Managing Protection from GravityZone
This topic provides best practices on using the GravityZone console for managing and monitoring Bitdefender protection installed on the VMs from your VMware Tanzu deployment. For detailed information, see your GravityZone Administrator’s Guide.
After it is deployed on the VMs from your VMware Tanzu deployment, Bitdefender Endpoint Security Tools automatically syncs with the GravityZone console to receive configuration policies and tasks and to send status or security events.
Protected VMs from your VMware Tanzu deployment will show up in the GravityZone Network inventory. Depending on your IaaS and inventory integrations configured in GravityZone, the VMs show up in GravityZone under your IaaS infrastructure, Active Directory inventory or Custom Groups (in the custom folder configured in the package settings).
Click a VM in the Network inventory to see if protection is installed and check protection details.
Protected VMs are assigned a default policy, but you may want to create a dedicated policy for your VMware Tanzu deployment to configure or customize specific settings, such as:
Security Servers to connect to, in case Bitdefender Endpoint Security Tools is configured to use the Central Scan engine.
Local Relay endpoint to connect to, for optimized update traffic.
Protection settings specific to your VMware Tanzu environment.
Disable Windows agent graphical user interface to minimize resource consumption.
Assign the policy to the folders where the VMs from your VMware Tanzu deployment are added.
VM instances may appear as failing during product updates, when the services are restarted. To avoid this situation, you can disable the automatic product updates in the GravityZone security policy.
To make sure the Bitdefender agents are up-to-date, you can either run an Update task from GravityZone or redeploy your instances once new Bitdefender agent kits become available.
To monitor protection, you can check the activity reports in GravityZone or configure notifications to be sent for specific status or security events via email or syslog.