Bitdefender B2B Help Center

GravityZone platform

To make sure installation goes smoothly, follow these steps:

is installed and hosted on Bitdefender servers. To access it, go to https://gravityzone.bitdefender.com.

Prepare for installation

For installation, you need a virtual appliance image.

After you deploy and set up the appliance, you can remotely install the client or download the necessary installation packages for all security services components from the web interface.

The appliance image is available in several different formats, compatible with the main virtualization platforms.

You can obtain the download links by registering for a trial on the website. When filling out the required form, select one of these on-premises products: Bitdefender Security for Virtualized Environments, Bitdefender GravityZone Security for Endpoints, Bitdefender GravityZone Security for Exchange, Bitdefender GravityZone Security for Mobile.

You can obtain the license key by making an inquiry on the Business Products Inquiry website.

For installation and initial setup, you must have the following at hand:

  • DNS names or fixed IP addresses (either by static configuration or via a DHCP reservation) for the appliances

  • Username and password of a domain administrator

  • vCenter Server, vShield Manager, XenServer details (hostname or IP address, communication port, administrator username and password)

    vCenter Server, XenServer details (hostname or IP address, communication port, administrator username and password)

  • License keys (check the trial registration or purchase email)

  • Outgoing mail server settings

  • If needed, proxy server settings

  • Security certificates

Deploy and set up GravityZone VA

A deployment consists of one or several virtual appliances running the server roles. The number of appliances depends on various criteria, such as: the size and design of your network infrastructure, or the features you will use. Server roles are of three types: basic, auxiliary and optional.

Important

Auxiliary and optional roles are available only to certain solutions.

GravityZone Role

Role Type

Deployment

Database Server

Update Server

Web Console

Communication Server

Basic (Required)

At least one instance of each role.

A GravityZone appliance can run one, several or all of these roles.

Report Builder Database

Report Builder Processors

Incidents Sensor

Auxiliary

One appliance for each role

Security Server

Optional

Recommended only in small networks or if low on resources. Otherwise, deploy a stand-alone Security Server from Control Center, after GravityZone deployment is complete.

Depending on how you distribute the roles, you will deploy one or more GravityZone appliances (at least three appliances if you use Report Builder). The Database Server is the first to be installed.

Note

Report Builder is only available with certain GravityZone products.

In a scenario with multiple appliances, you will install the Database Server role on the first appliance and configure all other appliances to connect to the existing database instance.

You can deploy more instances of Database Server, Web Console, and Communication Server roles. In this case, you will use Replica Set for Database Server, and load balancers for Web Console and Communication Server on the appliances.

It is recommended to install the Report Builder roles after you set up , meaning: installing the basic roles, configuring , updating , and deploying protection on endpoints. Also, you need to first install Report Builder Database, followed by Report Builder Processors.

To deploy and set up :

  1. Download the virtual appliance image from the website (link provided in registration or purchase email).

  2. Import the virtual appliance image in your virtualized environment.

  3. Power on the appliance.

  4. From your virtualization management tool, access the console interface of the appliance.

  5. Configure the password for bdadmin, the built-in system administrator.

    cli-0-set-password.png
  6. Log in with the password you have just set.

    cli-1-login.png

    You will access the appliance configuration interface.

    Use the arrow keys and the Tab key to navigate through menus and options. Press Enter to select a specific option.

    cli-2-appliance_options.png
  7. If you need to change the interface language, select the option Configure Language. For configuration details, refer to Configure Language.

  8. Configure the appliance hostname.

  9. Configure the network settings.

  10. Configure the proxy settings (if needed).

  11. Install the server roles. You have two options:

    • Automatic Installation. Select this option if you need to deploy only one appliance in your network.

    • Advanced Settings. Select this option if you need to deploy manually or in a distributed architecture.

  12. Configure language.

After deploying and setting-up the appliance, you can anytime edit the appliance settings using the configuration interface. For more information regarding the appliance configuration, refer to Managing the GravityZoneAppliance.

Configure hostname settings

Communication with the roles is performed using the IP address or DNS name of the appliance they are installed on. By default, the components communicate using IP addresses. If you want to enable communication via DNS names, you must configure appliances with a DNS name and make sure it correctly resolves to the configured IP address of the appliance.

Prerequisites:

  • Configure the DNS record in the DNS server.

  • The DNS name must correctly resolve to the configured IP address of the appliance. Therefore, you must make sure the appliance is configured with the correct IP address.

To configure the hostname settings:

  1. From the main menu, select Configure Hostname Settings.

  2. Enter the hostname of the appliance and the Active Directory domain name (if needed).

  3. Select OK to save the changes.

Configure network settings

You can configure the appliance to automatically obtain network settings from the DHCP server or you can manually configure network settings. If you choose to use DHCP, you must configure the DHCP Server to reserve a specific IP address for the appliance.

  1. From the main menu, select Configure Network Settings.

    cli-3-appliance_options-sel_2.png
  2. Select the network interface.

  3. Select the configuration method:

    • Configure network settings manually

      You must specify the IP address, network mask, gateway address and DNS server addresses.

    • Obtain network settings automatically via DHCP

      Use this option only if you have configured the DHCP Server to reserve a specific IP address for the appliance.

    cli-4-net_config.png
  4. You can check current IP configuration details or link status by selecting the corresponding options.

Configure proxy settings

If you want the appliance to connect to the Internet through a proxy server, you must configure the proxy settings.

  1. From the main menu, select Configure Proxy Settings.

  2. Select Show proxy information to check if proxy is enabled.

  3. Select OK to return to the previous screen.

  4. Select again Configure proxy settings.

    cli-6-proxy.png
  5. Enter the proxy server address.

    Use the following syntax:

    • If the proxy server does not require authentication:

      http(s)://<IP/hostname>:<port>

    • If the proxy server requires authentication:

      http(s)://<username>:<password>@<IP/hostname>:<port>

  6. Select OK to save the changes.

Automatic installation

During automatic installation all basic roles install on the same appliance. For a distributed deployment, refer to Advanced settings.

Important

Automatic deployment will also install the , embedded into the appliance. For information about , refer to GravityZone Architecture.

If your license type restricts its use, you can remove this role afterwards.

The option to install roles automatically is available only at the initial setup of .

To install the roles automatically:

  1. From the main menu, select Automatic Installation.

  2. Read and accept the End User License Agreement (EULA) to continue.

  3. Confirm the roles to be installed.

  4. Set the password for the Database Server.

    The password can contain any combination of ASCII characters and must be 6 to 32 characters in length, including at least one digit, one uppercase, one lowercase and one special character.

    cli-config-db-password.png
  5. Wait until installation process is complete.

Advanced settings

Use this option to install only a part or all of the roles, individually, or to extend your infrastructure. You can install the roles on one or more appliances. This installation method is required when staging updates or in distributed architectures to scale in large networks and to ensure high availability of the services.

To install the roles individually:

  1. From the main menu, select Advanced Settings.

    cli-7-install_modify_roles.png
  2. Select Install/Uninstall Roles to install the appliance in a environment with a single database server.

    Note

    The other options are for extending the deployment to a distributed architecture. For more information, refer to Connect to Existing Database or to Connect to Existing Database (Secure VPN Cluster).

  3. Select Add or remove roles. A confirmation message will appear.

  4. Press Enter to continue.

  5. Press the Space bar and then the Enter key to install the Database Server role. You must confirm your choice by pressing Enter again.

  6. Set the database password.

    The password can contain any combination of ASCII characters and must be 6 to 32 characters in length, including at least one digit, one uppercase, one lowercase and one special character.

  7. Press Enter and wait for the installation to complete.

  8. Install the other roles. by choosing Add or remove roles from the Install/Uninstall Roles menu and then the roles to install.

    1. Choose Add or remove roles from the Install/Uninstall Roles menu.

    2. Read the End User License Agreement. Press Enter to accept and continue.

      Note

      This is required only once after installing the Database Server.

    3. Select the roles to install. Press the Space bar to select a role and Enter to proceed.

    4. Press Enter to confirm and then wait for the installation to complete.

Note

Each role is normally installed within a few minutes.

During installation, required files are downloaded from the Internet. Consequently, the installation takes more time if the Internet connection is slow.

If the installation hangs, redeploy the appliance.

Configure language

Initially, the appliance configuration interface is in English.

To change the interface language:

  1. Select Configure Language from the main menu.

  2. Select the language from the available options. A confirmation message will appear.

    Note

    You may need to scroll down to view your language.

  3. Select OK to save the changes.

Connect to Control Center and set up user account

After deploying and setting up the appliance, you must access the web interface to register the GravityZone product and configure your Company Administrator account.

  1. In the address bar of your web browser, enter the IP address or the DNS hostname of the appliance (using the https:// prefix). A configuration wizard will appear.

  2. Provide the license key(s) required for validating the purchased solution.

    Provide the license key required for validating the solution.

    You can also provide any add-on key you may have.

    Check the trial registration or purchase email to find your license keys.

    1. Click the add.png Add button at the upper side of the table. A configuration window will appear.

    2. Select the license registration type (online or offline).

    3. Enter the license key in the License key field. For offline registration, you are required to provide also the registration code.

    4. Wait until the license key is validated. Click Add to finish.

    The license key will appear in the license table. You can also view the security service, status, expiry date and current usage for each license key in the corresponding columns.

    The license key and its expiry date will appear in the license table.

    Note

    • During the initial setup, you must provide a valid basic license key to start using . You can afterwards add license keys for add-ons, or to modify the existing ones.

    • You can use the add-ons as long as a valid basic license is provided. Otherwise you will view the features, but you will be unable to use them.

    initial_setup-step2.png
    initial_setup-step2-cl-priv.png
  3. Click Next to continue.

  4. Fill in your company information, such as company name, address and phone.

  5. You can change the logo displayed in and also in your company's reports and email notifications as follows:

    • Click Change to browse for the image logo on your computer. The image file format must be .png or .jpg and the image size must be 200x30 pixels.

    • Click Default to delete the image and reset to the image provided by .

  6. Specify the required details for your company administrator account: username, email address and a password. The password must contain at least one upper case character, at least one lower case character and at least one digit or special character.

    initial_setup-step3.png
  7. Click Create account.

The company administrator account will be created and you will automatically log on with the new account to .

Certificates

For your deployment to operate correctly and in a secure manner, you must create and add a number of security certificates in .

For your deployment to operate correctly and in a secure manner, you must create and add the security certificate in .

configuration-certificates-bs.png
configuration-certificates.png

supports the following certificate formats:

  • PEM (.pem, .crt, .cer, .key)

  • DER (.der, .cer)

  • PKCS#7 (.p7b, .p7c)

  • PKCS#12 (.p12, .pfx)

Note

The following certificates are required exclusively for managing security on Apple iOS devices:

  • Communication Server Certificate

  • Apple MDM Push Certificate

  • iOS MDM Identity and Profile Signing Certificate

  • iOS MDM Trust Chain Certificate

If you do not plan to roll out iOS mobile device management, you do not need to provide these certificates.

security certificate

The Security certificate is needed to identify the web console as a trusted website in the web browser.

uses by default an SSL certificate signed by .

This built-in certificate is not recognized by web browsers and triggers security warnings.

To avoid browser security warnings, add an SSL certificate signed by your company or by an external Certificate Authority (CA).

To add or replace the certificate:

  1. Go to the Configuration page and click the Certificates tab.

  2. Click the certificate name.

  3. Choose the certificate type (with separate or embedded private key).

  4. Click the Add button next to the Certificate field and upload the certificate.

  5. For certificates with separate private key, click the Add button next to the Private key field and upload the private key.

  6. If the certificate is password protected, enter the password in the corresponding field.

  7. Click Save.

Endpoint - communication security certificate

This certificate ensures a secure communication between the security agents and the (Multi-Platform) they have assigned.

During its deployment, the generates a default self-signed certificate. You can replace this built-in certificate by adding one of your choice in .

To add or replace an Endpoint - Communication Certificate:

  1. Go to the Configuration page and click the Certificates tab.

  2. Click the certificate name.

  3. Choose the certificate type (with separate or embedded private key).

  4. Click the Add button next to the Certificate field and upload the certificate.

  5. For certificates with separate private key, click the Add button next to the Private key field and upload the private key.

  6. If the certificate is password protected, enter the password in the corresponding field.

  7. Click Save. A warning message may appear if the certificate is self-signed or expired. If expired, please renew your certificate.

  8. Click Yes to continue uploading the certificate. Immediately after the upload finishes, sends the security certificate to the s.

If needed, you can revert to the original built-in certificate of each , as follows:

  1. Click the certificate name in the Certificates page.

  2. Choose No certificate (use default) as the certificate type.

  3. Click Save.

Communication Server certificate

The Communication Server certificate is used to secure communication between the Communication Server and iOS mobile devices.

Requirements:

  • This SSL certificate can be signed either by your company or by an external Certificate Authority.

    Warning

    The certificate may be invalidated if it not issued by a public/trusted Certificate Authority (for example, self-signed certificates).

  • The certificate common name must match exactly the domain name or IP address used by mobile clients to connect to the Communication Server.

    This is configured as the external MDM address in the configuration interface of the appliance console.

  • Mobile clients must trust this certificate.

    For this, you must also add the iOS MDM Trust Chain.

To add or replace the Communication Server certificate:

  1. Go to the Configuration page and click the Certificates tab.

  2. Click the certificate name.

  3. Choose the certificate type (with separate or embedded private key).

  4. Click the Add button next to the Certificate field and upload the certificate.

  5. For certificates with separate private key, click the Add button next to the Private key field and upload the private key.

  6. If the certificate is password protected, enter the password in the corresponding field.

  7. Click Save.

Apple MDM Push certificate

Apple requires an MDM Push certificate to ensure secure communication between the Communication Server and the Apple Push Notifications service (APNs) when sending push notifications. Push notifications are used to prompt devices to connect to the Communication Server when new tasks or policy changes are available.

Apple issues this certificate directly to your company, but requires your Certificate Signing Request (CSR) to be signed by Bitdefender. Control Center provides a wizard to help you easily obtain your Apple MDM Push certificate.

Important

  • You need an Apple ID to obtain and manage the certificate. If you do not have an Apple ID, you can create one on https://appleid.apple.com My Apple ID webpage. Use a generic and not an employee’s email address to register for the Apple ID, as you will need it later to renew the certificate.

  • Apple website does not work properly on Internet Explorer. We recommend using the latest versions of Safari or Chrome.

  • The Apple MDM Push certificate is valid for one year only. When the certificate is about to expire, you must renew it and import the renewed certificate to . If you allow the certificate to expire, you must create a new one and reactivate all your devices.

Adding an Apple MDM Push certificate

To obtain the Apple MDM Push certificate and import it in :

  1. Go to the Configuration page and click the Certificates tab.

  2. Click the certificate name and follow the wizard as described below:

    1. Obtain a Certificate Signing Request signed by

      Select the appropriate option:

      • I need to generate a certificate signing request signed by (Recommended)

        1. Enter your company name, your full name and email address in the corresponding fields.

        2. Click Generate to download the CSR file signed by .

      • I already have a certificate signing request and I need to get it signed by

        1. Upload your CSR file and the associated private key by clicking the Add button next to their fields.

          The Communication Server needs the private key when authenticating with the APNs servers.

        2. Specify the password protecting the private key, if any.

        3. Click the Sign button to download the CSR file signed by .

    2. Request a push certificate from Apple

      1. Click the Apple Push Certificates Portal link and sign in using your Apple ID and password.

      2. Click the Create a Certificate button and accept the Terms of Use.

      3. Click Choose file, select the CSR file and then click Upload.

        Note

        You may find the Choose file button with a different name such as Choose or Browse, depending on the browser you use.

      4. From the confirmation page, click the Download button to receive your MDM Push certificate.

      5. Go back to the wizard from .

    3. Import the Apple push certificate

      Click the Add Certificate button to upload the certificate file from your computer.

      You may check the certificate details in the field below.

  3. Click Save.

Renewing the Apple MDM Push certificate

To renew the Apple MDM certificate and update it in :

  1. Go to the Configuration page and click the Certificates tab.

  2. Click the certificate name to open the import wizard.

  3. Obtain a Certificate Signing Request signed by . The procedure is the same as for obtaining a new certificate.

  4. Click the Apple Push Certificates Portal link and sign in with the same Apple ID used to create the certificate.

  5. Locate the MDM Push certificate for and click the corresponding Renew button.

  6. Click Choose file, select the CSR file and then click Upload.

  7. Click Download to save the certificate to your computer.

  8. Go back to and import the new Apple push certificate.

  9. Click Save.

iOS MDM Identity and Profile Signing certificate

The iOS MDM Identity and Profile Signing certificate is used by the Communication Server to sign identity certificates and configuration profiles sent to mobile devices.

Requirements:

  • It must be an Intermediate or End-Entity certificate, signed either by your company or by an external Certificate Authority.

  • Mobile clients must trust this certificate.

    For this, you must also add the iOS MDM Trust Chain.

To add or replace the iOS MDM Identity and Profile Signing certificate:

  1. Go to the Configuration page and click the Certificates tab.

  2. Click the certificate name.

  3. Choose the certificate type (with separate or embedded private key).

  4. Click the Add button next to the Certificate field and upload the certificate.

  5. For certificates with separate private key, click the Add button next to the Private key field and upload the private key.

  6. If the certificate is password protected, enter the password in the corresponding field.

  7. Click Save.

iOS MDM Trust Chain certificate

The iOS MDM Trust Chain certificates are required on mobile devices to ensure they trust the Communication Server certificate and the iOS MDM Identity and Profile Signing certificate.

The Communication Server sends this certificate to mobile devices during activation.

The iOS MDM Trust Chain must include all intermediate certificates up to the root certificate of your company or to the intermediate certificate issued by the external Certificate Authority.

To add or replace the iOS MDM Trust Chain certificates:

  1. Go to the Configuration page and click the Certificates tab.

  2. Click the certificate name.

  3. Click the Add button next to the Certificate field and upload the certificate.

  4. Click Save.

Configure Control Center settings

After the initial setup, you need to configure settings. As Company Administrator, you can do the following:

  • Configure mail, proxy and other general settings.

  • Run or schedule a database backup.

  • Set up integration with Active Directory and virtualization management tools (vCenter Server, XenServer).

  • Install security certificates.

configuration-mail_server.png
Mail server

requires an external mail server to send email communications.

Note

It is recommended to create a dedicated mail account to be used by .

To enable to send emails:

  1. Go to the Configuration page.

  2. Select the Mail Server tab.

  3. Select Mail Server Settings and configure the required settings:

    • Mail server (SMTP)

      Enter the IP address or hostname of the mail server that is going to send the emails.

    • Port

      Enter the port used to connect to the mail server.

    • Encryption type

      If the mail server requires an encrypted connection, choose the appropriate type from the menu (SSL, TLS or STARTTLS).

    • From email

      Enter the email address that you want to appear in the From field of the email (sender's email address).

    • Use authentication

      Select this check box if the mail server requires authentication.

      You must specify a valid username / email address and password.

  4. Click Save.

automatically validates the mail settings when you save them. If the provided settings cannot be validated, an error message informs you of the incorrect setting. Correct the setting and try again.

Proxy

If your company connects to the Internet through a proxy server, you must configure the proxy settings:

  1. Go to the Configuration page.

  2. Select the Proxy tab.

  3. Select Use Proxy Settings and configure the required settings:

    • Address - type in the IP address of the proxy server.

    • Port - type in the port used to connect to the proxy server.

    • Username - type in a user name recognized by the proxy.

    • Password - type in the valid password of the previously specified user.

  4. Click Save.

Miscellaneous

From the Configuration page > Miscellaneous tab you can configure the following general preferences:

  • When an unavailable image is needed

    The appliance does not include by default the virtual machine images.

    If an administrator tries to download a image or to run a installation task, the action is going to fail.

    You can configure an automated action for this situation by choosing one of the following options:

    • Download the image automatically

    • Notify the administrator and do not download

    Note

    To avoid interference with administrator's work, you can manually download the necessary packages from the Update page, on the Product Update tab.

    For more information, refer to Downloading Product Updates.

  • When an unavailable kit is needed

    You can configure an automated action for this situation by choosing one of the following options:

    • Download the package automatically

    • Notify the administrator and do not download

  • Concurrent deployments

    Administrators can remotely deploy security components by running installation tasks.

    Use this option to specify the maximum number of simultaneous deployments that can be performed at a time.

    For example, if the maximum number of concurrent deployments is set to 10 and a remote client installation task is assigned to 100 computers, will initially send 10 installation packages through the network.

    In this case, the client installation is performed simultaneously on a maximum number of 10 computers, all the other sub-tasks being in pending state.

    As soon as a sub-task is done, another installation package is sent, and so on.

  • Prefer basic deployment methods instead of integration-specific ones

    Select this option to deploy the security agents through SSH. Use this method if the configuration of your virtualized environment does not allow deployment through the environment's specific API.

  • Enforce two-factor authentication for all accounts

    The two-factor authentication (2FA) adds an extra layer of security to accounts, by requiring an authentication code in addition to credentials.

    This feature requires downloading and installing either the Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator app - compatible with the standard RFC6238 - on the user's mobile device, then linking the app to the account and using it with each login. The authentication app generates a six-digit code each 30 seconds. To complete the login, after entering the password, the user will have to provide also the authentication app's six-digit code.

    Two-factor authentication is enabled by default when creating a company. After that, at login, a configuration window will prompt users to enable this feature. Users will have the option to skip enabling 2FA for three times only. At the fourth login attempt, skipping the 2FA configuration will not be possible and the user will not be allowed to log in.

    If you want to deactivate the 2FA enforcement for all GravityZone accounts in your company, just uncheck the option. You will be prompted with a confirmation message before the changes come into effect. From this point on, users will still have 2FA activated, but they will be able to deactivate it from their account settings.

    Note

    • You can view the 2FA status for a user account in the Accounts page.

    • If a user with 2FA enabled cannot log in to (because of new device or lost secret key), you can reset its two-factor authentication activation from the user account page, under Two-factor authentication section. For more details, refer to User Accounts > Managing Two-factor Authentication chapter from the Administrator's Guide.

  • NTP Server Settings.

    The NTP server is used to synchronize time between all appliances. A default NTP server address is provided, which you can change in the NTP Server Address field.

    Note

    For the appliances to communicate with the NTP Server, 123 (UDP) port must be open.

  • Enable Syslog.

    By enabling this feature, you allow to send notifications to a logging server that uses the Syslog protocol. This way you have the possibility to better monitor events.

    To view or configure the list of notifications sent to the Syslog server, refer to the Notifications chapter from Administrator's Guide.

    To enable logging to a remote Syslog server:

    1. Select the Enable Syslog check box.

    2. Enter the server name or IP, the preferred protocol and the port Syslog listens to.

    3. Select in the format in which to send the data to the Syslog server:

      • JSON Format. JSON is a lightweight data-interchange format that is completely independent from any programming language. JSON represents the data in human readable text format. In JSON format, the details of each event are structured into objects, each object consisting in a name/value pair.

        For example:

        {
            "name":"Login from new device",
            "created":"YYYY-MM-DDThh:mm:ss+hh:ss",
            "company_name":"companyname",
            "user_name":"username",
            "os":"osname",
            "browser_version":"browserversion",
            "browser_name":"browsername",
            "request_time":"DD MMM YYYY, hh:mm:ss +hh:ss",
            "device_ip":"computerip"
        }

        For more information, refer to www.json.org.

        This is the default format in .

      • Common Event Format (CEF). CEF is an open standard developed by ArcSight, which simplifies log management.

        For example:

        CEF:0|Bitdefender|GZ|<GZ version>|NNNNN|Login from new
        device|3|start=MMM DD YYYY hh:mm:ss+hh:mm
        BitdefenderGZCompanyName=companyname suser=username
        BitdefenderGZLoginOS=osname
        BitdefenderGZAuthenticationBrowserName=browsername
        BitdefenderGZAuthenticationBrowserVersion=browserversion
        dvchost=computerip

        For more information, refer to ArcSight Common Event Format (CEF) Implementation Standard.

      In the Notifications chapter of the Administrator's Guide, you can view the available notification types for each format.

    4. Click the add.png Add button from the Action column.

Click Save to apply the changes.

Backup

To make sure all your data are safe, you may want to backup the database. You can run as many database backups as you want, or you can schedule periodic backups to run automatically at a specified time interval.

Each database backup command creates a tgz file (GZIP Compressed Tar Archive file) to the location specified in the backup settings.

When several administrators have manage privileges over the settings, you can also configure the Notification Settings to alert you each time a database backup has been completed. For more information, refer to the Notifications chapter from Administrators Guide.

Creating database backups

To run a database backup:

  1. Go to the Configuration page in and click the Backup tab.

  2. Click the backup.png Backup Now button at the upper side of the table. A configuration window will appear.

  3. Select the type of location where the backup archive will be saved:

    • Local, for saving the backup archive to the appliance. In this case, you have to specify the path to the specific directory from the appliance where the archive will be saved.

      The appliance has a Linux directory structure. For example, you can choose to create the backup to the tmp directory. In this case, enter /tmp in the Path field.

    • FTP, for saving the backup archive to a FTP server. In this case, enter the FTP details in the following fields.

    • Network, for saving the backup archive to a network share. In this case, enter the path to the network location that you want (for example, \\computer\folder), the domain name and the domain user credentials.

  4. Click the Test Settings button. A text notification will inform you if the specified settings are valid or invalid.

    To create a backup, all the settings have to be valid.

  5. Click Generate. The Backup page will be displayed. A new backup entry will be added to the list. Check the Status of the new backup. When the backup is completed, you will find the tgz archive at the specified location.

    Note

    The list available in the Backup page contains the logs of all created backups. These logs do not provide access to the backup archives; they only display details of the created backups.

To schedule a database backup:

  1. Go to the Configuration page in and click the Backup tab.

  2. Click the backup_settings.png Backup Settings button at the upper side of the table. A configuration window will appear.

  3. Select Scheduled Backup.

  4. Configure the backup interval (daily, weekly or monthly) and the start time.

    For example, you can schedule backups to run weekly, every Friday, starting at 22:00.

  5. Configure the scheduled backup location.

  6. Select the type of location where the backup archive will be saved:

    • Local, for saving the backup archive to the appliance. In this case, you have to specify the path to the specific directory from the appliance where the archive will be saved.

      The appliance has a Linux directory structure. For example, you can choose to create the backup to the tmp directory. In this case, enter /tmp in the Path field.

    • FTP, for saving the backup archive to a FTP server. In this case, enter the FTP details in the following fields.

    • Network, for saving the backup archive to a network share. In this case, enter the path to the network location that you want (for example, \\computer\folder), the domain name and the domain user credentials.

  7. Click the Test Settings button. A text notification will inform you if the specified settings are valid or invalid.

    To create a backup, all the settings have to be valid.

  8. Click Save to create the scheduled backup.

Restoring a database backup

When from various reasons your instance is working improperly (failed updates, dysfunctional interface, corrupted files, errors, etc.), you can restore the database from a backup copy using:

  • The same appliance

  • A fresh image

  • The Replica Set feature

Choose the option that best suits your situation and proceed with the restoration procedure only after you have carefully read the prerequisites described hereinafter.

Restoring the database to the same VA
Prerequisites
  • A SSH connection to the appliance, using the root privileges.

    You can use putty and bdadmin’s credentials to connect to the appliance via SSH, then run the command sudo su to switch to the root account.

  • The infrastructure has not changed since the backup.

  • The backup is more recent than April 30th, 2017 and the version is higher than 6.2.1-30. If otherwise, contact the Technical Support team.

  • In distributed architectures, has not been configured to use database replication (Replica Set).

    To verify the configuration, follow these steps:

    1. Open the /etc/mongodb.conf file.

    2. Check that replSet is not configured, as in the example below:

      # replSet = setname

    Note

    To restore the database when Replica Set is enabled, refer to install.deployment.root.backup.restore.replica.

  • No CLI processes are running.

    To make sure all CLI processes are stopped, run the following command:

    # killall -9 perl
  • The mongoconsole package is installed on the appliance.

    To verify the condition is met, run this command:

    # /opt/bitdefender/bin/mongoshellrestore --version

    The command should not return any errors, otherwise run:

    # apt-get update
    # apt-get install --upgrade mongoconsole
Restoring the database
  1. Go to the location containing the database archive:

    # cd /directory-with-backup

    , where directory-with-backup is the path to the location with the backup files.

    For example:

    # cd /tmp/backup
  2. Restore the database.

    # /opt/bitdefender/bin/mongoshellrestore -u bd -p 'GZ_db_password' \
    
    --authenticationDatabase admin --gzip --drop --archive < \
    
    gz-backup-$YYYY-$MM-$DD(timestamp).tar.gz

    Important

    Make sure to replace with the actual password of the Database Server and the timestamp variables in the archive's name with the actual date.

    For example, the actual date should look like this:

    gz-backup-2019-05-17(1495004926).tar.gz
  3. Restart the appliances.

    Database restoration is now complete.

Restoring the database from a decommissioned VA
Prerequisites
  • A fresh VA installation:

    • With the same IP as the old appliance

    • Having ONLY the Database Server role installed.

    You can download the VA image from here.

    You can download the VA image from here.

    You can download the VA image from here.

    You can download the VA image from here.

  • A SSH connection to the virtual appliance, using the root privileges.

  • The infrastructure has not changed since the backup was made.

  • The backup is more recent than April 30th, 2017.

  • In distributed architectures, has not been configured to use database replication (Replica Set).

    If you use Replica Set in your environment, you also have the Database Server role installed on other appliance instances.

    To restore the database when Replica Set is enabled, refer to Restoring thedatabase in a Replica Set environment.

Restoring the database
  1. Connect to the appliance via SSH and switch to root.

  2. Stop VASync:

    # stop vasync
  3. Stop CLI:

    # # killall -9 perl
  4. Go to the location where the backup is:

    # cd /directory-with-backup

    , where directory-with-backup is the path to the location with the backup files.

    For example:

    # cd /tmp/backup
  5. Restore the database.

    # /opt/bitdefender/bin/mongoshellrestore -u bd -p 'GZ_db_password' \
    
    --authenticationDatabase=admin --gzip --drop \
    
    --archive='/home/bdadmin/gz-backup-$YYYY-$MM-$DD(timestamp).tar.gz

    Important

    Make sure to replace with the actual password of the Database Server and the timestamp variables in the archive's name with the actual date.

    For example, the actual date should look like this:

    gz-backup-2019-05-17(1495004926).tar.gz
  6. Restore the old appliance ID:

    # /opt/bitdefender/bin/mongoshell -u bd -p 'GZ-db_password' \
    
    ––eval print(db.applianceInstalls.findOne({name:'db'}).\
    
    applianceId)" --quiet > /opt/bitdefender/etc/applianceid

    Important

    Make sure to replace with the actual password of the Database Server.

  7. Remove the reference to the old roles.

    # /opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval\
    
    'db.applianceInstalls.remove({ip:db.applianceInstalls.findOne(
    
    {name:"db"}).ip,name:{"$ne": "db"}});' --quiet devdb

    Important

    Make sure to replace with the actual password of the Database Server.

  8. Start VASync:

    # start vasync
  9. Start CLI:

    # /opt/bitdefender/eltiw/installer
  10. Install the other roles.

    # dpkg -l gz*

    Note that the database schema has been successfully upgraded to the latest version:

    > db.settings.findOne().database
    {
    "previousVersion" : "000-002-009",
    "ranCleanUpVersions" : {
    "b0469c84f5bf0bec0b989ae37161b986" : "000-002-008"
    },
    "updateInProgress" : false,
    "updateTimestamp" : 1456825625581,
    "version" : "000-002-011"
    }
  11. Restart the appliance.

    Database restoration is now complete.

Restoring the database in a Replica Set environment

If you have deployed the database in a Replica Set environment, you can find the official restore procedure on the mongoDB online manual (English only).

Note

The procedure requires advanced technical skills and should be done only by a trained engineer. If you encounter difficulties, please contact our Technical Support to assist you in restoring the database.

Access permissions

With access permissions you can grant access to Active Directory (AD) users, based on access rules. To integrate and synchronize AD domains, refer to Active Directory. For more information on managing user accounts via access rules, refer to the User Accounts chapter from the Installation Guide.

Use cases

Bitdefender GravityZone is delivered as a virtual appliance. The Bitdefender GravityZone appliance image is available in several different formats, compatible with the main virtualization platforms. Before proceeding, check the GravityZone virtual appliance requirements.

To receive a trial license, go to Bitdefender website and register. For GravityZone on-premises, select one or more of the following products:

  • Bitdefender Security for Virtualized Environments

  • Bitdefender GravityZone Security for Endpoints

  • Bitdefender GravityZone Security for Exchange

  • Bitdefender GravityZone Security for Mobile

Install GravityZone on an Ubuntu machine
Prerequisites
  • On the physical server, install Ubuntu Server 16.04.4, with a valid internet connection from the link above.

  • Select your location: C - no localization.

  • Select country: Recommended America/US (recommended for initial deploy).

  • Detect keyboard layout: No. Choose English (US), recommended for initial deploy.

  • Network: no special requirements (recommended DHCP for initial deploy).

  • Setup users and passwords:

    • Full name new user: bdadmin

    • Username: bdadmin

    • Password: [your desired bdadmin user password]

  • Encrypt home directory: No.

  • Choose time zone: any option, it will be later changed to UTC during GravityZone installation.

  • Partition disks: Guided - use the entire disk and set up LVM. Then accept all the default settings and write changes to disk when asked to do so.

  • Choose no automatic updates.

  • Select to install only Standard system utilities and OpenSSH server.

Installation steps

Connect to the machine using SSH (username bdadmin) and follow these steps in the command line interface:

  1. Log in as root:

    sudo -i
  2. Remove the Ubuntu repositories:

    mv /etc/apt/sources.list /etc/apt/sources.list.orig
  3. Install the GravityZone repositories:

    echo "deb https://download.bitdefender.com/repos/deb-hydra16-unified bitdefender non-free" > /etc/apt/sources.list.d/deb-hydra16-unified.list
  4. Install the GravityZone repositories key:

    curl -sS http://download.bitdefender.com/repos/gzrepos.key.asc | apt-key add -
  5. Remove the i386 architecture from dpkg:

    dpkg --remove-architecture i386
  6. Set DEBIAN_FRONTEND to noninteractive to silently complete the installation:

    export DEBIAN_FRONTEND="noninteractive"
  7. Make sure that the appliance OS timezone is set to UTC:

    timedatectl set-timezone UTCtimedatectl set-local-rtc false
  8. Disable the Ubuntu banners (they will be replaced by the specific GravityZone ones):

    chmod -x /etc/update-motd.d/*
  9. Clean aptand install the GravityZone initial packages:

    apt cleanapt updateapt -yq --allow-unauthenticated install gzinstallwizard gzpackagemanager gzvasyncmanager gzvaupdater bitdefender-va-check
  10. Update the rest of the packages to the GravityZone repo versions:

    apt -yq dist-upgrade
  11. Update installation system:

    /opt/bitdefender/scripts/createInstallerXml.sh
  12. Remove snapd and lxcfs:

    apt autoremove --purge snapd lxcfs
  13. Remove any unneeded packages:

    apt -yq autoremove
  14. Restart to complete the customization of the Ubuntu server into a GravityZone appliance:

    reboot

Install roles from the console interface of the GravityZone appliance. For the administration of the GravityZone machine, refer to this topic.

Further on, if you want to install a standalone Security Server and you cannot use Bitdefender images to deploy it, you will need to manually install it in a similar manner to how you have installed the above GravityZone appliance. For details on the installation procedure of the Security Server, refer to Install Security Server manually.

Install GravityZone in Oracle VM VirtualBox

Download Bitdefender GravityZone OVA and MD5 files from the Bitdefender download website.

To be able to use GravityZone, you have to install it, following the steps below.

  1. Import GravityZone OVA file in VirtualBox

    1. Open Oracle VM VirtualBox Manager.

    2. Go to File > Import appliance or press (Ctrl + I). The import wizard is displayed.

    3. Click the 8927_1.png Browse button, navigate to the GravityZone OVA file, select it and then click Open.

    4. Click Next to continue and view the appliance settings.

    5. Click Import to load the appliance into the VM manager. Wait until the progress bar disappears.

  2. Configure main GravityZone settings

    1. From the left side pane, select the newly imported appliance and click Start to power it on. Wait until it finishes loading the system. The VM console window is displayed.

    2. Set a password for bdadmin, the built-in system administrator, needed to access the GravityZone appliance configuration area.

    3. Log in to GravityZone Virtual Appliance command line interface (CLI).

    4. Set up Bitdefender GravityZone:

      1. Configure network settings. Make sure it has access to the internet.

      2. Install the GravityZone roles. First install the Database role. After that, install all the other roles.

      For more information, refer to the Deploy and Set Up GravityZone Appliance chapter from Installation Guide.

  3. Install VirtualBox Guest Additions on the GravityZone appliance

    1. Power off the appliance.

    2. Load the Guest Additions image into the CD/DVD drive:

      1. Select the GravityZone appliance and then click Settings. The configuration windows is displayed.

      2. Go to the Storage tab.

      3. In the Storage Tree, click 8927_2.png Add CD/DVD Device.

      4. Click Choose disk and select the VBoxGuestAdditions.iso file from the Virtualbox folder.

      5. Click OK to apply the changes and close the window.

    3. Power on the appliance.

    4. Press Alt + F2 to switch to tty2, or connect through SSH with putty.

    5. Enter the bdadmin's credentials.

    6. Type sudo su to get root privileges.

    7. Add the Ubuntu official repositories to the sources file:

      1. Open /etc/apt/sources.list with an editor of your choice.

      2. Copy and paste the text below after the first line.

        # See http://help.ubuntu.com/community/UpgradeNotes# for how to upgrade to newer versions of the distribution.deb http://us.archive.ubuntu.com/ubuntu/ xenial main restricteddeb-src http://us.archive.ubuntu.com/ubuntu/ xenial main restricted## Major bug fix updates produced after the final release## of the distribution.deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricteddeb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
      3. Save the file and close the editor.

    8. Get the list with the latest packages versions from the repositories.

      #apt-get update

    9. Install the build-essential package.

      #apt-get install build-essential

    10. Install DKMS.

      #apt-get install dkms

    11. Install Linux headers.

      #apt-get install linux-headers-$(uname -r)

    12. Mount the DVD with the Guest Additions ISO file.

      #mkdir /mnt/dvd #mount /dev/dvd1 /mnt/dvd

    13. Install the Guest Additions package.

      #cd /mnt/dvd #sh ./VBoxLinuxAdditions.run

You may now log in to GravityZone Control Center and continue with registration.

Install GravityZone in Nutanix

To install GravityZone in Nutanix, follow these steps.

Import the GravityZone virtual appliance
  1. Download the latest GravityZone VMDK and MD5 files from the Bitdefender website.

  2. Log in to PRISM, the Nutanix Web Console.

  3. Import the VDMK file:

    1. Click the gear button at the upper-right corner of the console to access the Settings menu and then select Image Configuration.

      6587_5.png

      The configuration window is displayed.

    2. Click Upload Image. A new window pops up, asking you to enter image details.

    3. Enter a suggestive name for the image.

    4. From the Image Type menu, choose Disk.

    5. From Image Source, select Upload File and then choose the VDMK file you have previously extracted.

    6. Click Save. Wait while the virtual drive is being uploaded. When finished, you will be able to view the image in the list of existing images.

  4. Create the virtual machine for GravityZone VMDK file:

    1. Go to the VM page using the menu at the upper left corner of the console.

      6587_6.png
    2. Click the Create VM button at the upper right corner of the page.

      6587_7.png
    3. In the new configuration window, enter the requested details:

      • A suggestive name and a description for the VM.

      • Hardware configuration such as number of CPUs, cores per CPU and memory. These values must meet the GravityZone requirements. You can find mode information in the Gravityzone Installation Guide.

    4. Click Add new disk. A configuration window is displayed.

    5. Configure the disk settings as follows:

      • Type: Disk

      • Operation: Clone from Image Service

      • Bus Type: SCSI

      • Image: the image you have previously created.

    6. Click Add.

    7. Click Add new NIC and choose the network you want to use.

    8. Click Save.

Deploy GravityZone
  1. In Nutanix console, go to the VM > Table section.

    6587_8.png
  2. Power on the newly created machine.

    6587_9.png
  3. Click Launch Console.

    6587_10.png

    The GravityZone CLI interface is displayed and you can begin to configure and install GravityZone in your network. For details regarding installation steps, refer to this topic.

    6587_11.png
    6587_12.png
Install GravityZone in Microsoft Azure

To install GravityZone in Microsoft Azure, follow these steps:

  1. Download the GravityZone virtual appliance image (VHD file) from the Bitdefender website to C:\vhd.

  2. Create a virtual machine in Hyper-V with the VHD file.

  3. Power on the machine and set the password for the default user, bdadmin.

  4. Power off the virtual machine.

  5. Recreate the the VHD file:

    $sourceVhd = "C:\vhd\GravityZoneEnterprise.vhd" $recreatedVhd = "C:\vhd\GravityZoneEnterpriseHDD.vhd" Convert-VHD -VHDType Dynamic -Path $sourceVhd -DestinationPath $recreatedVhd

  6. Prepare PowerShell for Azure:

    Install-Module AzureRM Login-AzureRmAccount

  7. Upload the file to Azure:

    $resourceGroupName = "Resources" $recreatedVhd = "C:\vhd\GravityZoneEnterpriseHDD.vhd" $destinationVhd = "https://mystorearea.blob.core.windows.net/vhds/GravityZoneEnterpriseHDD.vhd" Add-AzureRmVhd -LocalFilePath $recreatedVhd -Destination $destinationVhd -ResourceGroupName $resourceGroupName -NumberOfUploaderThreads 5

    Note

    • Azure supports only fixed sized VHD files. Add-AzureRmVhd commandlet takes the dynamic size VHD file and uploads it as a fixed size.

    • $destinationVhd is a custom path. Make sure to choose a valid path in your Azure environment.

  8. Create the virtual machine in Azure:

    1. Get the network to be attached to the VM:

      $virtualNetworkName = "Resources-vnet" $locationName = "westeurope" $virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $resourceGroupName -Name $virtualNetworkName

      Note

      Depending on your Azure setup, you may need to use other values for the above mentioned variables.

    2. Configure public IP:

      $publicIp = New-AzureRmPublicIpAddress -Name "HydraSrv" -ResourceGroupName $ResourceGroupName -Location $locationName -AllocationMethod Dynamic $networkInterface = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroupName -Name "HydraSrv-Interface" -Location $locationName -SubnetId $virtualNetwork.Subnets[0].Id -PublicIpAddressId $publicIp.Id

    3. Configure VM settings:

      $vmConfig = New-AzureRmVMConfig -VMName "HydraSrv" -VMSize "Standard_F4s" $vmConfig = Set-AzureRmVMOSDisk -VM $vmConfig -Name "HydraSrv" -VhdUri $destinationVhd -CreateOption Attach –Linux $vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $networkInterface.Id

    4. Create the VM in Azure:

      $vm = New-AzureRmVM -VM $vmConfig -Location $locationName -ResourceGroupName $resourceGroupName

  9. Install GravityZone roles:

    1. Connect to the GravityZone appliance via SSH.

    2. Log in with bdadmin.

    3. Gain root privileges:

      $ sudo su

    4. Run the GravityZone installer:

      # /opt/bitdefender/eltiw/installer

    5. Install the roles: Database, Communication Server, Update Server, Web Console.

Import GravityZone virtual appliance in VMware vCenter

Bitdefender GravityZone OVA file can be downloaded from Bitdefender website: OVA and MD5.

To import Bitdefender GravityZone OVA file in VMware vCenter, follow these steps:

  1. Open the vSphere client.

  2. Go to File > Deploy OVF template. This works for both OVA and OVF.

    22861_.png
  3. Browse and select the package you would like to deploy, and then hit Next.

    22861_2.png
  4. You will get details about it. Hit Next.

    22861_3.png
  5. Now you get to name your virtual machine and place it in the proper datacenter and folder.

    22861_4.png
  6. Now you choose your cluster.

    22861_5.png
  7. Choose the storage locations.

    22861_6.png
  8. Choose the disk provisioning virtual machine type thin or thick.

    22861_7.png
  9. Choose the network.

    22861_8.png
  10. Hit Finish and watch your virtual machine being created.

    22861_9.png
  11. Wait while the virtual machine is deployed from the OVA.

    22861_10.png
  12. Connect to the virtual machine and start the configuration.

    22861_11.png
Import GravityZone virtual appliance in VMware ESXi

Bitdefender GravityZone OVA file can be downloaded from Bitdefender website as OVA and MD5.

To import Bitdefender GravityZone OVA file on ESXi Host, you have to:

  1. Open the vSphere client.

  2. Go to File > Deploy OVF template. This works for both OVA and OVF.

    22861_12.png
  3. Browse and select the package you would like to deploy, and then hit Next.

    22861_13.png
  4. You will get details about it. Hit Next.

    22861_14.png
  5. Now you get to name your virtual machine and place it in the proper datacenter and folder.

    22861_15.png
  6. Now you choose your cluster.

    22861_16.png
  7. Choose the storage locations.

    22861_17.png
  8. Choose the disk provisioning virtual machine type thin or thick.

    22861_18.png
  9. Choose the network.

    22861_19.png
  10. Hit Finish and watch your virtual machine being created.

    22861_20.png
  11. Wait while the virtual machine is deployed from the OVA.

    22861_21.png
  12. Connect to the virtual machine and start the configuration.

    22861_22.png
Import GravityZone virtual appliance in Microsoft Hyper-V
Import GravityZone virtual appliance in VMM (System Center 2012 - Virtual Machine Manager)

Bitdefender GravityZone VHD file can be downloaded from Bitdefender website: VHD and MD5.

To import Bitdefender GravityZone VHD file on Hyper-V Manager, you have to:

  1. Open System Center 2012 - Virtual Machine Manager.

  2. Select the Library tab.

  3. Add that share location to Library Shares.

    22861_23.png
  4. Select the share location, where Bitdefender GravityZone VHD file has previously been copied.

    22861_24.png
  5. Select VMs and Services tab, from Virtual Machine Manager.

  6. Click Create Virtual Machine.

    22861_25.png
  7. In the next window, select the virtual machine source: GravityZoneVA.vhd and click Next.

    22861_26.png
  8. Select an existing virtual machine.

    22861_27.png
  9. Choose a name for the virtual machine.

    22861_28.png
  10. Configure hardware for the virtual machine, as mentioned on the chapter System Requirements from the GravityZone Administrator's Guide.

    22861_29.png
  11. Select the destination.

    22861_30.png
  12. Select the Hyper-V Host destination.

    22861_31.png
  13. Review the virtual machine settings:

    22861_32.png
  14. A task will be created.

    22861_33.png
  15. Connect to the virtual machine and start the configuration.

    22861_34.png
Import GravityZone virtual appliance in Hyper-V host

Bitdefender GravityZone VHD file can be downloaded from Bitdefender website: VHD and MD5.

To import Bitdefender GravityZone VHD file on Hyper-V Manager, you have to:

  1. Open Hyper-V Manager.

  2. From the navigation pane of Hyper-V Manager, select the computer running Hyper-V.

  3. Click New and then click Virtual Machine. The New Virtual Machine wizard opens. Click Next.

    22861_35.png
  4. On the Specify Name and Location page, type an appropriate name.

    22861_36.png
  5. On the Specify Generation, select Generation 1.

    22861_37.png
  6. On the Assign Memory page, specify enough memory to start the guest operating system.

    22861_38.png
  7. On the Configure Networking page, connect the virtual machine to the switch you created when you installed Hyper-V.

    22861_39.png
  8. On the Connect Virtual Hard Disk page, choose the option of using an existing virtual hard disk.

    22861_40.png
  9. Browse for the location of Bitdefender GravityZone VHD file.

    22861_41.png
  10. The guest operating system is already installed in a virtual hard disk, so choose Install an operating system later.

    22861_42.png
  11. On the Summary page, verify your selections and then click Finish.

    22861_43.png
  12. Connect to the virtual machine and start the configuration.

    22861_44.png
Import GravityZone virtual appliance in Citrix XenCenter

Bitdefender GravityZone XVA file can also be downloaded from Bitdefender website: XVA and MD5.

You can import Bitdefender GravityZone XVA file using the XenCenter Import wizard.

Importing a VM from an XVA or ova.xml file involves the same steps as creating and provisioning a new VM using the New VM wizard, such as, nominating a home server, and configuring storage and networking for the new VM.

Open the Import wizard by doing one of the following:

  1. On the File menu, select Import.

    22861_45.png
  2. On the first page of the wizard, locate the XVA file you want to import and then click Next.

    22861_46.png
  3. Alternatively you enter a URL location (http | https | file | ftp) in the Filename box.

    22861_47.png
  4. On clicking Next, the Download Package dialog box opens and you must specify a folder on your XenCenter host where the file(s) will be copied.

    22861_48.png
  5. On the Home Server page, specify where to put the new VM:

    • To place the imported VM in a pool without assigning it a home server, select the destination pool in the list, and then click Next.

    • To place the imported VM in a pool and assign it to a specific home server (or to place it on a standalone server), select a server and then click Next to continue.

      22861_49.png
  6. On the Storage page, select a storage repository (SR) where the imported virtual disks will be placed, then click Next to continue.

    22861_50.png
  7. On the Networking page, map the virtual network interfaces in the VM you are importing to target networks in the destination pool. The Network and MAC address shown in the list on this page are stored as part of the definition of the original (exported) VM in the export file. To map an incoming virtual network interface to a target network, select a network from the list in the Target network column.

    22861_51.png
  8. Click Next to continue.

  9. On the last page of the Import wizard, review the configuration options you have selected. To have the imported VM start up as soon as the import process has finished and the new VM is provisioned, select the Start VM after import check box.

    22861_52.png
  10. Click Finish to begin importing the selected file and close the wizard.

    The import progress is displayed in the status bar at the bottom of the XenCenter window and also on the Logs tab.

    22861_53.png

The import process may take some time, depending on the size of the imported VM's virtual disks, the available network bandwidth, and the disk interface speed of the XenCenter host. When the newly-imported VM is available, it appears in the Resources pane.

Import GravityZone virtual appliance in KVM

Bitdefender GravityZone is delivered as a virtual appliance. The Bitdefender GravityZone appliance image is available in several different formats, compatible with the main virtualization platforms.

To receive a trial license, go to Bitdefeder website and register.

Bitdefender GravityZone KVM image can be downloaded from Bitdefender website: RAW and MD5.

To import GravityZone image to KVM you have to install the Virtual Machine Manager utility on a Linux machine with GUI. The Linux with GUI machine should have connectivity with the KVM server.

Example of the Virtual Machine Manager installation on Ubuntu with GUI:

#apt-get install virt-manager

To import GravityZone image using Virtual Machine Manager, you have to:

  1. Upload GravityZone KVM image to the KVM server storage pool location using WinSCP. By default the storage location is /var/lib/libvirt/images.

  2. Extract GravityZone image archive using the following command:

    tar -jxf /var/lib/libvirt/images/GravityZoneVA_KVM.tar.bz2

  3. Open Virtual Machine Manager and connect to the KVM server: File > Add connection.

    22861_54.png
  4. Click the Create Virtual Machine icon, to create a new virtual machine.

  5. Type a name and select Import existing disk image.

    22861_55.png
  6. Click Browse to provide a storage path.

    22861_56.png
  7. Select the GravityZone raw file extracted before.

    22861_57.png

    Note: If the GravityZone raw file is not listed, the /var/lib/libvirt/images is not the default storage location. To check or change the default storage location from Virtual Machine Manager, select the KVM connection Details option, under the Storage tab.

  8. Configure GravityZone virtual machine CPU and memory.

    22861_58.png
  9. Configure GravityZone virtual network and click Finish.

    22861_59.png
  10. Right click the virtual machine icon to power it on.

  11. Select Open to access the virtual machine.

    22861_60.png