-certs.sh | sh
+
+#steps to run twistlock as proxy server
+
+etcdctl set DOCKER_HOST tcp://$(eval echo $COREOS_PRIVATE_IPV4):9998
+etcdctl set DOCKER_TLS_VERIFY 1
+
+
+DOCKER_HOST=$(etcdctl get DOCKER_HOST)
+export DOCKER_HOST
+
+DOCKER_TLS_VERIFY=$(etcdctl get DOCKER_TLS_VERIFY)
+export DOCKER_TLS_VERIFY