This post is in continuation with my previous post which introduced the new launch of Bitdefender's endpoint security product for SMB segment called "GravityZone-in-a-Box (GZiaB). I would suggest you to read thats article to get an overview about the product, - "Bitdefender's GravityZone-in-a-Box - A thoughtful solution for Endpoint security!"
As promised before, I will now showcase step by step instructions to deploy this solution in your vSphere Infrastructure. As mentioned before GZiaB is a single virtual appliance with all the roles installed within, it is extremely simple to deploy and configure. Without further a do, lets being with the deployment.
DEPLOY GZiaB OVF
1- Deploy the OVA Template using vCenter Server
2- Browse of the GZIAB.ova file and click on Next
3- Review the details and click on Next
4- Give the Appliance a Name and Select the Folder where you want to deploy the appliance and click Next.
5- Select the appropriate Network Port Group and Click on Next. The IP settings will be configured later in the appliance interface.
6- Review the settings and click Finish to deploy the OVF.
Now, we will power on the Appliance and do the first time setup.
SETTING UP GZiaB
1- Once the appliance is powered on you need to setup for the password for the built-in admin. The username of this admin is "bdadmin". Right click and open a VMRC console to this appliance.
2- Now you need to use the same password to login and setup the appliance.
I will go through setting up each of the setting for my environment by selecting each option.
3- The following settings need to configured. Use your keyboard for going through the options and setting them up.
4- Start with setting up the host name and domain details.
5- Setup the network configuration.
6- Setup up MDM options if you need that for external communication.
7- If you select option 5 you will notice that all the roles which were deployed separately in Gravity Zone are bundled together in the GZiaB virtual appliance making it a true "IN A BOX" solution.
So that sets up the appliance for us. Now we need to use the web console IP to open the web interface on the webpage and start configuring the solution and protecting virtual machines.
1- Use a web browser to open the web console to configure it. Remember this User Name and Password is for your subscription with BITDEFENDER. Create one if you do not have one by clicking on the link - I don't have a MyBitdefender Account.
2- Once logged in License the product
3- Create a root account. This is the super admin user which you will use to login into the appliance. You can create more users with Role Based Access Control which I will showcase later.
So far you have 3 passwords, one for bdadmin, 2nd one for your bitdefender subscription account and the third is the root account which I have named as 'wickedsunny'. Once the account is created we will get on the Home Page of the appliance.
4- Close the preview screen to get to the configuration page.
5- Now you have 6 Menus on the top of the screen. Let's quickly tour them one by one.
6- Click on the Integration Tab to integrate with AD.
7- Click on Virtualization to add the vCenter Server as shown in screenshots below
8- Provide the credentials for the vCenter Server to complete the integration
The vCenter Resources with now synchronize with the appliance and might take a few minutes.
9- Select the Settings tab and configure the Mail Server, Proxy and Time Source under Miscellaneous tab.
10- Click on the update Tab to update the GZiaB appliance.
12 - Make sure you the correct update settings. You can update the same using the Update Server option.
13- The Certificates and License Status tabs are self-explanatory. Let's jump to the Account section and create a user. You can also pull down the user from the AD integration.
14- And finally the Logs TAB which shows the Audit Logs.
PROTECTING WORKLOADS USING GZiaB
Now that we have the appliance read, we can logout and login with the administrator use which we created in STEP 13. This will give us a new interface which will help us to protect the workloads. While I will encourage you to explore the options on this screen, since there are various options you have to setup your own customized Anti-Malware policies, I will go with the Default Policy to protect one of the VMs in my lab.
1- Click on Network Tab Select the Resource Pool/Cluster or Datacenter where your workload is located from the left pane. This is similar to the inventory objects in the vCenter. Select the VM where you want to install the Anti-Virus client and click on the Tasks button on the Left top corner and click on Install Client.
2- Confirm the IP address and credentials for this workload. You can setup multiple account or have a domain account pushed as local administrator through AD policies. Select the credential and click on Save
3- Click on Network - Tasks to check the status of the install. Once done, you would see that the agent is installed via network on the Target machine and the defined policy starts working with immediate effect.
Well hope this gives you enough information on deploying the solution and using it.To reiterate, this solution is a simple install and configuration and can get you going a few minutes. So go ahead, and secure your environment to ensure efficiency & control on your virtual infrastructure and keep the bad things at bay.
Share and Spread the Knowledge.