Skip to main content

Security Containers

For orchestrated container clusters/nodes

To deploy a Security Container instance on a cluster, follow the steps below:

  1. Go to Network > Packages.

  2. Select the package you want to use for the installation process.


    The package must have the Container Protection module enabled.


    For information on how to edit or create a new package, refer to Create installation packages.

  3. Click Download and select Security Container:


    This opens the Download Security Container screen. The screen provides scripts for installing Security Container on all supported Kubernetes environments.



    Currently, Openshift environments are compatible only with Azure Kubernetes Service (AKS) and VMware.

  4. Select the copy_script.PNGCopy button next to the environment on which you want to install the Security Container.

  5. Go to your Kubernetes environment and run the script.


    This will deploy an instance of Security Container on every host in your designated cluster.

  6. Verify the deployment using either of these options:

    • In your Kubernetes environment, use the kubectl get pods -n bitdefender-security-container entry.

    • In the GravityZone console, go to the Network page.

For Linux hosts

To install a Security Container on a Linux server with docker installed, run the following command :

docker run \
        --privileged \
        -d \
        -e "BSC_SERVER=" \
        -e "BSC_COMPANY=6076e2270a51301d552afd1a" \
        -v /mnt/data:/data \
        -v /sys:/mnt/host-sys \
        -v /proc:/mnt/host-proc \
        -v /etc/os-release:/mnt/host-os-release \
        -v /:/mnt/host \
        --pid host \
        --net host \
        -u :10000 \
        --name=BSC \

The variables used in the command are:






Get the address of the Communication Server by downloading any BEST for Linux installation kit and opening the installer.xml file.


The format of the address is <FQDN[:port]> (eg. The process is described here.



The company ID required for GravityZone Cloud integrations. This is used on cloud environments only and can also be found in the installer.xml file. The process is described here.



The desired log level which will be configured in /log/level/bdsecd.json. The default value is info.



The group ID under which to run the product services. This environment variable is required if the -u :<gid> argument is missing from the Docker command line.

Getting company related information from a BEST for Linux installation kit

  1. In GravityZone Control Center, go to Network > Packages

  2. Select your regular BEST for Linux package and click Send download links.

  3. Expand the Installation links section and copy the link for Linux.

  4. Go to the target machine and download the kit using this command:

    wget <donwload link>
  5. Extract the files from the archive:

    tar -xzvf setup_downloader.tar
  6. Open installer.xml using this command:

    cat installer.xml
  7. Get the Communication Server address.

    In the following examples, the Communication Server address and company ID are highlighted:

    Example 1. For GravityZone Cloud

    Information from installer.xml

    <serverAddress strVar="EpagServer"></serverAddress>
    <customerId strVar="EpagCustId">6076e2270a51301d552xxxx</customerId>

    Example entry

    docker run --privileged -d -e "" -e "BSC_COMPANY=6076e2270a51301d552xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0

    Example 2. For GravityZone On-Premises

    Information from installer.xml

    <serverAddress strVar="EpagServer"></serverAddress>
    <customerId strVar="EpagCustId">5ff6c05e09ec9149654xxxx</customerId>

    Example entry

    docker run --privileged -d -e "BSC_SERVER=" -e "BSC_COMPANY=5ff6c05e09ec9149654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0

    Example 3. For Update Server

    Information from installer.xml

    <serverAddress strVar="EpagServer"></serverAddress>
    <customerId strVar="EpagCustId">3dd6p02e09ec3479654xxxx</customerId>

    Example entry

    docker run --privileged -d -e "BSC_SERVER=" -e "BSC_COMPANY=3dd6p02e09ec3479654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0

Getting logs from a Security Container

To get the security logs from a Security Container host, follow these steps:

  1. Display running containers on the current server:

    docker ps
  2. Get the ID of the container for which you want to view the logs.

  3. Download the logs using this command:

    docker logs <container id>