Synchronizing ConnectWise Automate computers with GravityZone
Note
Bitdefender has started a controlled rollout of the advanced computer synchronization features. These features include the Computer Synchronization Options section under Deployment Settings. For users to be eligible for the rollout process, they need to install the plugin version 1.4.0.167 or later. In the following period, Bitdefender will progressively deliver the new features to eligible users, with the aim of reaching the entire installation base as soon as possible.
In the Deployment section, you can configure how to deploy the Bitdefender security agent (Bitdefender Endpoint Security Tools) to your managed machines in ConnectWise Automate Control Center. For details on the features available with Bitdefender Endpoint Security Tools, refer to Security agents.
Deployment Settings
In the Deployment Settings section, the integration allows you to configure the settings for deploying the Bitdefender security agent through the integration on new unprotected machines in the ConnectWise Automate Control Center inventory.
To configure the security agent deployment settings, follow these steps:
Under Deployment Options, select one of these options:
Next to Download Timeout, select a time limit within which the installation package should be downloaded.
Use the On/Off switch to enable or disable Setup Downloader for the security agent deployment.
When Setup Downloader is enabled, the Bitdefender Plugin uses this file to deploy the Bitdefender security agent on Windows computers instead of the full kit.
Note
The Enable Setup Downloader option does not support Linux and macOS. On computers running Linux and macOS, the Plugin continues using the full kit when deploying the Bitdefender security agent.
Under Installation Options, select Automatically reboot if needed. This option is useful when the computer needs to restart following the Bitdefender security agent installation. If you leave this check box unselected, the endpoint will remain unprotected until the next manual reboot.
Under Computer Synchronization Options, configure the scope and event handling for the synchronized computer.
The options for the computer synchronization options are the main tool for you to control the synchronization of ConnectWise computers. The computer synchronization task is performed automatically by the plugin each hour.
Note
The Computer Synchronization Options section is available starting with plugin version 1.4.0.167 as part of a controlled rollout. If this section is not available in your integration yet, you can use the Automatic Deployment Retry option under Deployment Options to set the time interval for the Bitdefender security agent to retry installation in case of errors.
Configuring computer synchronization options
These options cover two areas:
Scope – it refers to the computers affected by the sync task. Scope may be:
Only synchronized entities – the sync task operates on ConnectWise Automate computers that have an association with GravityZone endpoints.
Entire inventory – the sync task operates on all computers, regardless they have an association with GravityZone endpoint or not.
Event actions – they refer to the action taken for sync events. Event actions may be:
Report only – the task only reports events in the interface and you have to handle them manually.
Handle – the task tries to handle the events according to the configured options.
To configure the Computer Synchronization Level settings, follow these steps:
Select one of the available options, as described in the table below.
Computer synchronization level
Scope
Event actions
Monitor and report synchronized computer status
The sync task operates only on computers that have an association.
The sync task only reports events in the Computers Events screen. It ignores the options in the Synchronization Event Handling section.
Monitor and handle synchronized computer status
The sync task operates only on computers that have an association.
The sync task handles events according to the options in the Synchronization Event Handling section.
Automatic computer synchronization
The sync task operates on all computers (whether they have an association or not), except exclusions.
The sync task handles events according to the options in the Synchronization Event Handling section.
Note
The Automatic computer synchronization level has in scope all computers belonging to mappd ConnectWise clients for Bitdefender security agent deployment.
To exclude computers, clients, and locations from installing the Bidefender agent, please create exclusions under Deployment Exclusions.
Select the type of action for handling each event:
Automatic - the synchronization task tries to handle the event without your intervention. If it fails, the event will be presented to you for manual fixing.
Manual - you have to manually handle each event generated in the Client Events screen of the plugin.
The synchronization task applies the configured actions only if you selected Monitor and handle synchronized computer status or Automatic computer synchronization.
For example, if you select Automatic computer synchronization and the event handling for all the generated events is set to Manual, the sync task will generate events for possible synchronization issues, but it will not handle them. That means you need to go to the Computer Events screen and take any actions there manually.
Click Save Settings to apply the configuration.
The synchronization task starts generating and handling events within the next hour.
Automatic actions for synchronization events
The following table describes the automatic actions taken by the computer synchronization task on each generated event:
Event type | Automatic action |
Destination Moved | Moves the Bitdefender security agent in GravityZone to match the inventory location in ConnectWise Automate Control center, inside the same clients or between clients. |
Destination Deleted | Reinstalls the Bitdefender security agent on the computer. |
Rogue Endpoint | Moves the Bitdefender security agent in GravityZone by uninstall and reinstall to match the inventory location in ConnectWise Automate Control Center. |
Note
Automatic action for Rogue Endpoint event type is available for Windows OS computers only. For Linux and macOS computers, the Bitdefender agent must be uninstalled manually.
Manual actions for synchronization events
You can view and handle synchronization events manually in the Computer Events screen. This section displays only events that have been configure for manual handling or that the system has failed to handle automatically.
To handle an event, follow these steps:
In the Computer Events grid, select the check box corresponding to the event and click Handle event.
In the details window, select an action from the predefined list.
The available actions for each event are described in the table below. Each event has two or more possible actions.
Event type | Description | Manual actions |
Destination Moved | The computer was moved from its original location, inside the same client or between clients. |
|
Destination Deleted | The Bitdefender security agent was uninstalled from the ConnectWise computer. |
|
Association Missing | The Bitdefender security agent is not associated with the ConnectWise Automate. |
|
Rogue Endpoint | The Bitdefender agent was found outside the target client or tenant. |
|
Destination Creation | The Bitdefender agent is not installed on the ConnectWise computer. |
|
Source Deleted | The computer located in the ConnectWise client is no longer present. |
|
Auto Deployment
The integration uses auto-deployment to install the Bitdefender agent on new, unprotected machines. If you use the Computer Synchronization Options section under Deployment Settings, deployment attempts occur with each recurrent sync task. If this section is not available to you yet, deployment attempts occur once per day. To ensure successful deployment, verify that the target location is specified and the computers are not excluded.
Note
If the computer synchronization level under Deployment Settings is set to Automatic computer synchronization, all mapped inventory is in scope for Bitdefender agent deployment.
You can select Auto Deployment for Windows workstations and servers, macOS, and Linux machines.
In Automate Control Center, go to Tools > Bitdefender GravityZone.
Go to Auto Deployment.
Select the check boxes corresponding to your target machines.
Click Save Settings in the upper right-hand corner to confirm the changes.
If you are using the computer synchronization options under Deployment Settings, automatic agent deployment occurs with each recurrent sync task. If these features are not available with your plugin,automatic deployment begins within 10 to 15 minutes.
Deployment Actions
In the Deployment Actions section, you can perform different actions depending on whether you are using the plugin version with advanced synchronization options.
If you are using the plugin version without advanced synchronization options, you can manually initiate installation or uninstallation commands on machines, clients, or locations. Use the right-side menu to make specific selections. If an action is not applicable, the corresponding options in the right-side menu are grayed out. For example, for unprotected machines, the Uninstall GravityZone and Sync Features buttons are disabled.
If you are using the plugin version with advanced synchronization options, you can manually install, uninstall, or synchronize the Bitdefender agent on computers, clients, or locations. By default, the section does not display inventory data. To view entities, use the Client and Location filters and click the Load data button. To reset the filters, use the Clear All Filters option at the bottom of the section.
Note
Loading large inventories may take some time. For best performance, it is recommended that you select up to 3,000 computers at a time.
In the grid, you can view the following details on computers:
Client name
Location name
Computer name
Machine type, which refer to the operating system running on the computer: Windows for workstations, Windows for servers, MacOS, or Linux.
Bitdefender agent installation status, which can be:
Installed - the Bitdefender agent is installed.
Verification Pending - Bitdefender agent verification has not started yet.
Not Installed - the Bitdefender is not installed.
Installed without features - the Bitdefender agent is installed without protection modules or other features.
Installed with Issues - the Bitdefender agent has issues with Full Disk Access and system extensions on macOS, or with critical services not started on Linux, such as
bdsrvscand
,epagd
orbdlogd
.Install Pending - Bitdefender agent installation has not started yet.
Uninstall Pending - uninstalling the Bitdefender has not started yet.
Online state - the computer is either online or offline.
Sync type - the Bitdefender agent synchronizes its features with the GravityZone policy or with the installation package.
Note
The synchronization type is configured in the Client Mapping or Client Subscriptions sections when using the Deployment Modes wizard:
Package - Package Defaults or Custom Package
Policy - Sync with Policies
The following actions are available in this section:
Some options may be grayed out if they do not apply to the selected targets. For example, the Uninstall GravityZone and Sync Features buttons are grayed out when you select unprotected computers.
Sync GravityZone - installs the Bitdefender agent on computers or synchronizes its status.
Uninstall GravityZone - uninstalls the Bitdefender agent from computers.
Sync Features - removes or adds protection modules or other features to the Bitdefender agent according to the active GravityZone policy or to the installation package.
Note
The option is only available for Windows operating systems.
Refresh - reloads inventory data in the grid.
To install the Bitdefender agent:
Select targets in the Client and Location filters.
Click the Load data button to populate the grid with computers.
Select one or more computers.
Click Sync GravityZone.
An install task starts for the selected machines that have the Bitdefender agent not installed. If the Bitdefender agent is installed, the Sync GravityZone action will synchronize the status of the computer and check these scenarios:
The computer moved inside the client locations or between clients from the same tenant.
The Bitdefender agent was uninstalled.
The Bitdefender agent belongs to another GravityZone company that is not part of the ConnectWise tenant.
The computer is still present in ConnectWise.
ConnectWise Automate Control Center must remain open until the installation is complete to avoid aborting the process. If any issues are found, or if the Bidefender agent installation was not successful, an event will be generated under Computer Events.
To uninstall the Bitdefender agent:
Select targets in the Client and Location filters.
Click the Load data button to populate the grid with computers.
Select one or more computers.
Click Uninstall GravityZone.
Click Uninstall.
An uninstall agent task starts for selected computers.
To sync the currently installed Bitdefender agent features against the assigned package or policy:
Select targets in the Client and Location filters.
Click the Load data button to populate the grid with computers.
Select one ore more computers that have the Bitdefender agent installed.
Click Sync Features.
An assessment will be performed locally on each target machine to determine if there are any features that need to be added or removed. Depending on the configured synchronization type, features active in the assigned policy or features active in the installation package will be added or removed.
Deployment Exclusions
In the Deployment Exclusions section, you can exclude machines, clients, and locations from installing the Bitdefender agent on them. Use the right-side menu to make specific selections.
To exclude certain machines from agent installation:
Select one or more machines.
Click Enable Exclude.
To remove an exclusion:
Select one or more excluded machines.
Click Disable Exclude.
Note
The Deployments Exclusions section is available in the Bitdefender GravityZone area and in the Client and Location screens.
Deployment History
The Deployment History section displays the list of install and uninstall commands started on machines in the past. Each entry provides you the following details:
Client name
Location
Computer name
Command type (installation or uninstallation)
Command status (whether the command was successful, failed or it is pending or executing)
Output details
Date and time of task completion.