How to protect virtual machines on Hyper-V hosts

Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.

GravityZone does not have integration with Hyper-V, therefore the Security Servers installation and configuration in this environment has to be done manually.

This article presents the required steps for installing protection on virtual machines in a Hyper-V environment.

Downloading Security Server (Microsoft Hyper-V)

Once the GravityZone appliance has been imported and properly configured on the Hyper-V host, it is required to download the Security Server component:

  1. Log on to GravityZone Control Center with a Company Administrator account.
  2. Go to Configuration > Update page, Product Update tab.
  3. Under Component Update section, select Security Server (Microsoft Hyper-V) and click the Update button. This will download the Hyper-V Security Server image to the GravityZone appliance. GravityZone: Downloading Security Server
     
  4. Click the Refresh button at the right side of the Component Update table to check the download status.


Creating the Security Server virtual machine

Once the Security Server image has been downloaded to the GravityZone appliance, you will have to download the Security Server's vhd file to a network share or a storage device accessible from the host:

  1. Go to Network > Packages page.
  2. Select Default Security Server Package and click the  Download button.
  3. Select Microsoft Hyper-V (VHD). Wait for the download to complete.GravityZone - Download Security Server image

Next, you need to deploy the Security Server image on the host, by creating a new virtual machine and attaching the downloaded vhd file to it. This procedure is similar with importing the GravityZone appliance into this type of host. Find here a KB article explaining how to import a virtual appliance to Hyper-V.

Configuring Security Server

Once the virtual machine has been created, you need to start it and configure it to communicate with the GravityZone components. For this, follow the next steps:

  1. Connect to the appliance via SSH, using the default credentials:
    • username: root
    • password: sve
  2. Run the sva-setup command.
  3. Configure the appliance with DHCP/static network settings.
    If you have created an IP reservation for the appliance on the DHCP server, skip this configuration by pressing Enter. If you configure with static network settings, follow these steps:
    1. Type Y and press Enter to continue.
    2. Enter the network settings: IP address, network mask, gateway, DNS servers.
    3. Type Y and press Enter. to save the changes.
  4. Configure the Security Console IP: enter the Control Center IP address (e.g. 192.168.0.101).
  5. Configure the Communication Server IP address.  https://CommServer-IP:8443 (e.g. https://192.168.0.101:8443).
  6. Configure Update Server address: enter the IP address or hostname of the Update Server (e.g. 192.168.0.101).
  7. Configure the Update Server port: 7074.

Note: the above IP address is just an example of a GravityZone appliance with all the roles installed on the same instance.

Once the configuration is finished, the specific services of Bitdefender will start on the virtual machine. The Security Server will be visible in the Network page of the GravityZone Control Center, in Virtual Machines > Custom Groups in no more that 2 or 3 minutes.

GravityZone: Download Security Server installation package

Installing Bitdefender Tools on a virtual machine

The first Bitdefender Tools client has to be manually installed on a virtual machine. Then it will discover the other virtual machines in your network and display them in GravityZone Control Center. From this point forward, the client installation can be performed remotely.

To manually install the client, follow the next steps:

  1. Create an installation package according to your needs.
  2. Download the installation package.
  3. Run the installation package on the machine.

 

Create a Bitdefender Tools Installation Package

 

  1. Go to the Network > Packages page.
  2. Click the  Add button at the right side of the table and choose Bitdefender Tools from the menu. A configuration window will appear.GravityZone: Bitdefender Tools installation package
     
  3. Please add all the requested information:
    1. Enter a suggestive name and description for the installation package you want to create.
    2. Configure settings as needed.
    3. Select the Security Server that will be used for scanning the virtual machines:
      • Click the Security Server field. The list of detected Security Servers is displayed.
      • Select an entity.
      • Click the  Add button at the right side of the table. The Security Server is added to the list. All target virtual machines will be scanned by the specified Security Server.
      • Follow the same steps to add several Security Servers, if available. In this case, you can configure their priority using the up and down arrows available at the right side of each entity.
      • To delete one entity from the list, click the corresponding Delete button at the right side of the table. GravityZone: Bitdefender Tools installation package
  4. Click Save. The Bitdefender Tools package will appear in the list.
     


Downloading the installation package

To download the installation package that you have created:

  1. Select the installation package in the Network > Packages page.
  2. Click the  Download button at the right side of the table.
  3. Select the appropriate version: Multi-Platform (Windows) or Multi-Platform (Linux). Wait for the download to complete.

GravityZone: Download the Bitdefender Tools installation package
 

Running the installation package on the machine

For installation to work, the installation package has to be run using administrator privileges or under an administrator account.

  • To manually install Bitdefender Tools on a Windows virtual machine:
    1. Download or copy the installation file to the target virtual machine or to a network share accessible from that machine.
    2. Run the installation package.
    3. Follow the on-screen instructions.
  • To manually install Bitdefender Tools on a Linux virtual machine:
    1. Download or copy the installation file to the target virtual machine or to a network share accessible from that machine. The downloaded file is named installer.
    2. Grant execute permission to the current user on the installer file.
      $ chmod u+x installer
    3. Run installer as root. The script downloads the full installation package from the Control Center appliance and then starts the installation.
      $ sudo ./installer

Installation will complete normally in less than a minute. Once Bitdefender Tools has been installed, the virtual machine will show up as managed () in Control Center (Network page, under Custom Groups) within a few minutes.

GravityZone: Deploy the Security Server

Network discovery mechanism

The installation of Bitdefender Tools needs to be done manually only on the first virtual machine within the network. The rest of the virtual machines will be discovered by Bitdefender Tools and you will be able to deploy the product from GravityZone Control Center.
Bitdefender Tools includes an automatic network discovery mechanism intended to detect other virtual machines. It relies on the Microsoft Computer Browser service to perform network discovery. The Computer Browser service is a networking technology used by Windows-based computers to maintain updated lists of domains, workgroups, and the computers within them and to supply these lists to client computers upon request. Computers detected in the network by the Computer Browser service can be viewed by running the net view command in a Command Prompt window.

Net View

In order to successfully discover other virtual machines, the following are required:

  • Computers must be joined in a workgroup or domain and connected via an IPv4 local network. Computer Browser service does not work over IPv6 networks.
  • Several computers in each LAN group (workgroup or domain) must be running the Computer Browser service. Primary Domain Controllers must also run the service.
  • NetBIOS over TCP/IP (NetBT) must be enabled on computers. Local firewall must allow NetBT traffic.
  • File sharing must be enabled on computers. Local firewall must allow file sharing.
  • A Windows Internet Name Service (WINS) infrastructure must be set up and working properly.
  • For Windows Vista and later, network discovery must be turned on (Control Panel > Network and Sharing Center > Change Advanced Sharing Settings). To be able to turn on this feature, the following services must first be started:
    • DNS Client
    • Function Discovery Resource Publication
    • SSDP Discovery
    • UPnP Device Host
  • In environments with multiple domains, it is recommended to set up trust relationships between domains so that computers can access browse lists from other domains.
  • Computers from which Bitdefender Tools queries the Computer Browser service must be able to resolve NetBIOS names

Note: All virtual machines (protected and unprotected) from a Hyper-V hosts will be displayed in Control Center, in Virtual Machines > Custom Groups. Therefore, you need to make sure that the account you are using to access Control Center has the permissions to see this container.


Rate this article:

Submit