Skip to main content

ON PREMISES SOLUTIONS

Update GravityZone products offline

The GravityZone default update system requires an internet connection. When using GravityZone in an isolated network, you need to make the components and signature updates available offline as well. The information exposed hereinafter helps you configure a GravityZone offline update system for an isolated network environment.

To update one or several offline GravityZone instances located in an isolated network, you will need an additional online GravityZone instance deployed in a network with internet access, named hereinafter “online instance”. The online instance will serve as update source for the offline instances.

At first, you will have to run an initial setup of both online and offline instances. Once the offline update system is ready, you will be able to update regularly your isolated GravityZone environment.

The phases included in the GravityZone offline update system are referenced in the index at the upper right side of the screen.

15707_1.png

Prerequisites

  • A GravityZone instance installed in a network with internet access (online instance). The online instance must have:

  • One or several GravityZone instances installed in a network without internet access (offline instances)

  • Both GravityZone instances must have the same appliance version

Set up the online GravityZone instance

During this phase, you will deploy a GravityZone instance to a network with internet access, and then configure it to perform as offline update server.

  1. Deploy the latest GravityZone image to a machine with internet connection.

    Warning

    You need to do this every time you want to update GravityZone in the offline environment.

  2. Install only the Database Server and Update Server roles.

  3. Access the machine’s TTY terminal in your virtual environment (or connect to it via SSH).

  4. Log in with the bdadmin user and the password you have set.

  5. Run the command sudo su to gain root privileges.

  6. Run the following commands to install the offline gzou-mirror package:

    # apt update

    # gzcli update

    # apt install gzou-mirror

    The gzou-mirror package has the following roles:

    • Configure the Update Server to generate automatically offline update archives.

    • Set up a web service to the online instance, providing configuration and download options for the offline update archives.

Configure and download the initial update files

During this phase, you will configure the update archive settings via the web service installed on the online instance, and then create the archive files required for setting up the offline instance. Then, you will have to download the update files and place them to a portable media device (USB stick).

  1. Access the web service through a URL of this form: https://Online-Instance-Update-Server-IP-or-Hostname, with the username bdadmin and the password you have set.

    15707_2.png

  2. Configure the offline update archive as follows:

    • Under Kits: select the endpoint agent kits you want to include in the offline update archive.

    • Under Settings, edit your update archive preferences.

      A CRON job installed on the online instance will check every minute if there are new update files available and if the free disk space is bigger than 10GB. At each period set by the Archive creation interval (in hours) option, the CRON job will create the following files:

      • Full archive (product + signatures), when new update files are available

      • Lite archive (signatures only), when there are no new update files

      The archives will be created in the following location:

      https://Online-Instance-Update-Server-IP-or-Hostname/snapshots

  3. Click Create > Full archive to create the first full archive. Wait until the archive is created.

    15707_3.png

  4. Download the full update archive and the gzou-bootstrap file from the online instance. You have several options at hand:

    • Via the web service: click Download archives to access the page containing the links to the update files. Click the full update archive and the gzou-bootstrap file links to download them on your endpoint.

    • Use your preferred SCP/SCTP client (WinSCP, for example) to establish a SCP session with the online instance and transfer the abovementioned files to any location in your online network. The default path on the online instance is:

      /opt/bitdefender/share/gzou/snapshots

      15707_4.png

    • Via SAMBA share. Use a read-only SAMBA share to retrieve the offline update archives from the following location:

      \\Online-Instance-Update-Server-IP-or-Hostname\gzou-snapshots

      Note

      The credentials for accessing the SAMBA share, if requested, are the same with the online instance credentials (bdadmin user and password).

Set up the offline GravityZone instance

During this phase, you will deploy and configure the offline instance to receive updates via the archives generated by the online instance. Unless stated otherwise, all commands must be run as root.

  1. Deploy GravityZone to a machine from the isolated environment.

  2. Install only the Database Server and Update Server roles.

  3. Transfer the update archive and the gzou-bootstrap file downloaded from the online instance to the /home/bdadmin directory of the offline instance using a portable media device (USB stick).

    Important

    For the offline update to work, make sure that:

    • The update archive and the gzou-bootstrap file are in the same folder.

    • The update archive is a full archive.

  4. Execute the gzou-bootstrap file as follows:

    1. Access the machine's TTY terminal in your virtual environment (or connect to it via SSH).

    2. Transform the gzou-bootstrap file into an executable: chmod +x gzou-bootstrap

    3. Run: ./gzou-bootstrap

  5. Choose the method of transferring the update archives to the offline instance:

    1. Select Windows shared folder (Samba share). In this case, you will have to specify the path to a Windows share from the isolated network, where the offline instance will automatically connect to retrieve the update archives. Enter the credentials required to access the specified location.

    2. Select SCP if you will manually transfer the files to the /opt/bitdefender/share/gzou/snapshots/ folder of the offline instance via SCP.

      15707_5.png

      Note

      If you want to change the transfer method at a later time:

      1. Access the offline instance's TTY terminal in your virtual environment (or connect to it via SSH).

      2. Log in with the bdadmin user and the password you have set.

      3. Run the command sudo su to gain root privileges.

      4. Run:

        rm -f /opt/bitdefender/etc/gzou-target.json

        dpkg-reconfigure gzou-target

        A configuration dialog will appear where you can make the changes that you want.

  6. Switch to the offline GravityZone console command line and install the rest of the roles.

  7. Access the offline console from your web browser and insert your license key (in offline mode).

Using offline updates

Once you have set up the GravityZone instances, follow these steps to update your offline installation:

  1. Download the latest GravityZone image from here.

  2. Set up the online instance as described here.

  3. Download the latest offline update archive from the online instance to your preferred network share, as described here.

  4. Use a USB stick to transfer the update archive to the configured Samba share from the isolated network, as described here.

    The files will be automatically pulled into the following offline instance directory:

    /opt/bitdefender/share/gzou/snapshots/

In this section: