Appendix. Brief instructions on installing the application

Prior to beginning installation of the application, make sure that:

1. All the software and hardware requirements of Kaspersky Security have been fulfilled.
2. The VMware virtual infrastructure is prepared for installation of Kaspersky Security:
   1. VMware ESXi hypervisors have been combined into one or multiple VMware clusters.
   2. A network and storage for service virtual machines and SVMs have been selected on each hypervisor (Agent VM Settings; for more details, please refer to the VMware product documentation).
   3. The Guest Introspection service has been deployed on each VMware cluster on which SVMs with the File Threat Protection component will be deployed.
   4. VMware NSX components have been installed on each VMware cluster on which SVMs with the Network Threat Protection component will be deployed. Refer to the Knowledge Base for more details.
   5. Guest Introspection Thin Agent has been installed on each virtual machine that you want to protect using Kaspersky Security. For more details please refer to documentation attached to VMware products.
   6. A license for NSX for vSphere Advanced or NSX for vSphere Enterprise is being used for VMware NSX for vSphere (if you are planning to install the Network Threat Protection component).
3. All SVM image files have been downloaded from the Kaspersky website and are located in the same folder on a network resource that is accessible over the HTTP or HTTPS protocol. For example, SVM images have been published on the Kaspersky Security Center Web Server.
4. The ports required for operation of the application have been opened and the accounts that are required for installation and operation of the application have been created.

Prior to beginning installation of Kaspersky Security, it is recommended to close the Kaspersky Security Center Administration Console.

To install the application:

1. Install the Kaspersky Security main administration plug-in and Integration Server.
2. If you want to use the application in multitenancy mode, install the Kaspersky Security administration plug-in for tenants.

   When the Kaspersky Security Center Administration Console starts for the first time after the Kaspersky Security administration plug-ins are installed, the Quick Start Wizard for the managed application is automatically started. The Wizard lets you create default policies and tasks. If the Quick Start Wizard for the managed application was not started automatically, it is recommended to start it manually.

3. Start the Integration Server Console and configure the settings for connecting the Integration Server to one or more virtual infrastructure administration servers.
4. In the Integration Server Console, use the Wizard to register Kaspersky Security services in VMware NSX Manager.
5. In the VMware vSphere Web Client console, deploy SVMs with the File Threat Protection component and SVMs with the Network Threat Detection component on VMware ESXi hypervisors.
6. In the VMware vSphere Web Client console, configure NSX Security Groups and NSX Security Policies and apply the security policies to NSX Security Groups.

If you want to use the application in multitenancy mode, configure protection of tenant organizations:

1. In the Kaspersky Security Center Administration Console, for each tenant whose virtual machines need to be protected, create a virtual Administration Server and account that will be used by the tenant administrator to connect to the virtual Administration Server.
2. In the Kaspersky Security Center Administration Console, create the account that the Integration Server will use to connect to the Kaspersky Security Center Administration Server. This connection is required for obtaining information about virtual Administration Servers created in Kaspersky Security Center, and for configuring mappings between virtual Administration Servers and vCloud Director organizations that contain virtual machines of tenants.
3. In the Integration Server Console, connect the Integration Server to the Kaspersky Security Center Administration Server and configure the list of mappings of vCloud Director organizations to virtual Administration Servers of Kaspersky Security Center.
4. Provide the following information to the tenant administrator: address of the Integration Server, address of the virtual Administration Server configured for this tenant, name and password of the account used to connect to the virtual Administration Server.

After the application is installed, prepare the application for operation and perform initial configuration:

1. Activate the application on all new SVMs and make sure that the application databases have been updated on all new SVMs.
2. Enable protection of virtual machines against file threats and network threats. By default, Kaspersky Security does not protect virtual machines.