Gravityzone Deployment Checklist

For installation and initial setup, you must have the following at hand:  DNS names or fixed IP addresses (either by static configuration or via a DHCP reservation) for the GravityZone appliances  Person on hand with admin privileges for server  vCenter Server, vShield Manager, XenServer details (hostname or IP address, communication port, administrator username and password)  License key for each GravityZone security service (check the trial registration or purchase email)  Outgoing mail server settings  If needed, proxy server settings  Security certificates

GravityZone Deployment Pre-requisites The GravityZone Appliance is delivered as a Virtual appliance in the following formats: Environment

Format

VMware, vSphere, View, VMware Player

OVA

Citrix XenServer, XenDesktop, VDI-in-a-Box

XVA

Microsoft Hyper-V

VHD

Red Hat Enterprise Virtualization

OVF

Oracle VM

OVF

Kernel-based Virtual Machine or KVM

RAW

Default Configuration for GravityZone Appliance    

CPU: 4 vCPU with 2 GHz each Minimum RAM: 6 GB HDD: 40 GB Internet Connection

P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com

For License key validation and updates download, external network communication is required. Please ensure ports 443 and port 80 are allowed in your firewall Component Web Server

Direction Outbound

Port 443

Update Server

Outbound

80

Destination Lv2.bitdefender.com Upgrade.bitdefender.com Download.bitdefender.com

Description License Validation Update download

Internal Network communication list Component

Web Console Server

Communication Server

Direction

Port

Inbound

443, 4369, 6150

Outbound

27017 389 443 4369, 6150

Source/Destination Any Communication Server Database Server Domain Controller vCenter Server Communication Server

8443

Any

4369, 6150 27017 4369, 6150 27017 N/A

Web Server Database Server Web Server Any N/A

Inbound Outbound

Database Server

Inbound Outbound

Description Admin Web Console RabbitMQ Messaging Database Access AD Integration vCenter Integration RabbitMQ Messaging Agent Management Traffic RabbitMQ Messaging Database Access RabbitMQ Messaging Database Access N/A

Security Server/Endpoint Security Tools Ports Component

Direction

BD Endpoint Security Tools

Outbound

Outbound Security Server Inbound

Port 7081 7083 8443 7074

Source/Destination Security Server Security Server Communication Server Update Server

443

Web Server

7074 8443 7081 7083

Update Server Communication Server Any Any

Description Scanning Traffic Scanning Traffic over SSL Management Traffic Update Download Package Download During Install Operation Update Download Management Traffic Scanning Traffic Scanning Traffic over SSL

P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com

Control Center Web Console Requirements:   

Internet Explorer 9+, Mozilla Firefox 14+, Google Chrome 15+, Safari 5+ Recommended Screeen Resolution: 1280x800 or higher Network connectivity to the GravityZone appliance with the Web Server role installed

Endpoint Protection compatible Windows Operating Systems Workstation OSes

Windows 8.1 Windows 8 Windows 7 Windows Vista SP1 Windows XP SP3 Windows XP SP2 (64 bit)

Server OSes Windows Server 2012 R2 Windows Server 2012 Windows SBS 2011 Windows SBS 2008 Windows Server 2008 Windows Server 2008 R2 Windows SBS 2003 Windows Server 2003 R2 Windows Server 2003 SP1 Windows Home Server

Tablet/Embedded OSes Windows Embedded 8.1 Industry Windows Embedded 8 Standard Windows Embedded Standard 7 Windows Embedded Compact 7 Windows Embedded POSready 7 Windows Embedded Enterprise 7 Windows Embedded POSReady 2009 Windows Embedded Standard 2009 Windows XP Embedded SP2 Windows XP Tablet PC Edition

Mac and Linux supported Operating Systems Mac OSes

Mac OS X Yosemite (10.10.x) Mac OS X Mavericks (10.9.x) Mac OS X Mountain Lion (10.8.x) Mac OS X Lion (10.7.x)

Linux OSes Red Hat Enterprise Linux / CentOS 5.6 or higher Ubuntu 10.04 LTS or higher SUSE Linux Enterprise Server 11 or higher OpenSUSE 11 or higher Fedora 15 or higher Debian 5.0 or higher Oracle Solaris 11, 10(only in VMware vShield )

Endpoint Protection Hardware Requirements 

Intel Pentium Compatible Processor

Workstation Operating System Hardware requirements: 

1 GHz or faster for Microsoft Windows XP SP3, XP SP2 64bit, and Windows 7 Enterprise

P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com

 

2 GHz or faster for Microsoft Windows Vista SP1 or higher, Windows 7, Windows 7 SP1, and Windows 8 800 MHz or faster for tablet and embedded OSes

Server Operating Systems Hardware Requirements   



Minimum: 2.4 GHz single-core CPU Recommended: 1.86 GHz or faster Intel Xeon multi-core CPU Free RAM Memory - Windows: 512MB minimum, 1GB Recommended - Mac: 1GB minimum Free HDD Space - 1.5 GB Minimum (6 GB on entities with Endpoint Security Relay Role, as they will store all updates and installation packages)

Endpoint Protection Supported Virtualized Platforms         

VMware vSphere 5.5, 5.1, 5.0, 4.1 with VMware vCenter Server 5.5, 5.1, 5.0, or 4.1 vCNS 5.5 VMware View 5.1, 5.0 Citrix XenServer 6.2, 6.0, 5.6, 5.5 (including Xen Hypervisor) Citrix XenDesktop 7.5, 5.5, or 5.0 (including Xen Hypervisor) Citrix VDI-in-a-Box 5.x Microsoft Hyper-V Server 2008 R2, 2012, 2012 R2, or Windows Server 2008 R2, 2012, 2012 R2 (including Hyper-V Hypervisor) Oracle VM 3.0 Red Hat Enterprise Virtualization 3.0 (including KVM Hypervisor)

For Endpoint Protection with VMware vShield Endpoint    

ESXi 5.5, 5.1, 5.0, 4.1 vCenter Server 5.5, 5.1, 5.0, 4.1 vShield Manager 5.5, 5.1, 5.0 vShield Endpoint installed by vShield Manager on the host/hosts protected by Security for Virtualized Environments

P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com



VMware Tools 8.6.0 or higher installed on the protected VMs in the complete mode or with vSHield endpoint driver selected under VCMI in custom mode

Security Server Requirements Number of Protected VMs 1-50 VMs 51-100 VMs 101-200 VMs

Ram 2 GB 2 GB 4 GB

CPUs 2 CPUs 4 CPUs 6 CPUs

In VMware environments with vShield Endpoint  

Security Server must be installed on each ESXi host to be protected 80 GB disk space

In other environments  

Bitdefender recommends installing Security Server on each physical host for improved performance 8 GB disk space

Security For Mobile Devices Supported by:  

Apple iPhone and iPad Tablets (iOS 5.1+) Google Android smartphones and tablets (2.3+)

Port List for Mobile Devices Port 8443 2195, 2196, 5223

5228, 5229, 5230

Usage HTTPS port used by the client to connect to GravityZone Apple Push Notification service ports. 2195, 2196 are used by communication server to communicate with the APNs Servers. 5223 is used by mananged iOS devices to communicate with the APNs servers over Wi-Fi Google Cloud Messaging (GCM) ports. The communication server uses GCM to send push notifications to managed Android devices.

Security for Exchange supports the following Microsoft Exchange versions and roles:

P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com

  

Exchange Server 2013 with Edge Transport or Mailbox role Exchange Server 2010 with Edge Transport, Hub Transport, or Mailbox role Exchange Server 2007 with Edge Transport, Hub Transport, or Mailbox role

P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com