Skip to main content

Update GravityZone to version 6.21.1-1

Why updating?

Ubuntu 16.04 LTS, the underlying operating system of GravityZoneGravityZone, becomes officially EOL on April 30th, 2021. This means it will stop receiving critical fixes and security patches, exposing users to potential threats. We, at Bitdefender, take all measures to ensure you are provided with best security. Thus, we are migrating to Ubuntu 20.04 LTS, which is newer, safer, and long term supported version.

To keep your network fully protected, you are advised to update GravityZone as soon as possible. Find out all the details further in this article.

How will it happen?

Between 9th and 30th of March 2021, we are rolling out the GravityZone update in more stages, depending on the number of protected endpoints and GravityZone architecture. Once the update becomes available to you, follow the guidelines in this article to proceed.

The process is performed in phases. GravityZone first upgrades the operating system to 18.04 LTS, then to 20.04 LTS, under Ubuntu official recommendation. The process happens transparently, with no user intervention.

Automatic GravityZone product updates are disabled for this update. If you had them enabled, they will be automatically re-enabled when the update is complete.

The update may last from 30 minutes up to a couple of hours, depending on your hardware capabilities.

In GravityZone environments with a single appliance having all roles, the endpoints may remain unprotected during the OS upgrade process if they use Central Scan without fallback.

During the update:

  • Access to Control Center is restricted to all users.

  • You will be able to view update progress and statuses for each appliance.

  • In the backend, GravityZone will perform the following actions:

    • Stop the existing services

    • Back up the database

    • Update MongoDB to version 4.4

    • Uninstall Bitdefender packages and dependencies

    • Update Ubuntu to version 18.04 LTS

    • Update Ubuntu to version 20.04 LTS

    • Reinstall Bitdefender packages and dependencies

    • Change repositories to receive Ubuntu 20.04 updates and patches

  • The appliances will automatically reboot two times, after each OS upgrade.

When the update is complete, you can log in again to Control Center using your credentials.

Remember that all Bitdefender packages are reinstalled according to pre-upgrade GravityZone profile. All other custom packages must be reinstalled manually.

What do you need to do?

Best practices

  • Take snapshots to the GravityZone appliances before you run the update. This is the only way to recover your GravityZone environment if issues occur.

    If you are not sure about taking snapshots in your hypervisor, contact Bitdefender Enterprise Support team.

  • In Control Center, enable the following notifications:

    • Update Available, with the option Show console update.

      This notification informs you when the update is available to you.

    • GravityZone Update, with the option Send per email.

      This notification informs you on your email when the update ends.

Prerequisites

  • All GravityZone appliances, if more than one, must be powered on.

  • All GravityZone appliances must be able to communicate with each other.

  • Your GravityZone appliances must be using Ubuntu 16.04 LTS.

  • Your GravityZone current version must be 6.20.1-1, the last one before this update.

    Older versions are not compatible for OS upgrade. In this case, you need to run the pending GravityZone update.

  • Each appliance must have at least 5 GB free disk space.

    On the appliances with Database Server role, the amount of free space required depends on the database size. GravityZone will inform you if enough free space is available before the update.

  • No third party packages installed.

    Uninstall any additional packages you have besides the ones delivered by default with GravityZone. You can install them back after the update is complete.

  • All appliances must use only the official Bitdefender repositories.

    If you use additional repositories, save them to a remote location and remove them from the files. You can restore them after the update. The paths to the repository files are:

    /etc/apt/sources.list

    /etc/apt/sources.list.d/

  • Mind any warnings or errors regarding hardware and configuration requirements, which appear in the Configuration > Update > GravityZone roles page of Control Center. If requirements are not met, the Update button is disabled.

Upgrade GravityZone to use Ubuntu 20.04

The upgrade process varies on whether your GravityZone is installed in an online or offline environment.

For online GravityZone environments

  1. Log in to Control Center.

  2. Go to Configuration > Update > GravityZone roles page.

  3. Click the Update button.

  4. Confirm you are ready to proceed.

For offline GravityZone environments

Important

All CLI commands must run with root privileges.

  1. Download the GravityZone image from here.

  2. Install and configure a new online GravityZone instance using the image previously downloaded.

    For more information, refer to GravityZone products offline update, the Set up the online GravityZone instance section.

  3. Create a full archive (product and signatures) and move it to the offline instance following the steps described in section Configure and download the initial update files of GravityZone products offline update.

  4. Wait until the archive is unpacked. In maximum 30 minutes the update becomes available.

  5. Log in to the offline instance of GravityZone Control Center.

  6. Go to Configuration > Update > GravityZone roles page.

  7. Click the Update button and confirm you are ready to proceed.

    Note

    If your GravityZone version is older than version 6.20.1-1, you need to run two updates: first to bring your GravityZone to this version, and second to update the OS.

    After the first update, wait until repositories have finished mirroring. Meanwhile, you may notice the following error: "Downloading the update files. If this state persists, check the network connection of the Update Server", informing you that GravityZone is not ready for the update.

    error_repo_mirror_EN.png
  8. When the update is complete and GravityZone is at version 6.21.1-1, copy the /opt/bitdefender/share/gzou/snapshots/gzou-bootstrap file from the online instance to /opt/bitdefender/share/gzou/snapshots/ on the offline instance.

    Important

    The update archive must be in this directory as well. Otherwise, gzou-bootstrap will not work.

  9. Transform the gzou-bootstrap file into an executable:

    # chmod +x gzou-bootstrap
  10. Run gzou-bootstrap:

    # ./gzou-bootstrap

Questions & answers

Q1: Why am I not able to see the notification banner?

A: You have a console older than version 6.18-1.1. You must first update to version GravityZone 6.20.1-1. After that, you are eligible for updating to version 6.21.1-1.

Q2: Why don’t I see the Update button?

A: The GravityZone update is released in stages, depending on the number of protected endpoints, whether the GravityZone architecture is all-in-one or distributed, or if the environment is isolated. If you cannot see the Update button, the update was not released yet for the stage you are in.

Q3: Why isn’t the update starting when I click on Update button?

A: Most probably pre-requirements conditions are not met, check the errors and warnings which appear in the Configuration > Update > GravityZone roles page.

Q4:  Where are the upgrade packages for the GravityZone components stored?

A: The OS upgrade packages are mirrored on the GravityZone Update Server. Make sure all appliances have network connection with the Update Server.

Q5: Does the OS update cover all the roles including Report Builder and EDR incidents?

A: YES, all roles are covered in this update.

Q6: Will the update work independently from the patch level - different patch levels of Ubuntu 16.04 to 20.04 and different kernel versions?

A:  For the update to start, all appliances should run the latest GravityZone version with Ubuntu 16.04 and all packages should be updated to the latest Ubuntu 16.04 LTS version. We do not support Ubuntu minor releases for the console.

Q7: What is the required space on the Update Server to host the Ubuntu 20.04 repositories?

A: The Update Server should have minimum 5 GB of free disk space.

Q8: How long will the GravityZone update last? What should be the expected downtime?

A: The update consists of two important steps:

  1. Mirroring repositories on the Update Server

  2. The appliance update

In a distributed environment, the downtime is estimated at 3 hours. The update duration depends on the GravityZone setup (number of web consoles, database size and configuration, etc.).

In an all-in-one environment, the downtime is around 30 minutes.

Q9:  What happens if I don’t uninstall custom repositories and third-party packages before the update?

A: We advise you to remove all third-party repositories and packages before the update. Otherwise, the update will not start. If you remove only custom repositories, without uninstalling all packages, during the update all third-party packages will be uninstalled. You will be able to reinstall them after the update is complete.

Q10: Do I receive an email notification if I have Automatic updates enabled?

A: A warning will be displayed in the console and an email will be sent only if you are in the eligible stage.

Q11: Will I be able to see the progress status of the update?

A: The progress status will show the current step of the update process. For AIO environments, the update process has 74 steps, while for the distributed environments the process has 90 steps. More steps add if you also have Report Builder.

Q12: How do I monitor status of the update?

A: The console displays a progress status. You can also use the CLI command in tty2:

gzcli update status

Q13: Can I manually install GravityZone using the repositories?

A: When the virtual environment uses an unsupported format, such as Amazon AMI, you can do a manual install, following these guidelines.

Q14: Where can I find the new images running Ubuntu 20.04?

A: All images (OVA, VHD, VMDK, etc.) are already available here.