Bitdefender B2B Help Center

Security Server

Install Security Server through Control Center

Security Server is a dedicated virtual machine that de-duplicates and centralizes most of the antimalware functionality of antimalware clients, acting as a scan server.

You must install Security Server on one or more hosts so as to accommodate the number of virtual machines to be protected.

You must consider the number of protected virtual machines, resources available for Security Server on hosts, as well as network connectivity between Security Server and protected virtual machines.

The security agent installed on virtual machines connects to Security Server over TCP/IP, using details configured at installation or via a policy.

Download Security Server installation packages

To download Security Server installation packages:

  1. Go to the Network > Packages page.

  2. Select the Default Security Server Package.

  3. Click the download.png Download button at the upper side of the table and choose the package type from the menu.

  4. Save the selected package to the desired location.

Deploy Security Server installation packages

Once you have the installation package, deploy it to the host using your preferred virtual machine deployment tool.

After deployment, set up the Security Server as follows:

  1. Access the appliance console from your virtualization management tool (for example, vSphere Client). Alternatively, you can connect to the appliance via SSH.

  2. Log in using the default credentials.

    • User name: root

    • Password: sve

  3. Run the sva-setup command. You will access the appliance configuration interface.

    sva-cli-cloud.png

    To navigate through menus and options, use the Tab and arrow keys. To select a specific option, press Enter.

  4. Configure the network settings.

    The Security Server uses the TCP/IP protocol to communicate with the other GravityZone components. You can configure the appliance to automatically obtain network settings from the DHCP server or you can manually configure network settings, as described herein:

    1. From the main menu, select Network configuration.

    2. Select the network interface.

    3. Select the IP configuration mode:

      • DHCP, if you want the Security Server to automatically obtain network settings from the DHCP server.

      • Static, if a DHCP server is absent or an IP reservation for the appliance has been made on the DHCP server. In this case, you must manually configure the network settings.

        1. Enter the hostname, IP address, network mask, gateway and DNS servers in the corresponding fields.

        2. Select OK to save the changes.

    Note

    If you are connected to the appliance via a SSH client, changing the network settings will immediately terminate your session.

  5. Configure the proxy settings.

    If a proxy server is used within the network, you must provide its details so that the Security Server can communicate with GravityZone Control Center.

    Note

    Only proxies with basic authentication are supported.

    1. From the main menu, select Internet proxy configuration.

    2. Enter the hostname, username, password and the domain in the corresponding fields.

    3. Select OK to save the changes.

  6. Configure the Communication Server address.

    1. From the main menu, select Communication server configuration.

    2. Enter one of the following addresses for the Communication Server:

      • https://cloud-ecs.gravityzone.bitdefender.com:443

      • https://cloudgz-ecs.gravityzone.bitdefender.com:443

      Important

      This address must be the same as the one that appears in Control Center policy settings. To check the link, go to the Policies page, add or open a custom policy, navigate to the General > Communication > Endpoint Communication Assignment section and enter the Communication Server name in the column header field and select or write ECS. The correct server will appear in search results.

    3. Select OK to save the changes.

  7. Configure the client ID.

    1. From the main menu, select Configure the client ID.

    2. Enter the company ID.

      The ID is a string of 32 characters, which you can find by accessing the company details page in Control Center.

    3. Select OK to save the changes.

Install Security Server through Control Center

Security Server is a dedicated virtual machine that deduplicates and centralizes most of the antimalware functionality of antimalware clients, acting as a scan server.

Security Server deployment is specific to the environment it is installed in. The installation procedures are described herein:

Install Security Server for VMware NSX

In VMware NSX environments, you must deploy the Bitdefender service in each cluster to be protected. The purpose-built appliance will automatically deploy on all hosts in the cluster. All virtual machines on a host are automatically connected via Guest Introspection to the Security Server instance installed on that host.

Security Server deployment is to be performed exclusively from the vSphere Web Client.

To install the Bitdefender service:

  1. Log in to vSphere Web Client.

  2. Go to Network & Security > Installation and click the Service Deployments tab.

  3. Click the New service deployment button (the plus sign icon). The configuration window opens.

  4. Select Guest Introspection and click Next.

  5. Select the datacenter and the clusters on which to deploy the service, then click Next.

  6. Select storage and management network, click Next and then Finish.

  7. Repeat the steps from 3 to 6, this time choosing Bitdefender service.

    Before you proceed with installation, make sure that you have network connection between the selected network and GravityZone Control Center.

    Once the Bitdefender service is installed, it will automatically deploy the Security Server on all ESXi hosts in the selected clusters.

Warning

For the services to work properly, it is very important you install them in this order, first Guest Introspection and then Bitdefender, and not both at the same time.

Note

For more information on adding partner services to NSX, refer to VMware NSX Documentation Center.

If you choose Specified on host for storage and network management, check that Agent VM is set on hosts for both Guest Introspection and Bitdefender services.

Security Server has specific requirements that depend on the number of virtual machines it has to protect. To adjust the default hardware configuration of the Security Server:

  1. Log in to VMware vSphere Web Client.

  2. Go to Hosts and Clusters.

  3. Select the cluster where Security Server is deployed and then select Related Objects > Virtual Machines tab.

  4. Power off the Bitdefender appliance.

  5. Right-click the appliance name and then choose Edit Settings... in the contextual menu.

  6. In the Virtual Hardware tab, adjust the CPU and RAM values to fit your needs and then click OK to save the changes.

  7. Power the appliance back on.

Note

To upgrade from VMware vShield to NSX, refer to Upgrade VMware environments protected with GravityZone from vCNS to NSX.

Install Security Server Multi-Platform
Connecting to the virtualization platform

To access the virtualized infrastructure integrated with Control Center, you must provide your user credentials for each virtualization server system available. Control Center uses your credentials to connect to the virtualized infrastructure, displaying only resources you have access to (as defined in vCenter Server).

To specify the credentials to connect to the virtualization server systems:

  1. Click your username in the upper-right corner of the page and choose Credentials Manager.

    credentials_menu-onpremise.png
  2. Go to the Virtual Environment tab.

  3. Specify the necessary authentication credentials.

    1. Select a server from the corresponding menu.

      Note

      If the menu is unavailable, either no integration has been configured yet or all necessary credentials have already been configured.

    2. Enter your username and password and a suggestive description.

    3. Click the add_inline.png Add button.

      The new set of credentials is displayed in the table.

Note

If you have not specified your authentication credentials, you will be required to enter them when you try to browse the inventory of any vCenter Server system.

Once you have entered your credentials, they are saved to your Credentials Manager so that you do not need to enter them the next time.

Installing Security Server on hosts

You must install Security Server on hosts as follows:

  • In VMware environments with vShield Endpoint, you must install the purpose-built appliance on each host to be protected. All virtual machines on a host are automatically connected via vShield Endpoint to the Security Server instance installed on that host.

  • In Citrix environments, you must install Security Server on each host you want to protect with HVI, via remote installation task.

  • In Nutanix Prism Element environments, you must install Security Server on each host, via remote installation task.

  • In all other environments, you must install Security Server on one or more hosts so as to accommodate the number of virtual machines to be protected. You must consider the number of protected virtual machines, resources available for Security Server on hosts, as well as network connectivity between Security Server and protected virtual machines. The security agent installed on virtual machines connects to Security Server over TCP/IP, using details configured at installation or via a policy.

If Control Center is integrated with vCenter Server, XenServer and Nutanix Prism Element, you can automatically deploy Security Server on hosts from Control Center. You can also download Security Server packages for standalone installation from Control Center.

Note

For VMware environments with vShield Endpoint, you can deploy Security Server on hosts exclusively via installation tasks.

Local installation

In all virtualized environments that are not integrated with Control Center, you must install Security Server on hosts manually, using an installation package. The Security Server package is available for download from Control Center in several different formats, compatible with the main virtualization platforms.

The Security Server package is available for download from Control Center in several different formats, compatible with the main virtualization platforms.

Downloading Security Server installation packages

To download Security Server installation packages:

  1. Go to the Network > Packages page.

  2. Select the Default Security Server Package.

  3. Click the download.png Download button at the upper side of the table and choose the package type from the menu.

  4. Save the selected package to the desired location.

Deploying Security Server installation packages

Once you have the installation package, deploy it to the host using your preferred virtual machine deployment tool.

After deployment, set up the Security Server as follows:

  1. Access the appliance console from your virtualization management tool (for example, vSphere Client). Alternatively, you can connect to the appliance via SSH.

  2. Log in using the default credentials.

    • User name: root

    • Password: sve

  3. Run the sva-setup command. You will access the appliance configuration interface.

    sva-cli-cloud.png
    sva-cli-onpremise.png

    To navigate through menus and options, use the Tab and arrow keys. To select a specific option, press Enter.

  4. Configure the network settings.

    The Security Server uses the TCP/IP protocol to communicate with the other GravityZone components. You can configure the appliance to automatically obtain network settings from the DHCP server or you can manually configure network settings, as described herein:

    1. From the main menu, select Network configuration.

    2. Select the network interface.

    3. Select the IP configuration mode:

      • DHCP, if you want the Security Server to automatically obtain network settings from the DHCP server.

      • Static, if a DHCP server is absent or an IP reservation for the appliance has been made on the DHCP server. In this case, you must manually configure the network settings.

        1. Enter the hostname, IP address, network mask, gateway and DNS servers in the corresponding fields.

        2. Select OK to save the changes.

    Note

    If you are connected to the appliance via a SSH client, changing the network settings will immediately terminate your session.

  5. Configure the proxy settings.

    If a proxy server is used within the network, you must provide its details so that the Security Server can communicate with GravityZone Control Center.

    Note

    Only proxies with basic authentication are supported.

    1. From the main menu, select Internet proxy configuration.

    2. Enter the hostname, username, password and the domain in the corresponding fields.

    3. Select OK to save the changes.

  6. Configure the Communication Server address.

    1. From the main menu, select Communication server configuration.

    2. Enter one of the following addresses for the Communication Server:

      • https://cloud-ecs.gravityzone.bitdefender.com:443

      • https://cloudgz-ecs.gravityzone.bitdefender.com:443

      Important

      This address must be the same as the one that appears in Control Center policy settings. To check the link, go to the Policies page, add or open a custom policy, navigate to the General > Communication > Endpoint Communication Assignment section and enter the Communication Server name in the column header field. The correct server will show in search results.

    3. Enter the address of the Communication Server, including the port number 8443, using the following format:

      https://Communication-Server-IP:8443

      Alternatively, you can use the Communication Server hostname instead of the IP address.

    4. Select OK to save the changes.

  7. Configure the client ID.

    1. From the main menu, select Configure the client ID.

    2. Enter the company ID.

      The ID is a string of 32 characters, which you can find by accessing the company details page in Control Center.

    3. Select OK to save the changes.

Remote installation

Control Center allows you to remotely install Security Server on visible hosts by using installation tasks.

To install Security Server remotely on one or several hosts:

  1. Go to the Network page.

  2. Choose Virtual Machines from the views selector.

  3. Browse the VMware, Citrix or Nutanix inventory and select the check boxes corresponding to the desired hosts or containers (Nutanix Prism, vCenter Server, XenServer or datacenter). For a fast selection, you can directly select the root container (Nutanix Inventory, VMware Inventory or Citrix Inventory). You will be able to select hosts individually from the installation wizard.

    Note

    You cannot select hosts from different folders.

  4. Click the task.png Tasks button at the upper side of the table and choose Install Security Server from the menu.

    The Security Server Installation window is displayed.

    install-task-sva.png
  5. Select the hosts on which you want to install the Security Server instances.

  6. Choose the configuration settings you want to use.

    Important

    Using common settings while deploying multiple Security Server instances simultaneously requires the hosts to share the same storage, have their IP addresses assigned by a DHCP server and be part of the same network.

    When choosing to configure each Security Server differently, you will be able to define the settings that you want for each host at the next step of the wizard. The steps described hereinafter apply for the case when Configure each Security Server option is used.

  7. Click Next.

  8. Enter a suggestive name for the Security Server.

  9. For VMware environments, select the container in which you want to include the Security Server from the Deploy Container menu.

  10. Select the destination storage.

  11. Choose the disk provisioning type. It is recommended to deploy the appliance using thick disk provisioning.

    Important

    If you use thin disk provisioning and the disk space in the datastore runs out, the Security Server will freeze and, consequently, the host will remain unprotected.

  12. Configure the memory and CPU resource allocation based on the VM consolidation ratio on the host. Choose Low, Medium or High to load the recommended resource allocation settings or Manual to configure resource allocation manually.

  13. You have to set an administrative password for the Security Server console. Setting an administrative password overrides the default root password ("sve").

  14. Set the timezone of the appliance.

  15. Select the network configuration type for the Bitdefender network. The IP address of the Security Server must not change in time, as it is used by Linux agents for communication.

    If you choose DHCP, make sure to configure the DHCP server to reserve an IP address for the appliance.

    If you choose static, you must enter the IP address, subnet mask, gateway and DNS information.

  16. Select the vShield network and enter the vShield credentials. Default label for the vShield network is vmservice-vshield-pg.

  17. Click Save.

You can view and manage the task in the Network > Tasks page.

Note

To upgrade from VMware vShield to NSX, refer to Upgrade VMware environments protected with GravityZone from vCNS to NSX.

Important

Installing Security Server on Nutanix through remote task may fail when the Prism Element cluster is registered to Prism Central or because of another reason. In these situations, it is recommended to perform a manual deployment of Security Server. For more details, refer to Install Bitdefender Security Server.Install Bitdefender Security Server

Install Security Server manually

This section provides you with information regarding the Security Server manual installation on various platforms.

Install Security Server on an Ubuntu machine from XenServer, ESXi or AWS

Bitdefender provides the Security Server under several formats, such as OVA, VHD or XVA. When the virtual environment uses an unsupported format, such as Amazon AMI, manual installation is an option.

In this section , you will learn how to install Security Server through a script on an Ubuntu machine from your environment (Citrix XenServer, VMware ESXi, AWS).

Requirements
Hardware

Memory and CPU resource allocation for the Security Server depends on the number and type of VMs running on the host. The following table lists the recommended resources to be allocated:

Consolidation

Number of protected virtual machines

RAM

CPUs

Low

1-30 VMs

2 GB

2 CPUs

31-50 VMs

4 GB

2 CPUs

Medium

51-100 VMs

4 GB

4 CPUs

High

101-200 VMs

4 GB

6 CPUs

HDD: 16 GB (SSD, if available)

Software

Ubuntu Server 20.04 LTS

Prerequisites
  • On the physical server, install Ubuntu 16.04.3, with a working internet connection.

  • Use any authentication method to log in.

Installation steps
  1. Deploy a new Ubuntu 20.04 instance in your environment.

  2. Get root privileges:

    sudo su

    or

    sudo -i

  3. Update the OS to the latest version.

    apt-get update;

    apt-get dist-upgrade

  4. Download the script from here and unpack the archive.

  5. Use the following command to assign execute permission:

    chmod 500 install-scan-server.dat

  6. Navigate to the downloaded script and run it to install and update the Security Server:

    ./install-scan-server.dat

    You can follow the output of this command to check when the installation task is completed.

  7. Open the following log file after the installation is completed.

    /opt/BitDefender/var/log/update.log

  8. Check the output for a completed update process.

    The end of the output returns the following:

    dateStamp BDLIVED[4755] INFO: Done installing updates: 5 location(s) updated.

    Note

    If the update process is not yet finished, please wait while the Security Server runs through all the updates.

  9. Run the Security Server (SVA) setup.

    /opt/BitDefender/bin/sva_setup.sh

  10. Select option 3 Communication Server configuration from the menu.

  11. Choose whether the GravityZone solution you have is an on-premises or a cloud solution.

  12. Enter the IP and the port number of the Communication Server to which the Security Server should connect, followed by port 8443. For example: 10.10.0.9:8443

  13. Select Ok to confirm your action.

For any other question regarding the GravityZone product please contact: gzn-gs@bitdefender.com.

Install Bitdefender Security Server in Nutanix Prism

This section describes how to manually deploy Bitdefender Security Server in Nutanix Prism.

GravityZone allows you to integrate Control Center with Nutanix Prism Element for high-class protection of your virtualization platform. You are able to integrate one or more Nutanix Prism Element clusters, either they are registered or unregistered to Nutanix Prism Central.

Nutanix Prism Element integration overview

To protect a Nutanix Prism Element cluster, you have to deploy a Bitdefender Security Server on each host. You can do this by running a remote installation task in GravityZone Control Center. However, the installation task may fail when the Nutanix Prism Element cluster is registered to Prism Central or because of another reason.

When Nutanix Prism Element is registered to Prism Central, GravityZone is unable to automatically upload the Security Server in Nutanix because of certain user restrictions. Therefore, you need to:

  1. Upload the Security Server image in Nutanix Prism Central.

  2. Run again the installation task in GravityZone Control Center.

When Nutanix Prism Element is not registered to Prism Central, but the remote installation task still fails, you need to:

  1. Run again the installation task in GravityZone Control Center.

  2. If the case, upload and configure Security Server in Nutanix Prism Element.

Important

The Nutanix Prism Element integration with GravityZone requires a Nutanix user with Cluster Admin or User Admin privileges. Please review these privileges when performing tasks in Control Center.

How to upload the Security Server image in Nutanix Prism
Requirements

Before starting Security Server upload and configuration in Nutanix Prism, you must have at hand:

  • Nutanix Prism credentials.

  • Bitdefender Security Server image in VMDK format. You can download it from Network > Packages in GravityZone Control Center.

Uploading Security Server in Nutanix Prism Central

You need to manually upload the Security Server image in Nutanix Prism Central when the Nutanix Prism Element cluster is registered to Prism Central. Follow these steps:

Important

Wait for the image to be both uploaded and updated. After that, run again the installation task in GravityZone Control Center.

  1. Log in to Nutanix Prism Central.

  2. Go to Explore > Images.

    10791_1.png
  3. Click Add Image.

  4. Make sure you have the Image File radio button selected and click Add File to select the Bitdefender image from where it is stored.

  5. Check the image details:

    1. Under Image Name, keep the file original name: Bitdefender_SVE-SVA-Multi-Platform.vmdk. Otherwise, the Security Server installation will fail.

    2. Under Image Type, select Disk.

    3. Optionally, add an image description.

      10791_2.png
  6. Click Save. The Security Server image upload begins and it can take several minutes. You can view the progress in Tasks.

Uploading Security Server in Nutanix Prism Element

This is how you manually upload the Security Server when Nutanix Prism Element in not registered to Prism Central:

  1. Log in to Nutanix Prism Element.

  2. Go to Settings > Image Configuration.

    10791_3.png
  3. Click Upload Image. A new window appears.

  4. Fill in the details:

    1. Name.

    2. Annotation.

    3. Select the image type: DISK.

    4. Select the preferred storage container.

  5. Click Upload a file, then click Choose File to select the Security Server image from where it is stored.

  6. Click Save.

    10791_4.png

The Security Server image upload begins and it can take several minutes. You can view the progress in Tasks.

Wait for the image to be both uploaded and updated.

How to configure Security Server in Nutanix Prism

Once you have the Security Server image uploaded in Nutanix Prism, you can either:

  • Run a remote installation task in GravityZone Control Center. Security Server will be automatically configured.

  • Manually configure Security Server in Nutanix Prism. That means you have to create a Security Server virtual machine, power it on and configure the Communication Server address in the Security Server console.

To configure a Security Server virtual machine you must follow these steps in Prism Element or in Prism Central:

  1. Go to the virtual machines list and click Create VM.

  2. Fill in the required details:

    1. Under General Configuration, enter a name and, optionally, a description.

    2. Under Compute Details, choose 2 VCPUs, 1 core per VCPU and 3 GB of memory.

      10791_5.png
    3. Under Disks, click "X" to remove the default CD-ROM disk, confirm the action and click Add New Disk. Configure the disk as follows:

      1. Type: Disk.

      2. Operation: Clone from Image Service.

      3. Bus Type: SCSI.

      4. Image: Select the Security Server image you have uploaded.

      5. Click Add.

        10791_6.png
    4. Under Network Adapters (NIC):

      1. Click Add New NIC.

      2. Choose the preferred network.

      3. Click Add.

    5. Under VM Host Affinity:

      1. Click Set Affinity.

      2. Select one of the hosts.

      3. Click Save.

        10791_7.png
  3. Click Save. The virtual machine is created with the VM create with customize label.

  4. Go to virtual machines list.

  5. Select the Security Server virtual machine.

  6. Click Power on.

  7. Click Launch console and log in to Security Server by using the default credentials:

    1. User name: root

    2. Password: sve

  8. Run the sva-setup command. You will access the appliance configuration interface.

    10791_8.png

    To navigate through menus and options, use the Tab and arrow keys. To select a specific option, press Enter.

  9. Go to Communication Server configuration.

  10. Enter the address of the Communication Server, including the port number 8443, using the following format

    https://Communication-Server-IP:8443

    Alternatively, you can use the Communication Server hostname instead of the IP address.

  11. Select OK to save the changes.

Install Bitdefender Security Server in Nutanix AHV

This section aims to explain how to import and deploy Bitdefender Security Server in Nutanix AHV.

Importing the Security Server
  1. Log in to GravityZone.

  2. Go to the Network > Packages page.

  3. Select the default Security Server Virtual Appliance package.

  4. Click the Download button in the upper-left side of the table and select the Nutanix Prism (VMDK) version. Depending on your browser settings, the file may be downloaded automatically to a default download location.

  5. Log in to PRISM, the Nutanix Web Console.

  6. Import the VMDK file:

    1. Click the gear button in the upper-right corner of the console to access the Settings menu and select Image Configuration.

      10791_11.png

      The configuration window is displayed.

    2. Click Upload Image. A new window pops up, asking you to enter image details.

    3. Enter a suggestive name for the image.

    4. From the Image Type menu, choose Disk.

    5. From Image Source, select Upload File and choose the VMDK file you have previously extracted.

    6. Click Save. Wait while the virtual drive is being uploaded. When finished, you will be able to view the image in the list of existing images.

  7. Create the virtual machine for the Bitdefender Security Server VMDK file:

    1. Go to the VM page using the menu at the upper left corner of the console.

      10791_12.png
    2. Click the Create VM button at the upper right corner of the page.

      10791_13.png
    3. In the new configuration window, enter the requested details:

      • A suggestive name and a description for the VM.

      • Hardware configuration such as number of CPUs, cores per CPU and memory. These values must meet the Bitdefender Security Server requirements. You can find more information in the GravityZone Installation Guide.

    4. Click Add new disk. A configuration window is displayed.

    5. Configure the disk settings as follows:

      Type: Disk

      Operation: Clone from Image Service

      Bus Type: SCSI

      Image: the image you have previously created.

    6. Click Add.

    7. Click Add new NIC and choose the network you want to use.

    8. Click Save.

Deploying the Security Server
  1. In Nutanix console, go to the VM > Table section.

    10791_13.png
  2. Power on the newly created machine.

    10791_14.png
  3. Click Launch Console.

    10791_15.png

    Connect to the Security Server via SSH. For details regarding configuration steps, refer to Deploying Security Server Installation Packages.

    10791_16.png

    Configured Security Server.

Install Security Server for Amazon EC2

You can use Security Server to protect your Amazon EC2 instances as follows:

  • Configure the Security Server installed in your local network to communicate with the Amazon EC2 instances. Therefore, you will be able to use your local resources, either physical or virtual, to protect also the Amazon EC2 inventory.

  • Install one or several Security Server instances in your Amazon EC2 environment, according to your needs. In this case, follow the procedure described in Install Security Server on an Ubuntu machine from XenServer, ESXi or AWS.

    Important

    • For the communication between your EC2 machines and the Security Server instances installed in your Amazon EC2 inventory to work, you need to properly configure your Amazon VPC (Virtual Private Cloud) and Amazon VPN connections. For more information, refer to Amazon VPC documentation.

    • We recommend installing the Security Server in the same Amazon EC2 region with the instances you want to protect.

The default scan mode for EC2 instances is Local Scan (security content is stored on the installed security agent, and the scan is run locally on the machine). If you want to scan your EC2 instances with a Security Server, you need to configure the security agent’s installation package and the applied policy accordingly.

Install Security Server in Microsoft Azure

You can use Security Server to protect your Microsoft Azure virtual machines as follows:

  • Configure the Security Server installed in your local network to communicate with the Microsoft Azure virtual machines. Therefore, you will be able to use your local resources, either physical or virtual, to protect also the Microsoft Azure inventory.

  • Install one or several Security Server instances in your Microsoft Azure environment, according to your needs.

    Important

    • For the communication between your Microsoft Azure virtual machines and the Security Server instances installed in your Microsoft Azure inventory to work, you need to properly configure your virtual network/subnet. For details, refer to Microsoft Azure Virtual Network Documentation.

    • We recommend installing the Security Server in the same Microsoft Azure region with the virtual machines you want to protect.

The default scan mode for Microsoft Azure virtual machines is Local Scan (security content is stored on the installed security agent, and the scan is run locally on the machine). If you want to scan your Microsoft Azure virtual machines with a Security Server, you need to configure the security agent’s installation package and the applied policy accordingly.

Installation steps
  1. Download the Security Server virtual appliance image (VHD file) from the Packages page of GravityZone Control Center to C:\vhd.

  2. Resize the appliance to a supported Azure filesize:

    Resize-VHD -Path C:\vhd\Bitdefender_SVE-SVA-Multi-Platform.vhd -SizeBytes 21GB

  3. Prepare PowerShell for Azure:

    Install-Module AzureRM Login-AzureRmAccount

  4. Upload the file to Azure:

    $resourceGroupName = "Resources" $recreatedVhd = "C:\vhd\Bitdefender_SVE-SVA-Multi-Platform.vhd" $destinationVhd = "https://mystorearea.blob.core.windows.net/vhds/Bitdefender_SVE-SVA-Multi-Platform.vhd" Add-AzureRmVhd -LocalFilePath $recreatedVhd -Destination $destinationVhd -ResourceGroupName $resourceGroupName -NumberOfUploaderThreads 5

    Note

    • Azure supports only fixed sized VHD files. Add-AzureRmVhd commandlet takes the dynamic size VHD file and uploads it as a fixed size.

    • $destinationVhd is a custom path. Make sure to choose a valid path in your Azure environment.

  5. Create the virtual machine in Azure:

    1. Get the network to be attached to the VM:

      $virtualNetworkName = "Resources-vnet" $locationName = "westeurope" $virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $resourceGroupName -Name $virtualNetworkName

      Note

      Depending on your Azure setup, you may need to use other values for the above mentioned variables.

    2. Configure public IP:

      $publicIp = New-AzureRmPublicIpAddress -Name "SVASrv" -ResourceGroupName $ResourceGroupName -Location $locationName -AllocationMethod Dynamic $networkInterface = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroupName -Name "SVASrv-Interface" -Location $locationName -SubnetId $virtualNetwork.Subnets[0].Id -PublicIpAddressId $publicIp.Id

    3. Configure VM settings:

      $vmConfig = New-AzureRmVMConfig -VMName "SVASrv" -VMSize "Standard_DS1" $vmConfig = Set-AzureRmVMOSDisk -VM $vmConfig -Name "SVASrv" -VhdUri $destinationVhd -CreateOption Attach –Linux $vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $networkInterface.Id

    4. Create the VM in Azure:

      $vm = New-AzureRmVM -VM $vmConfig -Location $locationName -ResourceGroupName $resourceGroupName

  6. Configure Security Server to connect to GravityZone:

    1. Connect to the Security Server appliance via SSH.

    2. Log in with default credentials.

    3. Run the Security Server setup:

      # /usr/bin/sva-setup

    4. Select option 3 Communication Server configuration from the menu.

    5. Choose the on-premises option as the server type, when prompted.

    6. Enter the IP and the port number of the Communication Server to which the Security Server should connect, followed by port 8443.

      Add the Communication Server address depending on your company location:

      • EU: https://cloudgz-ecs.gravityzone.bitdefender.com

      • US: https://cloud-ecs.gravityzone.bitdefender.com

        Also, select option 4 Configure the client ID and enter your company ID.

    7. Select Ok to confirm your action.