About Integration Server Console
The Integration Server Console contains the following sections:
Integration Server settings section
In this section, you can view information about the Integration Server.
Integration Server user accounts section
In this section, you can change the passwords of accounts that are used to connect to the Integration Server.
The Virtual infrastructure protection section.
This section opens by default after the Integration Server Console is started. In this section, you can configure the connection of the Integration Server to virtual infrastructure administration servers (VMware vCenter Server and VMware vCloud Director), define or change the settings for registering and deploying Kaspersky Security services, or unregister Kaspersky Security services.
The table displays all virtual infrastructure administration servers (VMware vCenter Server and VMware vCloud Director) for which a connection is configured for the Integration Server.
The following buttons are provided above the table:
- The Add button opens the Connection to virtual infrastructure window. In this window, you can select the type of virtual infrastructure administration servers to which you need to configure a connection, and enter the settings for connecting to the VMware vCenter Server or VMware vCloud Director: IP address in IPv4 format or fully qualified domain name (FQDN), name and password of the account used by the Integration Server to connect to the server.
- The Refresh button lets you update the status of interaction between the Integration Server and the virtual infrastructure.
For each VMware vCenter Server, the following information is displayed in the table:
- IP address in IPv4 format or fully qualified domain name (FQDN) of the VMware vCenter Server.
- Group of settings containing connection error messages (if any) and a list of actions that you can perform when configuring the connection to this VMware vCenter Server and for subsequent deployment of protection of the virtual infrastructure managed by this VMware vCenter Server. You can expand or collapse the list of possible actions for each VMware vCenter Server by clicking on the address or name of the server.
- Information about deployment of protection on VMware clusters managed by this VMware vCenter Server, presented in the format
N/M, where:- N is the number of VMware ESXi hypervisors on which the file system protection service (Kaspersky File Antimalware Protection) is deployed, or a dash if the service is not registered in VMware NSX Manager.
- M is the number of VMware ESXi hypervisors on which the network protection service (Kaspersky Network Protection) is deployed, or a dash if the service is not registered in VMware NSX Manager.
The total number of VMware ESXi hypervisors managed by this VMware vCenter Server is indicated in parentheses.
The table displays the following information for each VMware vCloud Director Server:
- IP address in IPv4 format or fully qualified domain name (FQDN) of the VMware vCloud Director server.
- Group of settings containing connection error messages (if any) and a list of actions that you can perform when configuring the connection to this VMware vCloud Director and for subsequent deployment of protection of the virtual infrastructure managed by this VMware vCloud Director. You can expand or collapse the list of possible actions for each VMware vCloud Director server by clicking on the address or name of the server.
If no connection could be established with the VMware vCenter Server, VMware vCloud Director, or VMware NSX Manager, the table shows a warning.
If a connection error occurs because the certificate received from the VMware vCenter Server, VMware vCloud Director, or VMware NSX Manager is not trusted for the Integration Server, but the received certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and establish a connection. To do so, click the link in the problem description to open the Certificate validation window and click the Install certificate button. The received certificate is saved as a trusted certificate for the Integration Server.
Certificates that are trusted in the operating system in which the Integration Server is installed are also considered to be trusted for the Integration Server.
If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.
The table also displays a warning if redirection of traffic to the network protection service (Kaspersky Network Protection) is disabled in one or more NSX security policies that are configured to use Kaspersky Security services. If you want to protect virtual machines against network threats, you need to enable redirection of traffic to the network protection service in NSX security policies (Redirect to service setting).
List of possible actions for the VMware vCenter Server:
- Register Kaspersky Security services – starts the Wizard that lets you enter the settings necessary for registering Kaspersky Security services in VMware NSX Manager and deploying those services on VMware clusters, and for configuring new SVMs. When you have finished entering the settings, Integration Server registers the Kaspersky Security services in VMware NSX Manager.
- Change settings of Kaspersky Security – starts the Wizard that lets you change the connection settings for interaction between the Integration Server and VMware NSX Manager, specify or change SVM images for the file system protection service (Kaspersky File Antimalware Protection) and/or the network protection service (Kaspersky Network Protection), and change the SVM configuration settings that are applied on new SVMs and on previously deployed SVMs. When you have finished entering the settings, the Integration Server applies the new settings and, if necessary, re-registers the Kaspersky Security services in VMware NSX Manager.
- Unregister Kaspersky Security services – opens a window in which you can specify the Kaspersky Security service that you need to unregister in VMware NSX Manager. You can unregister one or both Kaspersky Security services. Unregistration is performed by the Integration Server.
Kaspersky Security services can be unregistered only if all SVMs have been removed from VMware clusters and services are not being used in NSX Security Policies. Removal of SVMs and configuration of NSX Security Policies is performed in the VMware vSphere Web Client console.
- Change VMware vCenter Server connection settings – opens the Connection to virtual infrastructure window in which you can change the settings for connecting the Integration Server to a VMware vCenter Server.
- Remove VMware vCenter Server from the list – opens a window in which you can confirm deletion of the settings for connecting the Integration Server to this VMware vCenter Server. The VMware vCenter Server will be removed from the list of virtual infrastructure administration servers to which the Integration Server connects.
Removing a VMware vCenter Server from the list is possible only if Kaspersky Security services are not registered in VMware NSX Manager.
List of available actions for VMware vCloud Director:
- Map vCloud Director organizations – opens the vCloud Director organizations to virtual administration Servers mapping list window in which you can map vCloud Director organizations containing virtual machines of tenants to virtual Administration Servers of Kaspersky Security Center.
- Change VMware vCloud Director connection settings – opens the Connection to virtual infrastructure window in which you can change the settings for connecting the Integration Server to VMware vCloud Director.
- Remove VMware vCloud Director from list – opens a window in which you can confirm deletion of the settings for connecting the Integration Server to this VMware vCloud Director. The VMware vCloud Director Server will be removed from the list of virtual infrastructure administration servers to which the Integration Server connects.
Manage protection of tenant organizations section
This section is used only if the application is operating in multitenancy mode.
In this section, you can do the following:
- Connect the Integration Server to the Kaspersky Security Center Administration Server.
The Integration Server connects to the Kaspersky Security Center Administration Server to receive information about virtual Administration Servers created in Kaspersky Security Center, and to map virtual Administration Servers to vCloud Director organizations that contain virtual machines of tenants.
- View or configure the list of mappings between vCloud Director organizations containing virtual machines of tenants and virtual Administration Servers of Kaspersky Security Center.
A vCloud Director organization must be mapped to a virtual Administration Server so that Kaspersky Security can be used to protect virtual machines that are part of the vCloud Director organization.