Installing and Configuring Bitdefender Endpoint Security Tools for PCF

This topic describes how to install and configure Bitdefender Endpoint Security Tools for PCF.

Configure Installation Package in GravityZone

Bitdefender Endpoint Security Tools for PCF tile downloads and installs a specific Bitdefender Endpoint Security Tools package configured in your GravityZone console.

Here are the best practices to create and configure an installation package in GravityZone for use in a PCF deployment:

  1. Connect and log in to GravityZone console using an administrator account.

  2. Go to the Network > Packages page.

    Add Package

  3. Click the Add button at the upper side of the table. A configuration window appears.

    Package Window

  4. Enter a suggestive name and description for the installation package you want to create. For example, BEST for PCF.

  5. Select the protection modules you want to install:

    • For Linux deployments, only the Antimalware module is available.
    • For Windows server deployments, you can install additional protection modules beside Antimalware, including Advanced Threat Control, Application Control, and Patch Management (if available with your GravityZone license).

    Important: Make sure the Relay checkbox is unselected to avoid installing the agent with Relay role across all VMs and generating high network traffic.

  6. Configure Scan Mode. Bitdefender Endpoint Security Tools provides three types of engines:

    • Local Scan - most of the scanning activity is performed locally, all signatures and engines stored locally.
    • Central Scan - offloads scanning to a Security Server, a dedicated VM that deduplicates and centralizes most of the anti-malware functionality of anti-malware agents, acting as a scan server.
    • Hybrid Scan – uses a combination of in-the-cloud scanning and a reduced set of local signatures.

    a. Local Scan - most of the scanning activity is performed locally, all signatures and engines are stored locally. Local Scan requires more local RAM and disk space resources.

    b. Central Scan - offloads scanning to a Security Server, a dedicated virtual machine that deduplicates and centralizes most of the anti-malware functionality of anti-malware agents, acting as a scan server. Central Scan requires the least local RAM and disk space resources.

    c. Hybrid Scan – uses a combination of in-the-cloud scanning and a reduced set of local signatures.

    Choose the scanning technology that best suits your network environment and your endpoints’ resources. Keep Automatic for predefined defaults or choose Custom to configure as needed. If you use Central Scan, make sure the virtual machines have connection to a Bitdefender Security Server to perform scanning tasks.

    Note: To optimize RAM and disk space requirements on virtual machines, use either Central Scan or Hybrid Scan mode.

  7. Under the Settings section:

    • Disable the Scan before installation checkbox to speed up deployment time.
    • You can select Use custom folders and choose a custom folder from the GravityZone Network inventory where VMs show up automatically after installation, if they do not match an existing GravityZone inventory integration.
  8. Under the Deployer section, you can choose from where to download the package for installation:

    • By default, this is set to Bitdefender Cloud servers or your GravityZone on-premises server.
    • If you have installed a relay in your IaaS to mirror installation and update files, choose Endpoint Security Relay and select it from the table or complete the required information.

    Important: Port 7074 must be open for the deployment through Bitdefender Endpoint Security Tools Relay to work.

    Important: At this moment, Bitdefender Endpoint Security Tools for PCF does not support connectivity via proxy. For more information, contact Bitdefender Business Support.

  9. Click Save to create the installation package.

The new package is displayed in the Network > Packages page.

Warning: Deleting the package from the GravityZone console causes Bitdefender Endpoint Security Tools installation to fail.

To configure the Bitdefender Endpoint Security Tools for PCF tile, you need the package download URLs for Windows and Linux agents, depending on the operating system running on Pivotal stemcells.

To get the download links from the GravityZone console:

  1. In the Network > Packages page, select the checkbox corresponding to the package you created for use in your PCF environment.

  2. Click the Send download links icon in the action toolbar.

  3. In the new window, click the expanding arrow for Installation links section.

  4. Copy the corresponding links for Windows Downloader and Linux Installer.

    Package Links

Upload Tile

  1. Download the Bitdefender Endpoint Security Tools for PCF tile from Pivotal Network.

  2. Navigate to the Ops Manager Installation Dashboard and click Import a Product.

  3. Upload the product file.

  4. After uploading, the Bitdefender Endpoint Security Tools tile appears. Initially, the tile is orange, indicating configuration is required. After it is configured, the tile appears green.

    BEST Tile

Configure Tile

The Bitdefender Endpoint Security Tools for PCF tile from Ops Manager Installation Dashboard contains two forms, displayed under the Settings tab:

  • One for configuring the installation of the Linux agent

  • Another for configuring the installation of the Windows agent

Important: Make sure to configure both Windows and Linux forms with the download URL and appropriate installation target and/or exclusion rules. Pre-configured exclusions are in place for default stemcell operating systems, in order to avoid deploying the Linux agent on a Windows VM or the Windows agent on a Linux VM. Even if you do not plan to deploy on a specific platform (Windows or Linux), you must configure the download URL and add a dummy installation target for that platform.

After you configure the tile, BOSH Director installs Bitdefender Endpoint Security Tools at the same time with other applications, when deploying the Pivotal VMs.

Configure Bitdefender Endpoint Security Tools for Linux

To configure Bitdefender Linux agent installation:

  1. Click the Linux Agent Configuration option.

  2. Under Linux Downloader Package URL section, enter the corresponding URL copied from the GravityZone console. Linux Configuration

  3. Configure the Linux installation targets by any of these criteria:

    • Stemcell OS - Bitdefender Linux agent will install on the virtual machines running the specified operating systems.
    • The Linux Agent Configuration page includes the following default inclusions:

      • Ubuntu Trusty
      • Ubuntu Xenial
      • CentOS 7

      Important: You are required to have at least one default installation target when configuring the Bitdefender Linux agent. Deleting all default installation targets may generate deployment issues.

      • Job name and release - Bitdefender Linux Agent will install on the virtual machines running the specified job names and releases.
      • Deployment name - Bitdefender Linux Agent will install on the virtual machines having the specified deployment name.
  4. If needed, you can configure specific Linux targets to be excluded from installation by any of these criteria:

  5. Click Save.

Configure Bitdefender Endpoint Security Tools for Windows

To configure Bitdefender Windows agent installation:

  1. Click the Windows Agent Configuration option.

  2. Under Windows Downloader Package URL section, enter the corresponding URL copied from GravityZone. Linux Configuration

  3. Configure Windows installation targets by any of these criteria:

    • Stemcell OS - Bitdefender Windows agent will install on the virtual machines running the specified operating systems.
    • The Windows Agent Configuration page includes the following default inclusions:

      • Windows Server 1803
      • Windows 2012 R2
      • Windows 2016
      • Windows 2019

      Important: You are required to have at least one default installation target when configuring the Bitdefender Linux agent. Deleting all default installation targets may generate deployment issues.

    • Release Name - Bitdefender Windows agent will install on the virtual machines running the specified job names and releases.

    • Deployment Name - Bitdefender Windows agent will install on the virtual machines having the specified deployment name.

  4. If needed, you can configure specific Windows targets to be excluded from installation by any of these criteria:

    • Stemcell OS - Bitdefender Windows agent will not install on the virtual machines running the specified operating systems.
    • Job name and release - Bitdefender Windows agent will not install on the virtual machines running the specified jobs.
    • Deployment name - Bitdefender Windows agent will not install on the virtual machines having the specified deployment name.
  5. Click Save.

Deploy Tile

After saving the Bitdefender Endpoint Security Tools for PCF tile configuration, you can deploy it:

  1. In the Ops Manager Installation Dashboard, click Review Pending Changes.

  2. In the screen containing the product list, select the checkbox corresponding to Bitdefender Endpoint Security Tools.

  3. Click Apply changes.

Important This will only update the runtime configuration, without affecting the existing virtual machines. You must redeploy them to install the Bitdefender agents.