Skip to main content


Citrix XenServer

Integrate with XenServer

You can integrate GravityZone with one or multiple XenServer systems.

To set up integration with a XenServer:

  1. Go to the Configuration page in Control Center and click the Virtualization Providers tab.

  2. Click the add.png Add button at the upper side of the table and choose XenServer from the menu. A configuration window will appear.

  3. Specify the XenServer details.

    • Name of the XenServer system in Control Center

    • Hostname or IP address of the XenServer system

    • XenServer port (default 443)

  4. Specify the credentials to be used to authenticate with the XenServer.

    You can choose to use the credentials provided for integration with Active Directory or a different set of credentials.

  5. Restrict policy assignment from the network view. Use this option to control the network administrators permission to change the virtual machines policies via the Computers and Virtual Machines view in the Network page. When this option is selected, administrators can change the virtual machines policies only from the Virtual Machines view of the network inventory.

  6. Auto-update integration when master host changes in XenCenter. Use this option to keep the integration alive without manual intervention when the IP address of the pool master server has changed.


    You can enable the XenServer Integration Auto-update notification to know whenever such changes occur and the settings are automatically updated.

  7. Click Save. You will be able to view the vCenter Server in the active integrations list and that it is synchronizing. Wait for a couple of minutes until synchronization finishes.

Protect virtual machines in a XenDesktop with Provisioning Server infrastructure

This section describes how to install and configure Security for Virtualized Environments on XenServer virtual machines with Provisioning Server infrastructure.


Provisioning Server's infrastructure is based on software-streaming technology.

Using Provisioning Server, administrators prepare a device (Master Target Device) to be imaged, by installing an operating system and any required software on that device. A virtual disk (vDisk) image is then created from the Master Target Device's hard drive and saved to the network (on Provisioning Server or back-end storage device).

Once the vDisk is available from the network, a target device no longer needs its local hard drive to operate, as it boots directly from the network. The Provisioning Server streams the contents of the vDisk to the target device on demand, in real time.

Step-by-step procedure

To protect virtual machines in a XenDesktop with Provisioning Server infrastructure using GravityZone Security for Virtualized Environments (SVE), you need to deploy a Security Server and have BEST installed on the vDisk. To do so, follow these steps:

  1. Deploy GravityZone in the virtual environment and configure its roles.

  2. Connect to GravityZone Control Center using an account with Manage Solution right.

  3. Go to Configuration > Virtualization section and integrate GravityZone with Xen Server. When the process is finished, the Sync status will be Synchronized and the Progress status: Finished.

  4. To install the Security Server on the host, go to the Network page, select the host and run the Install Security Server task. The inventory will display the newly deployed virtual machine:

  5. Create a virtual machine with all programs that users need and install BEST to protect it against malware. To deploy BEST, select the VM in the inventory and run the Install Client task. After BEST is installed, the inventory will show the VM as being protected:


    Also verify that the Master VM is protected by accessing it and opening the BEST user interface.


    If you plan to use the BEST Firewall module, you need to add firewall rules to the BEST policy, to allow the appropriate ports used by Citrix components. For more details, check the following Citrix articles:

    Communication Ports Used by Citrix Technologies

    Best Practices for Configuring Provisioning Services Server on a Network

    It is especially important to allow the vDisk Streaming (Streaming Service) ports, otherwise the virtual desktops will not boot. For this purpose, you must add a Connection rule with the following configuration:

    • Local Address set to Any

    • Remote Address set to the address of the server hosting the vDisk

    • Remote Address port range set to PVS port range

    • Protocol set to UDP

    • Allow action

    Whenever you plan to change the PVS ports or update/upgrade your Citrix software, be sure to check for Citrix port changes and update the BEST firewall rules accordingly. Please follow Citrix recommendations on how to update the ports, as indicated in the next step.

  6. Prepare the target device by following the procedure described in this article.

  7. Start to deliver virtual desktops to users. The new VMs will appear in the network inventory as being protected by BEST.

    Users will see their devices as protected when they access BEST user interface.

    To test the protection, you can use an EICAR file. The file will be detected as a virus and it will be deleted. The interface will display the action taken to protect the virtual machine.