Bitdefender B2B Help Center

Updates

Update GravityZone

Bitdefender publishes all product and security content updates through the Bitdefender servers on the Internet. All updates are encrypted and digitally signed so that they cannot be tampered with.

GravityZone includes an Update Server role, designed to serve as the centralized update distribution point for your GravityZone deployment. Update Server checks for and downloads all available GravityZone updates from the Bitdefender update servers on the Internet, making them available in the local network. The GravityZone components can be configured to automatically update from the local update server instead of the Internet.

When a new update is available, the GravityZone appliance or the security agent checks the digital signature of the update for authenticity, and the contents of the package for integrity.

When a new update is available, the GravityZone appliance, the security agent or the Security Server checks the digital signature of the update for authenticity, and the contents of the package for integrity.

Next, each update file is parsed and its version is checked against the installed one. Newer files are downloaded locally and checked against their MD5 hash to make sure they are not altered.

If in any moment a check is not passed, the update process stops, returning an error. Otherwise, the update is considered valid and ready to be installed.

To update the GravityZone appliances installed in your environment and the installation packages of the GravityZone components, log in with a company administrator account and go to the Configuration > Update page.

Updating GravityZone appliances

Through GravityZone appliance updates, Bitdefender releases new features and improvements of existing ones. These are visible into Control Center.

Before running an update, it is recommended you check the following:

  • The update status

  • Any information or warning messages that may appear.

  • The changelog

To check the update status:

  1. Go to the Configuration > Update > GravityZone Roles page.

  2. Under the Current Status section, glance over the message that points the general status of your deployment. If GravityZone needs updating, the Update button becomes available.

  3. Under the Infrastructure section, inspect the details for each GravityZone role deployed in your network. Because roles update independently, for each role you can view: the name of the appliance hosting it, its IP address, current version, the latest version available, and update status.

To check the changelog:

  1. Go to the Configuration > Update > GravityZone Roles page.

  2. Click the View changelog link. A pop-up window displays a list with all versions and changes they included.

    Release Notes for each new product version are also available here.

You can update GravityZone in two ways:

  • Manually

  • Automatically

Manual update

Choose this method if you want to have full control of when the update should roll out.

To manually update GravityZone:

  1. Go to the Configuration > Update > GravityZone Roles page.

  2. Click the Update button (if available).

    The update may take a while. Please wait until it is complete.

  3. Clear the browser cache.

During the update, Control Center logs out all users and informs them of an in-progress update. You will be able to view a detailed progress of the update process.

When the update is complete, Control Center displays the Login page.

Automatic update

By installing updates automatically, you are sure that GravityZone is always updated with the latest features and security patches.

GravityZone has two types of automatic updates:

  • Product updates

  • Third party software updates

Product updates

These updates bring new features in GravityZone and resolve issues resulted from these features.

Because updates are disruptive for GravityZone users, they are designed to run based on a schedule. You can schedule the update to take place at convenient hours. By default, automatic product updates are disabled.

To enable and schedule product updates:

  1. Go to Configuration > Update > GravityZone Roles page.

  2. Select the Enable automatic GravityZone product updates check box.

  3. Set the Recurrence to Daily, Weekly (select one or more weekdays) or Monthly.

  4. Define an Interval. You can schedule a time for the update process to begin when a new update is available.

GravityZone displays by default a warning message to all Control Center users 30 minutes before the automatic update starts. To disable the warning, clear the check box Enable the 30 minutes downtime alert before update.

Third party software updates

GravityZone virtual appliance embeds a series of software products provided by other vendors. This type of updates aims to patch such software as soon as possible, diminishing possible security risks.

These updates run silently and do not interrupt the work with Control Center.

By default, this option is enabled. To disable this option:

  1. Go to Configuration > Update > GravityZone Roles page.

  2. Clear the check box Enable automatic security updates for 3rd party GravityZone components.

    Third party software patches will then be released once with the GravityZone product update.

Configuring the Update Server

By default, the Update Server downloads updates from the Internet every hour. It is recommended not to change the default Update Server settings.

To check and configure the Update Server settings:

  1. Go to the Update page in Control Center and click the Components tab.

  2. Click the Settings button at the upper side of the pane on the left side to display the Update Server Settings window.

  3. Under Update Server Configuration, you can check and configure the main settings.

    • Packages Address

      The address where packages are downloaded from.

    • Update Address

      Update Server is configured to check for and download updates from upgrade.bitdefender.com:80.

      This is a generic address that is automatically resolved to the closest server that stores Bitdefender updates in your region.

    • Port

      When configuring the various GravityZone components to update from Update Server, you must provide this port.

      The default port is 7074.

    • IP

      The IP address of the Update Server.

    • Update period (hours)

      If you want to change the update period, type a new value in this field. The default value is 1.

  4. You can configure the Update Server to automatically download the Security Server and endpoint kits.

  5. Update Server can act as gateway for data sent by the Bitdefender client products installed in the network to the Bitdefender servers. This data may include anonymous reports regarding virus activity, product crash reports and data used for online registration. Enabling the gateway roles is useful for traffic control and in networks with no Internet access.

    Note

    You can disable the product modules that send statistical or crash data to Bitdefender Labs anytime you want. You can use policies to remotely control these options on the computers and virtual machines managed by Control Center.

  6. Click Save.

Downloading product updates

You can view information about the existing GravityZone component packages under the Components tab.

Available information includes current version, update version (if any) and the status for update operations you initiate.

To update a GravityZone component:

  1. Go to the Update page in Control Center and click the Components tab.

  2. Click the component you want to update in the Product list. All available versions will be displayed in the Packages table. Select the check box corresponding to the version you want to download.

    Note

    New packages will be in the Not downloaded state. Once a newer version is released by Bitdefender, the oldest undownloaded version will be removed from the table.

  3. Click Actions at the upper side of the table and select Publish. The selected version will be downloaded and the status will change accordingly. Refresh the table contents by clicking the Refresh button and check the corresponding status.

Important

The GravityZone appliance does not include the Security Server packages by default. You must manually download the Security Server packages necessary for your environment.

Staging updates

Staging enables you to test newer kits or product updates in an enclosed and controlled environment before publishing them in your network. The staging environment should mirror production as closely as possible for the purposes of testing. By doing this, you can maximize your chances of finding any issues that may appear in your environment, before releasing the version in production.

The staging feature also allows you to create a policy for the critical endpoints from production. You can update these endpoints only after the updates have been tested in the staging environment and on the non-critical machines from production. For more details, refer to Publishing with Update Rings.

Note

  • Staging is disabled by default.

  • Security Server (VMware with NSX) does not support staging.

  • BEST for Windows Legacy does not support staging. The legacy endpoints on staging location must be moved to the production location.

Prerequisites

Staging mode requires the GravityZone infrastructure to meet the following conditions:

  • The Update Server must be installed alone on the virtual appliance.

    If you have the Update Server together with other roles on the appliance, you must follow these steps:

    1. Delete the old Update Server role.

    2. Deploy a new GravityZone appliance.

      Important

      Do not install any roles yet.

    3. Connect the new appliance to the existing GravityZone database.

    4. Install the Update Server role on the new appliance.

    For more information on installing GravityZone roles, refer to Manage the GravityZone appliance.

  • The Update Server appliance must be of at least 120 GB.

  • The Web Console appliance must be of at least 120 GB.

Using staging

To set up the staging environment and test the latest updates you must:

Enabling staging

To enable staging mode for GravityZone updates:

  1. Go to the Configuration > Update page and click the Components tab.

  2. Click the Settings button at the upper side of the pane on the left side to display the Update Server Settings window.

  3. Select the Enable Staging check box.

  4. Under Production Server Configuration, configure the main settings:

    • Packages Address

      The address where packages are downloaded from:download.bitdefender.com/SMB/Hydra/release

    • Update Address

      The address where product updates are downloaded from:upgrade.bitdefender.com:80.

    • Port

      The default port is 7074. You cannot edit this field.

    • IP

      The IP address of the Update Server. You cannot edit this field.

    • Update period (hours)

      If you want to change the update period, type a new value in this field. The default value is 1.

  5. The production and update server can act as gateways for data sent by the Bitdefender client products installed in the network to the Bitdefender servers. This data may include anonymous reports regarding virus activity, product crash reports and data used for online registration. Enabling the gateway roles is useful for traffic control and in networks with no Internet access.

    Note

    You can disable the product modules that send statistical or crash data to Bitdefender Labs anytime you want. You can use policies to remotely control these options on the computers and virtual machines managed by Control Center.

  6. Under Staging Server Configuration, configure the following options:

    • Port

      The default port is 7077.

    • IP

      The IP address of the Update Server. You cannot edit this field.

  7. Under Packages, you can configure Update Server to automatically download and publish Security Server and endpoint kits.

    staging_packages_auto.png

    You can also configure the maximum number of kits that you can store on the GravityZone appliance. Enter a number between 4 and 10 in the Keep maximum (kits) menu.

  8. Under Products Update, you can configure Update Server to automatically download updates for security agents.

    update_staging_rings.png

    You can choose to also automatically publish newest downloaded versions:

    1. Select at least one security agent from the available list.

    2. Define the source and destination rings:

    • Source ring. The ring used to send the updates in the staging environment. When a version is validated by its early adopters it will be published on the slow ring. This is the default value. The newest available updates will be published on the fast ring.

    • Destination ring. The ring used to publish the updates in production. You can select between fast and slow.

    You can also configure the maximum number of updates that you can store on the GravityZone appliance. Enter a number between 4 and 10 in the Keep maximum (updates) menu.

  9. Click Save.

Once enabled staging, build your staging environment to start testing the available product kits and updates.

Important

Disabling staging will delete all unpublished packages and product updates.

Defining the staging policy

You need to define a staging policy:

  1. Go to the Policies page.

  2. Select or create a policy to use in the test environment.

  3. Under the General > Update section, enter the Staging Server address in the Update Locations table.

  4. Configure the other policy settings as needed. For more details, refer to the Security Policies chapter from the GravityZone Administrators Guide.

  5. Click Save.

Staging packages

To install the latest package on the testing endpoints:

  1. Go to the Configuration > Update page and select the Components tab.

  2. Click Check for updates to make sure you view the latest released product version.

  3. Click the component you want to update in the Product list.

  4. Select a package available in the Packages table, which you want to test. You can download several kits for every product, up to the limit specified in the Update Server Settings window. When this limit is reached, the oldest version is removed from the table.

  5. Click Actions and select Download to get the package to your GravityZone appliance.

  6. Having the package selected, click Save to disk. The package configuration window is displayed.

  7. Configure the package. For more information, refer to Creating Installation Packages.Installing security agents

  8. Install the kit on the testing endpoints.

  9. Monitor the behavior of the endpoints.

  10. If the package has installed successfully and the endpoints have normal behavior, you can publish the package to the production network.

    To publish a package, select it in the Packages table, click Actions at the upper side of the table and select Publish.

    Important

    You cannot publish packages older than the one already published.

  11. If you encountered problems with the package, you can log a support ticket. For more details, refer to Getting Help.Getting help

    To delete a package from the GravityZone appliance, click the Actions button and choose Delete from disk.

Assigning the staging policy

To assign the staging policy to the testing endpoints:

  1. Go to the Network page.

  2. Choose Computers and Virtual Machines from the views selector.

  3. Select the group that you want from the left-side pane. All computers from the selected group are displayed in the right-side pane table.

  4. Select the check box of the computer or group that you want. You can select one or several objects of the same type only from the same level.

  5. Click the policy.png Assign Policy button at the upper side of the table.

  6. Make the necessary settings in the Policy assignment window. For more information, refer to Security Policies > Managing Policies > Assigning Policies to Endpoints chapter from the GravityZone Administrators Guide.

Staging product updates

To install the latest updates:

  1. Go to the Configuration > Update page and select the Components tab.

  2. Click Check for updates to make sure you view the latest released product update.

  3. Select the Bitdefender product of your choice in the Product list.

    Note

    You can use staging only with updates for security agents and not for Security Servers.

  4. Select an update available in the Updates table, which you want to test.

  5. Click Actions and select Download to get the update to your GravityZone appliance.

    You can download several updates for every product, up to the limit specified in the Update Server Settings window. When this limit is reached, the oldest version is removed from the table.

  6. Having an update selected, click Actions and select Add to staging. The update will install on the testing endpoints, according to the policy settings. For more details refer to Defining the Staging Policy.

  7. If the update has installed successfully and the endpoints have normal behavior, start to send out the update to the machines in production. First, update the non-critical machines to run another test before updating the critical endpoints. For more details, refer to Publishing with Update Rings.

  8. If you encountered problems with the update, you can log a support ticket. For more details, refer to Getting Help.Getting help

    To delete an unpublished update from the GravityZone appliance, click the Actions button and choose Delete. You can delete only unpublished updates.

Publishing with update rings

To test the update on the non-critical endpoints from production, you must first edit the existing policies and assign them a fast ring policy.

Note

A slow ring policy is automatically assigned for all the policies you create.

  1. Go to the Policies page.

  2. Edit the policy setting for the non-critical endpoints in production. In the Update Ring section select Fast ring.

    Note

    The update published on fast ring cannot be older than the one published on the slow ring.

  3. Publish the update on the fast ring:

    1. Go to Configuration > Update page and select the Components tab.

    2. Select the update in the Updates table, click the Actions button at the upper side of the table and choose Publish.

    3. Select the fast ring option.

      Note

      When you first publish an update, it will be available on the fast and slow rings.

      At this point, all endpoints with fast ring policy are being updated to the published version.

  4. Monitor the behavior of the fast ring endpoints.

  5. If the update has installed successfully and the endpoints have normal behavior, you can publish the update on the slow ring:

    1. Go to Configuration > Update page and select the Components tab.

    2. Select the update in the Updates table, click the Actions button at the upper side of the table and choose Publish.

    3. Select the slow ring option.

      Every endpoint from production is now updated to the version you published.

  6. If you encountered problems with the package, you can log a support ticket. For more details, refer to TECHNICAL SUPPORT.

Product offline updates

GravityZone uses by default an update system connected to the Internet. For isolated networks, Bitdefender offers an alternative, making the components and security content updates available offline as well.

Prerequisites

To use offline updates, you need:

  • A GravityZone instance installed in a network with internet access (“online instance”). The online instance must have:

  • One or several GravityZone instances installed in a network without internet access (“offline instances”)

  • Both GravityZone instances must have the same appliance version

Setting up the online GravityZone instance

During this phase, you will deploy a GravityZone instance to a network with internet access, and then configure it to perform as offline update server.

  1. Deploy GravityZone to a machine with internet connection.

  2. Install only the Database and Update Server roles.

  3. Access the machine's TTY terminal in your virtual environment (or connect to it via SSH).

  4. Log in with the bdadmin user and the password you have set.

  5. Run the command sudo su to gain root privileges.

  6. Run the following commands to install the offline gzou-mirror package:

    # /opt/bitdefender/bin/pkg-update update # gzcli update # apt-get install gzou-mirror

The gzou-mirror has the following roles:

  • Configure the Update Server to generate automatically offline update archives.

  • Set up a web service to the online instance, providing configuration and download options for the offline update archives.

Configuring and downloading the initial update files

During this phase, you will configure the update archive settings via the web service installed on the online instance, and then create the archive files required for setting up the offline update.offline.offline instance. Then, you will have to download the update files and place them to a portable media device (USB stick).

  1. Access the web service through a URL of this form: https://Online-Instance-Update-Server-IP-or-Hostname, with the username bdadmin and the password you have set.

    offline-upd_web-service.png
  2. Configure the offline update archive as follows:

    • Under Kits: select the endpoint agent kits you want to include in the offline update archive.

    • Under Settings, edit your update archive preferences.

      A CRON job installed on the online instance will check every minute if there are new update files available and if the free disk space is bigger than 10GB. At each period set by the Archive creation interval (in hours) option, the CRON job will create the following files:

      • Full archive (product + security content), when new update files are available

      • Lite archive (security content only), when there are no new update files

      The archives will be created in the following location:

      https://Online-Instance-Update-Server-IP-or-Hostname/snapshots

  3. Click Create > Full archive to create the first full archive. Wait until the archive is created.

    offline-upd_web-service_create.png
  4. Download the full update archive and the gzou-bootstrap file from the online instance. You have several options at hand:

    • Via the web service: click Download archives to access the page containing the links to the update files. Click the full update archive and the gzou-bootstrap file links to download them on your endpoint.

    • Use your preferred SCP/SCTP client (WinSCP, for example) to establish a SCP session with the online instance and transfer the abovementioned files to any location in your online network. The default path on the online instance is:

      /opt/bitdefender/share/gzou/snapshots

      offline-upd_scp.png
    • Via SAMBA share. Use a read-only SAMBA share to retrieve the offline update archives from the following location:

      \\Online-Instance-Update-Server-IP-or-Hostname\gzou-snapshots

      Note

      The credentials for accessing the SAMBA share, if requested, are the same with the online instance credentials (bdadmin user and password).

Setting up the offline GravityZone instance

During this step, you will deploy and configure the offline instance to receive updates via the archives generated by the online instance. Unless stated otherwise, all commands must be run as root.

  1. Deploy GravityZone to a machine from the isolated environment.

  2. Install only the Database and Update Server roles.

  3. Transfer the update archive and the gzou-bootstrap file downloaded from the online instance to the /home/bdadmin directory of the offline instance using a portable media device (USB stick).

    Important

    For the offline update to work, make sure that:

    • The update archive and the gzou-bootstrap are in the same folder.

    • The update archive is a full archive.

  4. Execute the gzou-bootstrap file as follows:

    1. Access the machine's TTY terminal in your virtual environment (or connect to it via SSH).

    2. Transform gzou-bootstrap into an executable:

      #chmod +x gzou-bootstrap       
    3. Run: ./gzou-bootstrap

  5. Choose the method of transferring the update archives to the offline instance:

    • Select Windows shared folder (Samba share). In this case, you will have to specify the path to a Windows share from the isolated network, where the offline instance will automatically connect to retrieve the update archives. Enter the credentials required to access the specified location.

    • Select SCP if you will manually transfer the files to the /opt/bitdefender/share/gzou/snapshots/ folder of the offline instance via SCP.

      offline-upd_reconfig.png

      Note

      If you want to change the transfer method at a later time:

      1. Access the offline instance's TTY terminal in your virtual environment (or connect to it via SSH).

      2. Log in with the bdadmin user and the password you have set.

      3. Run the command sudo su to gain root privileges.

      4. Run:

        # rm -f /opt/bitdefender/etc/gzou-target.json # dpkg-reconfigure gzou-target

        The configuration dialog will appear, where you can make the changes that you want.

  6. Switch to the offline GravityZone console command line and install the rest of the roles.

  7. Access the offline console from your web browser and insert your license key (in offline mode).

Using offline updates

Once you have set up the GravityZone instances, follow these steps to update your offline installation:

  1. Download the latest offline update archive from the online instance to your preferred network share. For more details, refer to Configuring and downloading the initial update files.

  2. Use a USB stick to transfer the update archive to the configured Samba share from the isolated network. For more details, refer to Setting Up the Offline GravityZone Instance.

    The files will be automatically pulled into the following offline instance directory:

    /opt/bitdefender/share/gzou/snapshots/

Using the web console

Access the web console by entering the IP/Hostname of the appliance in the web browser. You can edit the available options:

  • Control Center

  • General Settings

Control Center

The Appliance Status displays the details of the last job performed (archive type, date and time), and the next scheduled job.

You have the option to:

  • Create security content archive

  • Create full archive

In the Created Archives section, you can download security content and full archives.

Select the archive(s) from the available list, and click the Download button.

You can also view the available space on the appliance disk.

General settings

You can define a download schedule for the GravityZone kits.

  1. Click the Edit Settings button.

  2. Select one or more kits from the Available Kits list.

  3. In the Schedule section, you can define an interval for creating the archives, as well as the number of archives to keep on disk.

  4. Click the Apply button to save your changes.

Update the GravityZone appliance

It is recommended to always keep the GravityZone appliance up-to-date because every new version includes improvements or new important features.

To view information about your GravityZone deployment version and available updates, go to the Configuration > Update page. You can view the installed GravityZone appliances and the roles they are running in the Infrastructure section.

Manual Update

Details about the GravityZone version are available in Configuration > Update > GravityZone Roles. If the console displays the message “Your console is out of date”, then it is the time for an update.

16039_1.png

Before any update, it is recommended to check the changelog of the new version. Also, check the release notes published on the Bitdefender Support Center.

To manually update the GravityZone appliance:

  1. Go to the Update > GravityZone Roles.

  2. Under Current Status section, click the Update button.

The update process might take a while. When finished, make sure to clear the browser cache.

If the GravityZone console does not display the status "Your console is out of date", click the Refresh button from the Infrastructure section to verify whether a new version of GravityZone is available or not.

If a new version is available, but Control Center displays the message "Your console is up to date" after refreshing, you can find the necessary troubleshooting steps here.

Verify also if the appliance is able to communicate with the Bitdefender servers at the address: download.bitdefender.com.

Automatic Update

The automatic update is disabled by default. To change this setting, go to Configuration > Update > GravityZone Roles and select the Enable automatic update check box.

To schedule automatic updates:

  • Set the Recurrence to Daily, Weekly (select one or more weekdays) or Monthly.

  • Define an Interval. You can schedule a time for the update process to begin when a new update is available.

Enable the 30 minutes downtime alert before update check box to display a warning message to all users 30 minutes before the automatic update starts.

During the update, the users will be logged out and a notifying screen is displayed, informing the users that an update is in progress.

After the automatic upgrade is finished, all users will be redirected to the login page. A pop-up will display the new features.

If you have more GravityZone appliances in your network environment, with automatic update all appliances will be brought to the latest version.

Update Bitdefender Endpoint Security Tools (BEST) manually

To manually update BEST on endpoints without a network connection use weekly update files.

BEST will make most security-related decisions for you and will rarely show pop-up alerts. Details of actions taken and information about program operation are available in the Events area.

Weekly signature updates procedure

You can download and run weekly signature updates from the following locations:

  1. Windows:

    • For x86 architecture endpoints: click here

    • For x64 architecture endpoints: click here

  2. Linux:

    • For x86 architecture endpoints: click here

    • For x64 architecture endpoints: click here

Update a Security Container

To update a Security Container follow the steps below:

  1. Remove the current deployment of Security Container on the desired host or cluster

    Note

    For more information on uninstalling a Security Container refer to Uninstalling Security Containers

  2. Deploy the new instance on the same host or cluster.

    Note

    For more information on installing a Security Container refer to Security Containers.

Update GravityZone products offline

The GravityZone default update system requires an internet connection. When using GravityZone in an isolated network, you need to make the components and signature updates available offline as well. The information exposed hereinafter helps you configure a GravityZone offline update system for an isolated network environment.

To update one or several offline GravityZone instances located in an isolated network, you will need an additional online GravityZone instance deployed in a network with internet access, named hereinafter “online instance”. The online instance will serve as update source for the offline instances.

At first, you will have to run an initial setup of both online and offline instances. Once the offline update system is ready, you will be able to update regularly your isolated GravityZone environment.

The phases included in the GravityZone offline update system are referenced in the index at the upper right side of the screen.

15707_1.png
Prerequisites
  • A GravityZone instance installed in a network with internet access (online instance). The online instance must have:

  • One or several GravityZone instances installed in a network without internet access (offline instances)

  • Both GravityZone instances must have the same appliance version

Set up the online GravityZone instance

During this phase, you will deploy a GravityZone instance to a network with internet access, and then configure it to perform as offline update server.

  1. Deploy GravityZone to a machine with internet connection.

  2. Install only the Database and Update Server roles.

  3. Access the machine’s TTY terminal in your virtual environment (or connect to it via SSH).

  4. Log in with the bdadmin user and the password you have set.

  5. Run the command sudo su to gain root privileges.

  6. Run the following commands to install the offline gzou-mirror package:

    # apt update

    # gzcli update

    # apt install gzou-mirror

    The gzou-mirror package has the following roles:

    • Configure the Update Server to generate automatically offline update archives.

    • Set up a web service to the online instance, providing configuration and download options for the offline update archives.

Configure and download the initial update files

During this phase, you will configure the update archive settings via the web service installed on the online instance, and then create the archive files required for setting up the offline instance. Then, you will have to download the update files and place them to a portable media device (USB stick).

  1. Access the web service through a URL of this form: https://Online-Instance-Update-Server-IP-or-Hostname, with the username bdadmin and the password you have set.

    15707_2.png
  2. Configure the offline update archive as follows:

    • Under Kits: select the endpoint agent kits you want to include in the offline update archive.

    • Under Settings, edit your update archive preferences.

      A CRON job installed on the online instance will check every minute if there are new update files available and if the free disk space is bigger than 10GB. At each period set by the Archive creation interval (in hours) option, the CRON job will create the following files:

      • Full archive (product + signatures), when new update files are available

      • Lite archive (signatures only), when there are no new update files

      The archives will be created in the following location:

      https://Online-Instance-Update-Server-IP-or-Hostname/snapshots

  3. Click Create > Full archive to create the first full archive. Wait until the archive is created.

    15707_3.png
  4. Download the full update archive and the gzou-bootstrap file from the online instance. You have several options at hand:

    • Via the web service: click Download archives to access the page containing the links to the update files. Click the full update archive and the gzou-bootstrap file links to download them on your endpoint.

    • Use your preferred SCP/SCTP client (WinSCP, for example) to establish a SCP session with the online instance and transfer the abovementioned files to any location in your online network. The default path on the online instance is:

      /opt/bitdefender/share/gzou/snapshots

      15707_4.png
    • Via SAMBA share. Use a read-only SAMBA share to retrieve the offline update archives from the following location:

      \\Online-Instance-Update-Server-IP-or-Hostname\gzou-snapshots

      Note

      The credentials for accessing the SAMBA share, if requested, are the same with the online instance credentials (bdadmin user and password).

Set up the offline GravityZone instance

During this phase, you will deploy and configure the offline instance to receive updates via the archives generated by the online instance. Unless stated otherwise, all commands must be run as root.

  1. Deploy GravityZone to a machine from the isolated environment.

  2. Install only the Database and Update Server roles.

  3. Transfer the update archive and the gzou-bootstrap file downloaded from the online instance to the /home/bdadmin directory of the offline instance using a portable media device (USB stick).

    Important

    For the offline update to work, make sure that:

    • The update archive and the gzou-bootstrap file are in the same folder.

    • The update archive is a full archive.

  4. Execute the gzou-bootstrap file as follows:

    1. Access the machine's TTY terminal in your virtual environment (or connect to it via SSH).

    2. Transform the gzou-bootstrap file into an executable: chmod +x gzou-bootstrap

    3. Run: ./gzou-bootstrap

  5. Choose the method of transferring the update archives to the offline instance:

    1. Select Windows shared folder (Samba share). In this case, you will have to specify the path to a Windows share from the isolated network, where the offline instance will automatically connect to retrieve the update archives. Enter the credentials required to access the specified location.

    2. Select SCP if you will manually transfer the files to the /opt/bitdefender/share/gzou/snapshots/ folder of the offline instance via SCP.

      15707_5.png

      Note

      If you want to change the transfer method at a later time:

      1. Access the offline instance's TTY terminal in your virtual environment (or connect to it via SSH).

      2. Log in with the bdadmin user and the password you have set.

      3. Run the command sudo su to gain root privileges.

      4. Run:

        rm -f /opt/bitdefender/etc/gzou-target.json

        dpkg-reconfigure gzou-target

        A configuration dialog will appear where you can make the changes that you want.

  6. Switch to the offline GravityZone console command line and install the rest of the roles.

  7. Access the offline console from your web browser and insert your license key (in offline mode).

Using offline updates

Once you have set up the GravityZone instances, follow these steps to update your offline installation:

  1. Download the latest offline update archive from the online instance to your preferred network share, as described in phase 3.

  2. Use a USB stick to transfer the update archive to the configured Samba share from the isolated network, as described in phase 4.

    The files will be automatically pulled into the following offline instance directory:

    /opt/bitdefender/share/gzou/snapshots/

Update GravityZone to version 6.21.1-1

Why updating?

Ubuntu 16.04 LTS, the underlying operating system of GravityZoneGravityZone, becomes officially EOL on April 30th, 2021. This means it will stop receiving critical fixes and security patches, exposing users to potential threats. We, at Bitdefender, take all measures to ensure you are provided with best security. Thus, we are migrating to Ubuntu 20.04 LTS, which is newer, safer, and long term supported version.

To keep your network fully protected, you are advised to update GravityZone as soon as possible. Find out all the details further in this article.

How will it happen?

Between 9th and 30th of March 2021, we are rolling out the GravityZone update in more stages, depending on the number of protected endpoints and GravityZone architecture. Once the update becomes available to you, follow the guidelines in this article to proceed.

The process is performed in phases. GravityZone first upgrades the operating system to 18.04 LTS, then to 20.04 LTS, under Ubuntu official recommendation. The process happens transparently, with no user intervention.

Automatic GravityZone product updates are disabled for this update. If you had them enabled, they will be automatically re-enabled when the update is complete.

The update may last from 30 minutes up to a couple of hours, depending on your hardware capabilities.

In GravityZone environments with a single appliance having all roles, the endpoints may remain unprotected during the OS upgrade process if they use Central Scan without fallback.

During the update:

  • Access to Control Center is restricted to all users.

  • You will be able to view update progress and statuses for each appliance.

  • In the backend, GravityZone will perform the following actions:

    • Stop the existing services

    • Back up the database

    • Update MongoDB to version 4.4

    • Uninstall Bitdefender packages and dependencies

    • Update Ubuntu to version 18.04 LTS

    • Update Ubuntu to version 20.04 LTS

    • Reinstall Bitdefender packages and dependencies

    • Change repositories to receive Ubuntu 20.04 updates and patches

  • The appliances will automatically reboot two times, after each OS upgrade.

When the update is complete, you can log in again to Control Center using your credentials.

Remember that all Bitdefender packages are reinstalled according to pre-upgrade GravityZone profile. All other custom packages must be reinstalled manually.

What do you need to do?
Best practices
  • Take snapshots to the GravityZone appliances before you run the update. This is the only way to recover your GravityZone environment if issues occur.

    If you are not sure about taking snapshots in your hypervisor, contact Bitdefender Enterprise Support team.

  • In Control Center, enable the following notifications:

    • Update Available, with the option Show console update.

      This notification informs you when the update is available to you.

    • GravityZone Update, with the option Send per email.

      This notification informs you on your email when the update ends.

Prerequisites
  • All GravityZone appliances, if more than one, must be powered on.

  • All GravityZone appliances must be able to communicate with each other.

  • Your GravityZone appliances must be using Ubuntu 16.04 LTS.

  • Your GravityZone current version must be 6.20.1-1, the last one before this update.

    Older versions are not compatible for OS upgrade. In this case, you need to run the pending GravityZone update.

  • Each appliance must have at least 5 GB free disk space.

    On the appliances with Database Server role, the amount of free space required depends on the database size. GravityZone will inform you if enough free space is available before the update.

  • No third party packages installed.

    Uninstall any additional packages you have besides the ones delivered by default with GravityZone. You can install them back after the update is complete.

  • All appliances must use only the official Bitdefender repositories.

    If you use additional repositories, save them to a remote location and remove them from the files. You can restore them after the update. The paths to the repository files are:

    /etc/apt/sources.list

    /etc/apt/sources.list.d/

  • Mind any warnings or errors regarding hardware and configuration requirements, which appear in the Configuration > Update > GravityZone roles page of Control Center. If requirements are not met, the Update button is disabled.

Upgrade GravityZone to use Ubuntu 20.04

The upgrade process varies on whether your GravityZone is installed in an online or offline environment.

For online GravityZone environments
  1. Log in to Control Center.

  2. Go to Configuration > Update > GravityZone roles page.

  3. Click the Update button.

  4. Confirm you are ready to proceed.

For offline GravityZone environments

Important

All CLI commands must run with root privileges.

  1. Download the GravityZone image from here.

  2. Install and configure a new online GravityZone instance using the image previously downloaded.

    For more information, refer to GravityZone products offline update, the Set up the online GravityZone instance section.

  3. Create a full archive (product and signatures) and move it to the offline instance following the steps described in section Configure and download the initial update files of GravityZone products offline update.

  4. Wait until the archive is unpacked. In maximum 30 minutes the update becomes available.

  5. Log in to the offline instance of GravityZone Control Center.

  6. Go to Configuration > Update > GravityZone roles page.

  7. Click the Update button and confirm you are ready to proceed.

    Note

    If your GravityZone version is older than version 6.20.1-1, you need to run two updates: first to bring your GravityZone to this version, and second to update the OS.

    After the first update, wait until repositories have finished mirroring. Meanwhile, you may notice the following error: "Downloading the update files. If this state persists, check the network connection of the Update Server", informing you that GravityZone is not ready for the update.

    error_repo_mirror_EN.png
  8. When the update is complete and GravityZone is at version 6.21.1-1, copy the /opt/bitdefender/share/gzou/snapshots/gzou-bootstrap file from the online instance to /opt/bitdefender/share/gzou/snapshots/ on the offline instance.

    Important

    The update archive must be in this directory as well. Otherwise, gzou-bootstrap will not work.

  9. Transform the gzou-bootstrap file into an executable:

    # chmod +x gzou-bootstrap
  10. Run gzou-bootstrap:

    # ./gzou-bootstrap
Questions & answers

Q1: Why am I not able to see the notification banner?

A: You have a console older than version 6.18-1.1. You must first update to version GravityZone 6.20.1-1. After that, you are eligible for updating to version 6.21.1-1.

Q2: Why don’t I see the Update button?

A: The GravityZone update is released in stages, depending on the number of protected endpoints, whether the GravityZone architecture is all-in-one or distributed, or if the environment is isolated. If you cannot see the Update button, the update was not released yet for the stage you are in.

Q3: Why isn’t the update starting when I click on Update button?

A: Most probably pre-requirements conditions are not met, check the errors and warnings which appear in the Configuration > Update > GravityZone roles page.

Q4:  Where are the upgrade packages for the GravityZone components stored?

A: The OS upgrade packages are mirrored on the GravityZone Update Server. Make sure all appliances have network connection with the Update Server.

Q5: Does the OS update cover all the roles including Report Builder and EDR incidents?

A: YES, all roles are covered in this update.

Q6: Will the update work independently from the patch level - different patch levels of Ubuntu 16.04 to 20.04 and different kernel versions?

A:  For the update to start, all appliances should run the latest GravityZone version with Ubuntu 16.04 and all packages should be updated to the latest Ubuntu 16.04 LTS version. We do not support Ubuntu minor releases for the console.

Q7: What is the required space on the Update Server to host the Ubuntu 20.04 repositories?

A: The Update Server should have minimum 5 GB of free disk space.

Q8: How long will the GravityZone update last? What should be the expected downtime?

A: The update consists of two important steps:

  1. Mirroring repositories on the Update Server

  2. The appliance update

In a distributed environment, the downtime is estimated at 3 hours. The update duration depends on the GravityZone setup (number of web consoles, database size and configuration, etc.).

In an all-in-one environment, the downtime is around 30 minutes.

Q9:  What happens if I don’t uninstall custom repositories and third-party packages before the update?

A: We advise you to remove all third-party repositories and packages before the update. Otherwise, the update will not start. If you remove only custom repositories, without uninstalling all packages, during the update all third-party packages will be uninstalled. You will be able to reinstall them after the update is complete.

Q10: Do I receive an email notification if I have Automatic updates enabled?

A: A warning will be displayed in the console and an email will be sent only if you are in the eligible stage.

Q11: Will I be able to see the progress status of the update?

A: The progress status will show the current step of the update process. For AIO environments, the update process has 74 steps, while for the distributed environments the process has 90 steps. More steps add if you also have Report Builder.

Q12: How do I monitor status of the update?

A: The console displays a progress status. You can also use the CLI command in tty2:

gzcli update status

Q13: Can I manually install GravityZone using the repositories?

A: When the virtual environment uses an unsupported format, such as Amazon AMI, you can do a manual install, following these guidelines.

Q14: Where can I find the new images running Ubuntu 20.04?

A: All images (OVA, VHD, VMDK, etc.) are already available here.

Update the operating system of the Security Server to Ubuntu 20.04 LTS

This topic provides all the information you need to upgrade Security Servers in your environment to use Ubuntu 20.04.

Introduction

Why updating the OS of the Security Server?

Security. Currently, Security Server relies on Ubuntu 16.04 LTS, which becomes officially EOL on April 30th, 2021. This means it will stop receiving critical fixes and security patches, exposing the appliance to potential threats.

Because you can. You do not need to redeploy any of the appliances like in the past. Since the April 2021 update, GravityZone offers the option to update Security Servers through the Update Security Server task. The task is available for both GravityZone platforms, cloud and on-premises, and all integrations with virtualized environments including cloud integrations.

It is easy. The OS update task is automatic, and you can schedule it to run in a maintenance window. The task applies to both multiplatform and agentless environments.

No icons with issues. After updating GravityZone, you may notice that the Security Server will appear as outdated. This means the Security Server version with OS update is available to download and install.

Warning

If you have a cloud integration (Azure or AWS) and choose to update the OS for your Security Servers, Bitdefender is not accountable for the billing changes that this update might generate according to your service-based model.

Prerequisites
  • The OS update task is available in GravityZone Control Center starting with the April 2021 update for cloud platform, and version 6.23.1-1 for on-premises platform.

  • Compatible Security Server versions:

    • Multiplatform: 6.2.1

    • For VMware NSX-V: 6.2.0

    • For VMware NSX-T: 1.1.0

  • The OS update on Citrix XenServer 7.1 LTSR requires you to apply the Citrix XS71ECU2060 hotfix first.

    Note

    You can install the hotfix automatically from Citrix XenCenter. The installation requires hypervisor reboot.

  • The update requires at least 2 GB of disk space available on the appliance to run.

  • Adjust resource allocation for the Security Server according to the new hardware requirements:

    Consolidation

    Number of protected VMs

    RAM

    CPU

    Low

    1 - 30

    2 GB

    2

    31 - 50

    4 GB

    2

    Medium

    51 - 100

    4 GB

    4

    High

    101 - 200

    4 GB

    6

  • Update location for the Security Servers must be one of the following:

    • update-onprem.2d585.cdn.bitdefender.net:80

    • upgrade.bitdefender.com

    Check the assigned policy, under the Relay > Update section, to have the option Define custom update locations enabled.

  • Bitdefender Endpoint Security Tools Relay for Linux version 6.2.21.141

    Warning

    Bitdefender Endpoint Security Tools Relay for Windows does not support the OS update.

Best practices
  • Take snapshots of the Security Server appliances, because the changes are major.

  • Since Bitdefender does not have any control on the infrastructure where Security Server runs, the update task does not limit the number or combination of Security Servers to be selected.

    The recommendation is to run several update tasks on groups of Security Servers, considering redundancy and availability. Do not run the task on all Security Servers at once, or you will lose protection.

  • Schedule the Security Server update in a maintenance window, especially for NSX and HVI environments, or migrate the VMs from one host to another one before starting the update.

  • Enable the Task status notification to know when the update is complete.

Updating steps
  1. Select the target Security Servers in the Network page.

  2. Run an Update Security Server task with the feature update option.

    This update will prepare the Security Servers for the OS update.

  3. Run again an Update Security Server task, this time with the OS update option.

  4. Select to run now or choose a date from the calendar to schedule the maintenance window.

To check the status of the update task, go to the Tasks page. Follow the links in the Status column to view the status of the task for each target Security Server.

How it will happen

The update process is incremental, the operating system being upgraded to Ubuntu 18.04 LTS, and then to Ubuntu 20.04 LTS, under Canonical official recommendation.

The process happens transparently, with no user intervention. During the update, the following operations will be performed in the backend:

  • Update requirements are checked.

  • Non-Bitdefender repositories are disabled.

  • Third-party packages are uninstalled.

    You can reinstall the third-party packages once the update is complete.

  • Existing Bitdefender services are stopped.

  • The OS is updated to Ubuntu 18.04 LTS.

  • The OS is updated to Ubuntu 20.04 LTS.

  • Repositories are changed to receive Ubuntu 20.04 updates and patches.

  • Non-Bitdefender repositories are enabled.

  • Bitdefender services are started.

Note

The appliances will automatically reboot several times.

Questions & answers

Q1: What happens with the protection during the update on agentless environments?

A: Protection on that host is lost. This is why we recommend moving the VMs on another protected host while the Security Server is updating. Plan this operation in a maintenance window.

Q2: How long does the OS update last and what is the expected downtime?

A: Depending on the networking and storage characteristics, the update duration can vary. In most cases, it will take between 20-30 minutes.

Q3: Will the update work if the Security Server has various minor Ubuntu 16.04 kernel versions?

A: Yes. Before starting the OS upgrade, all packages are updated to the latest versions available.

Q4: What happens with custom repositories or third-party packages during the update?

A: Any third-party packages will be uninstalled during the OS upgrade. They will not be automatically restored because Bitdefender repositories do not include them. The additional repositories will still be there, so you can reinstall the custom packages after the upgrade is complete.

Q5: How do I know if the update fails on a Security Server?

A: In Control Center, follow the Status link of the update task to open the Task Status window. You will view all target Security Servers and the status of the task on each of them. You can filter to view only where the task status is Failed. Select the Security Server with a failed update and check the error message in the lower part of the window.

Q6: Can I install the Security Server manually?

A: Yes. Follow the steps described in Bitdefender Security Server manual installation.

Q7: What happens if GravityZone is in an offline environment?

A: Follow the usual procedure to download the update archive. For details, refer to GravityZone products offline update.

Q8: Will the task run if Security Server runs on Ubuntu 12.04?

A: No. The task can only run if Security Server runs on Ubuntu 16.04. In this case, you need to redeploy the Security Server.

Q9: Will the task be available for the vShield integration?

A: No, it is not supported. You need to upgrade to VMware NSX.

Upgrade GravityZone OS to Ubuntu 16.04

Starting April 2017, GravityZone is upgrading its Linux operating system from Ubuntu 12.04 to 16.04. To keep your network fully protected, you are advised to upgrade as soon as possible.

Why Upgrading?

Released five years ago, Ubuntu 12.04 reaches “End of Life” status on Friday, April 28th 2017, and will stop receiving critical fixes and security patches, exposing users to potential threats. To ensure its customers’ protection, GravityZone has started migrating the operating system to the newer, safer and long term supported version 16.04.

Upgrading GravityZone operating system is an easy task. It is an automated process that requires two successive stages (a preparatory update and another one being the upgrade itself) and might take 30 minutes or more on each one, depending on your storage speed.

From the security perspective, GravityZone first upgrades the operating system to 14.04, then to 16.04, under Ubuntu official recommendation. The process happens transparently, so you are not required with any input at this level.

Prerequisites and Useful Information

For a smooth upgrade, make sure you meet the following conditions:

  • Your GravityZone appliances must be using Ubuntu 12.04.

  • The upgrade process needs 5 gigabytes (GB) of free space on each appliance.

  • Port 9443 must be open to accept both incoming and outgoing traffic from and to the other GravityZone appliances. If the port is closed, the upgrade process stops.

  • Take snapshots of your appliances before starting the upgrade. These are the only way to recover your GravityZone environment in case of emergency. If you are not sure about taking snapshots in your hypervisor, contact Bitdefender Enterprise Support team.

  • Power on all your appliances and check their interconnectivity if you are using a distributed GravityZone environment.

  • This upgrade process is compatible only with GravityZone environments using database replica set installed through the virtual appliance Command Line Interface (CLI). If your replica set instances are installed manually, you are not able to upgrade the GravityZone OS. In this situation, you must contact Bitdefender Enterprise Support team.

  • Back up the repositories file ( /etc/apt/sources.list), then delete all except the Bitdefender one, if the case. The OS upgrade is possible only with the official Bitdefender repository in this file. You can restore the other repositories after the OS upgrade is complete, but only if they are compatible with Ubuntu 16.04.

  • Uninstall any packages provided by third-party repositories.

During this process:

  • The OS is upgraded on all your GravityZone appliances.

  • All packages at the OS level are uninstalled (do not confuse them with the product packages created in Control Center). After the OS upgrade is completed, GravityZone will automatically reinstall only the Bitdefender packages and restore the settings. In case of custom packages, you must reinstall them manually.

  • Auto-update is disabled.

OS Upgrade Step by Step

This section describes the steps you must follow to upgrade the operating system of your GravityZone environment to Ubuntu 16.04.

GravityZone OS upgrade requires two main stages, with minimal input from you.

Stage 1

Perform an update task in Control Center. GravityZone provides regular fixes and improvements, but also updates its sources and makes your environment ready for OS upgrade. This is what you have to do:

  1. Log in to Control Center.

  2. Go to Configuration > Update.

  3. Click the Update button in the GravityZone Roles tab.

  4. The updating process begins and it might take about 30 minutes or more. Upon completion, you are informed that your console is out of date and the Update button appears again.

11369_1.png
Stage 2

Initialize the OS upgrade process. GravityZone operating system migrates to Ubuntu 16.04. This is what you have to do:

  1. Review the upgrade prerequisites and make sure you meet them. If one condition is not satisfied, the Update button is disabled.

    Warning

    Take snapshots of your GravityZone appliances before any further step if you haven’t yet. The upgrade process should occur seamlessly, but if something goes wrong along the way (power failure, communication errors) these are the only solution to recover your GravityZone environment.

  2. Click the Update button to start the OS upgrade process itself. A confirmation window appears:

    • Click Yes if you have taken snapshots of your GravityZone appliances and you are ready to upgrade the OS.

    • Click No to return to previous screen.

    11369_2.png
  3. After confirmation, the OS upgrade begins and might last about 30 minutes or more. A progress window will show you how the process is taking place. Depending on your GravityZone configuration (whether it is a single appliance having all roles or there are multiple appliances with specific roles), the progress window looks slightly different.

    11369_3.png

    The OS upgrade must complete 14 steps, which mainly consist of:

    • Creating various files needed for the upgrade process.

    • Creating an appliance profile (OS details, list of services, roles, IP addresses etc.).

    • Stopping the existing services.

    • Creating a backup of the important files.

    • Uninstalling the Bitdefender packages.

    • Changing repository to manage OS upgrade.

    • Installing upgrade dependencies.

    • Upgrading the OS to Ubuntu 14.04. A system restart occurs.

    • Upgrading the OS to Ubuntu 16.04. A second system restart occurs.

    • Changing repository according to new OS.

    • Reconfiguring the virtual machine image.

    • Installing roles according to appliance profile.

    • Re-enabling the Control Center website.

    • Creating a new profile of the upgraded appliance.

    If one step cannot complete because of an error, then the upgrade process stops. After you fix the error, the upgrade process resumes from the last successful step. In this situation, you are advised to contact Bitdefender Enterprise Support team.

    11369_4.png

    In a GravityZone environment with a single appliance having all roles, the upgrade process takes place at once, only following the above-mentioned steps.

    In a GravityZone environment with roles installed on multiple appliances, the OS upgrade process takes place in the following order:

    1. On the appliance with Update Server role.

    2. On the appliances with Database roles.

    3. On the appliances with other roles.

      Note

      In GravityZone environments with a single appliance having all roles, the endpoints may remain unprotected during the OS upgrade process if they use Central Scan without fallback.

  4. After the OS upgrade process is completed, you can log in again to Control Center using your credentials. Remember that all Bitdefender packages have been reinstalled according to pre-upgrade GravityZone profile. All other custom packages must be reinstalled manually.

Upgrade Security Server in GravityZone (On-Premises)

This section addresses the Security Server Multi-Platform and GravityZone on-premises version, and it aims to explain how to upgrade its operating system to Ubuntu 16.04.

Security Server is scan server, delivered as a Linux Ubuntu self-configuring hardened virtual appliance, embedded into a virtual machine image.

The procedure implies that you manually replace the old Security Server, which relies on Ubuntu 12.04, with the latest version available, which runs on Ubuntu 16.04.

Prerequisites
  • You need the kit of the new Security Server at hand.

    1. Log in to GravityZone Control Center.

    2. Go to the Configuration > Update page and make sure the Security Server is updated and published.

    3. Download the installation package from the Network > Packages page.

  • To find if the Security Server needs to be upgraded, open an SSH connection to it and type:

    cat /etc/*release

OS Upgrade

There are two approaches on how to perform the upgrade. Choose the one that best fits you.

Approach A

This approach involves zero downtime and no maintenance window is required.

  1. Log in to GravityZone Control Center.

  2. Go to the Network page and switch to Virtual Machines view.

  3. Select the host with the old Security Server installed and run an Install Security Server task.

  4. When deployment is complete, go to the Policies page.

  5. Add the new Security Server to the policies that contain the old Security Server.

    To do so, for each policy:

    1. Open the policy.

    2. Go to the Antimalware > Security Servers section.

    3. Under Security Server Assignment, select the new Security Server in the drop-down menu and click 12500_1.png Add.

    4. Remove the old Security Server from the list.

    5. Click Save.

  6. Delete the old Security Server from the host. You can do this either from Control Center, or from your virtualization management console.

  7. Repeat the steps above for the remaining Security Servers to be upgraded.

Approach B

This approach involves a downtime. A maintenance window is required to re-establish protection. In this case, the procedure depends on whether you use DHCP or not.

If you use DHCP IP allocation:

  1. Log in to your virtualization management platform. (e.g. VMware vSphere)

  2. On the host with the old Security Server:

    1. Copy the MAC address and hostname of the Security Server.

    2. Shut down the existing Security Server.

  3. Deploy a new Security Server, using one of these alternative methods:

    1. Log in to GravityZone and run an Install Security Server task from the Network page.

    2. Manually import the Security Server image on the host.

  4. Wait until deployment is complete.

  5. Change the MAC address and hostname with the saved ones.

    You can do this either from your virtualization management platform or by opening an SSH connection to the Security Server.

  6. Restart the Security Server. Once it has restarted, it should get the IP address of the old one and endpoints should be protected again.

  7. Repeat the steps above for the remaining Security Servers to be upgraded.

If you use static IP allocation:

  1. Log in to your virtualization management platform. (e.g. VMware vSphere).

  2. Shut down the existing Security Server.

  3. Deploy a new Security Server, using one of these alternative methods:

    1. Log in to GravityZone Control Center and run an Install Security Server task from the Network page.

    2. Manually import the Security Server image on the host.

  4. Configure the new Security Server with the hostname and IP of the old Security Server.

  5. Restart the Security Server. Once it is configured and online, the endpoints should be protected again.

  6. Repeat the steps above for the remaining Security Servers to be upgraded.