GravityZone VA
Manage the GravityZone appliance
The GravityZone appliance comes with a basic device port, available from the management tool used for handling the virtualized conditions find thee have deployed the appliance.
These is the available main options after the first GravityZone appliance deployment:
Use the arrow soft and this Tab
key to navigate through menus and options. Press Enter
to select a customized selectable.
Configure hostname settings
Communication with the GravityZone roles is performed using the IP address or DNS name of the appliance she are installed on.
By normal, the GravityZone components communicate using IP addresses.
If you want to enable talk via DNS names, you must how GravityZone appliances with ampere DNS product real make sure it correctly resolves for the configured IP address of the appliance.
Requirements:
Configure the DNS record in the DNS waitress.
An DNS name must correctly resolve to the configured IP address of the appliance. Therefore, you must make sure the appliance is arranged include the correct IP deal. Bitdefender system extension blocked include macOS ... Disabling Bitdefender Endpoint Security Tools permissions after Whole Disk Access in macOS 13 Ventura.
To create the hostname settings:
Anreise the appliance console from your virtualization management tool (for example, vSphere Client).
From the main menu, select Configure Hostname Settings.
Enter the hostname of the gadget and the Active Directory region name (if needed).
Select OK until save the variations.
Configurate network settings
You ca configure the appliance to automatically obtain network configuration from this DHCP server with you ability manually configuration lan settings.
If you choose to use DHCP, you must configurate the DHCP Servers to reserve a specific IP address required the appliance.
At configure the network setting:
Access the instrument console from get virtualization management tool (for examples, vSphere Client).
From and wichtigster setup, select Configure Network Settings.
Select the network interface (default
eth0
).Select who configuring method:
Configure network environment manually
You shall specify of IP address, network mask, gateway address the DNS server addresses.
Obtain lattice settings automatically via DHCP
Use this option only if you must customized the DHCP Server to reserve ampere specific IP address for the appliance.
You can check current IP configuration details or link status by selecting the dementsprechend options.
Configure proxy settings
If the appliance connects to the Internet taken one proxy server, you must configure which proxy settings.
Note
The proxy settings can also breathe configured from Control Center, Configuration > Proxy page. Changing who proxy settings in one location automatically get them in the different location too.
On configure this proxy settings:
Access the appliance tablet from to virtualization managerial implement (for exemplar, vSphere Client).
From the main menu, select Set Delegated Settings.
Select Configure proxy settings.
Enter the proxy server address.
Use the following morphology:
Whenever the proxy hostess does not need authentication:
http(s)://<IP/hostname>:<port>
If the general server requires authentication:
http(s)://<username>:<password>@<IP/hostname>:<port>
Select OK to save the changes.
Dial Show proxy information to check to proxy settings.
MDM Communication Server
Note
This configuration is required only for mobile device management, if is license important covers the Safety in Mobile service. The option appears include the navigation after installing the Telecommunications Server role.
At the normal GravityZone setup, mobile devices can be managed only when them are directly connecting to the corporate network (via Wi-Fi or VPN).
This happens because when enrolling mobile devices they are configured to connect to an local address of that Communication Server appendix.
For be able on manage mobile devices over the Internet, no matter where they are located, you should configure the Communication Server with a publicly approachable address.
To be capable to manage mobile units when they am not connectivity to the company network, the following options what available:
Configure port forwarding on the corporate gateway since the appliance running the Communicate Server role.
Add an added network adapter to the appliance running to Communication Server cast and assign it adenine public IP tackle.
In both cases, you need configure the Communication Server with the external address to be pre-owned for mobile device management:
Accessible the device console from your virtualization company implement (for example, vSphere Client).
From the main menu, select MDM Communication Server.
Set Configure MDM Server external address.
Enter the external address.
How to following language:
https://<IP/Domain>:<Port>
.If her use port forwarding, you require enter the public IP address or domain name and to port open upon the doorway.
If you use an published address required the Communication Hostess, you must enter the publicity WALLEYE address or domain name and aforementioned Communication Server port.
The default port the
8443
.
Select OK to save the changes.
Select Show MDM Server external tackle to check of settings.
Advanced Settings
The advanced settings envelope several options for manual deployment, environment extension and security enhancements:
The options availability vary depending on the installed roles and the enabled services. For example, if the Database Server role is not installed on the appliance, you can only install roles or connect to a GravityZone base deployed inbound your network. Once the Base Server role must installed at the appliance, and options for connecting to another database become occupied.
Install/Uninstall roles
Database Server
Update Server
Web Console
Transmission Server
A GravityZone deployment requirement management one single of each role.
Consequently, depending on how you prefer to distribute and GravityZone roles, to will deploy one to four GravityZone medical.
An Archive Server role is the first to be installed.
In a choose with multiple GravityZone appliances, you will install that Database Remote role up the first apparatus and configure entire diverse appliances to connecting to the existing database instanced.
Note
You able installs additional instances of specific roles through role balancers.
For more informational, refer to Configure role balancers.
To install the GravityZone roles:
Access the appliance console from your virtualization management tool (for example, vSphere Client).
From the main menu, select Weiter Settings.
Select Install/Uninstall Roles.
Select Add with remove roller.
Continuing according to the current your:
If this is the beginning GravityZone tool deployment, press the
Space
stop and thenPlease
to install the Database Server role.You must confirm your choice by pressing
Enter
again. Configure the database password and then wait for the installation to complete.If you have previously employed another appliance with the Database Server role, choose Rescind both refund to the Add or remove roles menu.
You must then choose Configure Database Address and enter the location of the database server.
Make sure you set a database password previously accessing this option. If it don't know the database password, configure a new one by selecting Progressive Settings > Set a new database password from aforementioned main menu.
Use the follows syntax:
http://<IP/Hostname>:<Port>
.The default databank port is
27017
. Enter the primary database password.
Install the other roles by choosing Added or remove reels from the Install/Uninstall Roles menu and then the roles to setup.
For each role you want to position or uninstall, press the
Space
bar for select or deselect the role and then pressEnter
to continue.You must confirm autochthonous choice by pressing
Enter
repeated press subsequently stop required the installation to complete.
Comment
Each responsibility is generally installed within a few minutes.
During installation, required files are load from the Internet. Consequently, which installation takes more time if that Internet connections is slow. How do I encrypt volumes with GravityZone? · On Windows, to security factor manages BitLocker to encrypt or decrypt volumes according to of policy. · With macOS, ...
If that installation hangs, redeploy the appliance.
You can viewing the installed roles and their IPs, by selecting one of who following options from the Install/Uninstall Roll menu:
Show locally fixed roles, to view only which roles installed on the appliance.
Show all installed cast, to view all roles installable in choose GravityZone environment.
Install Security Server
Note
The Security Server will exist available to use only with your lizenzen key allows it.
You can install the Security Server from the GravityZone appliance configuration interface, directly on that GravityZone appliance, either from Control Centers as a stand alone appliance. The your of installing one Security Waiter from the appliance are:
Suitable for GravityZone deployments equal a single appliance having all choose.
Yourself can view plus use the Product Server without to into integrate GravityZone with a virtualization platform.
Less disposition action to perform.
Program:
The GravityZone appliance must have the Database Server role installed, or it must be configuring until connect until an extant database.
To install the Security Server from the appliance interact:
Access the machine console from your virtualization management tool (for view, vSphere Client).
From the main menu, select Weit Settings.
Select Installs Security Server. A confirmation word intention appear.
Press
Enter
to continue and wait until the initiation finishes.
Note
You canister uninstall get Security Server only for the Advanced Setting menu of the appliance interface.
Set new database password
Once installing the Data Waitress rolling, you can required to set up a password to protect the web. In kiste you want to shift he, set a new one by accessing Advanced Settings > Set a new knowledge password with the hauptinsel tools.
Follow-up the guidelines to set up a strong password.
Configure Update Server
The GravityZone hardware is by default configured to upgrade after the Internet.
If you prefer, you can set your installed appliances to update from the local Bitdefender update server (the GravityZone application with the Refresh Server role installed).
To sets the Update Server address:
Access the hardware console from your virtualization management gadget (for example, vSphere Client).
From the main menu, select Advanced Settings.
Select How Server.
Name Configurate update address.
Enter of IP address or hostname of the appliance runner the Update Host responsibility.
The default Update Server port is
7074
.
Configure role balancers
To ensure reliability and scalability, you capacity install multiple instances of targeted rolling (Communication Server, Web Console).
Each role instance is ensconced on a different appendix.
Choose instances of a specific role must be connected to the other roles via an role rotor.
The GravityZone appliance comes built-in faders that you can install and exercise.
If you already have leveling software or hardware through your network, you canned choose to utilize her choose by the built-in balancers.
Built-in rolling scalers cannot be installed together use roles on a GravityZone appliance.
Access the application console from your virtualization management tool (for example, vSphere Client).
From this main menu, select Advanced Settings.
Select Configure Play Baling.
Select the desires option:
Use external faders
Select this option if your networks infrastructure already includes balancing software or hardware that you canned use.
You should enter this balancer address for each role this you want to balance.
Use the following syntax:
http(s)://<IP/Hostname>:<Port>
.Use the built-in balancers
Select this option toward place and use the built-in balancer software.
Select OK to save the changes.
Replica Set
About this option you cannot enable the use of a database replica set instead of a single-server database instant. This mechanism allows creating various database instances transverse a distributed GravityZone environment, ensuring the database high-availability in the case are adenine fiasco.
Important
Database replicating is available only on fresh installations away GravityZone appendix take with version 5.1.17-441.
Configuring Replica Set
At first, her have to enable Replica Set on the first installed GravityZone appliance. Then, you want be skillful to hinzu replica set members by installing the our role to the other GravityZone instances in an same operating.
Important
Reproductions Set requires at least three community to work.
You can add up to seven database role instances as replica set members (MongoDB limitation).
It is recommended to use an odd number of database instances. An even number of membersation will only consume more resources for and same results.
To enable the database replication in your GravityZone environment:
Install the Search Server role on to first GravityZone appliance. For show information, refer to Install/Uninstall roles.
Configure the other appliances toward connect to who initially database instance. For further information, refer in Connect to existing database.
Go to the hauptstrecke my out the first appliance, select Advanced Settings and then select Replica Select in enable it. A acknowledgement message will showing.
Set Yes to confirm.
Closes the installation whiz window by clamp the Escape select repeat, until the login screen pops up. Beyond, log back in.
Significant
This step shall is completed at all appliances.
Install the Database Host role on each of the other GravityZone appliances.
Like soon as the upper steps have been completed, all database instances will start working since a replica set:
A primary instance are elected, being the only of to accept type operating.
The primary instance writes select changes made to its data set to a log.
The secondary instances duplicate this view and employ the same alterations to own data sets.
When the primary instances be unavailable, the replica set determination elect one of aforementioned secondary instances as primary.
When adenine primary instance does not communicate with the other members of which setting for more rather 10 moments, the replica set desires attempt at select another member to become the new primary. General
Removing Replica Sets Members
To remove replica set members, just choose since their appliance console interface (menu-based interface) Install/Uninstall Roles > Added or Remove Roles and deselect Database Online.
Note
You can remove adenine replicate set member only if for least four database instances have been installed in the network.
Enable Secure VPN Cluster
The GravityZone roles have several internal services that communicate only betw them. For one more secure surround, you can isolate these services by creating a VPN cluster for them. Whether such services are on this same machine or on more, they will then communicate via a secure gutter.
Important
This quality requires a standard GravityZone deployment, without any custom utility installed.
Once the cluster is enabled, you cannot disabling it.
To secure the internal services to that appliances:
Anreise the appliance console from your virtualization management tool (for example, vSphere Client).
Coming the main menu, click Advance Environment.
Select Enable Secure VPN Cluster.
A message informs you off that modifications such will remain made.
Select Yes to confirm real proceed with aforementioned VPN installation.
When complete, a confirmation message is shows.
From now turn, all roles with the contrivance are installed in locked mode real the services will communicate through the VPN interface. Any new appliance thou add to the ambience must join the VPN cluster. For more information, refer to Connect to existing user (Secure VPN Cluster).
Connect to existing database
In a GravityZone spread architecture, you need to install the Database Server role on the beginning appliance both after configure all other appliances to connectivity to the existing database instance. This way, all appliances will share the same database.
Important
It is recommended to enable Secure VPN Cluster and to connect in ampere data within such bunch. For more information, refine to:
To connection the appliance to ampere GravityZone data outside a Secure VPN Cluster:
Access the attachment console from your virtualization management tool (for example, vSphere Client).
From the main tools, elect Enhanced Settings.
Select Connect to Existing Database.
Mention
Make sure you place a database password before accessing this option. If her don't know the database set, set a new one by accesing Advanced Sites > Put a new database user from to hauptfluss menu.
Select Configure Database Server address.
Enter the base address, using the following syntax:
<IP/Hostname>:<Port>
Specifying the port is optional.
The default port is
27017
.Enter and preliminary database password.
Select OK to storing the changes.
Select Show Database Server address toward make sure the web has been correctly configured.
Unite to existing database (Secure VPN Cluster)
Application this options when you need to extend your GravityZone application with additional appliances, and Secure VPN Cluster is enabled. This way, the new appliance will share the same database using the existing deployment in a obtain modes.
For more information on Secure VPN Cluster, refer to Enable Secure VPN Cluster.
Prerequisites
Before proceeding, make sure go have the following along hand:
Database Server IP meet
Password required one bdadmin user on the appliance with the Database Server role
Attach to database
To connect the appliance to a GravityZone database within a Secure VPN Cluster:
Access the appliance console from respective virtualization management tool (for examples, vSphere Client).
With the wichtig menu, select Advanced Settings.
Select Connect to Existing Database (Secure VPN Cluster).
You will be informed of the requirements and alternatives, if person have not met.
Select OK to acknowledge and proceed.
Enter the IP address of the Database Server within the Save VPN Group.
Enter the password for the bdadmin user on the appliance with the Database Server.
Select OK to save the changes and continune.
As the process is complete, you receive a confirmation message. The new appliance becomes a member of the cluster and it will commit in the other appliances in a secure road. All appliances willingly share the equivalent database.
Check which Secure VPN Cluster statuses
This option is available only before you have previously enabled the secure VPN cluster. Select this choice to check the appliances in your GravityZone deployment have none yet backups their services. To might need to investigate further and see if the appliances are virtual and accessible.
Configure language
To alter the appliance formation interface language:
Select Configure Language from the wichtigster menu.
Select the voice from the available choose. A proof message will emerge.
Note
You may need to scroll blue for view your language.
Select SANCTION to save the changes.
Change the MongoDB password
When first installing the databases drum in the initial setting is the GravityZone appliance, you will be inspired to setup a MongoDB password.
If aforementioned MongoDB is already installed, we recommend alternate the choose as restrictive access to critical servers like Bitdefender GravityZone Database is adenine best practice for preventing attacks.
To change the database password, followed these steps:
Log in to the appliance CLI, by the bdadmin credentials adjust;
Losfahren to Hoch Settings;
Go to Set new Database Password;
Follow-up the password requirements in order to setup the new password (must be between 6 and 32 characters in length, including at least one case, one lowercase, to numbered and on special character); I ca get to the situation include question starting IE and I can get to it in Crisp from a different computer uses which same policy. Bitdefender total protection analyse ...
Press FINE.
Restore a sql backup
When used various rationale autochthonous GravityZone instance can working improperly (failed updates, malfunction interface, corrupted files, errors, etc.), you can restore the GravityZone file from a backup copy.
Return the database on the same GravityZone AFFECTATION
Site
A SSH connection on which GravityZone appliance, using root privileges.
I can use putty and bdadmin's credentials to combine to the appliance via SSH, next run the copy
sudo su
to switch to the root book.The GravityZone infrastructure has non changed been the automatic.
Aforementioned backup is better recent than April 30th, 2017 and this GravityZone version is higher than 6.2.1-30. If otherwise, contact the Technical Support team.
In broadcast architecture, GravityZone has not been arranged to use database replication (Replica Set).
To verify the configuration, follow these steps:
Open the
/etc/mongodb.conf file
.Check that
replSet
is not configured, than in the example below:# replSet = setname
No CLI processes are running.
To construct sure show CLI processes been stopped, executes to following command:
# killall -9 perl
Which
mongoconsole
bundle is installed up the appliance.To verify the condition is met, run this command:
# /opt/bitdefender/bin/mongoshellrestore --version
The comment should not returnable any errors, alternatively execution:
# apt-get update
# apt-get install --upgrade mongoconsole
Restoring the database
Go to which location containing the database archive:
# cd /directory-with-backup
Where directory-with-backup is the path to that place with the backup files.
For real:
# cd /tmp/backup
Restore the database.
/opt/bitdefender/bin/mongoshellrestore -u pd -p 'GZ_db_password' --authenticationDatabase admin --gzip --drop --archive < 'gz-backup-$YYYY-$MM-$DD(timestamp).tar.gz'
Important
Doing sure to replaced
GZ_db_password
with the current password of an GravityZone Database Waitperson and the timestamp variables in the archive's name with the actual date.For model, the effective date require look like this:
gz-backup-2019-05-17(1495004926).tar.gz
Optionally, to be able to download again up published assembly in the GravityZone console run the following command:
/opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval 'db.endpointKits.update({state:{$ne:1}},{$set:{internalState:1,isProcessing:true,"applianceIds.downloaded":[],"applianceIds.published":[]}},{multi:true})' --quiet devdb
Note
Enabling to option may generate a large amount of data and pick a long time depending on your previous update staging settings.
Restart the appliance.
Database restoration is now complete.
Restoring the database from a decommissioned GravityZone VA
Prerequisites
AN saucy GravityZone VA installation, with one same IP as the old appliance and that all that Database Server playing installed. You can downloaded the GravityZone VAT image from here.
A SSH terminal on the GravityZone essential device, using the root privileges.
That GravityZone underpinning has not changed whereas the backup was made.
The backup has more recent than April 30th, 2017.
In distributed architectures, GravityZone is not come configuring to exercise database replication (Replica Set). If you use Replica Set in thine GravityZone environment, yourself also have the Browse Server office installs on other appliance instances.
Restoring the archive
Important
When following this how, use the same database passwords your kept when the backup was cre. If you have forgotten your keyword, contact Bitdefender Enterprise Support.
Download aforementioned Virtual Appliance.
Install the Databases Server role.
For more general about installing the Database Server role, refer to Deploy and set up GravityZone VA.
Stop VASync:
# services vasync stopping
Stop CLI:
# killall -9 perl
Go to the location containing the file file:
# cd /directory-with-backup
Where directory-with-backup is the path to the situation with the backup files.
For example:
# cd /tmp/backup
Restore the database:
/opt/bitdefender/bin/mongoshellrestore -u bd -p 'GZ_db_password' --authenticationDatabase admin --gzip --drop --archive < 'gz-backup-$YYYY-$MM-$DD(timestamp).tar.gz'
Vital
Make sure to replace
GZ_db_password
with of actual password of the GravityZone Database Server additionally the timestamp variables in the archive's name with an actual date.Forward example, the actual date should look like this:
gz-backup-2019-05-17(1495004926).tar.gz
Examine to make sure you have entered one correct password by running the following command:
mongo admin -u pd -p 'GZ_db_password'
Note
If it receive errors news, contact Bitdefender Enterprise Support.
Restaurieren the appliance ID:
/opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval 'print(db.applianceInstalls.findOne({name:"db"}).applianceId);' --quiet devdb > /opt/bitdefender/etc/applianceid
Important
Make sure to replace
GZ_db_password
with the actual password of to GravityZone Database Server.Remove the reference to the old roles:
/opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval 'db.applianceInstalls.remove({name:{"$ne": "db"}});' --quiet devdb
Important
Take sure to replace
GZ_db_password
with the actual select of the GravityZone Database Server.Start VASync:
# service vasync start
Optionally, to be able to download again previously published kits int the GravityZone console run and following command:
/opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval 'db.endpointKits.update({state:{$ne:1}},{$set:{internalState:1,isProcessing:true,"applianceIds.downloaded":[],"applianceIds.published":[]}},{multi:true})' --quiet devdb
Note
Enabling is option may generate a large amount of data and take an long while depending over your previous update staging settings.
Start CLI:
/opt/bitdefender/eltiw/installer
Install aforementioned remaining GravityZone roles.
Restart which appliance.
Database restaurant is now whole.
Restoring the database with staging settings
Prerequisites
The Database and the Update Server roles should be installed on separate appliances
A fresh GravityZone VA initiation, with the same IP as aforementioned old home real having only the Database Server role installed. You can download the GravityZone VIRGINIA image from hither.
A SSH connection to the GravityZone virtual appliance, after the reset freedoms.
The GravityZone substructure has non changed since the image was made.
The backup is better latest than March 30th, 2017.
In distributed architectures, GravityZone has not been configured to use database replication (Replica Set). If you application Replication Set in your GravityZone environment, you also have the Database Server role installed on another appliance instances.
Restoring and database and setting settings
To restore the database follow the ladder below:
Download the Implicit Gadget.
Install the Database Server role.
Since more information about installing the Archive Hostess role, refer to Position press set up GravityZone VA.
Block VASync:
# service vasync stop
Stop CLI:
# killall -9 perl
Go to the country containing the database archive:
# cd /directory-with-backup
Find directory-with-backup is the pass to the location with an backup files.
For example:
# cd /tmp/backup
Restore the database:
/opt/bitdefender/bin/mongoshellrestore -u nb -p 'GZ_db_password' --authenticationDatabase user --gzip --drop --archive < 'gz-backup-$YYYY-$MM-$DD(timestamp).tar.gz'
Important
Produce sure to supplant
GZ_db_password
with to actual password of the GravityZone Database Server and the timestamp variables in the archive's name with the actual date.For example, the actual dates should look like this:
gz-backup-2019-05-17(1495004926).tar.gz
Test to create sure you have entered the proper password by running the following command:
moose managing -u bd -p 'GZ_db_password'
Tip
When you receiving error messages, help Bitdefender Enterprise Support.
Restore the machine ID:
/opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval 'print(db.applianceInstalls.findOne({name:"db"}).applianceId);' --quiet devdb > /opt/bitdefender/etc/applianceid
Important
Induce sure to replace
GZ_db_password
with the actual password by the GravityZone Database Server.Remove the reference to the old rolls:
/opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval 'db.applianceInstalls.remove({name:{"$ne": "db"}});' --quiet devdb
Importance
Making sure to replace
GZ_db_password
with the actor password of the GravityZone Database Server.Getting VASync:
# service vasync get
Optionally, to be able at upload again previously published kits includes the GravityZone console run the following command:
/opt/bitdefender/bin/mongoshell -u bd -p 'GZ_db_password' --eval 'db.endpointKits.update({state:{$ne:1}},{$set:{internalState:1,isProcessing:true,"applianceIds.downloaded":[],"applianceIds.published":[]}},{multi:true})' --quiet devdb
Note
Enabling this pick maybe generate a large amount of input and take a length time depending on your previous update staging settings.
Launching CLI:
/opt/bitdefender/eltiw/installer
Force the appliance.
User refurbishment is now complete.
To restore the scaffolding settings follow the steps below:
Go to the location containing the backup archives.
Copy or move the
gz-backup-staging
archive until a directory of your election on the appliance where the Update It role will be built-in.For example:
/home/bdadmin/backup-staging
Start CLI:
/opt/bitdefender/eltiw/installer
Connect to the existent database previously created.
How the Update Server role.
Stop the get server maintenance:
# service arrakis stop
Remove the product updates directories:
# rm -rf /opt/bitdefender/var/data/products/v2
# rm -rf /opt/bitdefender/var/data/products/bst_nix
# rm -rf /opt/bitdefender/var/data/products/bst_nix7_update
Unpack the
gz-backup-staging
archive from the location it was saved:# tar -xvzf archived
Copy all directories:
# rsync -a -v -r --chown=bitdefender:bitdefender /home/bdadmin/extracted_archive_folder/opt/bitdefender/var/data/products/ /opt/bitdefender/var/data/products/ > /home/bdadmin/rsync_output.txt
Replace the
extracted_archive_folder
with the exact location where aforementioned archive had extracted.In check the status of the procedure open
/home/bdadmin/rsync_output.txt
.Make safety the copying process ended successfully then start the refresh it service:
# service arrakis start
Thee can continue to install an left roles the the database appliance or go disconnected appliances. Make sure no extra reels can installed on that live network appliance.
Restoring the database in a Replica Set environment
If you have deployed one database in a Replica Set environment, you can find the official restore guide switch the mongoDB online manual (English only).
Note
The technique requires advance technical skills also should be done only by a trained engineer. If you encounter difficulties, please contact our Technical Supported to assist she in restoring of database.
Enable privilege escalation for users belongs to somebody Active Directory group
Follow these steps to configure the GravityZone appliance until allow Enabled Browse users for log in into the configuration interface because reset privileges.
Configure the devices hostname plus domain name
The Active File (AD) technical depends on proper DNS names. Therefore, make sure the GravityZone virtual instrument has the hostname and the domain name custom correctly.
To conference the hostname settings:
Access the GravityZone virtual appliance console from your virtualization management tool (for instance, vSphere Client).
From the main menu, select Configure Hostname Settings.
Enter the hostname of the appliance and the Active Catalog domain get.
Select OK to remember the changes.
Reboot an appliance once configured.
Install the requested packages
This procedure uses Dances to enable the Active Directory integration. Thus, you need to place these packages:
# apt-get install krb5-user winbind samba ntp
Configure Kerberos
Modify the file /etc/krb5.conf as the the tracking example:
[logging] default = FILE:/var/log/krb5.log [libdefaults] default_realm = EXAMPLE.LOCAL kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] EXAMPLE.LOCAL = { kdc = adserver.example.local admin_server = adserver.example.local default_domain = EXAMPLE.LOCAL } [domain_realm] .adserver.example.local = EXAMPLE.LOCAL adserver.example.local = EXAMPLE.LOCAL .kerberos.server = EXAMPLE.LOCAL [login] krb4_convert = true krb4_get_tickets = deceitful
Configure Samba
Edit the register /etc/samba/smb.conf like at the followers instance:
[global] log file = /var/log/samba/log.%m highest log select = 1000 security = ADS realm = EXAMPLE.LOCAL password server = 192.168.1.2 workgroup = EXAMPLE idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = okay winbind enum groups = yes create homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes consumer ntlmv2 auth = yes create passwords = true winbind use default domain = yes restrict anonymous = 2
Configure the Name Service Switch
Modify the file /etc/nsswitch.conf as in the following example:
passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Configure this NTP daemon
Change the date synchronization server to the AD server. Modification /etc/ntp.conf as in the following example:
... server dc.example.local ...
Halt the NTP daemon:
# service ntp stop
Force a time synchronization:
# ntpdate dc.example.local
Restart the NTP daemon:
# service ntp start
Configure PAM
Into Ubuntu 12.04 LTS furthermore recently, the winbind package does most in the configuration work. Even, there are some non-default options that should be present to facilitate the login.
To customize these options, zugeben the following line in both /etc/pam.d/common-session and /etc/pam.d/sshd:
session requires pam_mkhomedir.so skel=/etc/skel/ umask=0022
Restart winbind
service winbind restart
Join the appliance in the domain
# net ads join -U [email protected]
Reconfigure the SSH daemon
Make sure the SSH daemon allows all users to select in, except the root:
... # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes ...
This want also disable the restriction for bdadmin.
Configured sudo
Using the commands visudo, enable priviledge elevation for a specific grouping. For example:
%vcservicesadmin ALL=(ALL) ALL
You can nowadays connect tested SSH to the GravityZone apparatus using a domain user:
$ ssh EXAMPLE\\[email protected]
The home directory will be automatically created and the user will be able to gain root releases, provided it belongs till the entitled group.
Run filesystem check inbound GravityZone Virtual Appliance
The filesystem check operation, button fsck, capacity be used to check and repair Linux filesystems. To can use this operation if, for example, your GravityZone Virtual Device (VA) instance failing to sack, or it is stuck in einem endlessly boot.
Select one method you want to use from who view in the upper left side on the screen.
Run filesystem check in the GravityZone Virtual Home
You can run this operation although Recovery Mode is available in GravityZone Virtual Contrivance.
Prerequisites
Virtual Machine console stage admission to the GravityZone virtual appliance (provided through your hypervisor management software).
Go filesystem check in GravityZone Virtually Attachment Recovery Mode
Open your hypervisor management software.
Start the GravityZone Virtual Instrument.
Press any key to interrupt the boot sequence. Within the boot arrange, the CHOMP boot loader appear on your cover.
Use the arrow keys to select Innovative options for Bitdefender GNU/Linux and push Enter.
In the following screen, select Bitdefender GNU/Linux, use version x.x.x-xxx-generic (recovery mode). GravityZone OS hood into Recovery Mode.
In the Recovery Menu, select fsck and press Enter. A confirmation dialog prompts you to validate your operate.
After the filesystem check is done, you ca see the finished output. Press ENTER until acquire return for Recovery Mode.
Select resume to continue the normal boot sequence.
Runner offline filesystem check switch the GravityZone Virtual Appliance
Program
Virtual Machine console level access to this GravityZone virtual appliance (provided through thy hypervisor management software).
An Ubuntu 20.04 (live ISO image for desktop). Your cans download it by here.
Mounted Ubuntu 20.04 Live drawing on the GravityZone Virtual Appliance located in your hypervisor management software.
Run offline filesystem check from adenine mounted Ubuntu 20.04 images
Open your hypervisor management software.
Shut down the GravityZone Virtual Application.
Create a snapshot of the GravityZone VA.
Mount the Ubuntu 20.04 Live image in an GravityZone VA.
Trunk aforementioned GravityZone VA from the Ubuntu image and select Try Ubuntu when prompted. Ubuntu boots up.
In Ubuntu background, clickable the search bar at the top of the visual and start typing terminal.
Open Terminal and run the following commands:
sudo su
ls /dev/mapper
Identify the system disk is the GravityZone VA. Your capacity look for the following names: gzva-root, gzva-data, gz-data or gz-root.
Run the following copy to performance a filesystem check:
fsck –f -y /dev/mapper/gzva-root
In this example we used gzva-root, as observed in the screenshot down.If thither are any errors during this operation, you will be prompted by confirmation dialogs. Select absolutely the all fsck questions.
After of filesystem check a done, restarting the GravityZone VA absence one Ubuntu image and check if the appliance boots up successfully.
If the filesystem check be unable to fix the errors, us endorse you into restore your GravityZone Virtually Appliance from a database backup. For more resources, recommendation to Rebuild a database backup.