Skip to content

Install Security Server manually

This section provides you with information regarding the Security Server manual installation on various platforms.

Install Security Server on an Ubuntu machine from XenServer, ESXi or AWS

Bitdefender provides the Security Server under several formats, such as OVA, VHD or XVA. When the virtual environment uses an unsupported format, such as Amazon AMI, manual installation is an option.

In this section , you will learn how to install Security Server through a script on an Ubuntu machine from your environment (Citrix XenServer, VMware ESXi, AWS).

Requirements
Hardware

Memory and CPU resource allocation for the Security Server depends on the number and type of VMs running on the host. The following table lists the recommended resources to be allocated:

Consolidation

Number of protected virtual machines

RAM

CPUs

Low

1-30 VMs

2 GB

2 CPUs

31-50 VMs

4 GB

2 CPUs

Medium

51-100 VMs

4 GB

4 CPUs

High

101-200 VMs

4 GB

6 CPUs

HDD: 16 GB (SSD, if available)

Software

Ubuntu Server 20.04 LTS

Prerequisites
  • On the physical server, install Ubuntu 16.04.3, with a working internet connection.

  • Use any authentication method to log in.

Installation steps
  1. Deploy a new Ubuntu 20.04 instance in your environment.

  2. Get root privileges:

    sudo su

    or

    sudo -i

  3. Update the OS to the latest version.

    apt-get update;

    apt-get dist-upgrade

  4. Download the script from here and unpack the archive.

  5. Use the following command to assign execute permission:

    chmod 500 install-scan-server.dat

  6. Navigate to the downloaded script and run it to install and update the Security Server:

    ./install-scan-server.dat

    You can follow the output of this command to check when the installation task is completed.

  7. Open the following log file after the installation is completed.

    /opt/BitDefender/var/log/update.log

  8. Check the output for a completed update process.

    The end of the output returns the following:

    dateStamp BDLIVED[4755] INFO: Done installing updates: 5 location(s) updated.

    Note

    If the update process is not yet finished, please wait while the Security Server runs through all the updates.

  9. Run the Security Server (SVA) setup.

    /opt/BitDefender/bin/sva_setup.sh

  10. Select option 3 Communication Server configuration from the menu.

  11. Choose whether the GravityZone solution you have is an on-premises or a cloud solution.

  12. Enter the IP and the port number of the Communication Server to which the Security Server should connect, followed by port 8443. For example: 10.10.0.9:8443

  13. Select Ok to confirm your action.

For any other question regarding the GravityZone product please contact: gzn-gs@bitdefender.com.

Install Bitdefender Security Server in Nutanix Prism

This section describes how to manually deploy Bitdefender Security Server in Nutanix Prism.

GravityZone allows you to integrate Control Center with Nutanix Prism Element for high-class protection of your virtualization platform. You are able to integrate one or more Nutanix Prism Element clusters, either they are registered or unregistered to Nutanix Prism Central.

Nutanix Prism Element integration overview

To protect a Nutanix Prism Element cluster, you have to deploy a Bitdefender Security Server on each host. You can do this by running a remote installation task in GravityZone Control Center. However, the installation task may fail when the Nutanix Prism Element cluster is registered to Prism Central or because of another reason.

When Nutanix Prism Element is registered to Prism Central, GravityZone is unable to automatically upload the Security Server in Nutanix because of certain user restrictions. Therefore, you need to:

  1. Upload the Security Server image in Nutanix Prism Central.

  2. Run again the installation task in GravityZone Control Center.

When Nutanix Prism Element is not registered to Prism Central, but the remote installation task still fails, you need to:

  1. Run again the installation task in GravityZone Control Center.

  2. If the case, upload and configure Security Server in Nutanix Prism Element.

Important

The Nutanix Prism Element integration with GravityZone requires a Nutanix user with Cluster Admin or User Admin privileges. Please review these privileges when performing tasks in Control Center.

How to upload the Security Server image in Nutanix Prism
Requirements

Before starting Security Server upload and configuration in Nutanix Prism, you must have at hand:

  • Nutanix Prism credentials.

  • Bitdefender Security Server image in VMDK format. You can download it from Network > Packages in GravityZone Control Center.

Uploading Security Server in Nutanix Prism Central

You need to manually upload the Security Server image in Nutanix Prism Central when the Nutanix Prism Element cluster is registered to Prism Central. Follow these steps:

Important

Wait for the image to be both uploaded and updated. After that, run again the installation task in GravityZone Control Center.

  1. Log in to Nutanix Prism Central.

  2. Go to Explore > Images.

    10791_1.png
  3. Click Add Image.

  4. Make sure you have the Image File radio button selected and click Add File to select the Bitdefender image from where it is stored.

  5. Check the image details:

    1. Under Image Name, keep the file original name: Bitdefender_SVE-SVA-Multi-Platform.vmdk. Otherwise, the Security Server installation will fail.

    2. Under Image Type, select Disk.

    3. Optionally, add an image description.

      10791_2.png
  6. Click Save. The Security Server image upload begins and it can take several minutes. You can view the progress in Tasks.

Uploading Security Server in Nutanix Prism Element

This is how you manually upload the Security Server when Nutanix Prism Element in not registered to Prism Central:

  1. Log in to Nutanix Prism Element.

  2. Go to Settings > Image Configuration.

    10791_3.png
  3. Click Upload Image. A new window appears.

  4. Fill in the details:

    1. Name.

    2. Annotation.

    3. Select the image type: DISK.

    4. Select the preferred storage container.

  5. Click Upload a file, then click Choose File to select the Security Server image from where it is stored.

  6. Click Save.

    10791_4.png

The Security Server image upload begins and it can take several minutes. You can view the progress in Tasks.

Wait for the image to be both uploaded and updated.

How to configure Security Server in Nutanix Prism

Once you have the Security Server image uploaded in Nutanix Prism, you can either:

  • Run a remote installation task in GravityZone Control Center. Security Server will be automatically configured.

  • Manually configure Security Server in Nutanix Prism. That means you have to create a Security Server virtual machine, power it on and configure the Communication Server address in the Security Server console.

To configure a Security Server virtual machine you must follow these steps in Prism Element or in Prism Central:

  1. Go to the virtual machines list and click Create VM.

  2. Fill in the required details:

    1. Under General Configuration, enter a name and, optionally, a description.

    2. Under Compute Details, choose 2 VCPUs, 1 core per VCPU and 3 GB of memory.

      10791_5.png
    3. Under Disks, click “X” to remove the default CD-ROM disk, confirm the action and click Add New Disk. Configure the disk as follows:

      1. Type: Disk.

      2. Operation: Clone from Image Service.

      3. Bus Type: SCSI.

      4. Image: Select the Security Server image you have uploaded.

      5. Click Add.

        10791_6.png
    4. Under Network Adapters (NIC):

      1. Click Add New NIC.

      2. Choose the preferred network.

      3. Click Add.

    5. Under VM Host Affinity:

      1. Click Set Affinity.

      2. Select one of the hosts.

      3. Click Save.

        10791_7.png
  3. Click Save. The virtual machine is created with the VM create with customize label.

  4. Go to virtual machines list.

  5. Select the Security Server virtual machine.

  6. Click Power on.

  7. Click Launch console and log in to Security Server by using the default credentials:

    1. User name: root

    2. Password: sve

  8. Run the sva-setup command. You will access the appliance configuration interface.

    10791_8.png

    To navigate through menus and options, use the Tab and arrow keys. To select a specific option, press Enter.

  9. Go to Communication Server configuration.

  10. Enter the address of the Communication Server, including the port number 8443, using the following format

    https://Communication-Server-IP:8443

    Alternatively, you can use the Communication Server hostname instead of the IP address.

  11. Select OK to save the changes.

Install Bitdefender Security Server in Nutanix AHV

This section aims to explain how to import and deploy Bitdefender Security Server in Nutanix AHV.

Importing the Security Server
  1. Log in to GravityZone.

  2. Go to the Network > Packages page.

  3. Select the default Security Server Virtual Appliance package.

  4. Click the Download button in the upper-left side of the table and select the Nutanix Prism (VMDK) version. Depending on your browser settings, the file may be downloaded automatically to a default download location.

  5. Log in to PRISM, the Nutanix Web Console.

  6. Import the VMDK file:

    1. Click the gear button in the upper-right corner of the console to access the Settings menu and select Image Configuration.

      10791_11.png

      The configuration window is displayed.

    2. Click Upload Image. A new window pops up, asking you to enter image details.

    3. Enter a suggestive name for the image.

    4. From the Image Type menu, choose Disk.

    5. From Image Source, select Upload File and choose the VMDK file you have previously extracted.

    6. Click Save. Wait while the virtual drive is being uploaded. When finished, you will be able to view the image in the list of existing images.

  7. Create the virtual machine for the Bitdefender Security Server VMDK file:

    1. Go to the VM page using the menu at the upper left corner of the console.

      10791_12.png
    2. Click the Create VM button at the upper right corner of the page.

      10791_13.png
    3. In the new configuration window, enter the requested details:

      • A suggestive name and a description for the VM.

      • Hardware configuration such as number of CPUs, cores per CPU and memory. These values must meet the Bitdefender Security Server requirements. You can find more information in the GravityZone Installation Guide.

    4. Click Add new disk. A configuration window is displayed.

    5. Configure the disk settings as follows:

      • TypeDisk

      • OperationClone from Image Service

      • Bus TypeSCSI

      • Image: the image you have previously created.

    6. Click Add.

    7. Click Add new NIC and choose the network you want to use.

    8. Click Save.

Deploying the Security Server
  1. In Nutanix console, go to the VM > Table section.

    10791_13.png
  2. Power on the newly created machine.

    10791_14.png
  3. Click Launch Console.

    10791_15.png

    Connect to the Security Server via SSH. For details regarding configuration steps, refer to Deploying Security Server Installation Packages.

    10791_16.png

    Configured Security Server.

Install Security Server in Microsoft Azure

You can use Security Server to protect your Microsoft Azure virtual machines as follows:

  • Configure the Security Server installed in your local network to communicate with the Microsoft Azure virtual machines. Therefore, you will be able to use your local resources, either physical or virtual, to protect also the Microsoft Azure inventory.

  • Install one or several Security Server instances in your Microsoft Azure environment, according to your needs.

    Important

    • For the communication between your Microsoft Azure virtual machines and the Security Server instances installed in your Microsoft Azure inventory to work, you need to properly configure your virtual network/subnet. For details, refer to Microsoft Azure Virtual Network Documentation.

    • We recommend installing the Security Server in the same Microsoft Azure region with the virtual machines you want to protect.

The default scan mode for Microsoft Azure virtual machines is Local Scan (security content is stored on the installed security agent, and the scan is run locally on the machine). If you want to scan your Microsoft Azure virtual machines with a Security Server, you need to configure the security agent’s installation package and the applied policy accordingly.

Installation steps
  1. Download the Security Server virtual appliance image (VHD file) from the Packages page of GravityZone Control Center to C:\vhd.

  2. Resize the appliance to a supported Azure filesize:

    Resize-VHD -Path C:\vhd\Bitdefender_SVE-SVA-Multi-Platform.vhd -SizeBytes 21GB

  3. Prepare PowerShell for Azure:

    Install-Module AzureRM Login-AzureRmAccount

  4. Upload the file to Azure:

    $resourceGroupName = "Resources" $recreatedVhd = "C:\vhd\Bitdefender_SVE-SVA-Multi-Platform.vhd" $destinationVhd = "https://mystorearea.blob.core.windows.net/vhds/Bitdefender_SVE-SVA-Multi-Platform.vhd" Add-AzureRmVhd -LocalFilePath $recreatedVhd -Destination $destinationVhd -ResourceGroupName $resourceGroupName -NumberOfUploaderThreads 5

    Note

    • Azure supports only fixed sized VHD files. Add-AzureRmVhd commandlet takes the dynamic size VHD file and uploads it as a fixed size.

    • $destinationVhd is a custom path. Make sure to choose a valid path in your Azure environment.

  5. Create the virtual machine in Azure:

    1. Get the network to be attached to the VM:

      $virtualNetworkName = "Resources-vnet" $locationName = "westeurope" $virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $resourceGroupName -Name $virtualNetworkName

      Note

      Depending on your Azure setup, you may need to use other values for the above mentioned variables.

    2. Configure public IP:

      $publicIp = New-AzureRmPublicIpAddress -Name "SVASrv" -ResourceGroupName $ResourceGroupName -Location $locationName -AllocationMethod Dynamic $networkInterface = New-AzureRmNetworkInterface -ResourceGroupName $resourceGroupName -Name "SVASrv-Interface" -Location $locationName -SubnetId $virtualNetwork.Subnets[0].Id -PublicIpAddressId $publicIp.Id

    3. Configure VM settings:

      $vmConfig = New-AzureRmVMConfig -VMName "SVASrv" -VMSize "Standard_DS1" $vmConfig = Set-AzureRmVMOSDisk -VM $vmConfig -Name "SVASrv" -VhdUri $destinationVhd -CreateOption Attach –Linux $vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $networkInterface.Id

    4. Create the VM in Azure:

      $vm = New-AzureRmVM -VM $vmConfig -Location $locationName -ResourceGroupName $resourceGroupName

  6. Configure Security Server to connect to GravityZone:

    1. Connect to the Security Server appliance via SSH.

    2. Log in with default credentials.

    3. Run the Security Server setup:

      # /usr/bin/sva-setup

    4. Select option 3 Communication Server configuration from the menu.

    5. Choose the on-premises option as the server type, when prompted.

    6. Add the Communication Server address depending on your company location:

      • EU: https://cloudgz-ecs.gravityzone.bitdefender.com

      • US: https://cloud-ecs.gravityzone.bitdefender.com

        Also, select option 4 Configure the client ID and enter your company ID.

    7. Select Ok to confirm your action.

Page Menu