Skip to main content

Use cases

Bitdefender GravityZone is delivered as a virtual appliance. The Bitdefender GravityZone appliance image is available in several formats, compatible with main virtualization platforms. Before proceeding, check the GravityZone virtual appliance requirements.

To receive a trial license, go to the Bitdefender website and register. For GravityZone on-premises, select one or more of the following products:

  • Bitdefender Security for Virtualized Environments

  • Bitdefender GravityZone Security for Endpoints

  • Bitdefender GravityZone Security for Exchange

  • Bitdefender GravityZone Security for Mobile

Install GravityZone on an Ubuntu system

Prerequisites

  • On the physical server, install Ubuntu Server 20.04, with a valid internet connection.

  • Select your location: C - no localization.

  • Select country: Recommended America/US (recommended for initial deploy).

  • Detect keyboard layout: No. Choose English (US), recommended for initial deploy.

  • Network: no special requirements (recommended DHCP for initial deploy).

  • Set up users and passwords:

    • Full name new user: bdadmin

    • Username: bdadmin

    • Password: [your desired bdadmin user password]

  • Encrypt home directory: No.

  • Choose time zone: any option, it will be later changed to UTC during GravityZone installation.

  • Partition disks: Guided – use the entire disk and set up LVM. Then accept all the default settings and write changes to disk when asked to do so.

  • Choose no automatic updates.

  • Select to install only Standard system utilities and OpenSSH server.

For more information about this, refer to the Official Ubuntu Installation Guide.

Installation Steps

  1. Connect to the server via SSH, with the bdadmin user.

  2. Login as root:

    $ sudo -i
  3. Configure networking and replace netplan with ifupdown:

    # sed -ri 's#^GRUB_CMDLINE_LINUX_DEFAULT=.*#GRUB_CMDLINE_LINUX_DEFAULT="netcfg/do_not_use_netplan=true net.ifnames=0 biosdevname=0 console=tty1 console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300"#' /etc/default/grub
    
    # update-grub2
    
    # apt -yq install ifupdown
    
    # echo -e 'auto lo\niface lo inet loopback\n\nauto eth0\niface eth0 inet dhcp' > /etc/network/interfaces
    
    # apt -yq install resolvconf
    
    # ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
    
    # systemctl disable systemd-resolved
  4. Remove the Ubuntu repositories:

    # mv /etc/apt/sources.list /etc/apt/sources.list.orig
    # rm /etc/apt/sources.list.orig
    # rm /etc/apt/sources.list.d/original.list
  5. Install the GravityZone repositories:

    # echo "deb https://download.bitdefender.com/repos/deb-hydra20-unified bitdefender non-free" > /etc/apt/sources.list.d/deb-hydra20-unified.list
  6. Install the GravityZone repositories key:

    # curl -sS http://download.bitdefender.com/repos/gzrepos.key.asc | apt-key add -
  7. Set DEBIAN_FRONTEND to noninteractive to silently complete the installation:

    # export DEBIAN_FRONTEND="noninteractive"
  8. Make sure that the appliance OS timezone is set to UTC:

    # timedatectl set-timezone UTC
    # timedatectl set-local-rtc false
  9. Disable the Ubuntu banners (they will be replaced by the specific GravityZone ones):

    # chmod -x /etc/update-motd.d/*
  10. Clean apt and update the packages to the GravityZone repository versions:

    # apt clean
    # apt update
    # apt -yq dist-upgrade
  11. Install the GravityZone initial packages:

    # apt -yq --allow-unauthenticated install gzinstallwizard
  12. Update the installation system:

    # /opt/bitdefender/scripts/createInstallerXml.sh
  13. Remove snapd:

    # apt autoremove --purge snapd
  14. Remove any unneeded packages:

    # apt -yq autoremove
  15. Restart to complete the customization of the Ubuntu server into the GravityZone appliance:

    # reboot

Install roles from the console interface of the GravityZone appliance. For the administration of the GravityZone machine, refer to Deploy and set up GravityZone VA.

Further on, if you want to install a standalone Security Server and you cannot use Bitdefender images to deploy it, you will need to manually install it in a similar manner to how you have installed the above GravityZone appliance. For details on the installation procedure of the Security Server, refer to Install Security Server manually.

Install the GravityZone Virtual Appliance in Amazon EC2

To install the GravityZone Virtual Appliance in Amazon EC2, you must follow these steps:

  1. Connect to the server via SSH, with the ubuntu user.

  2. Login as root:

    $sudo -i
  3. Add the bdadmin user with the following command:

    adduser bdadmin
  4. Set a password for the user using the following command:

    passwd bdadmin
  5. Set elevated rights to the user using the following command:

    usermod -aG sudo bdadmin
  6. Configure networking and replace netplan with ifupdown:

    # sed -ri 's#^GRUB_CMDLINE_LINUX_DEFAULT=.*#GRUB_CMDLINE_LINUX_DEFAULT="netcfg/do_not_use_netplan=true net.ifnames=0 biosdevname=0 console=tty1 console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300"#' /etc/default/grub
    
    # update-grub2
    
    # apt -yq install ifupdown
    
    # echo -e 'auto lo\niface lo inet loopback\n\nauto eth0\niface eth0 inet dhcp' > /etc/network/interfaces
    
    # apt -yq install resolvconf
    
    # ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
    
    # systemctl disable systemd-resolved
  7. Remove the Ubuntu repositories:

    # mv /etc/apt/sources.list /etc/apt/sources.list.orig
    # rm /etc/apt/sources.list.orig
    # rm /etc/apt/sources.list.d/original.list

    Note

    Remove any other custom repositories, if applicable.

  8. Configure Ubuntu to use the GravityZone repositories using the following command:

    # echo "deb https://download.bitdefender.com/repos/deb-hydra20-unified bitdefender non-free" > /etc/apt/sources.list.d/deb-hydra20-unified.list
  9. Install the GravityZone repositories key:

    #curl -sS http://download.bitdefender.com/repos/gzrepos.key.asc | apt-key add -
    
  10. Set the DEBIAN_FRONTEND variable to noninteractive to silently complete the installation:

    # export DEBIAN_FRONTEND="noninteractive"
  11. Make sure that the appliance OS timezone is set to UTC:

    # timedatectl set-timezone UTC
    # timedatectl set-local-rtc false
  12. Disable the Ubuntu banners (they are going to be replaced by the GravityZone ones):

    # chmod -x /etc/update-motd.d/*
  13. Clean apt and update the packages to the GravityZone repository versions:

    # apt clean
    # apt update
    # apt -yq dist-upgrade
  14. Install the initial GravityZone packages:

    #apt -yq --allow-unauthenticated install gzinstallwizard
  15. Update the installation system:

    # /opt/bitdefender/scripts/createInstallerXml.sh
  16. Remove snapd:

    # apt autoremove --purge snapd
  17. Remove any unneeded packages:

    # apt -yq autoremove
  18. Restart to complete the customization of the Ubuntu server into the GravityZone appliance:

    # reboot

You can now install roles from the console interface of the GravityZone appliance. For more information on the administration of GravityZone, refer to Deploy and set up GravityZone VA.

Further on, if you want to install a standalone Security Server and you cannot use Bitdefender images to deploy it, you will need to manually install it in a similar manner to how you have installed the above GravityZone appliance. For details on the installation procedure of the Security Server, refer to Install Security Server manually.

Install GravityZone in Oracle VM VirtualBox

Download Bitdefender GravityZone OVA and MD5 files from the Bitdefender download website.

To be able to use GravityZone, you have to install it, following the steps below.

  1. Import GravityZone OVA file in VirtualBox:

    1. Open Oracle VM VirtualBox Manager.

    2. Go to File > Import appliance or press (Ctrl + I). The import wizard is displayed.

    3. Click the 8927_1.png Browse button, navigate to the GravityZone OVA file, select it and then click Open.

    4. Click Next to continue and view the appliance settings.

    5. Click Import to load the appliance into the VM manager. Wait until the progress bar disappears.

  2. Configure main GravityZone settings:

    1. From the left side pane, select the newly imported appliance and click Start to power it on. Wait until it finishes loading the system. The VM console window is displayed.

    2. Set a password for bdadmin, the built-in system administrator, needed to access the GravityZone appliance configuration area.

    3. Log in to GravityZone Virtual Appliance command line interface (CLI).

    4. Set up Bitdefender GravityZone:

      1. Configure network settings. Make sure it has access to the internet.

      2. Install the GravityZone roles. First install the Database role. After that, install all the other roles.

      For more information, refer to the Deploy and Set Up GravityZone Appliance section.

  3. Install VirtualBox Guest Additions on the GravityZone appliance:

    1. Power off the appliance.

    2. Load the Guest Additions image into the CD/DVD drive:

      1. Select the GravityZone appliance and then click Settings. The configuration windows is displayed.

      2. Go to the Storage tab.

      3. In the Storage Tree, click 8927_2.png Add CD/DVD Device.

      4. Click Choose disk and select the VBoxGuestAdditions.iso file from the Virtualbox folder.

      5. Click OK to apply the changes and close the window.

    3. Power on the appliance.

    4. Press Alt + F2 to switch to tty2, or connect through SSH with putty.

    5. Enter the bdadmin's credentials.

    6. Type sudo su to get root privileges.

    7. Add the Ubuntu official repositories to the sources file:

      1. Open /etc/apt/sources.list with an editor of your choice.

      2. Copy and paste the text below after the first line.

        # See http://help.ubuntu.com/community/UpgradeNotes# for how to upgrade to newer versions of the distribution.deb http://us.archive.ubuntu.com/ubuntu/ xenial main restricteddeb-src http://us.archive.ubuntu.com/ubuntu/ xenial main restricted## Major bug fix updates produced after the final release## of the distribution.deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricteddeb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
      3. Save the file and close the editor.

    8. Get the list with the latest packages versions from the repositories.

      #apt-get update

    9. Install the build-essential package.

      #apt-get install build-essential

    10. Install DKMS.

      #apt-get install dkms

    11. Install Linux headers.

      #apt-get install linux-headers-$(uname -r)

    12. Mount the DVD with the Guest Additions ISO file.

      #mkdir /mnt/dvd #mount /dev/dvd1 /mnt/dvd

    13. Install the Guest Additions package.

      #cd /mnt/dvd #sh ./VBoxLinuxAdditions.run

You may now log in to GravityZone Control Center and continue with registration.

Install GravityZone in Nutanix

To install GravityZone in Nutanix, follow these steps:

Import the GravityZone virtual appliance

  1. Download the latest GravityZone VMDK and MD5 files from the Bitdefender website.

  2. Log in to PRISM, the Nutanix Web Console.

  3. Import the VMDK file:

    1. Click the gear button in the upper-right corner of the console to access the Settings menu, and then select Image Configuration.

      6587_5.png

      The configuration window is displayed.

    2. Click Upload Image. A new window pops up, asking you to enter image details.

    3. Enter a name for the image.

    4. From the Image Type menu, choose Disk.

    5. From Image Source, select Upload File, and then choose the VMDK file you have previously extracted.

    6. Click Save. Wait while the virtual drive is being uploaded. When finished, you will be able to view the image in the list of existing images.

  4. Create the virtual machine for GravityZone VMDK file:

    1. Go to the VM page using the menu at the upper left corner of the console.

      6587_6.png
    2. Click the Create VM button at the upper right corner of the page.

      6587_7.png
    3. In the new configuration window, enter the requested details:

      • A name and a description for the VM.

      • Hardware configuration such as number of CPUs, cores per CPU and memory. These values must meet the GravityZone requirements.

    4. Click Add new disk. A configuration window is displayed.

    5. Configure the disk settings as follows:

      • Type: Disk

      • Operation: Clone from Image Service

      • Bus Type: SCSI

      • Image: the image you have previously created.

    6. Click Add.

    7. Click Add new NIC and choose the network you want to use.

    8. Click Save.

Deploy GravityZone

  1. In Nutanix console, go to the VM > Table section.

    6587_8.png
  2. Power on the newly created machine.

    6587_9.png
  3. Click Launch Console.

    6587_10.png

    The GravityZone CLI interface is displayed and you can begin to configure and install GravityZone in your network. For details regarding installation steps, refer to this topic.

    6587_11.png
    6587_12.png

Install GravityZone in Microsoft Azure

To install GravityZone in Microsoft Azure, follow these steps:

  1. Download the GravityZone virtual appliance image (VHD file) from the Bitdefender website to C:\vhd.

  2. Create a virtual machine in Hyper-V with the VHD file.

  3. Power on the machine and set the password for the default user, bdadmin.

  4. Power off the virtual machine.

  5. Recreate the the VHD file:

    $sourceVhd = "C:\vhd\GravityZoneEnterprise.vhd" $recreatedVhd = "C:\vhd\GravityZoneEnterpriseHDD.vhd" Convert-VHD -VHDType Dynamic -Path $sourceVhd -DestinationPath $recreatedVhd

    Note

    Depending on your Azure setup, you may need to use other values for the above mentioned paths.

  6. Prepare PowerShell for Azure:

    Install-Module AzureRM Login-AzureRmAccount

  7. Upload the file to Azure:

    $resourceGroupName = "Resources" $recreatedVhd = "C:\vhd\GravityZoneEnterpriseHDD.vhd" $destinationVhd = "https://mystorearea.blob.core.windows.net/vhds/GravityZoneEnterpriseHDD.vhd" Add-AzureRmVhd -LocalFilePath $recreatedVhd -Destination $destinationVhd -ResourceGroupName $resourceGroupName -NumberOfUploaderThreads 5

    Note

    • Azure supports only fixed sized VHD files. The Add-AzureRmVhd command takes the dynamic size VHD file and uploads it as a fixed size.

    • $destinationVhd is a custom path. Make sure to choose a valid path in your Azure environment.

    • Depending on your Azure setup, you may need to use other values for the above mentioned paths.

  8. Create the virtual machine in Azure:

    1. Get the network to be attached to the VM:

      $virtualNetworkName = "Resources-vnet" $locationName = "westeurope" $virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $resourceGroupName -Name $virtualNetworkName

      Note

      Depending on your Azure setup, you may need to use other values for the above mentioned variables.

    2. Configure public IP:

      $publicIp = New-AzureRmPublicIpAddress -Name "HydraSrv" -ResourceGroupName $ResourceGroupName -Location $locationName -AllocationMethod Dynamic $networkInterface = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroupName -Name "HydraSrv-Interface" -Location $locationName -SubnetId $virtualNetwork.Subnets[0].Id -PublicIpAddressId $publicIp.Id

    3. Configure VM settings:

      $vmConfig = New-AzureRmVMConfig -VMName "HydraSrv" -VMSize "Standard_F4s" $vmConfig = Set-AzureRmVMOSDisk -VM $vmConfig -Name "HydraSrv" -VhdUri $destinationVhd -CreateOption Attach –Linux $vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $networkInterface.Id

    4. Create the VM in Azure:

      $vm = New-AzureRmVM -VM $vmConfig -Location $locationName -ResourceGroupName $resourceGroupName

  9. Install GravityZone roles:

    1. Connect to the GravityZone appliance via SSH.

    2. Log in with bdadmin.

    3. Gain root privileges:

      $ sudo su

    4. Run the GravityZone installer:

      # /opt/bitdefender/eltiw/installer

    5. Install the roles: Database Server, Endpoint Communication Server, Endpoint Events Proccessing Server, Update Server, Web Console.

Import GravityZone virtual appliance in VMware vCenter

The Bitdefender GravityZone OVA file can be downloaded from the Bitdefender website: OVA and MD5.

To import Bitdefender GravityZone OVA file in VMware vCenter, follow these steps:

  1. Open the vSphere client.

  2. Go to File > Deploy OVF template. This works for both OVA and OVF.

    22861_.png
  3. Browse and select the package you would like to deploy, and then click Next.

    22861_2.png
  4. Details about the package are going to be displayed. Click Next.

    22861_3.png
  5. Name your virtual machine and place it in the correct datacenter and folder.

    22861_4.png
  6. Select your cluster.

    22861_5.png
  7. Select the storage locations.

    22861_6.png
  8. Select the disk provisioning virtual machine type thin or thick.

    22861_7.png
  9. Select the network.

    22861_8.png
  10. Click Finish and wait for your virtual machine to be created.

    22861_9.png
  11. Wait while the virtual machine is deployed from the OVA.

    22861_10.png
  12. Connect to the virtual machine and start the configuration.

    22861_11.png

Prerequisites for installing Bitdefender Endpoint Security Tools in VMware NSX environments

Current constraints

GravityZone Security for Virtualized Environments is designed to offer only agentless protection for VMware NSX through the Security Server. Installing Bitdefender Endpoint Security Tools (BEST) in such environments can lead to undesired behavior and malfunctions for the GravityZone infrastructure, such as:

  • Duplicated endpoints in GravityZone Control Center.

  • License key pools get depleted.

  • Protection stops working partially or completely.

  • Managed state reports from endpoints are inconsistent.

  • Power state reports from endpoints are inconsistent.

When to install Bitdefender Endpoint Security Tools in NSX

In some cases, endpoints hosted on an NSX infrastructure do need protection through Bitdefender Endpoint Security Tools:

  • Security for Exchange is not available with agentless protection. Therefore, you need to install Bitdefender Endpoint Security Tools on an Exchange Server that is hosted in an NSX protected cluster.

  • The protected operating systems are incompatible with the NSX introspection driver. In such cases, the NSX agentless protection does not work, and you need to install Bitdefender Endpoint Security Tools on these legacy endpoints.

  • When Virtual Desktop Infrastructure (VDI) environments are used, some endpoints could need the additional protection modules available only with Bitdefender Endpoint Security Tools, and through the agentless protection. This case also requires installing Bitdefender Endpoint Security Tools.

Note

Using both solutions on the same cluster means that endpoints using either one of the protection services are going to coexist in the same NSX protected cluster. You cannot protect an endpoint using Bitdefender Endpoint Security Tools and Security Server for NSX at the same time. In this case, Bitdefender Endpoint Security Tools must be configured to use an alternative to Central Scan mode, such as Local Scan or Hybrid Scan.

Prerequisistes

The following prerequisites must be met to safely separate the endpoints protected with Bitdefender Endpoint Security Tools from the GravityZone NSX agentless protection. In addition, these prerequisites must be met before installing the Bitdefender Endpoint Security Tools agents on the endpoints.

  • Endpoints to be protected by Bitdefender Endpoint Security Tools should not be included in any NSX Security Group on which a Bitdefender policy is applied.

    If this prerequisite cannot be achieved due to how the NSX Security Groups memberships are defined, you can exclude the endpoints which use Bitdefender Endpoint Security Tools from that group.

  • On the Bitdefender Endpoint Security Tools protected endpoints, VMware Tools must be installed without the NSX Guest Introspection drivers.

    If VMware Tools have been installed on endpoints with the NSX Guest Introspection drivers, run the VMware Tools setup again and remove them.

After these prerequisites are met, you can safely deploy Bitdefender Endpoint Security Tools agents on endpoints.

Note

Bitdefender Endpoint Security Tools can be installed only manually, because the Install agent task is not available.

Import GravityZone virtual appliance in VMware ESXi

Bitdefender GravityZone OVA file can be downloaded from Bitdefender website as OVA and MD5.

To import Bitdefender GravityZone OVA file on ESXi Host, you have to:

  1. Open the vSphere client.

  2. Go to File > Deploy OVF template. This works for both OVA and OVF.

    22861_12.png
  3. Browse and select the package you would like to deploy, and then click Next.

    22861_13.png
  4. Details about the package are going to be displayed. Click Next.

    22861_14.png
  5. Name your virtual machine and place it in the correct datacenter and folder.

    22861_15.png
  6. Select your cluster.

    22861_16.png
  7. Select the storage locations.

    22861_17.png
  8. Select the disk provisioning virtual machine type thin or thick.

    22861_18.png
  9. Select the network.

    22861_19.png
  10. Click Finish and wait for your virtual machine to be created.

    22861_20.png
  11. Wait while the virtual machine is deployed from the OVA.

    22861_21.png
  12. Connect to the virtual machine and start the configuration.

    22861_22.png

Import GravityZone virtual appliance in Microsoft Hyper-V

Import GravityZone virtual appliance in VMM (System Center 2012 - Virtual Machine Manager)

The Bitdefender GravityZone VHD file can be downloaded from the Bitdefender website: VHD and MD5.

To import the Bitdefender GravityZone VHD file on Hyper-V Manager, you must follow these steps:

  1. Open System Center 2012 - Virtual Machine Manager.

  2. Select the Library tab.

  3. Add that share location to Library Shares.

    22861_23.png
  4. Select the share location where Bitdefender GravityZone VHD file has previously been copied.

    22861_24.png
  5. Select VMs and Services tab, from Virtual Machine Manager.

  6. Click Create Virtual Machine.

    22861_25.png
  7. In the next window, select the virtual machine source: GravityZoneVA.vhd and click Next.

    22861_26.png
  8. Select an existing virtual machine.

    22861_27.png
  9. Name your virtual machine.

    22861_28.png
  10. Configure the hardware for the virtual machine, as mentioned under Endpoint protection.

    22861_29.png
  11. Select the destination.

    22861_30.png
  12. Select the Hyper-V Host destination.

    22861_31.png
  13. Review the virtual machine settings:

    22861_32.png
  14. A task will be created.

    22861_33.png
  15. Connect to the virtual machine and start the configuration.

    22861_34.png

Import GravityZone virtual appliance in Hyper-V host

Bitdefender GravityZone VHD file can be downloaded from Bitdefender website: VHD and MD5.

To import the Bitdefender GravityZone VHD file on Hyper-V Manager, follow these steps:

  1. Open Hyper-V Manager.

  2. From the navigation pane of Hyper-V Manager, select the computer running Hyper-V.

  3. Click New and then click Virtual Machine. The New Virtual Machine wizard opens.

    22861_35.png
  4. Click Next.

  5. On the Specify Name and Location page, type the name for your VM.

    22861_36.png
  6. On the Specify Generation, select Generation 1.

    22861_37.png
  7. On the Assign Memory page, specify enough memory to start the guest operating system.

    22861_38.png
  8. On the Configure Networking page, connect the virtual machine to the switch you created when you installed Hyper-V.

    22861_39.png
  9. On the Connect Virtual Hard Disk page, select Use an existing virtual hard disk.

    22861_40.png
  10. Browse for the location of Bitdefender GravityZone VHD file.

    22861_41.png
  11. The guest operating system is already installed in a virtual hard disk, so choose Install an operating system later.

    22861_42.png
  12. On the Summary page, verify your selections and then click Finish.

    22861_43.png
  13. Connect to the virtual machine and start the configuration.

    22861_44.png

Import GravityZone virtual appliance in Citrix XenCenter

The Bitdefender GravityZone XVA file can also be downloaded from the Bitdefender website: XVA and MD5.

You can import the Bitdefender GravityZone XVA file using the XenCenter Import wizard.

Importing a VM from an XVA or ova.xml file involves the same steps as creating and provisioning a new VM using the New VM wizard, such as: nominating a home server, and configuring storage and networking for the new VM.

Open the Import wizard by following these steps:

  1. On the File menu, select Import.

    22861_45.png
  2. On the first page of the wizard, locate the XVA file you want to import and then click Next.

    22861_46.png
  3. Alternatively you enter a URL location (http | https | file | ftp) in the Filename box.

    22861_47.png
  4. Click Next.

  5. The Download Package dialog box opens and you must specify a folder on your XenCenter host where the file(s) will be copied.

    22861_48.png
  6. On the Home Server page, specify where to put the new VM:

    • To place the imported VM in a pool without assigning it a home server, select the destination pool in the list, and then click Next.

    • To place the imported VM in a pool and assign it to a specific home server (or to place it on a standalone server), select a server and then click Next.

      22861_49.png
  7. On the Storage page, select a storage repository (SR) where the imported virtual disks will be placed, then click Next to continue.

    22861_50.png
  8. On the Networking page, map the virtual network interfaces in the VM you are importing to target networks in the destination pool. The Network and MAC address shown in the list on this page are stored as part of the definition of the original (exported) VM in the export file. To map an incoming virtual network interface to a target network, select a network from the list in the Target network column.

    22861_51.png
  9. Click Next.

  10. On the last page of the Import wizard, review the configuration options you have selected. To have the imported VM start up as soon as the import process has finished and the new VM is provisioned, select the Start VM after import check box.

    22861_52.png
  11. Click Finish to begin importing the selected file and close the wizard.

    The import progress is displayed in the status bar at the bottom of the XenCenter window and also on the Logs tab.

    22861_53.png

The import process may take some time, depending on the size of the imported VM's virtual disks, the available network bandwidth, and the disk interface speed of the XenCenter host. When the newly-imported VM is available, it appears in the Resources pannel.

Import GravityZone virtual appliance in KVM

Bitdefender GravityZone is delivered as a virtual appliance. The Bitdefender GravityZone appliance image is available in several different formats, compatible with the main virtualization platforms.

To receive a trial license, go to the Bitdefeder website and register for one.

The Bitdefender GravityZone KVM image can be downloaded from the Bitdefender website: RAW and MD5.

To import GravityZone image to KVM you have to install the Virtual Machine Manager tool on a Linux machine with GUI. The Linux with GUI machine should have connectivity with the KVM server.

Example of the Virtual Machine Manager installation on Ubuntu with GUI:

#apt-get install virt-manager

To import the GravityZone image using Virtual Machine Manager, follow these steps:

  1. Upload the GravityZone KVM image to the KVM server storage pool location using WinSCP. By default the storage location is /var/lib/libvirt/images.

  2. Extract GravityZone image archive using the following command:

    tar -jxf /var/lib/libvirt/images/GravityZoneVA_KVM.tar.bz2

  3. Go to the File > Add connection page to open the Virtual Machine Manager and connect to the KVM server.

    22861_54.png
  4. Click the Create Virtual Machine icon, to create a new virtual machine.

  5. Type a name and select Import existing disk image.

    22861_55.png
  6. Click Browse to provide a storage path.

    22861_56.png
  7. Select the GravityZone raw file extracted before.

    22861_57.png

    Note

    If the GravityZone raw file is not listed, the /var/lib/libvirt/images path is not the default storage location. To check or change the default storage location from Virtual Machine Manager, select the KVM connection Details option, under the Storage tab.

  8. Configure the GravityZone virtual machine CPU and memory.

    22861_58.png
  9. Configure the GravityZone virtual network and click Finish.

    22861_59.png
  10. Right click the virtual machine icon to power it on.

  11. Select Open to access the virtual machine.

    22861_60.png

Protect endpoints located in DMZ

In the default GravityZone setup, devices can be managed only when they are directly connected to the corporate network.

Networking prerequisites

To manage BEST clients located in the DMZ (demilitarized zone), the administrator must configure any firewall or network filter between the DMZ and the GravityZone appliance.

The following ports need to be opened for the communication to be successful:

  • Traffic from the DMZ communication server to the Production Database instance on port 27017.

  • Traffic from the DMZ communication server to the Production Update Server.

  • Traffic from the DMZ Update Servers.

  • Traffic from the DMZ Communication servers to the Production Web Consoles and Communication Servers on ports 4369, 5672, and 6150.

  • Traffic from the DMZ Communication servers to Production Web Consoles instances on port 443.

  • Traffic from the DMZ clients to the Bitdefender servers (upgrade.bitdefender.com) on port 80.

To guarantee proper communication between appliances across networks, ensure that all communication ports pertaining to Bitdefender are open. For more details, refer to GravityZone (on-premises) communication ports.

As administrator, you have 3 options to choose from, in terms of how the clients can communicate with the GravityZone appliance:

  1. The endpoints can connect to the Communication Server of the main appliance directly on port 8443.

  2. The endpoints can connect to a Relay in the DMZ on port 7074, which connects to the main appliance, therefore minimizing traffic.

  3. Endpoints can connect to a second Communication Server from the DMZ.

Configure a new role balancer

This step is only required if you do not have an external balancer.

The role balancer is needed for configuring more than one communication server and can be set up a as role on a second GravityZone Appliance.

To configure a new balancer, follow the steps below:

  1. Connect to the GravityZone VM Console from your Hypervisor.

  2. Login as bdadmin.

  3. Go to Advanced Settings > Connect to existing database.

  4. Enter your database IP followed by :27017:

    databaseIP:27017
  5. Select OK to continue.

  6. Go to Advanced Settings > Configure Role Balancers.

    gz_cl_op_pt_com_conf_role_balancers_en.png
  7. Select Use the built-in balancers from the available options and Select.

    gz_cl_op_pt_com_use_bi_balancers_en.png
  8. Select Communication Server Balancer from the available options.

    gz_cl_op_pt_com_ext_balancers_en.png
  9. Select OK to continue.

Configure a new Communication Server in the DMZ

To configure a new Communication Server in the DMZ, use these steps:

  1. Connect to the GravityZone VM Console from your Hypervisor.

  2. Login as bdadmin.

  3. If you have an external balancer and have not configured a new role balancer, follow the steps below:

    1. Go to Advanced Settings > Configure Role Balancers > Use external balancers.

    2. Next to Communication Server, enter the IP address of the balancer, followed by port 8443:

      https://IP_OF_BALANCER:8443
    3. Select OK to save the changes made.

      Note

      Leave the Web Console field blank.

      gz_cl_op_pt_external_balancers_en.png
  4. Import a new GravityZone virtual appliance image to your Hypervisor of choice on a virtual host in the DMZ.

  5. Connect to the new GravityZone VM Console from your Hypervisor and configure the settings under the Configure Hostname Settings and Configure Network Settings sections.

  6. Connect the appliance to an existing Database that is running on the Production Server.

  7. Go to Advanced Settings > Install/Uninstall Roles > Add or remove roles > Add the Communication Server role only and click OK to finalize the changes.

Install BEST on the devices

The BEST client can be installed manually through an installation package or remotely deployed via the GravityZone Control Center.

The installation package used for the manual installation must be configured to communicate with the public IP address of the DMZ Communication Server.

Follow these steps:

  1. Log in to GravityZone Control Center.

  2. Go to the Installation Packages page from the left side menu.

  3. Select Add.

  4. Configure the installation package for your endpoints.

    Note

    For more information on the creating packages, refer to Create installation packages.

    Under the Deployer section, apply these changes to set up communication with a DMZ relay:

    gz_cl_livesearch_endpoint_package_deployer_en.png
  5. Install the newly created packages to all endpoints located in the DMZ.

  6. Go to the Policies page from the left side menu in GravityZone Control Center.

  7. Click the Add button to create a new policy.

  8. Under the General tab, select Communication.

  9. Under the Endpoint Communication Assignment section, from the drop-down menu for the IP column, select the Communication Server’s IP address.

    Note

    Based on your network configuration, you can also select the IP address of your DMZ Relay, or GravityZone appliance.

  10. Add the public IP of the DMZ under the Custom Name/IP field.

  11. Click the Add button.

    gz_cl_livesearch_policy_general_com_ECA_en.png
  12. Under the same General tab, click the Save button in the lower part of the window.

  13. While still editing the same policy, under the General tab, go the the Update page.

  14. Under the Update locations section, add the relay server IP address (if any) in the Add location box and click the Add button.

    gz_cl_livesearch_policy_general_update_location_en.png
  15. Finish configuring the policy to fit your company's needs.

    Note

    For more information on creating policy templates, refer to Creating policies.

  16. Assign the new policy template to each endpoint located in the DMZ.