Bitdefender GravityZone AdministratorsGuide EnUS

ENTERPRISEENTERPRISE

BITDEFENDERGRAVITYZONEAdministrator's Guide

Bitdefender GravityZoneAdministrator's Guide

Publication date 2013.12.19

Copyright 2013 Bitdefender

Legal NoticeAll rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronicor mechanical, including photocopying, recording, or by any information storage and retrieval system, without writtenpermission from an authorized representative of Bitdefender. The inclusion of brief quotations in reviews may bepossible only with the mention of the quoted source. The content can not be modified in any way.

Warning and Disclaimer. This product and its documentation are protected by copyright. The information in thisdocument is provided on an as is basis, without warranty. Although every precaution has been taken in thepreparation of this document, the authors will not have any liability to any person or entity with respect to any lossor damage caused or alleged to be caused directly or indirectly by the information contained in this work.

This book contains links to third-party Websites that are not under the control of Bitdefender, therefore Bitdefenderis not responsible for the content of any linked site. If you access a third-party website listed in this document, youwill do so at your own risk. Bitdefender provides these links only as a convenience, and the inclusion of the link doesnot imply that Bitdefender endorses or accepts any responsibility for the content of the third-party site.

Trademarks. Trademark namesmay appear in this book. All registered and unregistered trademarks in this documentare the sole property of their respective owners, and are respectfully acknowledged.

ENTERPRISE BITDEFENDER GRAVITYZONE

89504E470D0A1A0A0000000D494844520000002000000020010300000049B4E8B7000000017352474200AECE1CE900000006504C5445FFFFFF00000055C2D37E0000009A4944415408D76370FB7BCF85E1BDE2321706DE847DDF185A5B5858189454BBAA18EAFFEFBFCF90FFF7DF3F0630F8CCA42DC9A0C014A7CC30E58C763FC3751EAFC50C0C4E40C5F5F54075E5E7ECE743D4ED0A4ECC62B831977D06C365F5E3090C13AE262932743330CE60F80F52575DBFFC3644DDEB695EDB19AC4D2EB533342D5BB198C1E5E9AA030C960C01EC4075FFFF31FC2FFFF51DAC0C00A09339A3914312FC0000000049454E44AE4260827A3431793A70666765303133406F316771337333617133652E70307A


Table of Contents

1. About GravityZone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

2. System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.1. GravityZone Appliance Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2.1.1. Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.1.2. Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.1.3. Control Center Web Console Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2.2. Security for Endpoints Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.2.1. Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.2.2. Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.2.3. Supported Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.3. Security for Virtualized Environments Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3.1. Supported Virtualization Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.3.2. Supported Virtualization Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.3.3. Security Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.3.4. Supported Guest Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.3.5. Bitdefender Tools Requirements and Footprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.4. Security for Mobile Devices Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.4.1. Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.4.2. Connectivity Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.4.3. Push Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.4.4. iOS Management Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.5. GravityZone Communication Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3. GravityZone Installation and Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113.1. Prepare for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113.2. Deploy and Set Up GravityZone Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113.3. Control Center Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143.4. Configure Control Center Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.4.1. Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153.4.2. Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.4.3. Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.4.4. Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173.4.5. Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183.4.6. Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193.4.7. Managing GravityZone Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4. Using GravityZone Appliance Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254.1. Configure Hostname and Domain Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254.2. Configure Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264.3. Configure Proxy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264.4. Configure Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274.5. Install/Modify Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

iv


4.6. Configure Role Balancers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284.7. Configure Communication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294.8. Configure Update Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304.9. Configure Database Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

5. Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325.1. Connecting to GravityZone Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325.2. Control Center at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

5.2.1. GravityZone Console Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325.2.2. Table Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345.2.3. Action Toolbars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355.2.4. Contextual Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355.2.5. Service Selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

5.3. Managing Your Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365.4. Changing Login Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

6. Licensing and Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386.1. Licensing Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386.2. Finding a Reseller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386.3. Checking Current License Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396.4. Entering Your License Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396.5. Deleting License Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

7. Install Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417.1. Installing Security for Endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

7.1.1. Preparing for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427.1.2. Local Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427.1.3. Remote Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447.1.4. How Network Discovery Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

7.2. Installing Security for Virtualized Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507.2.1. Connect to vCenter Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507.2.2. Install Security Server on Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517.2.3. Install Bitdefender Tools on Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

7.3. Installing Security for Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587.3.1. Configure External Address for Communication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 587.3.2. Create and Organize Custom Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597.3.3. Add Devices to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607.3.4. Install GravityZone Mobile Client on Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

8. Managing Network Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628.1. Managing Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

8.1.1. Managed, Unmanaged and Deleted Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638.1.2. Online and Offline Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638.1.3. Vulnerable Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648.1.4. Organizing Computers into Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648.1.5. Checking Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668.1.6. Filtering and Sorting Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688.1.7. Running Tasks on Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698.1.8. Creating Quick Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808.1.9. Checking and Changing Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818.1.10. Synchronizing with Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

v


8.1.11. Deleting Computers from Network Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828.2. Managing Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

8.2.1. Connect to vCenter Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848.2.2. Managed and Unmanaged Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858.2.3. Online and Offline Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858.2.4. Vulnerable Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868.2.5. Organizing Virtual Machines into Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868.2.6. Checking Virtual Machine Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 888.2.7. Filtering and Sorting Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 898.2.8. Running Tasks on Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918.2.9. Creating Quick Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1018.2.10. Checking and Changing Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

8.3. Managing Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1028.3.1. Adding Custom Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038.3.2. Adding Mobile Devices to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1048.3.3. Organizing Custom Users into Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1058.3.4. Managed and Unmanaged Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1068.3.5. Compliant and Not Compliant Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1078.3.6. Checking User and Mobile Devices Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1088.3.7. Filtering and Sorting Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118.3.8. Running Tasks on Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1128.3.9. Creating Quick Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1178.3.10. Checking and Changing Mobile Devices Security Settings . . . . . . . . . . . . . . . . . . . . . 1178.3.11. Synchronizing with Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1188.3.12. Deleting Users and Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

8.4. Installation Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1208.4.1. Creating Installation Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1208.4.2. Downloading Installation Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

8.5. Viewing and Managing Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1228.5.1. Checking Task Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1238.5.2. Viewing Task Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1248.5.3. Deleting Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

8.6. Credentials Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1248.6.1. Virtual Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1258.6.2. OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1258.6.3. Deleting Credentials from Credentials Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

9. Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1279.1. Managing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

9.1.1. Creating Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1289.1.2. Changing Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1289.1.3. Renaming Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1299.1.4. Deleting Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1299.1.5. Assigning Policies to Network Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

9.2. Computer Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1329.2.1. General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1329.2.2. Antimalware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1379.2.3. Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1499.2.4. Content Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

vi


9.3. Virtual Machine Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1649.3.1. General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1659.3.2. Antimalware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

9.4. Mobile Device Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1789.4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1789.4.2. Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

10. Monitoring Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19210.1. Editing Portlet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19210.2. Adding a New Portlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19210.3. Removing a Portlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19310.4. Rearranging Portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

11. Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19411.1. Notification Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19411.2. Viewing Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19411.3. Deleting Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19511.4. Configuring Notification Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

12. Using Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19612.1. Available Report Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

12.1.1. Computer Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19612.1.2. Virtual Machine Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19812.1.3. Mobile Devices Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

12.2. Creating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20112.3. Viewing and Managing Scheduled Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

12.3.1. Viewing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20312.3.2. Editing Scheduled Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20412.3.3. Deleting Scheduled Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

12.4. Saving Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20512.4.1. Exporting Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20512.4.2. Downloading Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

12.5. Emailing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20612.6. Printing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

13. Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20713.1. Navigation and Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20813.2. Restoring Quarantined Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20813.3. Automatic Deletion of Quarantined Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20913.4. Deleting Quarantined Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20913.5. Downloading Quarantined Files in VMware Environments Integrated with vShield Endpoint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

14. User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21214.1. User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21214.2. User Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21314.3. Creating User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21414.4. Editing Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21514.5. Deleting Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21514.6. Resetting Login Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

15. User Activity Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

vii


16. Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21816.1. Bitdefender Support Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21816.2. Asking for Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21916.3. Using Support Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21916.4. Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

16.4.1. Web Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22016.4.2. Local Distributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22116.4.3. Bitdefender Offices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

A. Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224A.1. List of Application File Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224A.2. Using System Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

viii


1. About GravityZoneBitdefender has applied over a decade of security expertise and innovation for creating ahighly scalable and integrated security management platform based on its new GravityArchitecture. The new Enterprise Security solutions form a Gravity Zone capable ofprotecting from hundreds to millions of endpoints on-demand with a private cloud hostedwithin the organizations premises, or in public cloud hosted either by Bitdefender or aService Provider.

The solution provides full visibility into organizations overall security posture, global securitythreats, and control over its Security services that protect virtual or physical desktops, serversand mobile devices. All Bitdefenders Enterprise Security solutions are managed within theGravity Zone and a single console that provides control, reporting, and alerting services forvarious roles within the organization.

GravityZone includes the following components:

Control Center Security for Endpoints Security for Virtualized Environments Security for Mobile Devices

Control CenterA web-based dashboard and unified management console that provides full visibility intoorganizations overall security posture, global security threats, and control over its securityservices that protects virtual or physical desktops, servers and mobile devices. Powered bya Gravity Architecture, Control Center is capable of addressing the needs of even the largestorganizations.

Control Center integrates with the existing system management and monitoring systems tomake it simple to automatically apply protection to unmanaged desktops, servers or mobiledevices that appear on the Microsoft Active Directory, VMware vCenter or Citrix XenServer.

Security for EndpointsProtects unobtrusively any number of Windows desktops, laptops and servers by usingnumber-one-ranked antimalware technology combined with firewall, intrusion detection,web access control and filtering, sensitive data protection and application control. Employeeproductivity is ensured with low resource consumption, optimized system scanning andautomated security that requires no end-user interaction.

About GravityZone 1


Security for Virtualized EnvironmentsSecurity for Virtualized Environments is the first all-encompassing security solution forvirtualized datacenters, protecting virtualized servers and desktops on Windows and Linuxsystems. Powered by cutting edge security technologies from Bitdefender, SVE has beenspecifically architected to meet the unique requirements of dynamic virtualized datacenterstoday.

Security for Mobile DevicesManages and controls iPhone, iPad and Android devices with a unified enterprise-grademanagement that keeps the device safe with real-time scanning and enforces organizationssecurity policies on any number of devices to lock screen, require authentication, encryptremovable media, locate lost devices and deny non-compliant or jailbroken devices accessingcorporate services.

About GravityZone 2


2. System RequirementsAll of the GravityZone solutions are installed and managed via Control Center.

2.1. GravityZone Appliance RequirementsGravityZone is delivered as a virtual appliance. The GravityZone appliance is available in thefollowing formats:

OVA (compatible with VMware vSphere, View) XVA (compatible with Citrix XenServer, XenDesktop, VDI-in-a-Box) VHD (compatible with Microsoft Hyper-V) OVF (compatible with Red Hat Enterprise Virtualization)* OVF (compatible with Kernel-based Virtual Machine or KVM)* RAW (compatible with Oracle VM)*

*OVF and RAW packages are archived in tar.bz2 format.

Support for other formats and virtualization platforms may be provided on request.

2.1.1. Hardware RequirementsDeploy the GravityZone appliance with the following minimum hardware configuration:

CPU: 4 vCPU with 2 GHz each Minimum RAM memory: 6 GB 40 GB of free hard-disk space

The aforementioned hardware configuration is suitable for environments consisting of up to50 computers, 50 virtual machines running on VMware infrastructure, 50 virtual machinesrunning on Citrix XenServer infrastructure, 50 Active Directory users, 50 Android devicesand 50 iOS devices.

2.1.2. Internet ConnectionThe GravityZone appliance requires Internet access.

2.1.3. Control Center Web Console RequirementsTo access the Control Center web console, the following are required:

Internet Explorer 9+, Mozilla Firefox 14+, Google Chrome 15+, Safari 5+ Recommended screen resolution: 1280x800 or higher

System Requirements 3


The computer you connect from must have network connectivity to the Control Centerappliance.

WarningControl Center will not work / display properly in Internet Explorer 9+ with the CompatibilityView feature enabled, which is equivalent with using an unsupported browser version.

2.2. Security for Endpoints Requirements2.2.1. Supported Operating SystemsSecurity for Endpoints currently protects the following operating systems:

Workstation operating systems: Windows 8.1 Windows 8 Windows 7 Windows Vista with Service Pack 1 Windows XP with Service Pack 3

Tablet and embedded operating systems*: Windows Embedded Standard 7 Windows Embedded Compact 7 Windows Embedded POSReady 7 Windows Embedded Enterprise 7 Windows Embedded POSReady 2009 Windows Embedded Standard 2009 Windows XP Embedded with Service Pack 2 Windows XP Tablet PC Edition

*Specific operating systemmodules must be installed for Security for Endpoints to work.

Server operating systems: Windows Server 2012 R2 Windows Server 2012 Windows Small Business Server (SBS) 2011 Windows Small Business Server (SBS) 2008 Windows Server 2008 R2 Windows Server 2008 Windows Small Business Server (SBS) 2003 Windows Server 2003 R2 Windows Server 2003 with Service Pack 1 Windows Home Server



2.2.2. Hardware Requirements Intel Pentium compatible processor:

Workstation Operating Systems 1 GHz or faster for Microsoft Windows XP SP3, Windows XP SP2 64 bit andWindows

7 Enterprise (32 and 64 bit) 2 GHz or faster for Microsoft Windows Vista SP1 or higher (32 and 64 bit), Microsoft

Windows 7 (32 and 64 bit), Microsoft Windows 7 SP1 (32 and 64bit), Windows 8 800 MHZ or faster for Microsoft Windows Embedded Standard 7 SP1, Microsoft

Windows POSReady 7, Microsoft Windows POSReady 2009, Microsoft WindowsEmbedded Standard 2009, Microsoft Windows XP Embedded with Service Pack 2,Microsoft Windows XP Tablet PC Edition

Server Operating Systems Minimum: 2.4 GHz single-core CPU Recommended: 1.86 GHz or faster Intel Xeon multi-core CPU

Free RAM memory: 512 MB minimum 1 GB recommended

HDD space:

1.5 GB of free hard-disk space

NoteAt least 6 GB free disk space is required for entities with Endpoint Security Relayrole, as they will store all updates and installation packages.

2.2.3. Supported BrowsersEndpoint browser security is verified to be working with the following browsers:

Internet Explorer 8+ Mozilla Firefox 8+ Google Chrome 15+ Safari 4+

2.3. Security for Virtualized EnvironmentsRequirementsSecurity for Virtualized Environments is delivered within a security virtual appliance calledSecurity Server. Security Server is running on a hardened Linux Server distribution (2.6kernel) and is managed by Control Center.



2.3.1. Supported Virtualization PlatformsSecurity for Virtualized Environments provides out-of-the-box support for the followingvirtualization platforms:

VMware vSphere 5.5, 5.1, 5.0, 4.1 with VMware vCenter Server 5.1, 5.0, 4.1 VMware View 5.1, 5.0 Citrix XenServer 6.0, 5.6 or 5.5 (including Xen Hypervisor) Citrix XenDesktop 5.5 or 5.0 (including Xen Hypervisor) Citrix VDI-in-a-Box 5.x Microsoft Hyper-V Server 2008 R2 or Windows 2008 R2 (including Hyper-V Hypervisor) Microsoft Hyper-V Server 2012 or Windows 2012 Server (including Hyper-V Hypervisor)

NoteSupport for other virtualization platforms may be provided on request.

Integration with VMware vShield Endpoint Requirements

ESXi 5.1, 5.0 (build 474610 or higher), 4.1 (build 433742 or higher) vCenter Server 5.1, 5.0, 4.1 vShield Manager 5.1, 5.0 vShield Endpoint installed by vShield Manager on the host/hosts protected by Security

for Virtualized Environments VMware Tools 8.6.0 build 446312 or higher installed on the protected virtual machines

in the complete mode or with the vShield Endpoint driver selected under VMCI in custommode.

ImportantIt is recommended that you keep all VMware products updated with the latest patch.

If you are using ESXi 5.0, it is highly recommended to apply VMware ESXi 5.0 PatchESXi500-201204401-BG: Updates tools-light, which solves critical issues in the vShieldEndpoint guest drivers. The patch updates VMware Tools to version 8.6.5 build 652272.

If you are using ESXi 4.1 P3, you must obtain the updated VMware Tools version and installit in the virtual machines. For more information, refer to this KB article.

2.3.2. Supported Virtualization Management ToolsControl Center currently integrates with the following virtualization management tools:

VMware vCenter Server Citrix XenServer

To set up integration, you must provide the username and password of an administrator.



2.3.3. Security Server RequirementsSecurity Server is a preconfigured virtual machine running on a hardened Linux Serverdistribution (2.6 kernel). Requirements depend on whether or not the appliance integrateswith VMware vShield Endpoint.

In VMware Environments with vShield Endpoint

Security Server must be installed on each ESXi host to be protected.

You must provision the following resources on each host:

Disk space: 80 GB.

Memory and CPU resource allocation for the Security Server depends on the numberand type of VMs running on the host. The following table lists the recommended resourcesto be allocated:

CPUsRAMNumber of protected VMs

2 CPUs2 GB1-24 desktop VMs or 1-2 server VMs

4 CPUs2 GB25-49 desktop VMs or 3-7 server VMs

6 CPUs4 GB50+ desktop VMs or 8+ server VMs

In Other Environments

Although not mandatory, Bitdefender recommends installing Security Server on each physicalhost for improved performance.

You must provision the following resources on each Security Server host:

Disk space: 8 GB.

Memory and CPU resource allocation for the Security Server depends on the numberand type of VMs running on the host. The following table lists the recommended resourcesto be allocated:

CPUsRAMNumber of protected VMs

2 CPUs2 GB1-50 VMs

4 CPUs2 GB51-100 VMs

6 CPUs4 GB101-200 VMs



2.3.4. Supported Guest Operating SystemsSecurity for Virtualized Environments currently protects the following operating systems:

Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 / Windows Server 2008 R2 Windows Server 2003 / Windows Server 2003 R2 Windows 8.1 Windows 8 Windows 7 Windows Vista* Windows XP with Service Pack 3 (32-bit) / Service Pack 2 (64-bit)* Red Hat Enterprise Linux / CentOS 6.2, 6.1, 5.7, 5.6 Ubuntu 11.04, 10.04 SUSE Linux Enterprise Server 11 OpenSUSE 12, 11 Fedora 16, 15

* VMware vShield Endpoint does not support the 64-bit versions of Windows XP and Vista.

On-access scanning is available for all supported Windows versions. A beta on-accessscanning module is also available for specific Linux distributions and kernel versions, asshown in the following table:

Kernel VersionLinux Distribution

2.6.32-44-generic-pae i686, 2.6.32-44-server x86_64,2.6.32-45-generic-pae i686, 2.6.32-45-server x86_64

Ubuntu 10.04

2.6.18-308.24.1.el5 i686 & X86_64, 2.6.18-308.el5 i686 & x86_64,2.6.18-348.el5 i686 & x86_64

RHEL/CentOS 5.7, 5.6

2.6.32-279.19.1.el6 i686 & x86_64, 2.6.32-279.el6 i686 & x86_64RHEL/CentOS 6.2, 6.1

2.6.32-5-amd64 x86_64Debian

2.3.5. Bitdefender Tools Requirements and FootprintBitdefender Tools can be installed on virtual machines running any of the supported operatingsystems. No specific hardware or software requirements need to be met. As you can see inthe following tables, Bitdefender Tools uses a minimum of system resources.

In VMware Environments with vShield Endpoint

Disk SpaceRAMPlatform

15 MB5/10* MBWindows



Disk SpaceRAMPlatform

70 MB10 MBLinux

*5 MB when the Silent Mode option is enabled and 10 MB when it is disabled. When SilentMode is enabled, the Bitdefender Tools graphical user interface (GUI) is not loadedautomatically at system startup, freeing up associated resources.

In Other Environments

Disk SpaceRAMOS

60 MB20/25* MBWindows

70 MB50 MBLinux

*20 MB when the Silent Mode option is enabled and 25 MB when it is disabled. When SilentMode is enabled, the Bitdefender Tools graphical user interface (GUI) is not loadedautomatically at system startup, freeing up associated resources.

2.4. Security for Mobile Devices Requirements2.4.1. Supported PlatformsSecurity for Mobile Devices supports the following types of mobile devices and operatingsystems:

Apple iPhones and iPad tablets (iOS 5.1+) Google Android smartphones and tablets (2.2+)

2.4.2. Connectivity RequirementsMobile devices must have an active cellular data or Wi-Fi connection and connectivity withthe Communication Server.

2.4.3. Push NotificationsSecurity for Mobile Devices uses push notifications to alert mobile clients when policyupdates and tasks are available. Push notifications are sent by the Communication Servervia the service provided by the operating system manufacturer:

Google Cloud Messaging (GCM) service for Android devices. For GCM to work, thefollowing are required: Google Play Store must be installed. Devices running a version lower than Android 4.0.4 must also have at least one logged

in Google account.



To send push notifications, a number of ports must be open. Apple Push Notifications service (APNs) for iOS devices. For more information, refer to

this Apple KB article.

To learn more about GravityZone Mobile Device Management workflow, please refer to thisKB article.

2.4.4. iOS Management CertificatesTo set up the infrastructure for iOS mobile device management, you must provide a numberof security certificates.

2.5. GravityZone Communication PortsThe following table provides information on the ports used by the GravityZone components:

UsagePort

Port used to access the Control Center web console.80 (HTTP) / 443 (HTTPS)

Port used by client/agent software to connect to theCommunication Server.

8080 (HTTP) / 8443(HTTPS)

Update Server port7074 (HTTP)

Default port used by the Communication Server and ControlCenter to access the Database.

27017

Ports used by the Bitdefender Tools agent to connect to SecurityServer.

7081 / 7083 (SSL)

Communication port between the Bitdefender Tools agent forLinux and Security Server in VMware environments with vShieldEndpoint.

48651

Communication port between the hypervisor (vmkernel) andSecurity Server in VMware environments with vShield Endpoint.

48652

Google CloudMessaging (GCM) ports. TheCommunication Serveruses GCM to send push notifications to managed Androiddevices.

5228, 5229, 5230

Apple Push Notification service (APNs) ports. Ports 2195 and2196 are used by the Communication Server to communicate

2195, 2196, 5223

with the APNs servers. Port 5223 is used bymanaged iOS devicesto communicate with the APNs servers over Wi-Fi in specificconditions. For more information, refer to this Apple KB article.

User Datagram Protocol (UDP) port used by GravityZoneappliances for time synchronization with the NTP server.

123 (UDP)



3. GravityZone Installation and SetupTo make sure installation goes smoothly, follow these steps:

1. Prepare for installation.

2. Deploy and set up the GravityZone virtual appliance.

3. Connect to Control Center and setup the first user account.

4. Configure Control Center settings.

3.1. Prepare for InstallationFor installation, you need a GravityZone virtual appliance image. After you deploy and setup the GravityZone appliance, you can remotely install or download the necessary installationpackages for all other security services components from the Control Center web interface.

The GravityZone appliance image is available in several different formats, compatible withthe main virtualization platforms. You can obtain the download links by registering for a trialon the Bitdefender Enterprise website.

For installation and initial setup, you must have the following at hand:

DNS names or fixed IP addresses (either by static configuration or via a DHCP reservation)for the GravityZone appliances

Username and password of a domain administrator

vCenter Server, vShield Manager, XenServer details (hostname or IP address,communication port, administrator username and password)

License key for each GravityZone security service (check the trial registration or purchaseemail)

Outgoing mail server settings

If needed, proxy server settings

Security certificates

Additional prerequisites must be met in order to install services.

3.2. Deploy and Set Up GravityZone ApplianceThe GravityZone appliance can run one, several or all of the following roles:

Database Server

GravityZone Installation and Setup 11


Update Server Web Console Communication Server

A GravityZone deployment requires running one instance of each role. Consequently,depending on how you prefer to distribute the GravityZone roles, you will deploy one to fourGravityZone appliances. The Database Server role is the first to be installed. In a scenariowith multiple GravityZone appliances, you will install the Database Server role on the firstappliance and configure all other appliances to connect to the existing database instance.

To deploy and set up the GravityZone appliance:

1. Import the GravityZone virtual appliance image in your virtualized environment.

2. Power on the appliance.

3. From your virtualizationmanagement tool, access the console interface of the GravityZoneappliance.

4. Configure the password for the built-in bdadmin system administrator.

5. Press Enter to continue to the configuration interface and setup the GravityZone appliance.

The GravityZone appliance has a basic configuration interface. Use the arrow keys andthe Tab key to navigate through menus and options. Press Enter to select a specificoption.

6. Configure the network settings.

You can configure the appliance to automatically obtain network settings from the DHCPserver or you can manually configure network settings. If you choose to use DHCP, youmust configure the DHCP Server to reserve a specific IP address for the appliance.

a. From the main menu, select Configure Network Settings.

b. Select the network interface.

c. Select the configuration method:

Configure network settingsmanually. Youmust specify the IP address, networkmask, gateway address and DNS server addresses.

Obtain network settings automatically via DHCP. Use this option only if youhave configured the DHCP Server to reserve a specific IP address for the appliance.

d. You can check current IP configuration details or link status by selecting thecorresponding options.

7. Configure the hostname and domain settings.

Communication with the GravityZone roles is performed using the IP address or DNSname of the appliance they are installed on. By default, the GravityZone componentscommunicate using IP addresses. If you want to enable communication via DNS names,



you must configure GravityZone appliances with a DNS name and make sure it correctlyresolves to the configured IP address of the appliance.

Prerequisites:

Configure the DNS record in the DNS server.

The DNS name must correctly resolve to the configured IP address of the appliance.Therefore, youmust make sure the appliance is configured with the correct IP address.

Besides configuring the hostname of the appliance, you might also need to join it to adomain.

ImportantThe hostname setting is to be configured (if needed) only during initial setup. Changingthe hostname afterwards can cause communication errors with previously deployedclients.

To configure the hostname and domain settings:

a. From the main menu, select Configure Hostname and Domain Settings.

b. Select Configure hostname.

c. Enter the hostname of the appliance and the domain name.

d. Select OK to save the changes.

e. Select Configure domain.

f. Enter the username and password of a domain administrator.

g. Select OK to save the changes.

8. Configure Proxy Settings.

If the appliance connects to the Internet through a proxy server, you must configure theproxy settings:

a. From the main menu, select Configure Proxy Settings.

b. Select Configure proxy settings.

c. Enter the proxy server address. Use the following syntax:

If the proxy server does not require authentication:

http(s)://:

If the proxy server requires authentication:

http(s)://:@:

d. Select OK to save the changes.

9. Install GravityZone roles:

a. From the main menu, select Install/Modify Roles.



b. Select Add or remove roles.

c. Press Enter to continue.

d. Press the space bar and then Enter to install the Database Server role. You mustconfirm your choice by pressing Enter again and then wait for the installation tocomplete.

e. Install the other roles by choosing Add or remove roles from the Install/ModifyRoles menu and then the roles to install. Press the space bar to select a role andEnter to proceed. You must confirm your choice by pressing Enter again and thenwait for the installation to complete.

NoteEach role is normally installed within a few minutes. During installation, required files aredownloaded from the Internet. Consequently, the installation takes more time if theInternet connection is slow. If the installation hangs, redeploy the appliance.

After deploying and setting-up the GravityZone appliance, you can anytime edit the appliancesettings using the configuration interface. For more information regarding the GravityZoneappliance configuration, refer to Using GravityZone Appliance Console (p. 25).

3.3. Control Center Initial SetupAfter deploying and setting up the GravityZone appliance, you must access the ControlCenter web interface and configure your company administrator account.

NoteFor more information on Control Center users, refer to User Accounts (p. 212).

1. In the address bar of your web browser, enter the IP address or the DNS hostname ofthe Control Center appliance (using the https:// prefix). A configuration wizard willappear.

2. You must first register your GravityZone deployment to a Bitdefender account. Providethe username and password of your Bitdefender account. If you do not have a Bitdefenderaccount yet, click the corresponding link to create one.

Click Next to continue.

3. Provide the license keys required for validating the purchased GravityZone securityservices. Check the trial registration or purchase email to find your license keys. Enterthe license key in the Key field and click the Add button. Wait until the license key isvalidated. You can also view the security service and the expiry date for each licensekey in the corresponding columns.



NoteDuring the initial setup, at least one valid license key must be provided to start usingGravityZone. You can afterwards add more license keys or modify the existing ones. Formore information, refer to Licensing and Registration (p. 38)

Click Next to continue.

4. Specify the required details for your company administrator account: username, emailaddress and a password. Password must contain at least one upper case character, atleast one lower case character and at least one digit or special character.

5. Click Create Account.

The company administrator account will be created and you will automatically log on withthe new account to GravityZone Control Center.

3.4. Configure Control Center SettingsAfter the initial setup, you need to configure Control Center settings. As companyadministrator, you can do the following:

Configure mail, proxy and other general settings.

Set up integration with Active Directory and virtualization management tools (vCenterServer, XenServer).

Install security certificates.

Manage and install available GravityZone updates.

View your GravityZone infrastructure.

Add and manage license keys for the GravityZone security services.

3.4.1. Mail ServerControl Center requires an external mail server to send email communications.

NoteIt is recommended to create a dedicated mail account to be used by Control Center.

To enable Control Center to send emails:

1. Go to the Configuration page.

2. Select the Mail Server tab.

3. Select Mail Server Settings and configure the required settings:

Mail server (SMTP). Enter the IP address or hostname of the mail server that is goingto send the emails.



Port. Enter the port used to connect to the mail server.

Encryption type. If the mail server requires an encrypted connection, choose theappropriate type from the menu (SSL, TLS or STARTTLS).

From email. Enter the email address that you want to appear in the From field of theemail (sender's email address).

Use authentication. Select this check box if the mail server requires authentication.You must specify a valid username / email address and password.

4. Click Save.

Control Center automatically validates the mail settings when you save them. If the providedsettings cannot be validated, an error message informs you of the incorrect setting. Correctthe setting and try again.

3.4.2. ProxyIf your company connects to the Internet through a proxy server, you must configure theproxy settings:


2. Select the Proxy tab.

3. Select Use Proxy Settings and configure the required settings:

Address - type in the IP address of the proxy server.

Port - type in the port used to connect to the proxy server.

Username - type in a user name recognized by the proxy.

Password - type in the valid password of the previously specified user.

4. Click Save.

3.4.3. MiscellaneousFrom the Configuration > Miscellaneous page you can configure the following generalpreferences:

When an unavailable Security Server image is needed. The GravityZone appliancedoes not include by default the Security Server virtual machine images. If an administratortries to download a Security Server image or to run a Security Server installation task,the action is going to fail. You can configure an automated action for this situation bychoosing one of the following options:

Download the image automatically

Notify the administrator and do not download



NoteTo avoid interference with administrator's work, you canmanually download the necessarySecurity Server packages from theUpdate > Product Update page. Formore information,refer to Updating GravityZone Appliances (p. 22).

Concurrent deployments. Administrators can remotely deploy security componentsby running installation tasks. Use this option to specify the maximum number ofsimultaneous deployments that can be performed at a time.

For example, if the maximum number of concurrent deployments is set to 10 and aremote client installation task is assigned to 100 computers, Control Center will initiallysend 10 installation packages through the network. In this case, the client installation isperformed simultaneously on amaximum number of 10 computers, all the other sub-tasksbeing in pending state. As soon as a sub-task is done, another installation package issent, and so on.

NTPServer Settings. The NTP server is used to synchronize time between all GravityZoneappliances. A default NTP server address is provided, which you can change in the NTPServer Address field.

NoteFor the GravityZone appliances to communicate with the NTP Server, 123 (UDP) portmust be open.

Click Save to save the changes.

3.4.4. Active DirectoryThrough Active Directory integration, the existing Active Directory inventory is imported intoControl Center, simplifying security deployment, management, monitoring and reporting.Additionally, Active Directory users can be assigned different user roles in Control Center.

To integrate and synchronize Control Center with an Active Directory domain:

1. Go to the Integration > Active Directory page in the Control Center root console.

2. Select Synchronize with Active Directory and configure the required settings: Synchronization interval (in hours) Active Directory domain name (including the domain extension) Username and password of a domain administrator

3. Click Save.

ImportantWhenever the user password changes, remember to also update it in Control Center.



3.4.5. VirtualizationControl Center can currently integrate with VMware vCenter Server and Citrix XenServer.

Integrating with vCenter Server (p. 18) Integrating with XenServer (p. 18)

ImportantWhenever you set up a new integration with another vCenter Server or XenServer system,remember to also review and update access privileges for existing users.

Integrating with vCenter Server

You can integrate Control Center with one or multiple vCenter Server systems. vCenterServer systems in Linked Mode must be added separately to Control Center.

To set up integration with a vCenter Server:

1. Go to the Integration > Virtualization page in the Control Center root console.

2. Click the Add button at the right side of the table and choose vCenter Server fromthe menu. A configuration window will appear.

3. Specify the vCenter Server details. Name of the vCenter Server system in Control Center Hostname or IP address of the vCenter Server system vCenter Server port (default 443)

4. Specify the details of the vShield Manager system integrated with the vCenter Server (ifany). Hostname or IP address of the vShield Manager system vShield Manager port (default 443)

NoteIf you do not use VMware vShield Endpoint in your environment, leave the correspondingfields blank.

5. Specify the credentials to be used to authenticate with the vCenter Server. You canchoose to use the credentials provided for integration with Active Directory or a differentset of credentials. The user whose credentials you provide must have root leveladministrator permission on the vCenter Server.

6. Click Save.

Integrating with XenServer

You can integrate Control Center with one or multiple XenServer systems.

To set up integration with a XenServer:



1. Go to the Integration > Virtualization page in the Control Center root console.

2. Click the Add button at the right side of the table and choose XenServer from themenu. A configuration window will appear.

3. Specify the XenServer details. Name of the XenServer system in Control Center Hostname or IP address of the XenServer system XenServer port (default 443)

4. Specify the credentials to be used to authenticate with the XenServer. You can chooseto use the credentials provided for integration with Active Directory or a different set ofcredentials.

5. Click Save.

3.4.6. CertificatesIn order for your GravityZone deployment to operate correctly, you must create and add anumber of security certificates in Control Center.

ImportantOnly .pem certificates with embedded or separate password are supported. Certificateswith .crt, .key and .der extensions are converted to .pem after upload.

NoteExcept for the Control Center security certificate, all other certificates are needed exclusivelyfor managing Apple iOS devices. If you do not plan to roll out iOSmobile device management,you do not need to provide the corresponding certificates.

Adding Control Center Security Certificate

The Control Center Security certificate is needed to identify the Control Center web consoleas a trusted website in the web browser. Control Center uses by default an SSL certificatesigned by Bitdefender. This built-in certificate is not recognized by web browsers and triggerssecurity warnings. To avoid browser security warnings, add an SSL certificate signed byyour company or by an external Certificate Authority (CA).

To add or update the Control Center certificate:


2. Select the Certificates tab.

3. Click the certificate name.

4. Choose the certificate type (with separate or embedded private key).

5. Click the Add button next to the Certificate field and upload the certificate.



6. For certificates with separate private key, click the Add button next to the Private keyfield and upload the private key.

7. If the certificate is password protected, enter the password in the corresponding field.

8. Click Save.

Adding Communication Server Certificate

The Communication Server certificate is used to secure communication between theCommunication Server and iOS mobile devices.

Requirements:

This SSL certificate can be signed either by your company or by an external CertificateAuthority.

The certificate common name must match exactly the domain name or IP address usedby mobile clients to connect to the Communication Server. This is configured as theexternal MDM address in the configuration interface of the GravityZone appliance console.

Mobile clients must trust this certificate. For this, you must also add the iOS MDM TrustChain.

To add or update the Communication Server certificate:








8. Click Save.

Adding Apple MDM Push Certificate

The Apple MDM Push certificate is required by Apple to ensure secure communicationbetween the Communication Server and the Apple Push Notifications service (APNs) serverswhen sending push notifications. Push notifications are used to prompt devices to connectto the Communication Server when new tasks or policy changes are available.

Apple issues this certificate directly to your company, but it requires that your CertificateSigning Request be signed by Bitdefender. Control Center provides a wizard to help youeasily obtain your Apple MDM Push certificate.



NoteYou will need an Apple ID to obtain the certificate. If you do not have an Apple ID, you cancreate one here. Make sure to validate your Apple ID and set a security question beforeproceeding to obtain your Apple MDM Push certificate.

To add or update the Apple MDM Push certificate:



3. Click the certificate name and follow the wizard to obtain your certificate.

4. Obtain a Certificate Signing Request signed by Bitdefender. Two options are available:

I need to generate a certificate signing request signed by Bitdefender. This isthe recommended option. Enter your company name, your full name and emailaddress, then click Generate to generate and download the signed request file.

I already have a certificate signing request and I need to get it signed byBitdefender. Upload your CSR file and the associated private key (specifying thepassword protecting the private key, if any), then click Sign to have it sign byBitdefender and to download the signed request file.

NoteThe private key is needed by the Communication Server when authenticating withthe APNs servers.

5. Request a push certificate from Apple. Click the Apple Push Certificates Portal link.Sign in using your Apple ID and password, upload your Certificate Signing Request andthen download the Apple push certificate.

6. Import the Apple push certificate. Click Add Certificate and upload the certificate filefrom your computer. Check the certificate details.

Click Finish.

Adding iOS MDM Identity and Profile Signing Certificate

The iOS MDM Identity and Profile Signing certificate is used by the Communication Serverto sign identity certificates and configuration profiles sent to mobile devices.

Requirements:

It must be an Intermediate or End-Entity certificate, signed either by your company orby an external Certificate Authority.

Mobile clients must trust this certificate. For this, you must also add the iOS MDM TrustChain.

To add or update the iOS MDM Identity and Profile Signing certificate:










8. Click Save.

Adding iOS MDM Trust Chain Certificates

The iOS MDM Trust Chain certificates are required on mobile devices to ensure they trustthe Communication Server certificate and the iOSMDM Identity and Profile Signing certificate.The Communication Server sends this certificate to mobile devices during activation.

The iOS MDM Trust Chain must include all intermediate certificates up to the root certificateof your company or to the intermediate certificate issued by the external Certificate Authority.

To add or update the iOS MDM Trust Chain certificates:





5. Click Save.

3.4.7. Managing GravityZone UpdatesGravityZone includes an Update Server role, designed to serve as the centralized updatedistribution point for your GravityZone deployment. Update Server checks for and downloadsall available GravityZone updates from the Bitdefender update servers on the Internet, makingthem available in the local network. The GravityZone components can be configured toautomatically update from the local update server instead of the Internet.

Updating GravityZone Appliances

To update the GravityZone appliances installed in your environment and the installationpackages of the GravityZone components, go to the Update > Product Update page in theControl Center root console.



Before any update, it is recommended that you check the Release Notes of the new version.Release Notes are published on the Bitdefender Support Center and they contain usefulinformation, such as known issues or special instructions for performing the update.

You can view information about your GravityZone deployment version and available updatesunder GravityZone Update. When an update is available, you can click Update Now toupgrade the GravityZone appliances to the latest version. The upgrade might take a while.After the upgrade, make sure to clear the browser cache.

You can view information about the existing GravityZone component packages underComponent Update. Available information includes current version, update version (if any)and the status for update operations you initiate.

To update a GravityZone component:

1. Select the check box corresponding to the component you want to update.

2. Click the Update button at the right side of the table. The selected component will bedownloaded / updated. Refresh the table contents and check the corresponding status.

ImportantThe GravityZone appliance does not include the Security Server packages by default. Youmust manually download the Security Server packages necessary for your environment.

Configuring Update Server

By default, the Update Server downloads updates from the Internet every hour. It isrecommended not to change the default Update Server settings.

To check and configure the Update Server settings:

1. Go to the Update > Update Server page in the Control Center root console.

2. Under Configuration, you can check and configure the main settings.

Address. Update Server is configured to check for and download updates fromupgrade.bitdefender.com:80. This is a generic address that is automaticallyresolved to the closest server that stores Bitdefender updates in your region.

Local directory. Updates are downloaded to the /opt/BitDefender/var/wwwdirectory on the GravityZone appliance running the Update Server role.

Port. The default port is 7074. When configuring the various GravityZone componentsto update from Update Server, you must provide this port.

Update period (hours). If you want to change the update period, type a new valuein this field.

3. Under Advanced Settings, you can configure the gateway roles. Update Server can actas gateway for data sent by the Bitdefender client products installed in the network tothe Bitdefender servers. This data may include anonymous reports regarding virus activity,



product crash reports and data used for online registration. Enabling the gateway rolesis useful for traffic control and in networks with no Internet access.

NoteYou can disable the product modules that send statistical or crash data to BitdefenderLabs anytime you want. You can use policies to remotely control these options on thecomputers and virtual machines managed by Control Center.

4. Click Save.

Infrastructure

A GravityZone deployment can consist of one or several GravityZone appliances, eachappliance running one or several GravityZone roles (Database Server, Communication Server,Web Console, Update Server).

For a quick overview of the installed GravityZone appliances and the roles they are running,go to the Infrastructure page in the Control Center root console.



4. Using GravityZone ApplianceConsoleThe GravityZone appliance comes with a basic configuration interface, available from themanagement tool used to manage the virtualized environment where you have deployedthe appliance.

The following options are available:

Configure Hostname and Domain Settings

Configure Network Settings

Configure Proxy Settings

Configure Language

Install/Modify Roles

Configure Role Balancers

Configure Communication Server

Configure Update Server

Configure Database Address

Use the arrow keys and the Tab key to navigate through menus and options. Press Enterto select a specific option.

4.1. Configure Hostname and Domain SettingsCommunication with the GravityZone roles is performed using the IP address or DNS nameof the appliance they are installed on. By default, the GravityZone components communicateusing IP addresses. If you want to enable communication via DNS names, youmust configureGravityZone appliances with a DNS name and make sure it correctly resolves to theconfigured IP address of the appliance.

Prerequisites:

Configure the DNS record in the DNS server.

The DNS name must correctly resolve to the configured IP address of the appliance.Therefore, you must make sure the appliance is configured with the correct IP address.

Besides configuring the hostname of the appliance, youmight also need to join it to a domain.

Using GravityZone Appliance Console 25


ImportantThe hostname setting is to be configured (if needed) only during initial setup. Changing thehostname afterwards can cause communication errors with previously deployed clients.

To configure the hostname and domain settings:

1. Access the appliance console from your virtualization management tool (for example,vSphere Client).

2. From the main menu, select Configure Hostname and Domain Settings.

3. Select Configure hostname.

4. Enter the hostname of the appliance and the domain name.

5. Select OK to save the changes.

6. Select Configure domain.

7. Enter the username and password of a domain administrator.


4.2. Configure Network SettingsYou can configure the appliance to automatically obtain network settings from the DHCPserver or you can manually configure network settings. If you choose to use DHCP, youmust configure the DHCP Server to reserve a specific IP address for the appliance.

To configure the network settings:


2. From the main menu, select Configure Network Settings.

3. Select the network interface (default eth0).

4. Select the configuration method:

Configure network settings manually. You must specify the IP address, networkmask, gateway address and DNS server addresses.

Obtain network settings automatically via DHCP. Use this option only if you haveconfigured the DHCP Server to reserve a specific IP address for the appliance.

5. You can check current IP configuration details or link status by selecting the correspondingoptions.

4.3. Configure Proxy SettingsIf the appliance connects to the Internet through a proxy server, you must configure theproxy settings.



NoteThe proxy settings can also be configured from the Control Center root console, Settings> Proxy page. Changing the proxy settings in one location automatically updates them inthe other location too.

To configure the proxy settings:


2. From the main menu, select Configure Proxy Settings.

3. Select Configure proxy settings.

4. Enter the proxy server address. Use the following syntax:

If the proxy server does not require authentication:

http(s)://:

If the proxy server requires authentication:

http(s)://:@:


4.4. Configure LanguageTo change the Command Line Interface language:

1. From the main menu, select Configure Language.

2. Select a language. A confirmation message will appear.


4.5. Install/Modify RolesThe GravityZone appliance can run one, several or all of the following roles:

Database Server Update Server Web Console Communication Server

A GravityZone deployment requires running one instance of each role. Consequently,depending on how you prefer to distribute the GravityZone roles, you will deploy one to fourGravityZone appliances. The Database Server role is the first to be installed. In a scenariowith multiple GravityZone appliances, you will install the Database Server role on the firstappliance and configure all other appliances to connect to the existing database instance.



NoteYou can install additional instances of specific roles using role balancers. For moreinformation, refer to Configure Role Balancers (p. 28).

To install the GravityZone roles:


2. From the main menu, select Install/Modify Roles.

3. Select Add or remove roles.

4. Press Enter to continue.

5. Proceed according to the current situation:

If this is the initial GravityZone appliance deployment, press the space bar and thenEnter to install the Database Server role. You must confirm your choice by pressingEnter again and then wait for the installation to complete.

If you have already deployed another appliance with the Database Server role, chooseCancel and return to the main menu. You must then choose Configure DatabaseAddress and enter the address of the database server.

Use the following syntax: http://:. The default databaseport is 27017.

6. Install the other roles by choosing Add or remove roles from the Install/Modify Rolesmenu and then the roles to install. Press the space bar to select a role and Enter toproceed. You must confirm your choice by pressing Enter again and then wait for theinstallation to complete.

NoteEach role is normally installed within a few minutes. During installation, required files aredownloaded from the Internet. Consequently, the installation takes more time if the Internetconnection is slow. If the installation hangs, redeploy the appliance.

4.6. Configure Role BalancersTo ensure reliability and scalability, you can install multiple instances of specific roles(Communication Server, Web Console).

Each role instance is installed on a different appliance.

All instances of a specific role must be connected to the other roles via a role balancer.

The GravityZone appliance includes built-in balancers that you can install and use. If youalready have balancing software or hardware within your network, you can choose to usethem instead of the built-in balancers.



Built-in role balancers cannot be installed together with roles on a GravityZone appliance.


2. From the main menu, select Configure Role Balancers.

3. Select the desired option:

Use external balancers. Select this option if your network infrastructure alreadyincludes balancing software or hardware that you can use. Youmust enter the balanceraddress for each role that you want to balance. Use the following syntax:

http(s)://:.

Use the built-in balancers. Select this option to install and use the built-in balancersoftware.


4.7. Configure Communication ServerNoteThis configuration is only required for mobile device management and available only afterinstalling the Communication Server role.

In the default GravityZone setup, mobile devices can be managed only when they are directlyconnected to the corporate network (via Wi-Fi or VPN). This happens because when enrollingmobile devices they are configured to connect to the local address of the CommunicationServer appliance.

To be able to manage mobile devices over the Internet, no matter where they are located,you must configure the Communication Server with a publicly reachable address.

To be able to managemobile devices when they are not connected to the company network,the following options are available:

Configure port forwarding on the corporate gateway for the appliance running theCommunication Server role.

Add an additional network adapter to the appliance running the Communication Serverrole and assign it a public IP address.

In both cases, you must configure the Communication Server with the external address tobe used for mobile device management:


2. From the main menu, select Configure Communication Server.

3. Select Configure MDM Server external address.



4. Enter the external address.

Use the following syntax: https://:.

If you use port forwarding, you must enter the public IP address or domain name andthe port open on the gateway.

If you use a public address for the Communication Server, you must enter the publicIP address or domain name and the Communication Server port. The default port is8443.


4.8. Configure Update ServerThe GravityZone appliance is by default configured to update from the Internet. If you prefer,you can set your installed appliances to update from the local Bitdefender update server(the GravityZone appliance with the Update Server role installed).

To set the update server address:


2. From the main menu, choose Configure Update Server.

3. Choose Configure update address.

4. Enter the IP address or hostname of the appliance running the Update Server role. Thedefault Update Server port is 7074.

4.9. Configure Database AddressIn a scenario with multiple GravityZone appliances, you will install the Database Server roleon the first appliance and configure all other appliances to connect to the existing databaseinstance.

NoteIf your setup consists of a single GravityZone appliance, you do not need to configure thisoption.

To configure a GravityZone appliance to connect to an existing database:


2. From the main menu, select Configure Database Address.

3. Select Configure Database Server address.

4. Enter the database address. Use the following syntax:



:

Specifying the port is optional. The default port is 27017.


6. Select Show Database Server address to make sure the address has been correctlyconfigured.



5. Getting StartedBitdefender GravityZone solutions can be configured and managed via a centralizedmanagement platform named Control Center. Control Center has a web-based interface,which you can access by means of username and password.

5.1. Connecting to GravityZone Control CenterAccess to Control Center is done via user accounts. You will receive your login informationby email once your account has been created.

Prerequisites:

Internet Explorer 9+, Mozilla Firefox 14+, Google Chrome 15+, Safari 5+ Recommended screen resolution: 1024x768 or higher The computer you connect from must have network connectivity to the Control Center

appliance.

To connect to GravityZone Control Center:

1. In the address bar of your web browser, enter the IP address or the DNS hostname ofthe Control Center appliance (using the https:// prefix).

2. Enter your user name and password.

3. Click Login.

NoteIf you have forgotten your password, use the password recovery link to receive a newpassword. You must provide the email address of your account.

5.2. Control Center at a GlanceControl Center is organized so as to allow easy access to all the features. Use the menu barin the upper area to navigate through the console. Available features depend on the type ofuser accessing the console.

5.2.1. GravityZone Console OverviewUsers with company administrator role have full privileges over the Control Centerconfiguration and network security settings, while users with administrator role have accessto network security features, including users management.

Getting Started 32


According to their role, GravityZone administrators can access the following sections fromthe menu bar:

DashboardView easy-to-read charts providing key security information concerning your network.

NetworkInstall protection, apply policies to manage security settings, run tasks remotely andcreate quick reports.

PoliciesCreate and manage security policies.

ReportsGet security reports concerning the managed clients.

QuarantineRemotely manage quarantined files.

AccountsManage the access to Control Center for other company employees.

NoteThis menu is available only to users with Manage Users right.

Getting Started 33


LogsCheck the user activity log.

ConfigurationConfigure Control Center settings, such as mail server, integration with Active Directoryor virtualization environments and security certificates.

NoteThis menu is available only to users with Manage Solution right.

Additionally, in the upper-right corner of the console, the Notifications icon provideseasy access to notification messa

Documents

Bitdefender GravityZone AdministratorsGuide EnUS