BitDefender Management Server 3.6
Administrator's Guide
Publication date 2014.09.12
Copyright© 2014 BitDefender
Legal Notice
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from an authorized representative of BitDefender. The inclusion of brief quotations in reviews may be possible only with the mention of the quoted source. The content can not be modified in any way.
Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this
document is provided on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this document, the authors will not have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work.
This book contains links to third-party Websites that are not under the control of BitDefender, therefore BitDefender is not responsible for the content of any linked site. If you access a third-party website listed in this document, you will do so at your own risk. BitDefender provides these links only as a convenience, and the inclusion of the link does not imply that BitDefender endorses or accepts any responsibility for the content of the third-party site.
Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document
are the sole property of their respective owners, and are respectfully acknowledged.
She came to me one morning, one lonely Sunday morning Her long hair flowing in the mid-winter wind
I know not how she found me, for in darkness I was walking And destruction lay around me, from a fight I could not win
Table of Contents
Using This Guide
... xv
1. Purpose and Intended Audience. . . xv
2. How to Use This Guide. . . xv
3. Conventions Used in This Guide. . . xvi
3.1. Typographical Conventions. . . xvi
3.2. Admonitions. . . xvi
4. Request for Comments. . . xvii
About BitDefender Client Security
... 1
1. What Is BitDefender Client Security?
... 2
2. Architecture and Operation
... 3
2.1. BitDefender Management Server. . . 3
2.2. BitDefender Client Products. . . 5
2.3. BitDefender Management Agent. . . 6
2.4. BitDefender Management Console. . . 6
2.5. BitDefender Deployment Tool. . . 7
2.6. Bitdefender Update Server. . . 7
3. Supported BitDefender Client Products
... 8
3.1. Workstation Client Products. . . 8
3.2. Server Client Products. . . 8
Installation and Removal
... 10
4. System Requirements
... 11
4.1. BitDefender Management Server. . . 11
4.2. BitDefender Management Agent. . . 12
4.3. BitDefender Management Console. . . 12
4.4. BitDefender Business Client. . . 13
4.5. Endpoint Security. . . 13
4.6. BitDefender Management Server Installed together with Endpoint Security. . . . 14
4.7. BitDefender Update Server. . . 15
5. Before You Start the Deployment
... 16
5.1. BitDefender Client Security Basics. . . 16
5.2. Single or Multi-Server Deployment?. . . 17
5.3. How You Deploy a Single-Server Configuration. . . 17
5.4. How You Deploy a Multi-Server Configuration. . . 18
5.5. Active Directory Networks. . . 19
5.6. Integration of the BitDefender Solutions for Server Systems. . . 20
5.7. Integrating BitDefender Antivirus for Mac into the Centralized Reporting Platform. . . 20
6. Installing BitDefender Management Server
... 22
6.1. Choosing and Preparing a Computer for Installation. . . 22
6.2. Default Installation. . . 23
6.3. Custom Installation (With Screenshots). . . 24
6.3.1. Step 1 - Welcome Window. . . 25
6.3.3. Step 3 - Choose Installation Type. . . 26
6.3.4. Step 4 - Customize Installation. . . 27
6.3.5. Step 5 - Choose Server Type. . . 28
6.3.6. Step 6 - Specify Communication Ports. . . 29
6.3.7. Step 7 - Specify BitDefender Update Server Port. . . 29
6.3.8. Step 8 - Ensure Database Support. . . 30
6.3.9. Step 9 - Connect to Database. . . 31
6.3.10. Step 10 - Start Installation. . . 33
6.3.11. Step 11 - Finish Installation. . . 34
6.4. Installing a Slave or Master Server. . . 35
6.5. Adding Support for Unix-based Server Security Solutions. . . 35
6.6. Installing Components Separately. . . 37
6.6.1. Installing BitDefender Management Console on Administrator's Computer. . . 37
6.6.2. Installing BitDefender Update Server on a Dedicated Computer. . . 38
7. Installing Client Products
... 40
7.1. Step 1 - Prepare Computers for Deployment. . . 40
7.2. Step 2 - Define Managed Computers. . . 41
7.3. Step 3 - Deploy Client Products. . . 43
7.4. Step 4 - Deploying on Offline Computers. . . 44
8. Client Deployment Tools
... 45
8.1. Credentials Manager. . . 46
8.1.1. Adding New Credentials. . . 47
8.1.2. Editing Existing Credentials. . . 48
8.1.3. Deleting Existing Credentials. . . 48
8.2. Retry Deployment. . . 48
8.3. Network Builder. . . 49
8.3.1. Step 1/2 - Organize Computers. . . 50
8.3.2. Step 2/2 - Deploy BitDefender Management Agent. . . 52
8.4. Deployment Tool. . . 55
8.4.1. Launching Deployment Tool. . . 56
8.4.2. Automatically Installing, Repairing or Removing Products. . . 56
8.4.3. Examining Deployment Results. . . 66
8.4.4. Creating Unattended Installation Packages. . . 67
8.5. Automatic Deployment. . . 76
8.5.1. Configuring Automatic Deployment. . . 77
8.5.2. Configuring Automatic Deployment for VPN Computers. . . 79
8.5.3. Deploying Endpoint Security Automatically. . . 80
8.5.4. Disabling Automatic Deployment. . . 80
8.6. View Deployment Status. . . 80
9. Upgrading
... 82
9.1. Considerations When Upgrading. . . 82
9.2. Upgrading BitDefender Management Server. . . 82
9.3. Upgrading Clients. . . 83
10. Installation Changes
... 84
10.1. Changing Agent Synchronization Interval. . . 84
10.2. Migrating BitDefender Management Server to Another Computer. . . 85
10.2.1. Migrating a Stand-Alone Installation. . . 85
10.2.2. Migrating a Slave or Master Installation. . . 87
10.4. Redirecting Clients to Another Server. . . 88
10.5. Modifying BitDefender Management Server Installation. . . 90
10.6. Repairing BitDefender Management Server. . . 90
11. Removal
... 92
11.1. Instructions for Complete Removal. . . 92
11.2. Removing Clients. . . 92
11.2.1. From the Managed Computers Pane. . . 93
11.2.2. Using Deployment Tool. . . 93
11.2.3. Local Removal. . . 94
11.2.4. Checking That Clients Have Been Removed. . . 94
11.3. Removing BitDefender Management Server. . . 95
Configuration and Management
... 96
12. Getting Started
... 97
12.1. Opening Management Console. . . 97
12.2. Connecting to BitDefender Management Server. . . 97
12.3. User Interface Overview. . . 98
12.3.1. Tree Menu. . . 99
12.3.2. Tools Menu. . . 101
12.4. Changing Logon Password. . . 103
12.5. Changing SQL Connection Password. . . 103
13. Registration
... 105
13.1. Purchasing License Keys. . . 105
13.2. Registering BitDefender Management Server. . . 105
13.3. Checking the Registration Status. . . 107
13.4. Extending or Renewing Your License. . . 108
13.5. Registration in Master/Slave Configurations. . . 109
14. The Management Dashboard
... 110
14.1. Monitoring Modules. . . 110
14.2. Fixing Issues. . . 112
14.3. Important Links. . . 113
14.4. Configuring the Dashboard. . . 113
14.5. Configuring E-mail Notifications. . . 113
15. Computers Directory
... 116
15.1. Managed Computers. . . 117
15.1.1. Computer Groups. . . 118
15.1.2. Refreshing Computer List. . . 120
15.1.3. Sorting through Computer List. . . 120
15.1.4. Searching for Computers. . . 120
15.1.5. Assigning Policies. . . 121
15.1.6. Assigning Tasks. . . 121
15.1.7. Viewing Assigned Policies. . . 121
15.1.8. Viewing Assigned Tasks. . . 122
15.1.9. Checking Client Details and Status. . . 122
15.1.10. Monitoring Client Products Status. . . 122
15.1.11. Switching between Restricted and Power User. . . 123
15.1.12. Removing Client Products. . . 123
15.1.13. Removing Clients. . . 123
15.1.15. Excluding Computers from Management. . . 124
15.1.16. Changing Displayed Information. . . 124
15.1.17. Exporting Computer List. . . 124
15.2. Unmanaged Computers. . . 125
15.2.1. Refreshing Computer List. . . 126
15.2.2. Sorting through Computer List. . . 126
15.2.3. Searching for Computers. . . 127
15.2.4. Deploying BitDefender Management Agent. . . 127
15.2.5. Excluding Computers from Management. . . 130
15.2.6. Deleting Computers from Table. . . 130
15.2.7. Changing Displayed Information. . . 131
15.2.8. Exporting Computer List. . . 131
15.3. Excluded Computers. . . 131
15.3.1. Refreshing Computer List. . . 132
15.3.2. Sorting through Computer List. . . 132
15.3.3. Searching for Computers. . . 133
15.3.4. Deleting Computers from Table. . . 133
15.3.5. Restoring Excluded Computers. . . 133
15.3.6. Changing Displayed Information. . . 134
15.3.7. Exporting Computer List. . . 134
16. Policies
... 135
16.1. Creating New Policies. . . 135
16.2. Current Policies. . . 138
16.2.1. "No Data Available" Status. . . 139
16.2.2. Monitoring Policy Execution. . . 139
16.2.3. Viewing and Editing Policy Settings. . . 139
16.2.4. Changing Policy Schedule. . . 140
16.2.5. Checking and Changing Policy Assignments. . . 140
16.2.6. Renaming Policies and Changing Their Description. . . 141
16.2.7. Deleting Policies. . . 141
16.2.8. Enabling/Disabling Policies. . . 141
16.3. Exporting and Importing Policies. . . 141
16.3.1. Exporting Policies. . . 142
16.3.2. Importing Policies. . . 145
17. Network Tasks
... 149
17.1. Creating New Network Tasks. . . 150
17.2. Current Network Tasks. . . 152
17.2.1. "No Data Available" Status. . . 153
17.2.2. Checking Task Results. . . 153
17.2.3. Viewing and Editing Task Settings. . . 153
17.2.4. Running a Task Again. . . 155
17.2.5. Changing Task Schedule. . . 155
17.2.6. Running Tasks on Other Computers. . . 155
17.2.7. Renaming Tasks and Changing Their Description. . . 156
17.2.8. Deleting Tasks. . . 156
17.2.9. Enabling/Disabling Tasks. . . 156
17.3. Examples of Using Tasks. . . 157
17.3.1. Gathering Information about Client Workstations. . . 157
17.3.2. Application Control. . . 158
17.3.3. Monitoring Processes Running on Client Workstations. . . 161
17.3.5. Sending Messages to Client Workstations. . . 163
17.3.6. Running Programs on Client Workstations. . . 164
17.3.7. Configuring Windows Automatic Updates on Client Workstations. . . 166
17.3.8. Updating Windows on Client Workstations. . . 167
17.3.9. Enabling/Disabling Autorun or USB Storage Devices on Client Workstations. . . 168
18. Network Audit
... 170
18.1. Configuring Network Audit. . . 170
18.1.1. Configuring Data Collection. . . 171
18.1.2. Configuring Data Archiving Preferences. . . 172
18.1.3. Checking Network Audit Status. . . 173
18.2. Creating New Network Audit Reports. . . 173
18.3. Scheduled Network Audit Reports. . . 175
18.3.1. Viewing Last Report. . . 176
18.3.2. Saving Reports. . . 176
18.3.3. Renaming Reports. . . 176
18.3.4. Editing Report Settings. . . 176
18.3.5. Deleting Reports. . . 176
19. Reporting Center
... 177
19.1. Creating Reports. . . 177
19.2. Viewing and Saving Reports. . . 179
19.2.1. Saving Reports. . . 180
19.2.2. Printing Reports. . . 180
19.2.3. Sorting Report Details. . . 181
19.3. Scheduled Reports. . . 181
19.3.1. Viewing Last Report. . . 182
19.3.2. Saving Reports. . . 182
19.3.3. Renaming Reports. . . 182
19.3.4. Editing Report Settings. . . 182
19.3.5. Deleting Reports. . . 182
20. Examining the Server Activity Log
... 183
20.1. Setting Verbosity Level. . . 184
20.2. Sorting Events. . . 184
20.3. Deleting Records. . . 185
21. Backup/Restore Server Configuration Tool
... 186
21.1. Backing Up BitDefender Management Server Configuration. . . 186
21.2. Restoring BitDefender Management Server Configuration. . . 189
22. Master-Slave Configurations
... 193
22.1. Master-Slave Configuration Overview. . . 193
22.2. Feature Availability in Master Servers. . . 193
22.3. Registering a Stand-Alone Server to a Master Server. . . 194
22.4. Unregistering from Master Server. . . 194
22.5. License Management. . . 194
22.6. Tree Menu on Master Servers. . . 194
22.6.1. Network View. . . 194
22.6.2. Virtual View. . . 195
22.7. Master/Virtual Policies. . . 196
22.8. Master/Virtual Tasks. . . 196
22.10. Master Activity Log. . . 197
Policy Templates
... 198
23. BitDefender Management Server Templates
... 199
23.1. BitDefender Management Agent Settings. . . 199
23.2. BitDefender Management Agent Connection. . . 200
24. Endpoint Security Templates
... 201
24.1. Update Request. . . 202 24.1.1. Used Settings. . . 202 24.1.2. Update Locations. . . 202 24.1.3. Proxy Settings. . . 203 24.1.4. Advanced Settings. . . 203 24.2. Update Settings. . . 204 24.2.1. Update Locations. . . 204 24.2.2. Proxy Settings. . . 205 24.2.3. Scheduler Settings. . . 205 24.2.4. Advanced Settings. . . 205 24.3. Scan Policy. . . 206 24.3.1. Scan Level. . . 206 24.3.2. Scan Options. . . 207 24.3.3. Scan Actions. . . 209 24.3.4. Other Options. . . 210 24.4. Antivirus Settings. . . 210 24.4.1. Real-time Protection. . . 211 24.4.2. Protection Level. . . 211 24.4.3. Settings. . . 212 24.4.4. Quarantine Settings. . . 214
24.4.5. Behavioral Scanner Settings. . . 214
24.5. Firewall Settings. . . 216 24.5.1. General Settings. . . 216 24.5.2. Profile Settings. . . 216 24.5.3. Other Settings. . . 219 24.6. Privacy Control. . . 220 24.6.1. Protection. . . 220 24.6.2. Protection Level. . . 221 24.6.3. Settings. . . 221 24.6.4. Identity Control. . . 222 24.6.5. Cookie Control. . . 223 24.6.6. Script Control. . . 224 24.6.7. Alerts. . . 225 24.7. Antispam Settings. . . 226 24.7.1. Protection. . . 227 24.7.2. Protection Level. . . 227 24.7.3. Settings. . . 228 24.8. User Control. . . 230 24.8.1. User Control. . . 230 24.8.2. General Settings. . . 231 24.8.3. Web Control. . . 232 24.8.4. Applications Control. . . 233 24.8.5. Keywords Control. . . 233 24.8.6. Webtime Control. . . 234
24.9. Exclusions. . . 234 24.9.1. Exclusions. . . 235 24.9.2. Paths. . . 235 24.9.3. Extensions. . . 236 24.9.4. Manage HTTP Exceptions. . . 236 24.10. Advanced Settings. . . 239 24.10.1. General Settings. . . 239
24.10.2. Virus Report Settings. . . 240
24.10.3. Password. . . 240 24.11. Device Detection. . . 241 24.11.1. General Settings. . . 242 24.11.2. Scan Options. . . 242 24.11.3. Scan Actions. . . 244 24.11.4. Other Options. . . 244
24.12. Select Main Active Modules. . . 245
25. BitDefender Security for SharePoint Templates
... 247
25.1. Antivirus Settings. . . 247 25.1.1. General. . . 248 25.1.2. Antivirus Settings. . . 249 25.1.3. Action. . . 250 25.1.4. Configure Scan. . . 251 25.2. General Settings. . . 252 25.2.1. Alerts. . . 253 25.2.2. Virus Report. . . 255 25.2.3. Report Incidents. . . 255 25.2.4. Purge Settings. . . 256 25.3. Get Settings. . . 256
25.4. Install Product Update. . . 256
25.4.1. Settings. . . 257 25.5. Rollback. . . 257 25.6. Scanning Scheduled. . . 257 25.6.1. General. . . 257 25.6.2. Action. . . 259 25.6.3. Configure Scan. . . 259 25.7. Update Request. . . 261 25.8. Update Settings. . . 261 25.8.1. Options. . . 261
25.8.2. Product Update Options. . . 262
25.8.3. Update Location. . . 262
25.8.4. Notifications. . . 263
26. BitDefender Security for Mail Servers Templates
... 264
26.1. Antispam Filtering Settings/Rules. . . 265
26.1.1. Antispam. . . 265 26.1.2. Rules. . . 266 26.1.3. Rule Settings. . . 267 26.2. Antivirus Settings. . . 271 26.2.1. Antivirus. . . 271 26.2.2. Rules. . . 272 26.2.3. Rule Settings. . . 273
26.3. Attachment Filtering Rules. . . 277
26.3.2. Rules. . . 277
26.3.3. Rule Settings. . . 278
26.4. Content Filtering Rules. . . 282
26.4.1. Content Filtering. . . 283 26.4.2. Rules. . . 283 26.4.3. Rule Settings. . . 284 26.5. General Settings. . . 288 26.5.1. Alerts. . . 288 26.5.2. Virus Report. . . 291 26.5.3. Report Incidents. . . 291 26.5.4. Purge Settings. . . 291 26.5.5. Quarantine Settings. . . 292 26.6. Get Settings. . . 292
26.7. Install Product Update. . . 292
26.7.1. Settings. . . 293
26.8. Interface Settings. . . 293
26.8.1. General. . . 293
26.8.2. Configuring Interfaces. . . 294
26.8.3. Ensure Security. . . 294
26.9. Rollback Product Update. . . 295
26.10. SMTP Groups . . . 295 26.10.1. Options. . . 295 26.10.2. Configuring Groups. . . 295 26.11. Update Request. . . 295 26.12. Update Settings. . . 296 26.12.1. Options. . . 296
26.12.2. Product Update Options. . . 297
26.12.3. Update Location. . . 297
26.12.4. Notifications. . . 298
27. BitDefender Security for File Servers Templates
... 299
27.1. Antivirus Settings. . . 300 27.1.1. Protection. . . 300 27.1.2. Action. . . 301 27.1.3. Notifications. . . 302 27.1.4. Configure Scan. . . 302 27.2. General Settings. . . 305 27.2.1. Alerts. . . 305 27.2.2. Virus Report. . . 307 27.2.3. Report Incidents. . . 308 27.2.4. Purge Settings. . . 308 27.2.5. Tray Icon. . . 308 27.2.6. Quarantine Settings. . . 309 27.3. Get Settings. . . 309
27.4. Install Product Update. . . 309
27.4.1. Settings. . . 310
27.5. Rollback Product Update. . . 310
27.6. Scan Exceptions Settings. . . 310
27.6.1. Global Exceptions. . . 310
27.6.2. Process Exclusions. . . 311
27.7. Scanning Scheduled. . . 311
27.7.1. Scan Level. . . 311
27.7.3. Action. . . 314
27.7.4. Notifications. . . 315
27.8. Update Request. . . 316
27.9. Update Settings. . . 316
27.9.1. Options. . . 316
27.9.2. Product Update Options. . . 317
27.9.3. Update Location. . . 317
27.9.4. Notifications. . . 318
28. BitDefender Security for Exchange Templates
... 319
28.1. Antispam Filtering Settings/Rules. . . 320
28.1.1. Antispam. . . 320 28.1.2. Rules. . . 322 28.1.3. Rule Settings. . . 322 28.2. Antivirus Rules. . . 326 28.2.1. Antivirus. . . 327 28.2.2. Rules. . . 327 28.2.3. Rule Settings. . . 328 28.3. Antivirus Settings. . . 331
28.3.1. Mailbox (VSAPI) Scanning. . . 332
28.3.2. SMTP Scanning. . . 334
28.4. Attachment Filtering Rules. . . 334
28.4.1. Attachment Filtering. . . 335
28.4.2. Rules. . . 335
28.4.3. Rule Settings. . . 335
28.5. Content Filtering Rules. . . 340
28.5.1. Content Filtering. . . 340 28.5.2. Rules. . . 341 28.5.3. Rule Settings. . . 341 28.6. General Settings. . . 345 28.6.1. Alerts. . . 346 28.6.2. Virus Report. . . 348 28.6.3. Report Incidents. . . 349 28.6.4. Purge Settings. . . 349 28.6.5. Quarantine Settings. . . 349 28.7. Get Settings. . . 350
28.8. Install Product Update. . . 350
28.8.1. Settings. . . 350
28.9. Rollback Product Update. . . 350
28.10. Scanning Scheduled. . . 351
28.10.1. Configuring Actions. . . 351
28.10.2. Set Advanced Settings. . . 352
28.10.3. Notifications. . . 352 28.11. SMTP Groups . . . 353 28.11.1. Options. . . 353 28.11.2. Configuring Groups. . . 353 28.12. Update Request. . . 353 28.13. Update Settings. . . 353 28.13.1. Options. . . 354
28.13.2. Product Update Options. . . 354
28.13.3. Update Location. . . 355
29. BitDefender Security for Mail Servers (Unices) Templates
... 357
29.1. File Logging Policy. . . 357
29.1.1. File Logging. . . 358
29.1.2. Log Rotate. . . 358
29.2. Mail Alerts Policy. . . 358
29.3. Mail Settings Policy. . . 359
29.3.1. Antivirus. . . 359 29.3.2. Antispam. . . 360 29.3.3. Content Filter. . . 364 29.3.4. Miscellaneous Settings. . . 364 29.4. SMTP Protocol Policy. . . 365 29.4.1. Networks. . . 365 29.4.2. Domains. . . 365
29.5. Update Settings Policy. . . 366
29.5.1. Live! Update. . . 366
29.5.2. Insecure Update. . . 366
29.5.3. Proxy Settings. . . 366
29.6. Core Modules. . . 366
30. BitDefender Security for Samba Templates
... 369
30.1. File Logging Policy. . . 369
30.1.1. File Logging. . . 369
30.1.2. Log Rotate. . . 370
30.2. Mail Alerts Policy. . . 370
30.3. Samba Protocol Policy. . . 370
30.3.1. Antivirus Actions. . . 370
30.3.2. Extensions. . . 371
30.3.3. Maximum File Size. . . 371
30.4. Update Settings Policy. . . 372
30.4.1. Live! Update. . . 372
30.4.2. Insecure Update. . . 372
30.4.3. Proxy Settings. . . 372
30.5. Core Modules. . . 373
BitDefender Update Server
... 375
31. What Is BitDefender Update Server?
... 376
32. Configuration and Management
... 377
32.1. Accessing Management Panel. . . 377
32.2. What You Have to Do After Installation. . . 378
32.3. Managing Client Products and Downloaded Updates. . . 379
32.4. Configuring Settings. . . 381
32.5. Changing Login Password. . . 383
33. Cascading Configuration
... 384
Getting Help
... 385
34. Support
... 386
34.1. BitDefender Support Center. . . 386
34.1.1. BitDefender Knowledge Base. . . 386
34.1.3. Product Documentation. . . 387
34.2. BitDefender Support Tool. . . 387
35. Contact Information
... 391
35.1. Web Addresses. . . 391
35.2. Local Distributors. . . 391
35.3. BitDefender Offices. . . 391
Appendices
... 394
A. Available Network Tasks
... 395
B. Available Report Templates
... 401
C. Default Communication Ports
... 408
Using This Guide
1. Purpose and Intended Audience
This documentation is intended for all BitDefender Management Server v3.6 users. The information presented herein should be easy to understand by anyone who has basic computer and networking knowledge.
This documentation shows you how BitDefender Management Server works, how to install it, how to use it to remotely deploy and manage the BitDefender protection in your network. You will learn how to get the best from BitDefender Management Server and the BitDefender business solutions.
We wish you a pleasant and useful lecture.
2. How to Use This Guide
This guide is organized into several major parts, making it easy to find the information you need.
“About BitDefender Client Security” (p.1)
Learn about BitDefender Client Security, BitDefender Management Server and the BitDefender business security solutions that can be included into the centralized management platform. You are presented with basic information that provides a necessary starting point in working with BitDefender Management Server.
“Installation and Removal” (p.10)
This part contains everything there is to know on installing BitDefender Management Server and its clients. Starting with the prerequisites for a successful installation, you are guided through the whole installation process. If an older version of BitDefender Management Server is already installed in your network,“Upgrading” (p.82)will show you how you can easily upgrade it to the latest version. You can also find information about various post-installation changes or how to remove the installation.
“Configuration and Management” (p.96)
This part shows you how to use BitDefender Management Server and how to configure and manage network protection. Get familiar with the user interface, find out how to easily monitor the network protection status and take corrective actions, how to organize the network computers, how to run configuration policies and network management tasks, how to create network security status or audit reports.
“Policy Templates” (p.198)
Every policy template explained in detail. Refer to this part when you cannot figure out what a specific policy setting does.
“BitDefender Update Server” (p.375)
Find out how to use BitDefender Update Server to set up and manage a local update server for BitDefender updates.
“Getting Help” (p.385)
Where to look and where to ask for help if something unexpected appears.
“Appendices” (p.394)
Appendices provide additional information on particular topics. You can find out about the available network management tasks and report templates, as well as other useful information.
3. Conventions Used in This Guide
3.1. Typographical Conventions
Several text styles are used in the guide for an improved readability. Their aspect and meaning are presented in the table below.
Description Appearance
Syntax samples are printed with monospaced characters.
sample syntax
The URL link is pointing to some external location, on http or ftp servers.
http://www.bitdefender.com
E-mail addresses are inserted in the text for contact information.
This is an internal link, towards some location inside the document.
“Using This Guide” (p.xv)
File and directories are printed using monospaced font.
filename
All the product options are printed using bold characters.
option
Important keywords or phrases are highlighted using bold characters.
keyword
The code listing is printed with monospaced characters.
sample code listing
3.2. Admonitions
The admonitions are in-text notes, graphically marked, bringing to your attention additional information related to the current paragraph.
Note
The note is just a short observation. Although you can omit it, the notes can provide valuable information, such as specific feature or a link to some related topic.
Important
This requires your attention and is not recommended to skip over it. Usually, it provides non-critical but significant information.
Warning
This is critical information you should treat with increased caution. Nothing bad will happen if you follow the indications. You should read and understand it, because it describes something extremely risky.
4. Request for Comments
We invite you to help us improve the book. We have tested and verified all of the information to the best of our ability. Please write to tell us about any flaws you find in this book or how you think it could be improved, to help us provide you with the best documentation possible.
Let us know by sending an e-mail [email protected]. Please write all of your documentation-related e-mails in English so that we can process them efficiently.
1. What Is BitDefender Client Security?
Bitdefender Client Security is a robust and easy-to-use business security and management solution, which delivers superior proactive protection from viruses, spyware, rootkits, spam, phishing and other malware.
Bitdefender Client Security enhances business productivity and reduces management and malware-related costs by enabling the centralized administration, protection and control of workstations inside companies' networks.
2. Architecture and Operation
BitDefender Client Security includes the following components: ● BitDefender Management Server
● The BitDefender client products
● BitDefender Management Agent
● BitDefender Management Console
● BitDefender Deployment Tool
● BitDefender Update Server
2.1. BitDefender Management Server
BitDefender Management Server is the main component of Bitdefender Client Security. Its purpose is to manage all BitDefender security solutions inside a network based on customizable security policies.
Using BitDefender Management Server, you can remotely install and manage BitDefender client products.
Remotely Install and Manage BitDefender Client Products
The "brain" of the product. The policies received from the user through the management console are forwarded to the workstations in order to be executed, while the information received from the workstations is processed by BitDefender Management Server. The information is then forwarded to the management console where it can be viewed and interpreted by the administrator. BitDefender Management
Server can be dynamically extended to perform various other security-related policies that users may need.
Standalone or master-slave configuration. BitDefender Management Server can
be deployed either as a stand-alone security management solution or in a master-slave architecture.
Standalone or Master-Slave Architecture
● In a stand-alone configuration, BitDefender Management Server manages the security of and centralizes security information about client computers.
● In a master-slave architecture, a specific instance of BitDefender Management Server (the master server) manages other instances of BitDefender Management Server (the slave servers).
As slave, BitDefender Management Server acts as stand-alone and also sends centralized information about its managed computers to the master.
As master, BitDefender Management Server does not have its own managed computers, but only those of its slave BitDefender Management Server. Its role is to obtain centralized results regarding the security of all computers in the organization.
Connected to Database. BitDefender Management Server will stay permanently
connected to a database (for example MS SQL Server Database) that stores information about all product configuration files. In this way, BitDefender Management Server can manage a huge amount of information in the shortest possible time.
Password-protected. By default, BitDefender Management Server is password-protected. The default password is: admin. The password can be changed in the BitDefender Management Console.
Note
To manage the BitDefender clients from a workstation other than BitDefender Management Server, you must perform a custom installation of BitDefender Management Server on the respective workstation. For more information, please refer to“Installing
BitDefender Management Console on Administrator's Computer” (p.37).
2.2. BitDefender Client Products
A BitDefender client product is a product that BitDefender Management Server manages remotely , through policies.
Bitdefender Client Security smoothly integrates with and manages: ● Workstation Client Products
BitDefender Business Client Endpoint Security
● Server Client Products (Gateway Level)
Bitdefender Security for Mail Servers (Windows, UNIX) Bitdefender Security for Exchange
● Server Client Products (File Server Level) Bitdefender Security for File Servers (Windows) Bitdefender Security for Samba
Bitdefender Security for SharePoint
2.3. BitDefender Management Agent
BitDefender Management Agent is the component deployed on each workstation that you want to be managed by BitDefender Management Server. It is used to ensure communication between BitDefender Management Server and the BitDefender client products installed on a specific workstation.
It fulfills three main functions:
● queries BitDefender Management Server to learn the security policies that need to be applied to the local workstation.
● applies the security policies received from BitDefender Management Server. ● sends the results of the applied policies to BitDefender Management Server .
2.4. BitDefender Management Console
BitDefender Management Console represents the graphical user interface (GUI), created to allow the administrator to interact with BitDefender Management Server. By using the management console you can:
● visualize the entire network (managed computers, computers that are not currently managed by BitDefender Management Server, computers excluded from management).
● remotely deploy BitDefender Management Agent on detected network computers or on computers from Active Directory.
● remotely deploy BitDefender client products on managed computers.
● set BitDefender Management Server to automatically deploy BitDefender Management Agent and BitDefender Business Client on newly detected computers. ● find out detailed information about a managed computer.
● assign policies to managed computers or to computers from Active Directory in order to configure and even to install BitDefender client products.
● run management tasks on managed computers in order to remotely perform administrative tasks.
● check the results of the assigned policies and network management tasks. ● configure BitDefender Management Server and monitor its activity. ● obtain centralized easy-to-read reports regarding the managed computers. ● remotely remove client products installed on managed computers.
Note
To install only the management console on a workstation you must perform a custom installation of BitDefender Management Server. For more information, please refer to “Installing BitDefender Management Console on Administrator's Computer” (p.37).
2.5. BitDefender Deployment Tool
BitDefender Deployment Tool is an independent component that helps you automatically install, remove or repair BitDefender products on remote network computers. This tool also enables you to create unattended installation packages for use on offline computers (or when remote installation fails).
Note
You can put it on a CD, on a shared folder, send it by e-mail or use a logon script in order to install it on workstations.
2.6. Bitdefender Update Server
BitDefender Update Serveris an independent component that allows you to set up a BitDefender update location within the local network. In this way, you can reduce Internet traffic because only one computer will connect to the Internet to download updates while the others will update from this local mirror. Moreover, updates will be performed faster and even on the computers that are not connected to the Internet.
3. Supported BitDefender Client Products
BitDefender Management Server smoothly integrates with and manages both BitDefender workstation and server security solutions.
3.1. Workstation Client Products
● BitDefender Business Client ● Endpoint Security
BitDefender Business Client
BitDefender Business Client integrates antivirus, firewall, antispam and antispyware modules into one comprehensive workstation security package, tailored to meet the needs of corporate computer users worldwide.
Endpoint Security
Endpoint Security is a fully-automated computer security program, managed remotely by your network administrator. Once installed, it protects you against all kinds of malware (such as viruses, spyware and trojans), network attacks, phishing and data theft. It can also be used to enforce your organization's computer and Internet use policies.
3.2. Server Client Products
● Bitdefender Security for Mail Servers (Windows, UNIX) ● Bitdefender Security for Exchange
● Bitdefender Security for File Servers (Windows) ● Bitdefender Security for Samba
● Bitdefender Security for SharePoint
Security for Mail Servers
Bitdefender Security for Mail Servers protects Windows or UNIX-based mail servers for known and unknown security threats with award winning proactive antivirus, antispyware, antispam, antiphishing, content and attachment filtering technologies. The solution secures organization’s email services and provides increased productivity by blocking spam and providing common centralized management tools.
Security for Exchange
Bitdefender Security for Exchange safeguard’s your organizations critical messaging services to protect against email-borne viruses, spyware and spam. Integrating
seamlessly with Microsoft® Exchange Server, Bitdefender Security for Exchange combines malware protection, antispam, antiphishing, and content filtering technologies to increase productivity and ensure the overall integrity of your email platforms.
Security for File Servers (Windows)
Bitdefender Security for File Servers provides optimized protection of both the server operating system and data file structure for critical back-end systems. Easy to install, configure and maintain via the centralized management console, Bitdefender for File Servers protects against viruses, spyware and rootkits to minimize the impact of malware propagation throughout the network.
Security for Samba
Bitdefender Security for Samba enables organizations to deploy antivirus and antispyware protection for their Samba network shares running on Linux, FreeBSD and Solaris systems. Deployed and maintained centrally within the network, Security for Samba scans cross-platform data structures and file stores for malware, keeping network users safe from virus infection.
Security for SharePoint
Bitdefender Security for SharePoint provides proactive protection of SQL document repositories against known and unknown viruses, spyware, Trojans and root kits. Real-time, optimized session-based scanning of uploaded, downloaded or accessed files helps to prevent Microsoft SharePoint deployments from storing and sharing of infected files within the network.
4. System Requirements
To fulfill its main purpose - centralized administration of all BitDefender security solutions in a network environment - BitDefender Client Security requires a
TCP/IP-based computer network.
Besides this primary requirement, specific system requirements must be met in order for BitDefender Management Server and its client products to operate properly.
4.1. BitDefender Management Server
Before installing BitDefender Management Server, make sure that the following system requirements are met:
● Processor: Intel® Pentium compatible 1.6 GHz (2 GHz multi-core recommended) ● RAM memory:
512 MB (1 GB recommended) for Windows 2000
756 MB (1.5 GB recommended) for Windows XP and Windows 2003
1.5 GB (3 GB recommended) for Windows Vista, Windows 2008, Windows 7, Windows 2012, Window 8, Windows 8.1
● Hard disk space:
1.5 GB (2.5 GB recommended)
For installation or upgrade 3 GB are needed ● Operating system:
Windows 2000 Professional with Service Pack 4 and Update Rollup 1 Version 2 Windows 2000 Server with Service Pack 4 and Update Rollup 1 Version 2 Windows Small Business Server 2003
Windows Server 2003 with Service Pack 2 Windows Server 2003 R2
Windows Server 2008 Windows Server 2008 R2
Windows Small Business Server 2008 Windows Server 2012
Windows Server 2012 R2
Windows XP with Service Pack 2 or Service Pack 3 Windows Vista with Service Pack 1 or Service Pack 2 Windows 7
Windows 8 Windows 8.1 ● Database:
Microsoft SQL Server 2005 / SQL Server 2005 Express Edition (included in the installation kit)
4.2. BitDefender Management Agent
Before deploying BitDefender Management Agent on a remote computer, make sure that the following system requirements are met:
● Processor: Intel® Pentium compatible processor 1 GHz (1.6 GHz recommended) ● RAM memory:
512 MB for Windows 2000, Windows XP, Windows 2003
1 GB (1.5 GB recommended) for Windows Vista, Windows 2008, Windows 7, Windows 2012, Window 8, Windows 8.1
● Hard disk space: 100 MB (200 MB recommended) ● Operating system:
Windows 2000 Professional with Service Pack 4 and Update Rollup 1 Version 2 Windows 2000 Server with Service Pack 4
Windows Small Business Server 2003 Windows Server 2003 with Service Pack 2 Windows Server 2003 R2
Windows Home Server Windows Server 2008 Windows Server 2008 R2
Windows Small Business Server 2008 Windows Server 2012
Windows Server 2012 R2
Windows XP with Service Pack 2 or Service Pack 3 Windows Vista with Service Pack 1 or Service Pack 2 Windows 7
Windows 8 Windows 8.1
Linux 2.4.x or 2.6.x with glibc 2.3.1 or newer and libstdc++5 from gcc 3.2.2 or newer
4.3. BitDefender Management Console
Before installing BitDefender Management Console, make sure that the following system requirements are met:
● Processor: Intel® Pentium compatible processor 1 GHz (1.6 GHz recommended) ● RAM memory:
512 MB (1 GB recommended) for Windows XP, Windows 2000, Windows 2003 1.5 GB (2 GB recommended) for Windows Vista, Windows 2008, Windows 7, Windows 2012, Windows 8, Windows 8.1
● Hard disk space:
500 MB (1 GB recommended)
For installation or upgrade 2 GB are needed ● Operating system:
Windows 2000 Server with Service Pack 4 and Update Rollup 1 Version 2 Windows Server 2003 with Service Pack 2
Windows Server 2008 Windows Server 2008 R2
Windows Small Business Server 2008 Windows Server 2012
Windows Server 2012 R2
Windows XP with Service Pack 2 or Service Pack 3 Windows Vista with Service Pack 1 or Service Pack 2 Windows 7
Windows 8 Windows 8.1
● Software: Internet Explorer 6.0(+); Microsoft Management Console (MMC) 3.0(+) ● Minimum resolution: 1024x768 / 16 bit
4.4. BitDefender Business Client
Before deploying this client product, make sure that the following system requirements are met:
● Processor:
Intel® Pentium compatible processor
500 MHz (800 MHz recommended) for Windows 2000 800 MHz (1 GHz recommended) for Windows XP
1 GHz (dual-core recommended) for Windows Vista, Windows 7 ● RAM memory:
256 MB (512 MB recommended) for Windows 2000 512 MB (1 GB recommended) for Windows XP
1 GB RAM (1.5 GB recommended) for Window Vista, Windows 7 ● Minimum hard disk space: 1 GB
● Operating system:
Windows 2000 Professional with Service Pack 4 and Update Rollup 1 Version 2 Windows XP with Service Pack 2 or Service Pack 3
Windows Home Server
Windows Vista with Service Pack 1 or Service Pack 2 Windows 7
4.5. Endpoint Security
Before deploying this client product, make sure that the following system requirements are met:
● Intel® Pentium compatible processor:
Workstation Operating Systems
– 1 GHz or faster for Microsoft Windows XP SP3, Windows XP SP2 64 bit and Windows 7 Enterprise (32 and 64 bit)
– 2 GHz or faster for Microsoft Windows Vista SP1 or higher (32 and 64 bit), Microsoft Windows 7 (32 and 64 bit), Microsoft Windows 7 SP1 (32 and 64bit), Windows 8, Windows 8.1
Server Operating Systems
– Minimum: 2.4 GHz single-core CPU
– Recommended: 1.86 GHz or faster Intel Xeon multi-core CPU ● RAM memory: 512 MB minimum, 1 GB recommended
● Minimum hard disk space: 1 GB ● Operating System:
Windows Small Business Server 2003 Windows Server 2003 with Service Pack 1 Windows Server 2003 R2
Windows Home Server Windows Server 2008 Windows Server 2008 R2
Windows Small Business Server 2008 Windows Small Business Server 2011 Windows Server 2012
Windows Server 2012 R2
Windows XP with Service Pack 2 64 bit Windows XP with Service Pack 3 Windows Vista with Service Pack 1 Windows 7
Windows 8 Windows 8.1
4.6. BitDefender Management Server Installed
together with Endpoint Security
To install BitDefender Management Server together with Endpoint Security, make sure that the following system requirements are met:
Note
Installing Endpoint Security on the same machine with BitDefender Management Server will only install the Antimalware module of Endpoint Security.
● Processor: Intel® Pentium compatible 1.6 GHz (2 GHz multi-core recommended) ● RAM memory:
1.2 GB (2 GB recommended) for Windows XP and Windows 2003
2 GB (3.5 GB recommended) for Windows Vista, Windows 7, Windows 8, Windows 2008 / 2008 R2, Windows Server 2012
● Hard disk space:
2.5 GB (3.5 GB recommended)
For installation or upgrade 4 GB are needed ● Operating system:
Windows Server 2008 Windows Server 2008 R2
Windows Small Business Server 2008 Windows Server 2012
Windows Server 2012 R2
Windows XP with Service Pack 2 or Service Pack 3 Windows Vista with Service Pack 1 or Service Pack 2 Windows 7
Windows 8 Windows 8.1
4.7. BitDefender Update Server
You can install BitDefender Update Server on any computer running Windows 2000 or a newer Windows operating system.
Supported browsers (for configuration and management): ● Internet Explorer 6 (+) for Windows 2000
● Internet Explorer 7 (+) for Windows operating systems newer than Windows 2000 ● Mozilla Firefox 2.0 (+)
5. Before You Start the Deployment
5.1. BitDefender Client Security Basics
BitDefender Client Security is a network security solution aimed at all types of businesses. Five main components are of interest for the deployment:
● BitDefender Management Server, which allows you to centrally manage the Bitdefender security solutions in your network.
● BitDefender Management Console, which is the graphical interface of BitDefender Management Server.
● BitDefender Management Agent, the local management component installed on all managed computers, which ensures communication between the managed computers and BitDefender Management Server.
● Endpoint Security, which is a fully-automated computer security program, managed remotely by your network administrator. Once installed, it protects you against all kinds of malware (such as viruses, spyware and trojans), network attacks, phishing and data theft. It can also be used to enforce your organization's computer and Internet use policies.
● BitDefender Business Client, which protects workstations against a wide range of security threats. If you also want to protect servers and manage their protection, you must add support for the BitDefender server security solutions.
BitDefender Management Server communicates, through specific ports, with the BitDefender Management Agent components, BitDefender Management Console and with other BitDefender Management Server products installed in the network. These ports must not be used by any other application installed in the network. Access to them must also be allowed by the local firewalls.
These are the default communication ports:
● 7072 - the communication port between BitDefender Management Server and BitDefender Management Agent. This port must be allowed on all network computers. ● 7071 - the communication port between BitDefender Management Server and BitDefender Management Console. This port must be allowed on all BitDefender Management Server computers and on all computers on which you install BitDefender Management Console.
● 7073 - the communication port between a master and a slave instance of BitDefender Management Server. This port must be allowed on all BitDefender Management Server computers.
The default port on which BitDefender Update Server accepts connections from clients is 7074. The BitDefender Update Server port must not be used by other applications installed on the system.
Note
For detailed information on the components and operation of BitDefender Client Security, please refer to“Architecture and Operation” (p.3).
5.2. Single or Multi-Server Deployment?
The answer to this question depends on the size and complexity of your network. You must consider the following:
● A standard, single-server deployment of BitDefender Management Server can support up to 1,000 client computers, all managed by and reporting to the single server.
● In master-slave configuration, it is recommended to have a maximum of 3,500 clients by using up to 7 slave servers reporting to a master server, with each slave managing up to 500 computers.
● In very large networks (more than 3,500 computers), multiple master-slave deployments can be used to provide total coverage.
5.3. How You Deploy a Single-Server Configuration
These are the steps you must follow to successfully deploy BitDefender Client Security: 1. Install the central management component (BitDefender Management Server).
Install BitDefender Management Server on the desired computer using the installation CD/DVD or the installation file downloaded from the BitDefender website. To install the support files for BitDefender's Windows server solutions, you must choose the custom setup type and, afterwards, select to install the corresponding add-on. For detailed information, please refer to“Installing BitDefender Management Server” (p.22).
After you install BitDefender Management Server, you will be able to deploy and manage workstation protection from the management console.
2. Prerequisites. Ensure that your network satisfies all prerequisites. This is important because if your network fails to meet some of the prerequisites, installation may fail (for example, you may not succeed in installing the Client components on some computers). For detailed information on prerequisites, please refer to“Step 1 -Prepare Computers for Deployment” (p.40).
3. Install the local management component (BitDefender Management Agent). Deploy BitDefender Management Agent on workstations and servers. This is done from the management console. BitDefender Management Agent will handle the installation and management of the workstation security component on the
workstation. For detailed information, please refer to“Step 2 - Define Managed Computers” (p.41).
4. Install the workstation security component (Endpoint Security). Install the workstation security component on the client workstations. This is done from the management console. You just have to run a Endpoint Security policy on the workstations. For detailed information, please refer to “Step 3 - Deploy Client Products” (p.43).
5. Extending protection and management to Windows servers. To enable remote deployment and management of the BitDefender security solutions for Windows servers, you must install BitDefender Management Server together with the corresponding add-on available in the installation file. Once the add-on is installed, there are two ways to install and centrally manage the BitDefender security solutions for Windows servers:
● On Windows servers with BitDefender Management Agent installed, you can remotely deploy the security solution using BitDefender Management Server. The deployment is similar to that of the workstation security component: from the management console, run a policy of the server security solution on the desired server.
● Install the security solution on the Windows server using the BitDefender Security for Windows Servers installation file. If BitDefender Management Agent is already installed on the server, the server security solution immediately integrates with BitDefender Management Server. Otherwise, integration occurs as soon as you install BitDefender Management Agent on the server. This is useful if the BitDefender server security solutions are already installed on the servers. 6. Extending protection and management to Unix-based servers. To secure your
organization's Unix-based servers with BitDefender solutions and to manage their protection using BitDefender Management Server, you must follow these steps: A. Install the Unix add-on on the BitDefender Management Server computer (either
the 32-bit or the 64-bit version, depending on the computer platform).
B. Install BitDefender Security for Mail Servers and BitDefender Security for Samba on your Unix-based servers, as needed. These security solutions cannot be remotely deployed, so you will have to install them manually.
C. For each security solution installed, configure the integration with BitDefender Management Server.
For detailed information, please refer to “Adding Support for Unix-based Server Security Solutions” (p.35).
5.4. How You Deploy a Multi-Server Configuration
When deploying multiple instances of BitDefender Management Server, it is recommended to set them up in a master-slave configuration.
BitDefender Management Server provides great scalability through the master-slave configuration. The master-slave configuration is recommended to be used in two standard situations:
1. Your network consists of more than 1000 computers. This is the maximum number of computers that can be managed by a BitDefender Management Server instance. In this case, you divide the network into several subnetworks and install a BitDefender management server for each subnetwork. These are called slave servers. An additional management server will be installed in order to manage all slave servers. This is the master server. A master server cannot manage client products of its own, but only the client products managed by the slave servers. 2. Several networks from different geographical areas must be managed. This is the
typical case of businesses having offices in several cities or countries. In this case, you install a slave server in the network of each office. In the headquarter network, you install a slave server and a master server. The master server will manage all slave servers, including the slave server installed in the headquarter network. Of course, a mix of these scenarios can be used. For example, the headquarter network from the second situation may be very large. In this case, you will deploy several slave servers in the headquarter network along with the master server.
The deployment of the slave servers is similar to that presented in“How You Deploy a Single-Server Configuration” (p.17). Repeat the respective procedure for each slave server. After you have deployed all slave servers, proceed to installing the master server. To install the master server, you must choose to perform a custom installation in the setup wizard. Once you have installed the master server, you must connect to each slave server and register it to the master server (right-click the server name in the tree menu and select Register to Master server).
5.5. Active Directory Networks
BitDefender Management Server integrates with Active Directory to leverage existing Windows domain structure and group policies. This makes client deployment considerably easier.
Integration with Active Directory is done through theNetwork Buildertool. This tools enables you to import an existing Active Directory structure (computers and groups) and deploy BitDefender Management Agent on all network computers. You can then assign appropriate security policies to each group.
You will consider Active Directory integration only after installing BitDefender Management Server (when you get to the client deployment stage). For more information, please refer to“Installing Client Products” (p.40).
5.6. Integration of the BitDefender Solutions for
Server Systems
BitDefender Client Security is designed primarily for workstation protection and management. You can extend the BitDefender Management Server capabilities to include management of the BitDefender's server security solutions by installing add-ons. Two add-ons are available: one for the BitDefender Security for Windows Servers solutions and the other for Unix-based server solutions.
● The BitDefender Security for Windows Servers add-on is included directly in the BitDefender Management Server installation package. When you install BitDefender Management Server, you must choose the custom setup type in order to install the add-on. More information is provided in section “Custom Installation (With Screenshots)” (p.24). To install the add-on later, you must modify the BitDefender Management Server installation. For more information, please refer to“Modifying BitDefender Management Server Installation” (p.90).
Clients are installed the same way as the workstation clients or by deploying BitDefender Management Agent on computers on which a BitDefender Security for Windows Servers solution is already installed. For more information, please refer to“Installing Client Products” (p.40).
● The add-on for Unix-based server solutions is distributed as a separate installation package. You can download it from the BitDefender Client Security download section (the download link is e-mailed to you after you fill in a request on theBitDefender website). The add-on can be installed at any time after installing BitDefender Management Server, without disturbing its operation. Find out how to install the add-on and clients in section “Adding Support for Unix-based Server Security Solutions” (p.35).
Once the add-ons are installed, new categories of policies and reports will be available in the BitDefender Management Server console for the server security solutions. You can configure and manage these solutions the same way as the Windows workstation client (Endpoint Security).
5.7. Integrating BitDefender Antivirus for Mac into
the Centralized Reporting Platform
For comprehensive information on the network security status, you can include your Mac computers into the centralized reporting platform of BitDefender Management Server.
All you have to do is install the business edition of BitDefender Antivirus for Mac on your Macs. The business edition includes a built-in agent that will report status information to BitDefender Management Server. The agent settings will be configured during installation.
To find out how to install the business edition of BitDefender Antivirus for Mac, please refer to its Administrator's Guide. Remote installation is possible using Apple Remote Desktop or a script.
An important thing to consider is that BitDefender Antivirus for Mac licenses are not managed by BitDefender Management Server. You need a separate license key to register your BitDefender Antivirus for Mac installations.
6. Installing BitDefender Management Server
In order to install BitDefender Management Server, you need a setup file or an installation CD containing the installation package.
You can download the setup file from the BitDefender website:
http://www.bitdefender.com. Follow the links to download an evaluation version of BitDefender Client Security, the business security solution that integrates BitDefender Management Server. You will have to fill in a form and you will receive an e-mail at the address you have provided in this form. The e-mail contains a link to the download location.
Depending on the computer platform on which you install BitDefender Management Server, choose the 32-bit or the 64-bit version of the setup file. You must also specify if you want to manage BitDefender security solutions for Unix servers using BitDefender Management Server. To manage them, additional support files must be installed in BitDefender Management Server (you will be provided with an additional Server Add-on setup file).
Note
The add-on for BitDefender Security for Windows Servers is included in the BitDefender Management Server installation file.
The installation package contains the following components: ● BitDefender Management Server
● BitDefender Security for Windows Servers (Server Add-On) ● BitDefender Management Console
● BitDefender Update Server
Except for the BitDefender Security for Windows Servers add-on, all of these components are installed by default. If you want to install BitDefender Management Server together with the add-on, you must perform a custom installation.
6.1. Choosing and Preparing a Computer for
Installation
You can install BitDefender Management Server on a dedicated computer or on one of your organization's servers. If you install BitDefender Management Server on a computer running a server operating system, you will have to protect that computer with a server security solution, such as BitDefender Security for File Servers, or with Endpoint Security, able to protect both desktop and server systems. You will not be able to install BitDefender Business Client on such a computer.
Use these guidelines to choose and prepare a computer for installing BitDefender Management Server:
1. Make sure the computer meets the corresponding system requirements. System requirements can be found in chapter“System Requirements” (p.11).
2. It is recommended that the computers on which you install BitDefender Management Server have a static IP. Depending on whether the IP address changes or not in time, the management server identity must be configured differently when deploying BitDefender Management Agent. More information is provided in section“Step 2 -Define Managed Computers” (p.41).
3. Recommendations for improved performance in large networks (with more
than 500 computers).
● For single-server deployments with more than 500 clients, it is recommended to use a more powerful system and Microsoft SQL Server's Standard or Enterprise Edition (especially if you plan to use the network audit feature intensively). ● For master-slave deployments with more than 1,000 clients, it is recommended
to use a more powerful system and Microsoft SQL Server's Standard or Enterprise Edition for the master server.
6.2. Default Installation
The default installation installs a predefined configuration of BitDefender Management Server together with BitDefender Update Server. Choosing this option will install BitDefender Management Server as a single (stand-alone) server and an instance of Microsoft SQL Server 2005 Express Edition. The BitDefender Management Server components will be using the default communication ports (as displayed in the last window of the setup wizard).
Important
Support for the BitDefender Security for Windows Servers solutions is not included in the default installation. To remotely install and manage these solutions using BitDefender Management Server, you must perform a custom installation.
To perform a default installation:
1. Please note that you need at least 3 GB of free space on the system partition, or otherwise the installation will likely fail.
2. Locate the installation file on the computer and double-click it to start the installation wizard. If you have an installation CD/DVD, insert it into the drive and follow the on-screen instructions to start installation.
Note
Before launching the setup wizard, BitDefender will check for newer versions of the installation package. If a newer version is available, you will be prompted to download it. Click Yes to download the newer version or No to continue installing the version then available in the setup file.
4. Please read the License Agreement, select I accept the terms in the License
Agreement and click Next.
5. Click Default.
6. Configuration needed in rare situations. If the default communication ports of the BitDefender Management Server components or of BitDefender Update Server are in use, you will be prompted to configure new ports. Find out more in
“BitDefender Client Security Basics” (p.16). Configure requested ports and click Next.
Important
Please take the following into account: ● Provide port values between 1 and 65535.
● These ports must not be used by any other application installed in the network. Access to them must also be allowed by the local firewalls.
● Write down or keep a record of these port numbers. You will need them later. 7. Click Install.
8. Wait until the installation is completed and then click Finish.
6.3. Custom Installation (With Screenshots)
Custom installation is needed in particular situations or if you want to configure installation options in detail. Choose the custom installation if you want to:
● install BitDefender Management Server together with the add-on that provides support for remote deployment and management of the BitDefender security solutions for Windows servers. This add-on is not installed by default.
● install only the management console on your administrative PC or laptop. In this way, you can remotely access BitDefender Management Server.
● install BitDefender Management Server as a master or as a slave server in order to deploy amaster-slave architecture.
● configure specific communication ports for the BitDefender Management Server components.
● use an existing database to manage the data needed by BitDefender Management Server. Supported databases: Microsoft SQL Server 2005 / SQL Server 2005 Express Edition / Microsoft SQL Server 2008.
● install BitDefender Update Server separately, on a dedicated computer. To perform a custom installation:
1. Please note that you need at least 3 GB of free space on the system partition, or otherwise the installation will likely fail.
2. Locate the installation file on the computer and double-click it to start the installation wizard. If you have an installation CD/DVD, insert it into the drive and follow the on-screen instructions to start installation.
Note
Before launching the setup wizard, BitDefender will check for newer versions of the installation package. If a newer version is available, you will be prompted to download it. Click Yes to download the newer version or No to continue installing the version then available in the setup file.
3. Follow the wizard steps. Detailed instructions with screenshots are provided hereinafter.
For quick instructions on the custom installation of particular package components, please refer to“Installing Components Separately” (p.37).
6.3.1. Step 1 - Welcome Window
This welcome window describes the main benefits of using BitDefender Management Server.
Welcome Window
Click Next. A new window will appear.
6.3.2. Step 2 - Read the License Agreement
This window provides you with the License Agreement accompanying BitDefender Management Server.
License Agreement
Please read the License Agreement, select I accept the terms in the License
Agreement and click Next. A new window will appear.
Note
If you do not agree to these terms click Cancel. The installation process will be abandoned and you will exit setup.
6.3.3. Step 3 - Choose Installation Type
This window allows you to choose the type of installation to be performed.
Installation Type
6.3.4. Step 4 - Customize Installation
This window allows you to choose which components of the installation package to be installed.
Custom Installation
The installation package contains the following components: ● BitDefender Management Server
BitDefender Security for Windows Servers (Server Add-On) ● BitDefender Management Console
● BitDefender Update Server
The components can be installed on the same computer or on separate computers. The only restriction is to install BitDefender Management Server together with BitDefender Management Console.
Note
The computer on which you perform the installation must meet the system requirements of every component that will be installed. System requirements can be found in chapter “System Requirements” (p.11).
If you click any component name, a short description (including the minimum space required on the hard disk) will appear on the right side. By clicking any component icon, a menu will appear where you can choose whether to install or not the selected component.
BitDefender Management Server will be installed in ?:\Program Files\BitDefender\BitDefender Management Server.
