Table of Contents
The GWDG operates a Gravity Zone Appliance from the manufacturer “Bitdefender” for the Georg-August-Universität Göttingen. As an administrator, you can manage the computers of your institute via a web console and configure the malware protection.
The use of Bitdefender requires a central administration; a local configuration of clients is not possible. For this reason, your institute's IT managers are responsible for installation and administration. For computers that are not managed by your institute, it is possible to perform an installation with our default settings. In this case, however, you will have to do without your own configuration options.
The software may only be used on service devices of employees of the Georg-August-University. Unfortunately, use by students is not possible. For the protection of private devices, Microsoft Defender, which is integrated in current Windows operating systems, is always available in addition to various purchasable software.
Contact: You can reach us by email at epp@gwdg or on the Rocketchat channel #gwdg-epp.
Info-Pad: Our Info-Pad (in German) provides up-to-date information and guides concerning installation, administration and troubleshooting.
To use Bitdefender, make sure clients can reach the network 220.127.116.11/28 via ports 443, 7074, 7081, 7083, 8080, 8443, 8444.
For the initial installation, your device must be connected to GÖNET, either via the university network or VPN. After that, you can configure your policy to enable your client to connect from anywhere via our Internet relay (automatically set if you are using the default GWDG policy).
A group policy (GPO) is available for installing the Bitdefender client (“Bitdefender Endpoint Security Tools”, BEST for short) on systems in Active Directory. The data centers or owners of domains that are not managed by the GWDG can independently control the distribution of the software by assigning it to their organizational units in the AD. Please use the GPO “GWD Bitdefender Deploy” from the domain top.gwdg.de or create and use a copy of the GPO in your AD domain.
Information for IT Managers
In order to manage your clients via the Bitdefender Console, you must first send an email to firstname.lastname@example.org containing your administrative account (typically starting with a “0”).
If you want to manage clients in Active Directory (AD), please also tell us the domain and organizational units (OUs) you are responsible for.
If you want to manage clients outside the AD, we first need to create a custom group in the console. Please tell us what name you want this to have (e.g. the abbreviation code of your institute). Later, you will need to create a custom installation package so that your clients are added to the correct group after installation. You can find instructions on how to do this in the Info Pad.
Once we have set up your account, you can access the web console at https://bitdefender.epp.gwdg.de and log in using the “domain\account” syntax and your password. Now you can configure your own policies and assign them to your environment - or use the GWDG's default policy, which is assigned automatically. Furthermore, you have the option to configure email notifications for malware incidents in your environment and define exceptions for scans. Instructions on how to do this can be found in the Info Pad.
Installation on self-managed work devices
If you are an IT user and your workstation is not managed by your institution, you can use Bitdefender with our default settings. However, you will not be able to make your own configurations. You will be informed of malware incidents via a pop-up notification on your client, but may not receive email notifications.
You can download installation packages for current versions of Windows, macOS (from 10.14 Mojave) and Linux here: https://deploy.epp.gwdg.de/bitdefender-packages. The login is done with your normal GWDG account and you have to be in the University network, either on site or via VPN. If you do not have access, please contact us, as your institution may not be authorized yet.