Directly contact our Support Team

GravityZone products offline update

The GravityZone default update system requires an internet connection. When using GravityZone in an isolated network, you need to make the components and signature updates available offline as well. The information exposed hereinafter helps you configure a GravityZone offline update system for an isolated network environment.

To update one or several offline GravityZone instances located in an isolated network, you will need an additional online GravityZone instance deployed in a network with internet access, named hereinafter “online instance”. The online instance will serve as update source for the offline instances.

At first, you will have to run an initial setup of both online and offline instances. Once the offline update system is ready, you will be able to update regularly your isolated GravityZone environment.

The GravityZone offline update system includes the following phases:

GravityZone offline update

Prerequisites

  • A GravityZone instance installed in a network with internet access (online instance). The online instance must have:
    • Direct internet access
    • Access on ports 80 and 443 (more about ports used by GravityZone in this KB article)
    • Only the Database and Update Server installed roles
  • One or several GravityZone instances installed in a network without internet access (offline instances)
  • Both GravityZone instances must have the same appliance version

Set up the online GravityZone instance

During this phase, you will deploy a GravityZone instance to a network with internet access, and then configure it to perform as offline update server.

  1. Deploy GravityZone to a machine with internet connection.
  2. Install only the Database and Update Server roles.
  3. Access the machine’s TTY terminal in your virtual environment (or connect to it via SSH).
  4. Log in with the bdadmin user and the password you have set.
  5. Run the command sudo su to gain root privileges.
  6. Run the following commands to install the offline gzou-mirror package:
    apt-get update
    apt-get dist-upgrade
    apt-get install gzou-mirror
    The gzou-mirror package has the following roles:
    • Configure the Update Server to generate automatically offline update archives.
    • Set up a web service to the online instance, providing configuration and download options for the offline update archives.

Configure and download the initial update files

During this phase, you will configure the update archive settings via the web service installed on the online instance, and then create the archive files required for setting up the offline instance. Then, you will have to download the update files and place them to a portable media device (USB stick).

  1. Access the web service through a URL of this form: https://Online-Instance-Update-Server-IP-or-Hostname, with the username bdadmin and the password you have set.
    GravityZone instance  Web Service
     
  2. Configure the offline update archive as follows:
    • Under Kits: select the endpoint agent kits you want to include in the offline update archive.
    • Under Settings, edit your update archive preferences.
      A CRON job installed on the online instance will check every minute if there are new update files available and if the free disk space is bigger than 10GB. At each period set by the Archive creation interval (in hours) option, the CRON job will create the following files:
      • Full archive (product + signatures), when new update files are available
      • Lite archive (signatures only), when there are no new update files
      The archives will be created in the following location:
      https://Online-Instance-Update-Server-IP-or-Hostname/snapshots
  3. Click Create > Full archive to create the first full archive. Wait until the archive is created.
    Create the update archive on GravityZone instance web service
  4. Download the full update archive and the gzou-bootstrap file from the online instance. You have several options at hand:
    • Via the web service: click Download archives to access the page containing the links to the update files. Click the full update archive and the gzou-bootstrap file links to download them on your endpoint.
    • Use your preferred SCP/SCTP client (WinSCP, for example) to establish a SCP session with the online instance and transfer the abovementioned files to any location in your online network. The default path on the online instance is:
      /opt/bitdefender/share/gzou/snapshots
      Transfer files from GravityZone online instance via SCP
    • Via SAMBA share. Use a read-only SAMBA share to retrieve the offline update archives from the following location:
      \\Online-Instance-Update-Server-IP-or-Hostname\gzou-snapshots
      note Note:

      The credentials for accessing the SAMBA share, if requested, are the same with the online instance credentials (bdadmin user and password).

Set up the offline GravityZone instance

During this phase, you will deploy and configure the offline instance to receive updates via the archives generated by the online instance. Unless stated otherwise, all commands must be run as root.

  1. Deploy GravityZone to a machine from the isolated environment.
  2. Install only the Database and Update Server roles.
  3. Transfer the update archive and the gzou-bootstrap file downloaded from the online instance to the /home/bdadmin directory of the offline instance using a portable media device (USB stick).
    important Important:

    For the offline update to work, make sure that:

    • The update archive and the gzou-bootstrap file are in the same folder.
    • The update archive is a full archive.
  4. Execute the gzou-bootstrap file as follows:
    1. Access the machine's TTY terminal in your virtual environment (or connect to it via SSH).
    2. Transform the gzou-bootstrap file into an executable: chmod +x gzou-bootstrap
    3. Run: ./gzou-bootstrap
  5. Choose the method of transferring the update archives to the offline instance:
    1. Select Windows shared folder (Samba share). In this case, you will have to specify the path to a Windows share from the isolated network, where the offline instance will automatically connect to retrieve the update archives. Enter the credentials required to access the specified location.
    2. Select SCP if you will manually transfer the files to the /opt/bitdefender/share/gzou/snapshots/ folder of the offline instance via SCP.
      Set up the transfer of update archive to GravityZone offline instance
       
    3. note Note:

      If you want to change the transfer method at a later time:

      1. Access the offline instance's TTY terminal in your virtual environment (or connect to it via SSH).
      2. Log in with the bdadmin user and the password you have set.
      3. Run the command sudo su to gain root privileges.
      4. Run:
        rm -f /opt/bitdefender/etc/gzou-target.json
        dpkg-reconfigure gzou-target
        A configuration dialog will appear where you can make the changes that you want.
  6. Switch to the offline GravityZone console command line and install the rest of the roles.
  7. Access the offline console from your web browser and insert your license key (in offline mode).

Using offline updates

Once you have set up the GravityZone instances, follow these steps to update your offline installation:

  1. Download the latest offline update archive from the online instance to your preferred network share, as described in phase 3.
  2. Use a USB stick to transfer the update archive to the configured Samba share from the isolated network, as described in phase 4.
    The files will be automatically pulled into the following offline instance directory:
    /opt/bitdefender/share/gzou/snapshots/

For more information about updating GravityZone, refer to the GravityZone Installation Guide.


Rate this article:

Submit