## ON PREMISES SOLUTIONS

### Install Security Server through Control Center

Security Server is a dedicated virtual machine that deduplicates and centralizes most of the antimalware functionality of antimalware clients, acting as a scan server.

Security Server deployment is specific to the environment it is installed in. The installation procedures are described herein:

#### Install Security Server for VMware NSX

In VMware NSX environments, you must deploy the Bitdefender service in each cluster to be protected. The purpose-built appliance will automatically deploy on all hosts in the cluster. All virtual machines on a host are automatically connected via Guest Introspection to the Security Server instance installed on that host.

Security Server deployment is to be performed exclusively from the vSphere Web Client.

To install the Bitdefender service:

2. Go to Network & Security > Installation and click the Service Deployments tab.

3. Click the New service deployment button (the plus sign icon). The configuration window opens.

4. Select Guest Introspection and click Next.

5. Select the datacenter and the clusters on which to deploy the service, then click Next.

6. Select storage and management network, click Next and then Finish.

7. Repeat the steps from 3 to 6, this time choosing Bitdefender service.

Before you proceed with installation, make sure that you have network connection between the selected network and GravityZone Control Center.

Once the Bitdefender service is installed, it will automatically deploy the Security Server on all ESXi hosts in the selected clusters.

### Warning

For the services to work properly, it is very important you install them in this order, first Guest Introspection and then Bitdefender, and not both at the same time.

### Note

If you choose Specified on host for storage and network management, check that Agent VM is set on hosts for both Guest Introspection and Bitdefender services.

Security Server has specific requirements that depend on the number of virtual machines it has to protect. To adjust the default hardware configuration of the Security Server:

2. Go to Hosts and Clusters.

3. Select the cluster where Security Server is deployed and then select Related Objects > Virtual Machines tab.

4. Power off the Bitdefender appliance.

5. Right-click the appliance name and then choose Edit Settings... in the contextual menu.

6. In the Virtual Hardware tab, adjust the CPU and RAM values to fit your needs and then click OK to save the changes.

7. Power the appliance back on.

### Note

To upgrade from VMware vShield to NSX, refer to Upgrade VMware environments protected with GravityZone from vCNS to NSX.

#### Install Security Server Multi-Platform

##### Connecting to the virtualization platform

To access the virtualized infrastructure integrated with Control Center, you must provide your user credentials for each virtualization server system available. Control Center uses your credentials to connect to the virtualized infrastructure, displaying only resources you have access to (as defined in vCenter Server).

To specify the credentials to connect to the virtualization server systems:

1. Click your username in the upper-right corner of the page and choose Credentials Manager.

2. Go to the Virtual Environment tab.

3. Specify the necessary authentication credentials.

1. Select a server from the corresponding menu.

### Note

If the menu is unavailable, either no integration has been configured yet or all necessary credentials have already been configured.

The new set of credentials is displayed in the table.

### Note

If you have not specified your authentication credentials, you will be required to enter them when you try to browse the inventory of any vCenter Server system.

Once you have entered your credentials, they are saved to your Credentials Manager so that you do not need to enter them the next time.

##### Installing Security Server on hosts

You must install Security Server on hosts as follows:

• In VMware environments with vShield Endpoint, you must install the purpose-built appliance on each host to be protected. All virtual machines on a host are automatically connected via vShield Endpoint to the Security Server instance installed on that host.

• In Nutanix Prism Element environments, you must install Security Server on each host, via remote installation task.

• In all other environments, you must install Security Server on one or more hosts so as to accommodate the number of virtual machines to be protected. You must consider the number of protected virtual machines, resources available for Security Server on hosts, as well as network connectivity between Security Server and protected virtual machines. The security agent installed on virtual machines connects to Security Server over TCP/IP, using details configured at installation or via a policy.

If Control Center is integrated with vCenter Server, XenServer and Nutanix Prism Element, you can automatically deploy Security Server on hosts from Control Center. You can also download Security Server packages for standalone installation from Control Center.

### Note

For VMware environments with vShield Endpoint, you can deploy Security Server on hosts exclusively via installation tasks.

###### Local installation

In all virtualized environments that are not integrated with Control Center, you must install Security Server on hosts manually, using an installation package. The Security Server package is available for download from Control Center in several different formats, compatible with the main virtualization platforms.

1. Go to the Network > Packages page.

2. Select the Default Security Server Package.

3. Click the Download button at the upper side of the table and choose the package type from the menu.

4. Save the selected package to the desired location.

Deploying Security Server installation packages

Once you have the installation package, deploy it to the host using your preferred virtual machine deployment tool.

After deployment, set up the Security Server as follows:

###### Remote installation

Control Center allows you to remotely install Security Server on visible hosts by using installation tasks.

To install Security Server remotely on one or several hosts:

1. Go to the Network page.

2. Choose Virtual Machines from the views selector.

3. Browse the VMware, Citrix or Nutanix inventory and select the check boxes corresponding to the desired hosts or containers (Nutanix Prism, vCenter Server, XenServer or datacenter). For a fast selection, you can directly select the root container (Nutanix Inventory, VMware Inventory or Citrix Inventory). You will be able to select hosts individually from the installation wizard.

### Note

You cannot select hosts from different folders.

4. Click the Tasks button at the upper side of the table and choose Install Security Server from the menu.

The Security Server Installation window is displayed.

5. Select the hosts on which you want to install the Security Server instances.

6. Choose the configuration settings you want to use.

### Important

Using common settings while deploying multiple Security Server instances simultaneously requires the hosts to share the same storage, have their IP addresses assigned by a DHCP server and be part of the same network.

When choosing to configure each Security Server differently, you will be able to define the settings that you want for each host at the next step of the wizard. The steps described hereinafter apply for the case when Configure each Security Server option is used.

7. Click Next.

8. Enter a suggestive name for the Security Server.

9. For VMware environments, select the container in which you want to include the Security Server from the Deploy Container menu.

10. Select the destination storage.

11. Choose the disk provisioning type. It is recommended to deploy the appliance using thick disk provisioning.

### Important

If you use thin disk provisioning and the disk space in the datastore runs out, the Security Server will freeze and, consequently, the host will remain unprotected.

12. Configure the memory and CPU resource allocation based on the VM consolidation ratio on the host. Choose Low, Medium or High to load the recommended resource allocation settings or Manual to configure resource allocation manually.

The administrative password must contain at least 8 characters, one digit, at least one upper case character, at least one lower case character, one special character and must be changed every 3 months.

14. Set the timezone of the appliance.

15. Select the network configuration type for the Bitdefender network. The IP address of the Security Server must not change in time, as it is used by Linux agents for communication.

If you choose DHCP, make sure to configure the DHCP server to reserve an IP address for the appliance.

If you choose static, you must enter the IP address, subnet mask, gateway and DNS information.

16. Select the vShield network and enter the vShield credentials. Default label for the vShield network is vmservice-vshield-pg.

You can view and manage the task in the Network > Tasks page.

### Note

To upgrade from VMware vShield to NSX, refer to Upgrade VMware environments protected with GravityZone from vCNS to NSX.

### Important

Installing Security Server on Nutanix through remote task may fail when the Prism Element cluster is registered to Prism Central or because of another reason. In these situations, it is recommended to perform a manual deployment of Security Server. For more details, refer to Install Security Server manually.