Configuring the Integration Server

After installing the Integration Server, you must configure the settings for connecting the Integration Server to the virtual infrastructure.

The settings of the Integration Server can be configured in the Integration Server Console.

Starting the Integration Server Console

If the computer hosting the Integration Server Console belongs to an Active Directory domain, make sure that your domain account belongs to the KLAdmins group or the group of local administrators on the computer where the Integration Server is installed.

To install the Integration Server Console:

1. In the Kaspersky Security Center Administration Console, select the Administration Server node.
2. Start the Integration Server Console by clicking the Manage Kaspersky Security for Virtualization 6.0 Agentless link on the Monitoring tab in the Deployment section.
3. If one of the following conditions is satisfied, a window opens for entering the Integration Server connection settings:
   • If the computer hosting the Integration Server Console does not belong to an Active Directory domain.
   • If the computer hosting the Integration Server Console belongs to a domain but a connection to the Integration Server could not be established using the connection address and port specified in the Integration Server Console settings.

   Specify the following connection settings:

   • Address and port of the Integration Server to which the connection is established.
   • User account for connecting to the Integration Server:
     • If the computer hosting the Integration Server Console belongs to a domain or your domain account belongs to the KLAdmins group or to the group of local administrators on the computer hosting the Integration Server, you can use the domain account. To do so, select the Use domain account check box.

       If you want to use the account of an Integration Server administrator (admin), enter the administrator account password in the Password field.

     • If the computer hosting the Integration Server Console does not belong to a domain, or the computer belongs to a domain but your domain account does not belong to the KLAdmins group or to the group of local administrators on the computer hosting the Integration Server, you can use only the account of the Integration Server administrator (admin). Enter the password of the Integration Server administrator account in the Password field.

   Click the Connect button.

4. The console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Certificate verification window with the appropriate message opens. Click a link in this window to view the details of the certificate received. The SSL certificate is used to establish a secure connection to the Integration Server. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.

   To continue connecting to the Integration Server, click the Consider certificate to be trusted button in the Certificate verification window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the computer hosting the Integration Server Console.

The Integration Server Console opens.

Configuring the settings for connecting the Integration Server to the virtual infrastructure administration server

Depending on the virtual infrastructure that you want to protect using Kaspersky Security, you need to configure a connection to the following virtual infrastructure administration servers:

• To protect a virtual infrastructure managed by one or multiple VMware vCenter Servers, you need to configure the connection of the Integration Server to each of these VMware vCenter Servers.
• To protect a virtual infrastructure managed by VMware vCenter Servers connected to the VMware vCloud Director Server, you need to configure connection of the Integration Server to each of these VMware vCenter Servers, and to the VMware vCloud Director Server.

The connection to each virtual infrastructure administration server is established separately.

In an infrastructure managed by VMware vCloud Director, you can connect the Integration Server to VMware vCenter Servers and VMware vCloud Director Servers in any order. The Integration Server automatically determines whether each added VMware vCenter Server is a standalone server or if it is connected to a VMware vCloud Director Server.

To configure the settings for connecting the Integration Server to the virtual infrastructure administration server:

1. Start the Integration Server Console.
2. In the Virtual infrastructure protection section, click the Add button.
3. In the opened Connection to virtual infrastructure window, select the type of virtual infrastructure administration server to which you need to configure a connection, and click Next.
4. Specify the following settings:
   • IP address in IPv4 format or fully qualified domain name (FQDN) of the virtual infrastructure administration server to which the Integration Server connects.
   • Name and password of the account that the Integration Server uses to connect to the virtual infrastructure administration server.

   The entered connection settings (except the password) are saved in the registry of the operating system in encrypted form.

5. Click the Validate button. The Integration Server checks the specified connection settings and the SSL certificate received from the virtual infrastructure administration server. If a connection could not be established or certificate errors are detected during the connection, the window displays an error message.

   If a connection error occurs because the certificate received from the virtual infrastructure administration server is not trusted for the Integration Server, the Certificate validation window opens. If the received certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and establish the connection. To do so, click the Install certificate button in the opened window. The received certificate is saved as a trusted certificate for the Integration Server.

   Certificates that are trusted in the operating system in which the Integration Server is installed are also considered to be trusted for the Integration Server.

   If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.

6. After establishing a connection with the virtual infrastructure administration server, click OK in the Connection to virtual infrastructure window.

   The entered address or name of the virtual infrastructure administration server is displayed in the table in the Virtual infrastructure protection section.

   If you configured a connection to the VMware vCloud Director Server and to the VMware vCenter Servers connected to it, the rows containing information about these VMware vCenter Servers are automatically grouped into a list located above the row of this VMware vCloud Director.

For each virtual infrastructure administration server, the table displays a list of actions that you can perform when configuring a connection to this server and for subsequent deployment of virtual infrastructure protection. You can expand or collapse the list of possible actions by clicking on the address or name of the virtual infrastructure administration server in the Address column.

If necessary, you can change or delete previously enter settings for connecting the Integration Server to the virtual infrastructure administration server.

To change the settings for connecting the Integration Server to the virtual infrastructure administration server:

1. Expand the list of possible actions for the selected virtual infrastructure administration server by clicking on the address or name of the virtual infrastructure administration server in the Address column.
2. Depending on the type of virtual infrastructure administration server, select Change VMware vCenter Server connection settings or Change VMware vCloud Director connection settings. The Connection to virtual infrastructure window opens.
3. Enter the new connection settings and verify the capability to connect, as described in the procedure for configuring the settings for connecting the Integration Server to the virtual infrastructure administration server (see items 4–6 of the previous instructions).

To delete the settings for connecting the Integration Server to the virtual infrastructure administration server:

1. Expand the list of possible actions for the selected virtual infrastructure administration server by clicking on the address or name of the virtual infrastructure administration server in the Address column.
2. Depending on the type of virtual infrastructure administration server, select Remove VMware vCenter Server from list or Remove VMware vCloud Director from list.
3. Confirm the deletion in the window that opens.

   In an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, removal of a VMware vCenter Server from the list is possible only if Kaspersky Security services are not registered in VMware NSX Manager.

After configuring the connection between the Integration Server and one or several VMware vCenter Servers, you can proceed to deploying protection in the VMware virtual infrastructure.

Changing passwords of Integration Server accounts

If necessary, in the Integration Server user accounts section you can change passwords for Integration Server user accounts:

• Password of the Integration Server administrator account (admin).
• Password of the account used for connecting SVMs to the Integration Server (svm).

  Svm account password is required in order to configure the connection between the SVM with the File Threat Protection component and the Integration Server that will support interaction between the VMware vCenter Server and the SVM.

• Account password for interaction between VMware NSX Manager and the Integration Server (NSX_220E116B-B6D5-42).

Account names cannot be edited.

To change the password of the Integration Server account:

1. Start the Integration Server Console.
2. In the list on the left, select the Integration Server user accounts section.
3. In the table, select the name of the account whose password you want to change.
4. Click the Change the account password link to open the Account password window and enter the new password in the Password and Confirm password fields.

   A password must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

5. In the Account password window, click OK.

Viewing Integration Server settings

To view Integration Server settings:

1. Start the Integration Server Console.
2. In the list on the left, select the Integration Server settings section.

The right part of the Console shows the following settings of the Integration Server to which the connection has been established:

• Integration Server version.
• Name of the user account that was used to establish the connection to the Integration Server.
• Type of authentication used when connecting to the Integration Server.
• New IP address in IPv4 format or the fully qualified domain name (FQDN) of the Integration Server.

If you enabled the logging of information to the Integration Server trace file, you can view this file by clicking the View trace file link. The trace file can be viewed with the Notepad text editor.