Skip to main content

Update the operating system of the Security Server to Ubuntu 24.04 LTS

This topic provides all the information you need to upgrade Security Servers in your environment to use Ubuntu 24.04.

Introduction

Why updating the OS of the Security Server?

Security. Currently, the Security Server relies on Ubuntu 20.04 LTS, which officially becomes End-of-Life after May 31st, 2025. This means it is not going to receive critical fixes and security patches, exposing the appliance to potential threats.

Because you can. You do not need to redeploy any of the appliances like before. WIth the March 2024 update for GravityZone Cloud and the April update for GravityZone On-Premises, Bitdefender offers the option to update the Security Servers through the Update Security Server task. The task is available for both GravityZone platforms, cloud and on-premises, and all integrations with virtualized environments, including cloud integrations.

It is easy. The OS update task is automatic, and you can schedule it to run in a maintenance window. The task applies to both multiplatform and agentless environments.

No icons with issues. After updating GravityZone, you may notice that the Security Server will be displayed as outdated. This means the Security Server version with OS update is available to download and install.

Warning

If you have a cloud integration (Azure or AWS) and you choose to update the OS for your Security Servers, Bitdefender is not responsible for any billing changes that may result from this update depending on your service-based model.

Prerequisites

  • The OS update task is available with GravityZone version 6.42.1-1.

  • Compatible Security Server versions:

    • Multi-Platform: 6.2.21

    • XDR Network Sensor Virtual Appliance: 1.0.21

  • To update your Security Server operating system hosted on Citrix Hypervisor 8.2, you must redeploy the Security Server with Ubuntu 24.04 or a newer version (greater than 6.3.0).

    For Citrix Hypervisor 8.4, the only supported Security Server version is with Ubuntu 24.04.

    Note

    Citrix Hypervisor has been End-of-Support (EOS) since June 03rd, 2024, and will become End-of-Life (EOL) on June 25th, 2025. For more information, refer to the official Citrix documentation.

  • To upgrade the Security Server deployed on Hyper-V generation 2, make sure that Secure Boot is disabled. After the OS upgrade, you can re-enable Secure Boot.

  • The update requires at least 2 GB of disk space available on the appliance to run.

  • Adjust resource allocation for the Security Server according to the new hardware requirements:

    Consolidation

    Number of protected VMs

    RAM

    CPU

    Low

    1 - 30

    2 GB

    2

    31 - 50

    4 GB

    2

    Medium

    51 - 100

    4 GB

    4

    High

    101 - 200

    4 GB

    6

  • Update location for the Security Servers. It must be one of the following:

    • Bitdefender Public Update Server

    • a Relay that mirrors the Bitdefender Public Update Server

Best practices

  • Take snapshots of the Security Server appliances, because the changes are major.

  • Since Bitdefender does not have any control over the infrastructure where the Security Server runs, the update task does not limit the number or combination of Security Servers to be selected.

    The recommendation is to run several update tasks on groups of Security Servers, considering redundancy and availability. Do not run the task on all Security Servers at once, or you will lose protection.

  • Schedule the Security Server update in a maintenance window, or migrate the VMs from one host to another one before starting the update.

  • Enable the Task status notification to know when the update is complete.

Update steps

  1. Select the target Security Servers in the Network page.

  2. Run an Update Security Server task with the feature update option.

    This update will prepare the Security Servers for the OS update.

  3. Run the Update Security Server task again, this time with the OS update option.

  4. Select to run now or choose a date from the calendar to schedule the maintenance window.

To check the status of the update task, go to the Tasks page from the left side menu. Follow the links in the Status column to view the status of the task for each target Security Server.

Update process

The update process is incremental because the operating system being upgraded to Ubuntu 22.04 LTS, and then to Ubuntu 24.04 LTS, under Canonical official recommendation.

Important

You must not manually reboot the Security Server during the update process.

The process happens transparently, with no user intervention. During the update, the following operations will be performed in the backend:

  • Update requirements are checked.

  • Non-Bitdefender repositories are disabled.

  • Third-party packages are uninstalled.

    You can reinstall the third-party packages once the update is complete.

  • Existing Bitdefender services are stopped.

  • The OS is updated to the latest patches of Ubuntu 20.04 LTS.

  • The OS is updated to Ubuntu 22.04 LTS.

  • The OS is updated to Ubuntu 24.04 LTS.

  • Repositories are changed to receive Ubuntu 24.04 updates and patches.

  • Non-Bitdefender repositories are enabled.

  • Bitdefender services are started.

Note

The appliances automatically reboot several times during the OS upgrade process.

Questions & answers

Q1: How long does the OS update last and what is the expected downtime?

A: Depending on the networking and storage characteristics, the update duration can vary. In most cases, it can take between 20-30 minutes.

Q2: Will the update work if the Security Server has various minor Ubuntu 20.04 kernel versions?

A: Yes. Before starting the OS upgrade, all packages are updated to the latest versions available.

Q3: What happens with custom repositories or third-party packages during the update?

A: Any third-party packages is uninstalled during the OS upgrade. They are not automatically restored because Bitdefender repositories do not include them. The additional repositories will still be there, so you can reinstall the custom packages after the upgrade is complete.

Q4: How do I know if the update fails on a Security Server?

A: In Control Center, follow the Status link of the update task to open the Task Status window. You will view all target Security Servers and the status of the task on each of them. You can filter to view only where the task status is Failed. Select the Security Server with a failed update and check the error message in the lower part of the window.

Q5: Can I install the Security Server manually?

A: Yes. Follow the steps described in Bitdefender Security Server manual installation.

Q6: What happens if GravityZone is in an offline environment?

A: Follow the usual procedure to download the update archive. For details, refer to GravityZone products offline update.

Q7: Will the task run if Security Server runs on Ubuntu 16.04?

A: No. The task can only run if Security Server runs on Ubuntu 20.04. In this case, you need to redeploy the Security Server.