Skip to main content

Install Security Server manually

This section provides you with information regarding the Security Server manual installation on various platforms.

Install Bitdefender Security Server in Nutanix Prism

This section describes how to manually deploy Bitdefender Security Server in Nutanix Prism.

GravityZone allows you to integrate Control Center with Nutanix Prism Element for high-class protection of your virtualization platform. You are able to integrate one or more Nutanix Prism Element clusters, either registered or unregistered to Nutanix Prism Central.

Nutanix Prism Element integration overview

To protect a Nutanix Prism Element cluster, you have to deploy a Bitdefender Security Server on each host. You can do this by running a remote installation task in the GravityZone Control Center. However, the installation task may fail when the Nutanix Prism Element cluster is registered to Prism Central or because of other reasons.

When Nutanix Prism Element is registered to Prism Central, GravityZone is unable to automatically upload the Security Server in Nutanix because of certain user restrictions. Therefore, you need to:

  1. Upload the Security Server image in Nutanix Prism Central.

  2. Run the installation task again in the GravityZone Control Center.

When Nutanix Prism Element is not registered to Prism Central, but the remote installation task still fails, you need to:

  1. Run again the installation task in GravityZoneControl Center.

  2. If the case, upload and configure Security Server in Nutanix Prism Element.

Important

The Nutanix Prism Element integration with GravityZone requires a Nutanix user with Cluster Admin or User Admin privileges. Please review these privileges when performing tasks in Control Center.

How to upload the Security Server image in Nutanix Prism

Requirements

Before starting Security Server upload and configuration in Nutanix Prism, you must have at hand:

  • Nutanix Prism credentials.

  • A Bitdefender Security Server image in VMDK format. You can download it from Network > Packages in the GravityZone Control Center.

Uploading the Security Server in Nutanix Prism Central

You need to manually upload the Security Server image in Nutanix Prism Central when the Nutanix Prism Element cluster is registered to Prism Central. Follow these steps:

Important

Wait for the image to be both uploaded and updated. After that, run the installation task again in GravityZone Control Center.

  1. Log in to Nutanix Prism Central.

  2. Go to Explore > Images.

    10791_1.png
  3. Click Add Image.

  4. Make sure you have the Image File radio button selected and click Add File to select the Bitdefender image from where it is stored.

  5. Check the image details:

    1. Under Image Name, keep the file original name: Bitdefender_SVE-SVA-Multi-Platform.vmdk. Otherwise, the Security Server installation will fail.

    2. Under Image Type, select Disk.

    3. Optionally, add an image description.

      10791_2.png
  6. Click Save. The Security Server image upload begins and it can take several minutes. You can view the progress in Tasks.

Uploading Security Server in Nutanix Prism Element

This is how you manually upload the Security Server when Nutanix Prism Element in not registered to Prism Central:

  1. Log in to Nutanix Prism Element.

  2. Go to Settings > Image Configuration.

    10791_3.png
  3. Click Upload Image. A new window appears.

  4. Fill in the details:

    1. Name.

    2. Annotation.

    3. Select the image type: DISK.

    4. Select the preferred storage container.

  5. Click Upload a file, then click Choose File to select the Security Server image from where it is stored.

  6. Click Save.

    10791_4.png

The Security Server image upload begins and it can take several minutes. You can view the progress in Tasks.

Wait for the image to be both uploaded and updated.

How to configure Security Server in Nutanix Prism

Once you have the Security Server image uploaded in Nutanix Prism, you can either:

  • Run a remote installation task in GravityZone Control Center. The Security Server is automatically configured.

  • Manually configure Security Server in Nutanix Prism. That means you have to create a Security Server virtual machine, power it on and configure the Communication Server address in the Security Server console.

To configure a Security Server virtual machine you must follow these steps in Prism Element or in Prism Central:

  1. Go to the virtual machines list and click Create VM.

  2. Fill in the required details:

    1. Under General Configuration, enter a name and, optionally, a description.

    2. Under Compute Details, choose 2 VCPUs, 1 core per VCPU and 3 GB of memory.

      10791_5.png
    3. Under Disks, remove the default CD-ROM disk, confirm the action and click Add New Disk. Configure the disk as follows:

      1. Type: Disk.

      2. Operation: Clone from Image Service.

      3. Bus Type: SCSI.

      4. Image: Select the Security Server image you have uploaded.

      5. Click Add.

        10791_6.png
    4. Under Network Adapters (NIC):

      1. Click Add New NIC.

      2. Choose the preferred network.

      3. Click Add.

    5. Under VM Host Affinity:

      1. Click Set Affinity.

      2. Select one of the hosts.

      3. Click Save.

        10791_7.png
  3. Click Save. The virtual machine is created with the VM create with customize label.

  4. Go to virtual machines list.

  5. Select the Security Server virtual machine.

  6. Click Power on.

  7. Set up the Security Server:

Install Security Server on an Ubuntu machine from XenServer, ESXi or AWS

Bitdefender provides the Security Server under several formats, such as OVA, VHD or XVA. When the virtual environment uses an unsupported format, such as Amazon Machine Image (AMI), you must manually install the Security Server.

In this section, you will learn how to install Security Server through a script on an Ubuntu machine from your environment (Citrix XenServer, VMware ESXi, AWS).

Requirements

Hardware

Memory and CPU resource allocation for the Security Server depends on the number and type of VMs running on the host. The following table lists the recommended resources to be allocated:

Consolidation

Number of protected virtual machines

RAM

CPUs

Low

1-30 VMs

2 GB

2 CPUs

31-50 VMs

4 GB

2 CPUs

Medium

51-100 VMs

4 GB

4 CPUs

High

101-200 VMs

4 GB

6 CPUs

HDD: 16 GB (SSD, if available)

Software

Ubuntu Server 20.04 LTS must be used as the virtual machine instance.

Prerequisites

  • On the physical server, install Ubuntu 20.04, with a working internet connection.

  • Use any authentication method to log in.

Installation steps

  1. Deploy a new Ubuntu 20.04 instance in your environment.

    For some virtualized environments (such as AWS), the ubuntu user is predefined, and is by default allowed to login over SSH.

    For other users, aside from root and ubuntu, the SSH login is going to be restricted.

    Note

    After installing the Security Server, a password policy is set for the root user and it expires every 90 days.

  2. Change the root password:

    sudo passwd root

  3. Get root privileges:

    sudo su

    or

    sudo -i

  4. Update the OS to the latest version:

    apt-get update

    apt-get dist-upgrade

  5. Download the script from here and unpack the archive.

  6. Use the following command to assign an execute permission:

    chmod 500 install-scan-server.dat

  7. Navigate to the downloaded script and run it to install and update the Security Server:

    ./install-scan-server.dat

    You can follow the output of this command to check when the installation task is completed.

  8. Open the following log file after the installation is completed:

    /opt/BitDefender/var/log/update.log

  9. Check the output for a completed update process.

    The end of the output returns the following:

    dateStamp BDLIVED[4755] INFO: Done installing updates: 5 location(s) updated.

    Note

    If the update process is not yet finished, please wait while the Security Server runs through all the updates.

  10. Run the Security Server setup:

    /opt/BitDefender/bin/sva_setup.sh

  11. Select option 3 Communication Server configuration from the menu.

  12. Select the Communication Server location based on your browser's URL:

    • For cloudgz.gravityzone.bitdefender.com: GZ Cloud Instance 1

    • For cloud.gravityzone.bitdefender.com: GZ Cloud Instance 2

    • For cloudap.gravityzone.bitdefender.com: GZ Cloud Instance 3

    Also, select option 4 Configure the company hash and enter your company hash from GravityZone.

  13. Select Ok to confirm your action.

Note

After installing the Security Server manually, you can only login with the root or ubuntu (if this user exists on the virtual machine) user over SSH.

For any other question regarding the GravityZone product, refer to our Technical Support contact page.

Install Bitdefender Security Server in Nutanix AHV

This section aims to explain how to import and deploy Bitdefender Security Server in Nutanix AHV.

Importing the Security Server

  1. Log in to GravityZone.

  2. Go to the Network > Packages page.

  3. Select the default Security Server Virtual Appliance package.

  4. Click the Download button in the upper-left side of the table and select the Nutanix Prism (VMDK) version. Depending on your browser settings, the file may be downloaded automatically to a default download location.

  5. Log in to PRISM, the Nutanix Web Console.

  6. Import the VMDK file:

    1. Click the gear button in the upper-right corner of the console to access the Settings menu and select Image Configuration.

      10791_11.png

      The configuration window is displayed.

    2. Click Upload Image. A new window pops up, asking you to enter image details.

    3. Enter a suggestive name for the image.

    4. From the Image Type menu, choose Disk.

    5. From Image Source, select Upload File and choose the VMDK file you have previously extracted.

    6. Click Save. Wait while the virtual drive is being uploaded. When completed, you will be able to view the image in the list of existing images.

  7. Create the virtual machine for the Bitdefender Security Server VMDK file:

    1. Go to the VM page using the menu at the upper left corner of the console.

      10791_12.png
    2. Click the Create VM button at the upper right corner of the page.

      10791_13.png
    3. In the new configuration window, enter the requested details:

      • A suggestive name and a description for the VM.

      • Hardware configuration such as number of CPUs, cores per CPU and memory. These values must meet the Bitdefender Security Server requirements.

    4. Click Add new disk. A configuration window is displayed.

    5. Configure the disk settings as follows:

      Type: Disk

      Operation: Clone from Image Service

      Bus Type: SCSI

      Image: the image you have previously created.

    6. Click Add.

    7. Click Add new NIC and choose the network you want to use.

    8. Click Save.

Deploying the Security Server

  1. In Nutanix console, go to the VM > Table section.

    10791_13.png
  2. Power on the newly created machine.

    10791_14.png
  3. Click Launch Console.

    10791_15.png

    Connect to the Security Server via SSH. For details regarding configuration steps, refer to Deploying Security Server Installation Packages.

    10791_16.png

Install Security Server in Microsoft Azure

This section describes how to use a Security Server to protect your Microsoft Azure virtual machines.

The default scan mode for Microsoft Azure virtual machines is Local Scan (security content is stored on the installed security agent, and the scan is run locally on the machine). If you want to scan your Microsoft Azure virtual machines with a Security Server, you need to configure the security agent’s installation package and the applied policy accordingly.

Note

Make sure you have the minimum hardware requirements. For more information, refer to Requirements.

Installation steps

  1. Create the virtual machine in Azure.

    Note

    Ubuntu Server 20.04 LTS must be used as the virtual machine instance.

    After installing the Security Server, a password policy is set for the root user and it expires every 90 days.

  2. Change the root password:

    sudo passwd root

  3. Get root privileges:

    sudo su

    or

    sudo -i

  4. Update the OS to the latest version:

    apt-get update

    apt-get dist-upgrade

  5. Download the script from here and unpack the archive.

  6. Use the following command to assign an execute permission:

    chmod 500 install-scan-server.dat

  7. Navigate to the downloaded script and run it to install and update the Security Server:

    ./install-scan-server.dat

    You can follow the output of this command to check when the installation task is completed.

  8. Open the following log file after the installation is completed:

    /opt/BitDefender/var/log/update.log

  9. Check the output for a completed update process.

    The end of the output returns the following:

    dateStamp BDLIVED[4755] INFO: Done installing updates: 5 location(s) updated.

    Note

    If the update process is not yet finished, please wait while the Security Server runs through all the updates.

  10. Configure Security Server to connect to GravityZone:

    1. Run the Security Server setup:

      # /usr/bin/sva-setup

    2. Select option 3 Communication Server configuration from the menu.

    3. Select one of the following options for the Communication Server, based on your browser's URL:

      • For cloudgz.gravityzone.bitdefender.com: GZ Cloud Instance 1

      • For cloud.gravityzone.bitdefender.com: GZ Cloud Instance 2

      • For cloudap.gravityzone.bitdefender.com: GZ Cloud Instance 3

    4. Configure the Company hash - the GravityZone company hash where the Network sensor sends the data (Login to GravityZone > My Company > My Company hash).

    5. Select Ok to confirm your action.

Note

After installing the Security Server manually, you can only login with the root user over SSH.

Install Bitdefender Security Server in Microsoft Hyper-V

You can install Security Server in Microsoft Hyper-V as follows:

  1. Access Hyper-V Manager.

  2. Select the Hyper-V host.

  3. Download the .vhd or .vhdx images from GravityZone Control Center > Packages.

  4. Select your Hyper-V Server from the Hyper-V Manager.

  5. Right click your Hyper-V Server.

  6. Select New > Virtual Machine...

    gravityzone_cl_pt_op_sva_hyperv_manager.png
  7. In the Specify Name and Location window, add your virtual machine name and the location where the image was downloaded.

  8. In the Specify Generation window you must:

    • Select Generation 1 if you have dowloaded the .vhd image type.

    • Select Generation 2 if you have downloaded the .vhdx image type.

    gravityzone_cl_pt_op_sva_hyperv_generation.png
  9. In the Assign Memory window, set the Startup Memory to 2048 MB.

  10. In the Configure Networking window, set the Network Connection to the desired network interface.

  11. In the Connect Virtual Hard Disk window, select Use an existing virtual hard disk and the image you have downloaded.

    gravityzone_cl_pt_op_sva_hyperv_connect_vhdd.png
  12. Complete the deployment wizard.

  13. (Only for .vhdx images) Go to Virtual Machines > Settings… > Security and right click your virtual machine.

    (Only for .vhdx images) Set the template to Microsoft UEFI Certificate Authority or uncheck Enable secure boot.

    gravityzone_cl_pt_op_sva_hyperv_security.png
  14. Start your virtual machine.

  15. Configure Security Server to connect to GravityZone:

    1. Run the Security Server setup:

      # /usr/bin/sva-setup

    2. Select option 3 Communication Server configuration from the menu.

    3. Select one of the following options for the Communication Server, based on your browser's URL:

      • For cloudgz.gravityzone.bitdefender.com: GZ Cloud Instance 1

      • For cloud.gravityzone.bitdefender.com: GZ Cloud Instance 2

      • For cloudap.gravityzone.bitdefender.com: GZ Cloud Instance 3

    4. Configure the Company hash - the GravityZone company hash where the Network sensor sends the data (Login to GravityZone > My Company > My Company hash).

    5. Select Ok to confirm your action.