Q: What does moving to AWS mean for the Bit9 license since this a completely new environment; is the license tied to a particular piece of hardware?
A: Bit9 licenses are not tied to hardware. The server license will continue to operate as before without any interruption. Additionally, a license key can be used simultaneously on multiple machines. So you can install the Bit9 Server in AWS while still running your on-premise production server until you’re ready to move over to AWS.
Q: How can I migrate my Bit9 installation from on-premise to AWS?
A: This scenario is similar to moving from one on-premise machine to another with one caveat. You will want to do the following:
- Stop all incoming requests to the Bit9 server by stopping Bit9 website and placing the DAS database into single-user mode
- Stop both Bit9 Security Platform services (Bit9 Security PlatformServer and PlatformReporter)
- Back up the DAS database
- Restore the DAS database to your AWS SQL Server instance
- Install Bit9 server on AWS
- Update the DNS record to point the Bit9 server domain name to the IP of the server at Amazon
- Set the DAS database back into multi-user mode
However, before attempting to migrate your server to the cloud you need to ensure that your current DNS name is something that can be pointed to the cloud. For example, if you set up your Bit9 server with an internal name like bit9.mydomain.local instead of bit9.mydomain.com, you wouldn’t be able set up your AWS machine with this DNS.
Q: Can you test the Bit9 server in parallel in the AWS environment before shutting down an old VMware Server?
A: Yes, you can have two servers running at the same time. However, an agent cannot communicate with two servers at once.
It is also worth noting, we do not recommend taking a copy of a VMware Server and putting it up in AWS. A potential problem with this is that the two servers will look the same to the Software Reputation Service (SRS) – which can corrupt the SRS data in the back end.
Q: Are there any recommended security-oriented best practices when running a Bit9 server in a public cloud like AWS, as opposed to on premise, customer-managed hardware?
A: A Bit9 Server in the cloud should be secured in the same way that you would secure any publically available server: unnecessary ports should be disabled, IIS best practices should be adhered to, etc.
By default, the Bit9 Agent communicates to the Bit9 Server over port 41002 using TCP. Unless you have changed this to another port, ensure that this port is open for inbound and outbound traffic. Additionally, certain diagnostic and upgrade functions go over port 443. You will need to make sure that port 443 is open for traffic to and from services.bit9.com so that the server can communicate with the Bit9 cloud service.
Communication between your web browser and the Bit9 Server Console web application occurs over port 80 and 443 as well.
We also recommend limiting access to the Console to the range of IP addresses at your office and VPN. You can do this via the IIS Manager and/or using Amazon’s Security Groups.
Q: What are hardware and storage requirements for the Bit9 server in AWS?
A: The Bit9 OER outlines the hardware requirements for the Bit9 Server which are the same for on-prem and in AWS.
Q: Are the Bit9 server and agents supported on paravirtualized VMs?
A: No. Only HVM is supported.
Q: How much bandwidth will I need for communication between the Bit9 Server hosted on AWS and all of my agents?
A: For every 1000 agents, you can expect server bandwidth to average about:
- Inbound: 200kb/s
- Outbound: 50kb/s
Q: What operating systems do you support on AWS for the Bit9 agent?
A:
The Bit9 agent 7.2.1 P7 and newer are supported with the following Windows operating systems.
Microsoft Operating Systems Supported for Bit9 Platform Agents 7.2.1 |
Operating System | Architecture | Service Pack | Additional Notes/Requirements |
Windows Server 2008 R2 | x64 | SP1 | HVM virtualization only |
Windows Server 2012 | X64 | SP3 | HVM virtualization only |
Windows Server 2012 R2 | X64 | | HVM virtualization only |
See this document for more information on 7.2.1 Agent Supported Operating Systems.
The Bit9 Linux agent 7.2.0 P14 and newer are supported with the following Linux operating systems.
Linux Supported for Bit9 Platform Agents 7.2.0 |
Distribution | Release | Architecture | Kernel | Additional Notes/Requirements |
RHEL | x64 | 6.2, 6.3, 6.4, 6.5, 6.6, 6.7 | 2.6.32-220.x.x.el6
2.6.32-279.x.x.el6
2.6.32-358.x.x.el6
2.6.32-431.x.x.el6
2.6.32-504.x.x.el6
2.6.32-573.x.x.el6 | HVM virtualization only |
CentOS |
See this document for more information on 7.2.0 Agent Supported Operating Systems.
Q: What operating systems do you support on AWS for the Bit9 server?
A:
Operating System | Architecture | Service Pack | Additional Notes/Requirements |
Windows Server 2008 R2 | x64 | Use Latest | HVM Virtualization only |
Windows Server 2012 R2 | x64 | Use Latest | HVM Virtualization only |
| Windows Server 2016 (Cb Protection v8+ only) | x64 | Use Latest | HVM Virtualization only |
See Cb Protection Operating Environment Requirements v8.0.0 or Bit9 Security Platform v7.2.3 - Operating Environment Requirement
Q: What versions of SQL Server and RDS SQL Server do you support on AWS?
A:
Bit9 Security Platform Database: Supported SQL Server Versions
Database System | Architecture | Service Pack | Additional Notes/Requirements |
SQL Server Express 2008 R2 | x64 | Use Latest | Limited to 1 CPU Socket (or 4 cores) Maximum memory utilized: 1Gb Maximum database size: 10Gb |
SQL Server 2008 R2 | x64 | Use Latest | |
SQL Server Express 2012 | x64 | Use Latest | Limited to 1 CPU Socket (or 4 cores) Maximum memory utilized: 1Gb Maximum database size: 10Gb |
SQL Server 2012 | x64 | Use Latest | Standard edition for < 10K endpoints, Enterprise edition for larger deployments.
See “Bit9 Security Platform Server Architecture by Endpoint Count” below for more details. |
SQL Server 2014 | x64 | Use Latest | Same as SQL Server 2012. |
Bit9 Security Platform Database: Supported AWS RDS MS SQL Server Versions
Database System | DB Engine Versions | Additional Notes/Requirements |
SQL Server Express | 11.00.5058.0.v1 10.50.6000.34.v1 | Limited to 1 CPU Socket (or 4 cores) Maximum memory utilized: 1Gb Maximum database size: 10Gb |
SQL Server Standard | 12.00.4422.0.v1 11.00.5058.0.v1 10.50.6000.34.v1 | Standard edition for < 10K endpoints, Enterprise edition for larger deployments. See “Bit9 Security Platform Server Architecture by Endpoint Count” below for more details. |
SQL Server Enterprise | 12.00.4422.0.v1 11.00.5058.0.v1 10.50.6000.34.v1 | Standard edition for < 10K endpoints, Enterprise edition for larger deployments. See “Bit9 Security Platform Server Architecture by Endpoint Count” below for more details. |
Q: Do you support Amazon WorkSpaces?
A: Yes. According to Amazon, Amazon WorkSpaces provides a “Windows 7 Experience, provided by Windows Server 2008 R2.” Bit9 supports the Bit9 agent on Windows Server 2008 R2.
Q: Do you support Amazon GovCloud?
A: No. At this time there are some technical limitations that prevent us from supporting the Bit9 Server and Agents in Amazon's GovCloud.
