Installing and performing initial configuration of the program

This section contains instructions on installation and initial configuration of Kaspersky Anti Targeted Attack Platform.

Preparing for installing program components

This section provides information on how to prepare your corporate IT infrastructure for the installation of Kaspersky Anti Targeted Attack Platform components.

Preparing the IT infrastructure for program components installation

Before installing the program, prepare your corporate IT infrastructure for the installation of components of Kaspersky Anti Targeted Attack Platform:

1. Ensure that the servers, the computer intended for working with the program web interface, and the computers to be installed with Kaspersky Endpoint Agent all satisfy the hardware and software requirements.
2. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Sandbox component:
   1. For both network interfaces, block access of the server hosting the Sandbox component to the corporate LAN in order to keep the network safe from the objects being analyzed.
   2. For the first network interface, allow Internet access for the server hosting the Sandbox component for the purpose of analysis of the behavior of objects.
   3. For the second network interface, allow inbound connections to the following ports for the server hosting the Sandbox component:
      • TCP 22 for connection to the server over the SSH protocol.
      • TCP 443 for receiving objects to scan from the Central Node component.
      • TCP 8443 for using the program web interface.
3. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Central Node component:
   1. Allow inbound connections to the server hosting the Central Node component on the following ports:
      • TCP 22 for connection to the server via SSH.
      • TCP 443 for receiving data from computers with Kaspersky Endpoint Agent.
      • TCP 8443 for viewing scan results in the program web interface.
   2. Allow outbound connections to the following ports for the server hosting the Central Node component:
      • TCP 80, 443 and 1443 for communication with servers of the KSN service and Kaspersky update servers.
      • TCP 443 for sending objects to the Sandbox component so that they can be scanned.
      • TCP 601 for sending messages to a SIEM system.
4. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Sensor component:
   1. For the network interface used for integration with a proxy server and mail server, allow inbound connections to the following ports for the server hosting the Sensor component:
      • TCP 22 for connection to the server via SSH.
      • TCP 1344 for receiving traffic from a proxy server.
      • TCP 25 for receiving SMTP traffic from a mail server.
      • TCP 443 when forwarding traffic from Kaspersky Endpoint Agent computers to the server with the Central Node component.
   2. Allow outbound connections to the following ports for the server hosting the Sensor component:
      • TCP 80 and 443 for communication with servers of the KSN service and Kaspersky update servers.
      • TCP 995 (or TCP 110 for unprotected connections) for integration with a mail server.

      If you install an additional network interface that receives only mirrored traffic in a VMware ESXi virtual environment, use the E1000 network adapter or disable the LRO (large receive offload) option on a VMXNET3 network adapter.

5. On network equipment, allow an encrypted communication channel between servers that have the Central Node and Sensor components.

   The connection between servers that have the Central Node and Sensor components is established within the encrypted communication channel based on IPSec using the ESP protocol.

6. If you are using the distributed solution and multitenancy mode, prepare the corporate IT infrastructure for installation of the Central Node components as follows:
   1. Allow inbound connection to port 8443 for the server with the PCN role.
   2. On network equipment, allow the establishment of an encrypted communication channel between servers that have the Central Node and Sensor components.

      The connection between servers that have the PCN and SCN role is established within the encrypted communication channel based on IPSec using the ESP protocol.

If needed, you can designate other ports for the program's components to use in the administrator menu of the server with the Central Node component. If you change the ports in the administrator menu, you need to allow connections to these ports in your corporate IT infrastructure.

Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3

If you are using a Microsoft Exchange mail server as your mail server and an email sender configured a request for read receipt notification, you must disable read receipt notifications. Otherwise, read receipt notifications will be sent from the email address that you have configured as the email address used for receiving messages of Kaspersky Anti Targeted Attack Platform. You must also disable automatic processing of meeting requests to prevent filling of the mailbox used for receiving messages of Kaspersky Anti Targeted Attack Platform.

To disable sending read receipt notifications from the email address used for receiving messages of Kaspersky Anti Targeted Attack Platform:

1. On the Microsoft Exchange server, check whether or not notifications are enabled. To do so, execute the command:

   Get-MailboxMessageConfiguration -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> | fl

2. If notifications are enabled, run the following command:

   Set-MailboxMessageConfiguration -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> -ReadReceiptResponse NeverSend

This will disable read receipt notifications from the email address used for receiving messages of Kaspersky Anti Targeted Attack Platform.

To disable automatic processing of meeting requests:

1. On the Microsoft Exchange server, check whether or not notifications are enabled. To do so, execute the command:

   Get-CalendarProcessing -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> | fl

2. If automatic processing of meeting requests is enabled, run the following command:

   Set-CalendarProcessing -Identity <email address for receiving messages by Kaspersky Anti Targeted Attack Platform> -AutomateProcessing:None

Automatic processing of meeting requests will be disabled.

Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP

To prepare your corporate IT infrastructure for Kaspersky Anti Targeted Attack Platform integration with a mail server over the SMTP protocol:

1. On the external mail server, configure rules for forwarding copies of the messages that you want to send for scanning by Kaspersky Anti Targeted Attack Platform to the addresses specified in Kaspersky Anti Targeted Attack Platform.
2. Specify the route for forwarding email messages to the server with the Sensor component.

   It is recommended to specify a static route – IP address of the server with the Sensor component.

3. In the firewall of your organization, allow inbound connections to port 25 of the server with the Sensor component from mail servers that are forwarding copies of email messages.

You can also improve the security of Kaspersky Anti Targeted Attack Platform integration with a mail server over the SMTP protocol.

To improve the security of Kaspersky Anti Targeted Attack Platform integration with a mail server over the SMTP protocol.

1. Configure authentication of the Kaspersky Anti Targeted Attack Platform server on the side of the mail servers forwarding email messages for Kaspersky Anti Targeted Attack Platform.
2. Configure mandatory encryption of traffic on mail servers that are forwarding email messages for Kaspersky Anti Targeted Attack Platform.
3. Configure authentication of mail servers forwarding email messages for Kaspersky Anti Targeted Attack Platform on the Kaspersky Anti Targeted Attack Platform side.

Preparing the virtual machine for installing the Sandbox component

To prepare the virtual machine for installing the Sandbox component:

1. Run the VMware ESXi hypervisor.
2. Open the virtual machine management console.
3. In the context menu of the virtual machine on which you want to install the Sandbox component, choose Edit Settings.

   This opens the virtual machine properties window.

4. On the Virtual Hardware tab, expand the CPU settings group and select the Expose hardware-assisted virtualization to guest OS check box.
5. On the VM Options tab in the Latency Sensitivity drop-down list, select High.
6. Click OK.

The virtual machine is ready for installing the Sandbox component.

Procedure for installing and configuring program components

Installing and configuring the program involves the following steps:

1. Installing the disk image containing the Sandbox component
2. Configuring the Sandbox component through the Sandbox web interface
3. Installing the disk images of Microsoft Windows operating systems and software for the Sandbox component
4. Installing the Central Node and Sensor components

   You can install the Central Node and Sensor components in one of the following configurations:

   • Cluster.
   • Server.

   If there are multiple Central Node components, you can use the program in distributed solution mode.

5. Installing the Sensor component

   If there are multiple Sensor components, you can install and configure the Sensor component on the necessary number of servers.

6. Configuring the Central Node and Sensor components
7. Installing Kaspersky Endpoint Agent for Windows or Kaspersky Endpoint Agent for Linux on computers in the corporate IT infrastructure

   You can use Kaspersky Endpoint Agent in the following configurations:

   • Without integration with the EPP program.

     In this case, you only need to install Kaspersky Endpoint Agent for Windows or Kaspersky Endpoint Agent for Linux.

   • With integration with the EPP program.

     In this case, Kaspersky Endpoint Agent also sends information about threats detected by the EPP program and results of threat processing by this program to the Central Node server.

   Kaspersky Endpoint Agent for Windows can integrate with the following EPP programs:

   • Kaspersky Endpoint Security for Windows.

     Integration of Kaspersky Endpoint Agent for Windows with Kaspersky Endpoint Security for Windows

     To integrate these programs, you must install Kaspersky Endpoint Agent as part of Kaspersky Endpoint Security. Integrating separately installed programs is not supported.

     To install Kaspersky Endpoint Agent as part of Kaspersky Endpoint Security:

     1. Start the installation of the Kaspersky Endpoint Security program, which includes Kaspersky Endpoint Agent in its distribution kit.

        For more details about installing Kaspersky Endpoint Security, see Kaspersky Endpoint Security for Windows Help.

     2. During installation, select the Endpoint Agent component.

     After the program with the Endpoint Agent component is installed, the list of installed programs includes Kaspersky Endpoint Security and Kaspersky Endpoint Agent.

     If necessary, you can upgrade the Kaspersky Endpoint Agent that is already installed as part of Kaspersky Endpoint Security. Integration between compatible versions of the programs is maintained both when Kaspersky Endpoint Agent is upgraded and when Kaspersky Endpoint Security is upgraded. You can upgrade a previous version of Kaspersky Endpoint Agent to version 3.12 only for Kaspersky Endpoint Agent version 3.7 or later.

   • Kaspersky Security for Windows Server.

     Integration of Kaspersky Endpoint Agent for Windows with Kaspersky Security for Windows Server

     To integrate these programs, you must install Kaspersky Endpoint Agent as part of Kaspersky Security for Windows Server. Integrating separately installed programs is not supported.

     To install Kaspersky Endpoint Agent as part of Kaspersky Security for Windows Server:

     1. Start the installation of the Kaspersky Security for Windows Server program, which includes Kaspersky Endpoint Agent in its distribution kit.

        For more details about installing Kaspersky Security for Windows Server, see Kaspersky Security for Windows Server Help.

     2. During installation, select the Kaspersky Endpoint Agent component.

     After the program with the Kaspersky Endpoint Agent component is installed, the list of installed programs includes Kaspersky Security for Windows and Kaspersky Endpoint Agent.

     If necessary, you can upgrade the Kaspersky Endpoint Agent that is already installed as part of Kaspersky Security for Windows Server. Integration between compatible versions of the programs is maintained both when Kaspersky Endpoint Agent is upgraded and when Kaspersky Security for Windows Server is upgraded.

   • Kaspersky Security for Virtualization Light Agent.

     Integration of Kaspersky Endpoint Agent for Windows with Kaspersky Security for Virtualization Light Agent

     Kaspersky Endpoint Agent and Kaspersky Security for Virtualization Light Agent are installed separately. Kaspersky Endpoint Agent cannot be installed as part of Kaspersky Security for Virtualization Light Agent.

     To enable the integration of Kaspersky Endpoint Agent with Kaspersky Security for Virtualization Light Agent:

     1. Install Kaspersky Security for Virtualization Light Agent if it has not been installed yet.
     2. Enable the integration of
        Light Agent

        Component of the Kaspersky Security program. Installed on each virtual machine that requires protection.

        with Kaspersky Endpoint Agent.

        You can enable the integration with Kaspersky Endpoint Agent during installation or upgrade of Light Agent. You can also enable the integration with Kaspersky Endpoint Agent using the procedure for modifying the set of installed components of Light Agent.

        For more details about installing, enabling integration, and updating the program, as well as about the procedure for modifying the set of installed components, see Kaspersky Security for Virtualization Light Agent Help.

     3. Install Kaspersky Endpoint Agent on the virtual machine with Light Agent, if it has not been installed yet.

     For integration with Kaspersky Security for Virtualization Light Agent 5.2, we recommend using Kaspersky Endpoint Agent 3.12. If necessary, you can upgrade the Kaspersky Endpoint Agent program and Kaspersky Security for Virtualization Light Agent. When you upgrade the programs, integration between compatible versions is maintained.

   • Kaspersky Industrial CyberSecurity for Nodes.

     Integration of Kaspersky Endpoint Agent for Windows with Kaspersky Industrial CyberSecurity for Nodes

     To enable integration of Kaspersky Endpoint Agent with Kaspersky Industrial CyberSecurity for Nodes:

     1. Install Kaspersky Industrial CyberSecurity for Nodes if the program has not been installed yet.

        For more details on installation, see Kaspersky Industrial CyberSecurity for Nodes Help.

     2. Install Kaspersky Endpoint Agent on the same device if it has not been installed yet.

     The applications are integrated automatically.

     To integrate with Kaspersky Industrial CyberSecurity for Nodes, the corresponding license key must be installed in the Kaspersky Endpoint Agent.

     For detailed information, you can contact your account manager.

   Kaspersky Endpoint Agent for Linux can integrate with the Kaspersky Endpoint Security for Linux EPP system.

   Integration of Kaspersky Endpoint Agent for Linux with Kaspersky Endpoint Security for Linux

   To integrate Kaspersky Endpoint Agent for Linux with Kaspersky Endpoint Security for Linux, you can use separately installed programs.

   To enable the integration of Kaspersky Endpoint Agent with Kaspersky Endpoint Security:

   1. Install Kaspersky Endpoint Security.

      For more details about installing the program, see Kaspersky Endpoint Security for Linux Help.

   2. Do the following:
      1. If Kaspersky Endpoint Agent has not been installed yet, install Kaspersky Endpoint Agent.

         The integration between programs is enabled automatically.

      2. If Kaspersky Endpoint Agent has already been installed, enable the integration between programs.

         To do so, you must enable the recording of event information in syslog for Kaspersky Endpoint Security for Linux.

         For more details about configuring the program, see Kaspersky Endpoint Security for Linux Help.

   If necessary, you can upgrade Kaspersky Endpoint Agent and Kaspersky Endpoint Security for Linux. When you upgrade the programs, integration between compatible versions is maintained.

Installing the Sandbox component

This section provides step-by-step instructions on installing the Sandbox component.

To begin the installation of the Sandbox component:

1. Run the disk image containing the Sandbox component.

   The Setup Wizard starts.

2. Click Ok.

Step 1. Viewing the End User License Agreement and Privacy Policy

To continue installation, please read the End User License Agreement (EULA) and accept its terms. Installation will not continue until you accept the terms of the End User License Agreement.

You also need to read the Privacy Policy and accept its terms.

To accept the terms of the End User License Agreement and Privacy Policy:

1. Select the language for viewing the End User License Agreement and Privacy Policy in the list.

   For example, if you want to view the End User License Agreement and Privacy Policy in English, select English and press ENTER.

   This opens a window showing the End User License Agreement text.

2. Please read the End User License Agreement.
3. If you accept the terms of the End User License Agreement, click I accept.

   This opens a window displaying the text of the Privacy Policy.

4. Please carefully read the Privacy Policy.
5. If you accept the terms of the Privacy Policy, click I accept.

The Setup Wizard proceeds to the next step.

Step 2. Selecting a disk for installing the Sandbox component

Select a physical disk for installing the Sandbox component.

To select a disk for installing the Sandbox component:

1. In the Select device window, in the list of disks, select the disk on which you want to install the Sandbox component and press ENTER.

   If the disk is not empty, a window is displayed asking you to confirm that you want to format the disk and install the program.

2. Click Install.

   The archive with the installation files will be unpacked to the disk. The server is restarted.

The Setup Wizard proceeds to the next step.

Step 3. Assigning the host name

Assign a server host name to be used by DNS servers.

To assign the host name for a server:

1. Enter the full domain name of the server into the Hostname field.

   Specify the server name in FQDN format (for example: host.domain.com or host.domain.subdomain.com).

2. Click Ok.

The Setup Wizard proceeds to the next step.

Step 4. Selecting the controlling network interface in the list

To ensure proper functioning of the Sandbox component, you must connect at least two network cards and configure the following network Interfaces:

• Management network interface. This interface is intended for providing access to the server with the Sandbox component via the SSH protocol, and the server with the Sandbox component will use this interface to receive objects from the server with the Central Node component.
• Network interface used for Internet access of processed objects. Objects that are processed by the Sandbox component can use this interface to attempt activities on the Internet, and the Sandbox component can analyze their behavior. If you block Internet access, the Sandbox component cannot analyze the behavior of objects on the Internet, and will therefore only analyze the behavior of objects without Internet access.

  The network interface used for Internet access of processed objects must be isolated from the local network of your organization.

Select the network interface that you want to use as the controlling interface.

To select the management network interface:

1. In the list of network interfaces, select the network interface that you want to use as the controlling interface.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 5. Assigning the address and network mask of the controlling interface

To assign the IP address and network mask of the management network interface:

1. In the Address field, enter the IP address that you want to assign to this network interface.
2. In the Netmask field, enter the network mask in which you want to use this network interface.
3. Click Ok.

The Setup Wizard proceeds to the next step.

Step 6. Adding DNS server addresses

To add DNS server addresses:

1. In the DNS servers window, select New and press ENTER.

   This opens the DNS server address entry window.

2. In the DNS server text box, enter the IP address of the primary DNS server in IPv4 format.
3. Click Ok.

   The DNS server address entry window is closed.

4. If you want to add the IP address of an additional DNS server, repeat the steps in the DNS servers window.
5. When you are done adding DNS servers, in the DNS servers window, select Continue and press ENTER.

The Setup Wizard proceeds to the next step.

Step 7. Configuring a static network route

To configure a static network route:

1. In the IPv4 Routes window, select New and press ENTER.

   This opens the IPv4 Static Route window.

2. In the Address/Mask field, enter the IP address and mask of the subnet for which you want to configure the network route.
3. If you want to use the default network route, enter 0.0.0.0/0.
4. In the Gateway field, enter the IP address of the gateway.
5. Click Ok.
6. If you want to add other network routes, repeat the steps in the IPv4 Static Route window.
7. If you are done adding network routes, click Continue.

The Setup Wizard proceeds to the next step.

Step 8. Configuring the minimum password length for the Sandbox administrator password

To set the minimum length of the administrator password for the Sandbox component:

1. In the Minimal length, enter the length in characters. Passwords 12 or more characters long are recommended.
2. Click Ok.

The Setup Wizard proceeds to the next step.

Step 9. Creating the Sandbox administrator account

Create an administrator account for working in the Sandbox web interface in the administrator menu and in the management console of the server with the Sandbox component.

To create a Sandbox administrator account:

1. In the Username field, enter the name of the administrator account. The 'admin' account is used by default.
2. In the password field, enter the password for the administrator account.

   The password must satisfy the following requirements:

   • Must contain at least 8 characters.
   • Must contain at least three types of characters:
     • Uppercase character (A-Z).
     • Lowercase character (a-z).
     • Number.
     • Special character.
   • Must not be the same as the user name.
3. Enter the password again in the Confirm password field.
4. Click Ok.

   This opens a window with the IP address of the Sandbox server. You can enter this address in your web browser to open the Sandbox web interface. To log in, use the Sandbox administrator account that you have created.

   The Sandbox server will restart.

Proceed to configuration of the Sandbox component through the web interface.

Deploying the Central Node and Sensor components as a cluster

Deployment of the Central Node and Sensor components in the form of a cluster includes the following steps:

1. Deploying the first storage server

   The first step is to deploy the storage server. After the storage server is deployed, you can add additional storage and processing servers to the cluster.

   A cluster must include at least 4 servers: 2 storage servers and 2 processing servers. You can use the Sizing Guide to determine the right number of servers for your organization.

2. Deploying processing servers and additional storage servers

   You can deploy the servers in any order.

3. Configuring the sizing settings of the program

   At the final stage of cluster deployment, you need to configure the scaling settings of the program: specify the planned volume of SPAN traffic, email traffic, the number of hosts with Kaspersky Endpoint Agent, as well as the size of the Storage and event database.

The Central Node component is always installed together with the Sensor component. If you need to use the Central Node component separately, when deploying the processing server, turn off receipt of mirrored traffic from SPAN ports in step 10.

Deploying a storage server

To deploy a data storage server, you need to run a disk image with the Central Node and Sensor components.

If an error occurred while performing the steps of the Setup Wizard, contact Technical Support.

Step 1. Selecting a server role

To select a server role:

1. Enter one of the following numbers:
   • 1 - storage server for deploying the Central Node component in the form of a cluster.
   • 2 - a processing server for deploying the Central Node component in the form of a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • 3 - Central Node and Sensor components for installation on one server.
   • 4 - Sensor component for installation on a standalone server.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 2. Selecting the deployment mode

To select a deployment mode:

1. Enter one of the following numbers:
   • 1.

     Select this value when deploying the first server in the cluster.

   • 2.

     Select this value when deploying a server that will be added to an existing cluster.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 3. Selecting a disk for installing the component

To select a disk for installing the component:

1. Enter the number of the relevant disk.
2. Press ENTER.
3. Do the following:
   • Enter y if you want to confirm the drive selection.
   • Enter n if you want to select a different drive.
4. If you selected n, repeat steps 1-2 of these instructions.

The Setup Wizard proceeds to the next step.

Step 4. Viewing the End User License Agreement and Privacy Policy

To continue installation, you need to read the End User License Agreement and Privacy Policy and accept their terms. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms of the End User License Agreement and Privacy Policy:

1. Press ENTER.
2. Read the End User License Agreement and the Privacy Policy.

   To move up and down, you can use the keys: ↑ and ↓, PageUp and PageDown, or Enter.

3. If you accept the End User License Agreement and the Privacy Policy, select I accept and press Enter.

The Setup Wizard proceeds to the next step.

Step 5. Selecting a network mask for cluster server addressing

To specify the network mask for cluster server addressing:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.18.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 6. Selecting a network mask for directing program components

During this step, you need to specify the network mask for directing the main program components (services) that will operate on servers with the Central Node component.

The network for directing application components must not overlap with the network for directing the cluster servers.

To specify the network mask for directing the main components of the program:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.19.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 7. Selecting the cluster network interface

The cluster network interface is used for communication between cluster servers.

To select the cluster network interface:

1. Select the row containing the network interface that is used for the internal network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 8. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 9. Selecting the method of obtaining IP addresses for network interfaces

To select a method for obtaining an IP address for network interfaces:

1. Select the row containing the Configuration type: and press Enter.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the opened window, select one of the following options:
   • dhcp.
   • static.
3. If you selected static:
   1. Select the row containing the parameter and press the Enter key.
   2. In the opened window, enter the required data and press Enter twice.

      You need to specify a value for each parameter.

4. Select the row containing Save.
5. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 10. Creating an administrator account and authenticating the server in the cluster

During this step, you need to do one of the following:

• Create an administrator account if you are deploying the first server in the cluster.
• Authenticate a server in the cluster if you are deploying additional storage servers.

Creating the administrator account

An administrator account is only required when deploying the first server in the cluster. If you are deploying an additional storage server, instead of opening a window that prompts you to create an administrator account, the program prompts you to authenticate a server in the cluster.

When deploying the first server in the cluster, you need to create an administrator account. This account is used to work in the web interface for scaling management, the program administrator menu, and to work in Technical Support Mode.

By default, the user name of the administrator account is admin. You must enter a password for that user account.

To enter a password for the administrator user account:

1. In the password field, enter the password for the administrator account.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the confirm field, enter the password again.
3. Select Ok and press Enter.

The Setup Wizard proceeds to the next step.

Authenticating the server in the cluster

Authenticating a server in the cluster is only required when deploying additional storage servers. If you are deploying the first server in the cluster, the program prompts you to create an administrator account instead of authenticating the server.

To authenticate a server in the cluster, you need to enter the admin account password that was set when the first server in the cluster was deployed.

To authenticate a server in the cluster:

1. In the password field, enter the password for the administrator account.
2. Select Ok and press Enter.

   To select a button, you can use the ↑, ↓, PageUp, and PageDown keys.

The server in the cluster will be authenticated. The Setup Wizard proceeds to the next step.

Step 11. Adding DNS server addresses

Configure the DNS settings for the operation of servers with program components.

To add DNS server addresses:

1. Enter the IP address of the primary DNS server in IPv4 format.

   You must enter at least one DNS server address.

2. If you want to add the IP address of an additional DNS server, press Enter and enter the address of the server.
3. Having added all DNS servers, press Enter twice.

The Setup Wizard proceeds to the next step.

Step 12. Selecting disks for the Ceph storage

Select the disks for the Ceph storage. The number of drives is determined according to the scaling guide.

To select disks for the Ceph storage:

1. Select the row containing the required drive.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press ENTER.
3. Repeat steps 1-2 to select the following drives.

The configuration will take some time. Then the installation is complete. You can proceed to the configuration of cluster servers in the web interface for sizing management.

Deploying the processing server

To deploy a processing server, you need to run a disk image with the Central Node and Sensor components.

If an error occurred while performing the steps of the Setup Wizard, contact Technical Support.

Step 1. Selecting a server role

To select a server role:

1. Enter one of the following numbers:
   • 1 - storage server for deploying the Central Node component in the form of a cluster.
   • 2 - a processing server for deploying the Central Node component in the form of a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • 3 - Central Node and Sensor components for installation on one server.
   • 4 - Sensor component for installation on a standalone server.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 2. Selecting the deployment mode

To select a deployment mode:

1. Enter one of the following numbers:
   • 1.

     Select this value when deploying the first server in the cluster.

   • 2.

     Select this value when deploying a server that will be added to an existing cluster.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 3. Selecting a disk for installing the component

To select a disk for installing the component:

1. Enter the number of the relevant disk.
2. Press ENTER.
3. Do the following:
   • Enter y if you want to confirm the drive selection.
   • Enter n if you want to select a different drive.
4. If you selected n, repeat steps 1-2 of these instructions.

The Setup Wizard proceeds to the next step.

Step 4. Viewing the End User License Agreement and Privacy Policy

To continue installation, you need to read the End User License Agreement and Privacy Policy and accept their terms. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms of the End User License Agreement and Privacy Policy:

1. Press ENTER.
2. Read the End User License Agreement and the Privacy Policy.

   To move up and down, you can use the keys: ↑ and ↓, PageUp and PageDown, or Enter.

3. If you accept the End User License Agreement and the Privacy Policy, select I accept and press Enter.

The Setup Wizard proceeds to the next step.

Step 5. Selecting a network mask for cluster server addressing

To specify the network mask for cluster server addressing:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.18.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 6. Selecting a network mask for directing program components

During this step, you need to specify the network mask for directing the main program components (services) that will operate on servers with the Central Node component.

The network for directing application components must not overlap with the network for directing the cluster servers.

To specify the network mask for directing the main components of the program:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.19.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 7. Selecting the cluster network interface

The cluster network interface is used for communication between cluster servers.

To select the cluster network interface:

1. Select the row containing the network interface that is used for the internal network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 8. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 9. Selecting the method of obtaining IP addresses for network interfaces

To select a method for obtaining an IP address for network interfaces:

1. Select the row containing the Configuration type: and press Enter.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the opened window, select one of the following options:
   • dhcp.
   • static.
3. If you selected static:
   1. Select the row containing the parameter and press the Enter key.
   2. In the opened window, enter the required data and press Enter twice.

      You need to specify a value for each parameter.

4. Select the row containing Save.
5. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 10. Authenticating the server in the cluster

To authenticate a server in the cluster, you need to enter the admin account password that was set when the first server in the cluster was deployed.

To authenticate a server in the cluster:

1. In the password field, enter the password for the administrator account.
2. Select Ok and press Enter.

   To select a button, you can use the ↑, ↓, PageUp, and PageDown keys.

The server in the cluster will be authenticated. The Setup Wizard proceeds to the next step.

Step 11. Configuring receipt of mirrored traffic from SPAN ports

To turn on receipt of mirrored traffic from SPAN ports:

1. Enter y.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

To turn off receipt of mirrored traffic from SPAN ports:

1. Enter n.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 12. Adding DNS server addresses

Configure the DNS settings for the operation of servers with program components.

To add DNS server addresses:

1. Enter the IP address of the primary DNS server in IPv4 format.

   You must enter at least one DNS server address.

2. If you want to add the IP address of an additional DNS server, press Enter and enter the address of the server.
3. Having added all DNS servers, press Enter twice.

Installation is complete. You can proceed to the configuration of cluster servers in the web interface for sizing management.

Installing the Central Node and Sensor components on the server

Deployment of the Central Node and Sensor components on a single server includes the following steps:

1. Installing the Central Node and Sensor components

   To install the components on the physical server, you need to run a disk image with the Central Node and Sensor components.

   To install components on a virtual server, you need to connect the disk image with the Central Node and Sensor components to the selected virtual machine and run it. The installation starts immediately after the virtual machine is turned on. You can manage the installation process using the console of the virtual machine.

   When installing components on a virtual machine, you must select the BIOS boot mode for the virtual machine: Options → Boot Options → Firmware → BIOS.

2. Configuring the sizing settings of the program

   At the final stage of cluster deployment, you need to configure the scaling settings of the program: specify the planned volume of SPAN traffic, email traffic, the number of hosts with Kaspersky Endpoint Agent, as well as the size of the Storage and event database.

The Central Node component is always installed together with the Sensor component. If you need to use the Central Node component separately, turn off receipt of mirrored traffic from SPAN ports in step 10.

If an error occurred while performing the steps of the Setup Wizard, contact Technical Support.

Step 1. Selecting a server role

To select a server role:

1. Enter one of the following numbers:
   • 1 - storage server for deploying the Central Node component in the form of a cluster.
   • 2 - a processing server for deploying the Central Node component in the form of a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • 3 - Central Node and Sensor components for installation on one server.
   • 4 - Sensor component for installation on a standalone server.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 2. Viewing the End User License Agreement and Privacy Policy

To continue installation, you need to read the End User License Agreement and Privacy Policy and accept their terms. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms of the End User License Agreement and Privacy Policy:

1. Press ENTER.
2. Read the End User License Agreement and the Privacy Policy.

   To move up and down, you can use the keys: ↑ and ↓, PageUp and PageDown, or Enter.

3. If you accept the End User License Agreement and the Privacy Policy, select I accept and press Enter.

The Setup Wizard proceeds to the next step.

Step 3. Selecting a disk for installing the component

To select a disk for installing the component:

1. Enter the number of the relevant disk.
2. Press ENTER.
3. Do the following:
   • Enter y if you want to confirm the drive selection.
   • Enter n if you want to select a different drive.
4. If you selected n, repeat steps 1-2 of these instructions.

The Setup Wizard proceeds to the next step.

Step 4. Allocating the disk for the Targeted Attack Analyzer component's database

For optimal performance of the Targeted Attack Analyzer component, it is advised that you allocate on the server a physical disk of at least 1 TB for the component's database.

In this step, you can allocate a physical disk for the Targeted Attack Analyzer component's database or decline allocating a physical disk.

To allocate the disk for the Targeted Attack Analyzer component's database:

1. Enter y.
2. Press ENTER.
3. Enter the number of the relevant disk.
4. Press ENTER.
5. Do the following:
   • Enter y if you want to confirm the drive selection.
   • Enter n if you want to select a different drive.
6. If you selected n, repeat steps 4-5 of these instructions.

The Setup Wizard proceeds to the next step.

To decline allocating the disk for the Targeted Attack Analyzer component's database:

1. Enter n.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 5. Selecting a network mask for cluster server addressing

To specify the network mask for cluster server addressing:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.18.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 6. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 7. Selecting the method of obtaining IP addresses for network interfaces

To select a method for obtaining an IP address for network interfaces:

1. Select the row containing the Configuration type: and press Enter.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the opened window, select one of the following options:
   • dhcp.
   • static.
3. If you selected static:
   1. Select the row containing the parameter and press the Enter key.
   2. In the opened window, enter the required data and press Enter twice.

      You need to specify a value for each parameter.

4. Select the row containing Save.
5. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 8. Creating the administrator account

The administrator account is used to work in the web interface for scaling management, the program administrator menu, and to work in Technical Support Mode.

By default, the user name of the administrator account is admin. You must enter a password for that user account.

To enter a password for the administrator user account:

1. In the password field, enter the password for the administrator account.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the confirm field, enter the password again.
3. Select Ok and press Enter.

The Setup Wizard proceeds to the next step.

Step 9. Adding DNS server addresses

Configure the DNS settings for the operation of servers with program components.

To add DNS server addresses:

1. Enter the IP address of the primary DNS server in IPv4 format.

   You must enter at least one DNS server address.

2. If you want to add the IP address of an additional DNS server, press Enter and enter the address of the server.
3. Having added all DNS servers, press Enter twice.

The Setup Wizard proceeds to the next step.

Step 10. Configuring receipt of mirrored traffic from SPAN ports

In this step, you can configure receipt of mirrored traffic from SPAN ports.

To turn on receipt of mirrored traffic from SPAN ports:

1. Enter y.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

To turn off receipt of mirrored traffic from SPAN ports:

1. Enter n.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 11. Configuring time synchronization with an NTP server

Configure synchronization of the server time with the NTP server.

To configure time synchronization with an NTP server:

1. Enter the IP address or name of the NTP server.
2. If you want to add an additional NTP server, press Enter and enter the IP address or name of the NTP server.
3. Having added all NTP servers, press Enter twice.

The configuration will take some time. Then the installation is complete. You can proceed to server configuration in the web interface for scaling management.

Installing the Sensor component on a standalone server

To install the Sensor component on a physical server, you need to run a disk image with the Central Node and Sensor components.

To install the Sensor component on a virtual server, you need to connect the disk image with the Central Node and Sensor components to the selected virtual machine and run it. The installation starts immediately after the virtual machine is turned on. You can manage the installation process using the console of the virtual machine.

Step 1. Selecting a server role

To select a server role:

1. Enter one of the following numbers:
   • 1 - storage server for deploying the Central Node component in the form of a cluster.
   • 2 - a processing server for deploying the Central Node component in the form of a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • 3 - Central Node and Sensor components for installation on one server.
   • 4 - Sensor component for installation on a standalone server.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 2. Viewing the End User License Agreement and Privacy Policy

To continue installation, you need to read the End User License Agreement and Privacy Policy and accept their terms. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms of the End User License Agreement and Privacy Policy:

1. Press ENTER.
2. Read the End User License Agreement and the Privacy Policy.

   To move up and down, you can use the keys: ↑ and ↓, PageUp and PageDown, or Enter.

3. If you accept the End User License Agreement and the Privacy Policy, select I accept and press Enter.

The Setup Wizard proceeds to the next step.

Step 3. Selecting a disk for installing the component

To select a disk for installing the component:

1. Enter the number of the relevant disk.
2. Press ENTER.
3. Do the following:
   • Enter y if you want to confirm the drive selection.
   • Enter n if you want to select a different drive.
4. If you selected n, repeat steps 1-2 of these instructions.

The Setup Wizard proceeds to the next step.

Step 4. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 5. Connecting to the server with the Central Node component

To connect to the server on which you installed the Central Node component:

1. In the Central Node field, enter the IP address or URL of the server with the Central Node component.

   If the Central Node component is deployed as a cluster, you can enter the IP address of any server in the cluster.

2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 6. Creating the administrator account

The administrator account is used to work with the Sensor component in the program administrator menu and in Technical Support Mode.

By default, the user name of the administrator account is admin. You must enter a password for that user account.

To enter a password for the administrator user account:

1. In the password field, enter the password for the administrator account.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the confirm field, enter the password again.
3. Select Ok and press Enter.

The installation will be complete.