About Kaspersky Security for Virtualization 6.0 Agentless

Kaspersky Security for Virtualization 6.0 Agentless (hereinafter also "Kaspersky Security") is an integrated solution that protects virtual machines on a VMware ESXi hypervisor against viruses and other malware, as well as network threats.

Kaspersky Security lets you protect virtual machines running Windows guest operating systems, including those running server operating systems, and virtual machines running Linux guest operating systems.

Kaspersky Security lets you configure the protection of virtual machines at any level of the hierarchy of VMware virtual infrastructure objects: VMware vCenter server, Datacenter object, VMware cluster, resource pool, vApp object, and virtual machine. The application supports the protection of virtual machines during their migration within a VMware DRS cluster.

In an infrastructure managed by a VMware vCloud Director server, Kaspersky Security can be used to protect isolated virtual infrastructures, such as virtual Datacenters corresponding to vCloud Director organizations. One instance of Kaspersky Security in multitenancy mode allows multiple tenants of a cloud infrastructure (tenant organizations or divisions of one organization) to independently manage the protection of their own virtual infrastructure.

Kaspersky Security includes the following components:

• File Threat Protection. Protects the file system objects of a virtual machine against infection. The component is launched at the startup of Kaspersky Security. It protects virtual machines and scans the file system of virtual machines.
• Network Threat Protection. This component lets you detect and block activity that is typical of network attacks and other suspicious network activity, and lets you scan web addressed requested by a user or application, and block access to web addresses if a threat is detected.
• Integration Server. The component facilitates interaction between Kaspersky Security components and a VMware virtual infrastructure.

Kaspersky Security features:

• Protection. Kaspersky Security scans all files that the user or an application opens, saves, or launches on a virtual machine.
  • If the file is free of malware, Kaspersky Security will grant access to the file.
  • If malware is detected in the file, Kaspersky Security will perform the action that is specified in its settings. For example, it will delete the file or block access to the file.

  Kaspersky Security protects only powered-on virtual machines that meet all the conditions for virtual machine protection.

• Scan. The application lets you perform a virus scan on files of virtual machines. Virtual machine files must be scanned regularly with new anti-virus databases to prevent the spread of malicious objects. You can perform an on-demand scan or specify a scan schedule.

  Kaspersky Security scans only virtual machines that meet all the conditions for scanning virtual machines. Kaspersky Security can scan virtual machine templates and powered-off virtual machines that have the following file systems: NTFS, FAT32, EXT2, EXT3, EXT4, XFS, BTRFS.

• Intrusion Prevention. Kaspersky Security lets you analyze network traffic of protected virtual machines and detect network attacks and suspicious network activity that may be a sign of an intrusion into the protected infrastructure. When it detects an attempted network attack on a virtual machine or suspicious network activity, Kaspersky Security can terminate the connection and block traffic from the IP address from which the network attack or suspicious network activity originated.
• Web addresses scan. Kaspersky Security lets you scan web addresses that are requested over the HTTP protocol by a user or application installed on the virtual machine. If Kaspersky Security detects a web address from one of the web address categories selected for detection, the application can block access to the web address. By default, Kaspersky Security scans web addresses to check if they are malicious, phishing, or advertising web addresses.
• Storing backup copies of files. The application allows storing backup copies of files that have been deleted or modified during disinfection. Backup copies of files are stored in Backup in a special format and pose no danger. If a disinfected file contained information that is partly or completely inaccessible after disinfection, you can attempt to save the file from its backup copy.
• Application database update. Downloading updated application databases ensures up-to-date protection of the virtual machine against viruses and other malware. You can manually run an application database update or set a schedule for updating application databases.

Kaspersky Security is administered by Kaspersky Security Center, the remote centralized Kaspersky application administration system. You can use Kaspersky Security Center to:

• Configure the application settings
• Administer the application:
  • Manage virtual machine protection by using policies
  • Manage scan tasks
  • Manage license keys for the application
• Update application databases
• Work with backup copies of files in Backup
• Generate application event reports

Kaspersky Security sends the Kaspersky Security Center Administration Server information about all events that occur during anti-virus protection and scanning of virtual machines, as well as information about events that occur when preventing intrusions and scanning web addresses.

Update functionality (including antivirus signature updates and codebase updates) and KSN functionality may not be available in the program in the United States.

Distribution kit

For information about purchasing the application, please visit the Kaspersky website at http://www.kaspersky.com or contact our partners.

The distribution kit contains the files necessary for installing application components, including:

• File for starting the Wizard for installing Kaspersky Security components (the Kaspersky Security administration plug-in, Integration Server, and Integration Server Console).
• File for starting the Wizard for installing the Kaspersky Security administration plug-in for tenants (this plug-in is required if you are using the application in multitenancy mode).
• SVM (secure virtual machine) images with installed Kaspersky Security components.
• MIB files that you can use to receive SVM status information with the aid of the SNMP Monitoring system.
• File containing the text of the End User License Agreement detailing the terms on which you may use the application, and the text of the Privacy Policy describing the handling and transmission of data.

The contents of the distribution kit can vary from region to region.

Information required to activate the application is forwarded by email after payment.

Hardware and software requirements

Requirements for Kaspersky Security Center components

For Kaspersky Security to operate in an organization's local network, one of the following versions of Kaspersky Security Center must be installed:

• Kaspersky Security Center 13.1.
• Kaspersky Security Center 12.
• Kaspersky Security Center 11.

  When using Kaspersky Security Center 11, 12 or 13.1, Kaspersky Security can protect a virtual infrastructure managed by VMware vCloud Director (in a multitenancy mode) or a virtual infrastructure managed by one or more VMware vCenter Servers (multitenancy mode is not being used).

• Kaspersky Security Center 10 Service Pack 3.

  When using Kaspersky Security Center 10 Service Pack 3, Kaspersky Security can protect a virtual infrastructure managed by one or more VMware vCenter Servers (multitenanсy mode is not being used).

If you want to use Kaspersky Security in a multitenanсy mode, you need to install Kaspersky Security Center 11, 12 or 13.1.

The following Kaspersky Security Center components are required in order for the application to work:

• Administration Server.
• Administration Console.
• Network Agent. This component is included in Kaspersky Security SVM images.

For Kaspersky Security Center installation instructions, see the Kaspersky Security Center documentation.

The operating system on which Kaspersky Security Center is installed must be compatible with the Integration Server component.

Software requirements for the Integration Server component

The computer must have one of the following operating systems to support installation and operation of the Integration Server component:

• Windows Server 2019
• Windows Server 2016
• Windows Server 2012 R2 Datacenter / Standard / Essentials

The Microsoft .NET Framework 4.6.1 platform is required for installation of the Integration Server, Integration Server Console, and Kaspersky Security administration plug-in.

Software requirements for the File Threat Protection component

For the File Threat Protection component to work properly, the virtual infrastructure must meet the following software requirements:

• Option 1:
  • VMware ESXi 6.7 hypervisor Update 3, VMware ESXi 6.5 hypervisor Update 3a or VMware ESXi 6.0 hypervisor Update 3a
  • VMware vCenter Server 6.7 Update 3, VMware vCenter Server 6.5 Update 3 or VMware vCenter Server 6.0 Update 3j
  • VMware NSX for vSphere 6.4.6
• Option 2:
  • VMware ESXi 6.5 hypervisor Update 3a or VMware ESXi 6.0 hypervisor Update 3a
  • VMware vCenter Server 6.5 Update 3 or VMware vCenter Server 6.0 Update 3j
  • VMware NSX for vSphere 6.3.7

The File Threat Protection component ensures protection of virtual machines that have the following guest operating systems installed:

• Windows desktop operating systems:
  • Windows 10
  • Windows 8.1
  • Windows 8
  • Windows 7 Service Pack 1
• Windows server operating systems:
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2 without ReFS (Resilient File System) support
  • Windows Server 2012 without ReFS (Resilient File System) support
  • Windows Server 2008 R2 Service Pack 1

  On protected virtual machines running Windows operating systems, one of the following file systems must be used: FAT, FAT32, NTFS, ISO9660, UDF, CIFS.

• Linux server operating systems:
  • Ubuntu Server 14.04 LTS (64-bit)
  • Red Hat Enterprise Linux Server 7 GA (64-bit)
  • SUSE Linux Enterprise Server 12 GA (64-bit)
  • CentOS 7 (64-bit)

  On protected virtual machines running Linux operating systems, one of the following file systems must be used:

  • Local file systems: EXT2, EXT3, EXT4, XFS, BTRFS, VFAT, ISO9660.
  • Network file systems: NFS, CIFS.

To protect virtual machines against file threats on virtual machines, you must install the Guest Introspection driver (NSX File Introspection Driver).

To do so, you must install VMware Tools kit version 11.0.1 on virtual machines running a Windows operating system. When installing the VMware Tools package, you need to install the NSX File Introspection Driver component that is included in the package. The NSX File Introspection Driver component is not installed by default.

Special packages are provided for installation of the NSX File Introspection Driver component on virtual machines running a Linux operating system.

For information on the installation and update of VMware components, please refer to the VMware product documentation.

Software requirements for the Network Threat Protection component

For the Network Threat Protection component to work properly, the VMware virtual infrastructure must meet the following software requirements:

• Option 1:
  • VMware ESXi 6.7 hypervisor Update 3, VMware ESXi 6.5 hypervisor Update 3a or VMware ESXi 6.0 hypervisor Update 3a
  • VMware vCenter Server 6.7 Update 3, VMware vCenter Server 6.5 Update 3 or VMware vCenter Server 6.0 Update 3j
  • VMware NSX for vSphere 6.4.6
• Option 2:
  • VMware ESXi 6.5 hypervisor Update 3a or VMware ESXi 6.0 hypervisor Update 3a
  • VMware vCenter Server 6.5 Update 3 or VMware vCenter Server 6.0 Update 3j
  • VMware NSX for vSphere 6.3.7

The requirements of a guest operating system of the protected virtual machine match the requirements imposed by the File Threat Protection component.

You must install VMware Tools kit version 11.0.1 or open-vm-tools to protect virtual machines from network threats.

A current license for NSX for vSphere Advanced or NSX for vSphere Enterprise is required in order for the Network Threat Protection component to work.

The Network Threat Protection component protects only those virtual machines that use the E1000 or VMXNET3 network adapter.

Software requirements for operation in the multitenancy mode

VMware vCloud Director 9.7.0.3 for Service Providers component must be installed in the virtual infrastructure for application to operate in multitenancy mode.

Hardware requirements

The application distribution kit includes several SVM (secure virtual machine) images with the File Threat Protection component installed and several SVM images with the Network Threat Protection component installed. You can use these images to deploy SVMs with the necessary configuration.

Depending on the selected configuration for an SVM with the File Threat Protection component, the following minimum system resources are required:

Depending on the selected configuration for an SVM with the Network Threat Protection component, the following minimum system resources are required:

The computer must meet the following minimum hardware requirements to support installation and operation of the Integration Server:

• 3 GB of available disk space
• Available RAM:
  • For operation of the Integration Server Console – 50 MB.
  • For operation of the Integration Server that serves no more than 30 hypervisors and 2,000 to 2,500 protected virtual machines – 300 MB. RAM size may change depending on the size of the VMware virtual infrastructure.

For the hardware requirements of Kaspersky Security Center, please refer to the Kaspersky Security Center documentation.

See the VMware product documentation for hardware requirements for the VMware virtual infrastructure.

For hardware requirements for the Windows operating system, see Windows product documentation.