Gravityzone Deployment Checklist
For installation and initial setup, you must have the following at hand: DNS names or fixed IP addresses (either by static configuration or via a DHCP reservation) for the GravityZone appliances Person on hand with admin privileges for server vCenter Server, vShield Manager, XenServer details (hostname or IP address, communication port, administrator username and password) License key for each GravityZone security service (check the trial registration or purchase email) Outgoing mail server settings If needed, proxy server settings Security certificates
GravityZone Deployment Pre-requisites The GravityZone Appliance is delivered as a Virtual appliance in the following formats: Environment
Format
VMware, vSphere, View, VMware Player
OVA
Citrix XenServer, XenDesktop, VDI-in-a-Box
XVA
Microsoft Hyper-V
VHD
Red Hat Enterprise Virtualization
OVF
Oracle VM
OVF
Kernel-based Virtual Machine or KVM
RAW
Default Configuration for GravityZone Appliance
CPU: 4 vCPU with 2 GHz each Minimum RAM: 6 GB HDD: 40 GB Internet Connection
P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com
For License key validation and updates download, external network communication is required. Please ensure ports 443 and port 80 are allowed in your firewall Component Web Server
Direction Outbound
Port 443
Update Server
Outbound
80
Destination Lv2.bitdefender.com Upgrade.bitdefender.com Download.bitdefender.com
Description License Validation Update download
Internal Network communication list Component
Web Console Server
Communication Server
Direction
Port
Inbound
443, 4369, 6150
Outbound
27017 389 443 4369, 6150
Source/Destination Any Communication Server Database Server Domain Controller vCenter Server Communication Server
8443
Any
4369, 6150 27017 4369, 6150 27017 N/A
Web Server Database Server Web Server Any N/A
Inbound Outbound
Database Server
Inbound Outbound
Description Admin Web Console RabbitMQ Messaging Database Access AD Integration vCenter Integration RabbitMQ Messaging Agent Management Traffic RabbitMQ Messaging Database Access RabbitMQ Messaging Database Access N/A
Security Server/Endpoint Security Tools Ports Component
Direction
BD Endpoint Security Tools
Outbound
Outbound Security Server Inbound
Port 7081 7083 8443 7074
Source/Destination Security Server Security Server Communication Server Update Server
443
Web Server
7074 8443 7081 7083
Update Server Communication Server Any Any
Description Scanning Traffic Scanning Traffic over SSL Management Traffic Update Download Package Download During Install Operation Update Download Management Traffic Scanning Traffic Scanning Traffic over SSL
P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com
Control Center Web Console Requirements:
Internet Explorer 9+, Mozilla Firefox 14+, Google Chrome 15+, Safari 5+ Recommended Screeen Resolution: 1280x800 or higher Network connectivity to the GravityZone appliance with the Web Server role installed
Endpoint Protection compatible Windows Operating Systems Workstation OSes
Windows 8.1 Windows 8 Windows 7 Windows Vista SP1 Windows XP SP3 Windows XP SP2 (64 bit)
Server OSes Windows Server 2012 R2 Windows Server 2012 Windows SBS 2011 Windows SBS 2008 Windows Server 2008 Windows Server 2008 R2 Windows SBS 2003 Windows Server 2003 R2 Windows Server 2003 SP1 Windows Home Server
Tablet/Embedded OSes Windows Embedded 8.1 Industry Windows Embedded 8 Standard Windows Embedded Standard 7 Windows Embedded Compact 7 Windows Embedded POSready 7 Windows Embedded Enterprise 7 Windows Embedded POSReady 2009 Windows Embedded Standard 2009 Windows XP Embedded SP2 Windows XP Tablet PC Edition
Mac and Linux supported Operating Systems Mac OSes
Mac OS X Yosemite (10.10.x) Mac OS X Mavericks (10.9.x) Mac OS X Mountain Lion (10.8.x) Mac OS X Lion (10.7.x)
Linux OSes Red Hat Enterprise Linux / CentOS 5.6 or higher Ubuntu 10.04 LTS or higher SUSE Linux Enterprise Server 11 or higher OpenSUSE 11 or higher Fedora 15 or higher Debian 5.0 or higher Oracle Solaris 11, 10(only in VMware vShield )
Endpoint Protection Hardware Requirements
Intel Pentium Compatible Processor
Workstation Operating System Hardware requirements:
1 GHz or faster for Microsoft Windows XP SP3, XP SP2 64bit, and Windows 7 Enterprise
P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com
2 GHz or faster for Microsoft Windows Vista SP1 or higher, Windows 7, Windows 7 SP1, and Windows 8 800 MHz or faster for tablet and embedded OSes
Server Operating Systems Hardware Requirements
Minimum: 2.4 GHz single-core CPU Recommended: 1.86 GHz or faster Intel Xeon multi-core CPU Free RAM Memory - Windows: 512MB minimum, 1GB Recommended - Mac: 1GB minimum Free HDD Space - 1.5 GB Minimum (6 GB on entities with Endpoint Security Relay Role, as they will store all updates and installation packages)
Endpoint Protection Supported Virtualized Platforms
VMware vSphere 5.5, 5.1, 5.0, 4.1 with VMware vCenter Server 5.5, 5.1, 5.0, or 4.1 vCNS 5.5 VMware View 5.1, 5.0 Citrix XenServer 6.2, 6.0, 5.6, 5.5 (including Xen Hypervisor) Citrix XenDesktop 7.5, 5.5, or 5.0 (including Xen Hypervisor) Citrix VDI-in-a-Box 5.x Microsoft Hyper-V Server 2008 R2, 2012, 2012 R2, or Windows Server 2008 R2, 2012, 2012 R2 (including Hyper-V Hypervisor) Oracle VM 3.0 Red Hat Enterprise Virtualization 3.0 (including KVM Hypervisor)
For Endpoint Protection with VMware vShield Endpoint
ESXi 5.5, 5.1, 5.0, 4.1 vCenter Server 5.5, 5.1, 5.0, 4.1 vShield Manager 5.5, 5.1, 5.0 vShield Endpoint installed by vShield Manager on the host/hosts protected by Security for Virtualized Environments
P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com
VMware Tools 8.6.0 or higher installed on the protected VMs in the complete mode or with vSHield endpoint driver selected under VCMI in custom mode
Security Server Requirements Number of Protected VMs 1-50 VMs 51-100 VMs 101-200 VMs
Ram 2 GB 2 GB 4 GB
CPUs 2 CPUs 4 CPUs 6 CPUs
In VMware environments with vShield Endpoint
Security Server must be installed on each ESXi host to be protected 80 GB disk space
In other environments
Bitdefender recommends installing Security Server on each physical host for improved performance 8 GB disk space
Security For Mobile Devices Supported by:
Apple iPhone and iPad Tablets (iOS 5.1+) Google Android smartphones and tablets (2.3+)
Port List for Mobile Devices Port 8443 2195, 2196, 5223
5228, 5229, 5230
Usage HTTPS port used by the client to connect to GravityZone Apple Push Notification service ports. 2195, 2196 are used by communication server to communicate with the APNs Servers. 5223 is used by mananged iOS devices to communicate with the APNs servers over Wi-Fi Google Cloud Messaging (GCM) ports. The communication server uses GCM to send push notifications to managed Android devices.
Security for Exchange supports the following Microsoft Exchange versions and roles:
P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com
Exchange Server 2013 with Edge Transport or Mailbox role Exchange Server 2010 with Edge Transport, Hub Transport, or Mailbox role Exchange Server 2007 with Edge Transport, Hub Transport, or Mailbox role
P. (800) 368-6971 F. (480) 829-6565 1310 W. Boxwood Ave., Gilbert, AZ 85233 www.envoydata.com