Configuring protection of tenant organizations

The actions described in this section must be performed only if you are using the application in multitenancy mode.

To configure protection of tenant organizations, you need to do the following after installing the application:

1. In the Kaspersky Security Center Administration Console, for each tenant whose virtual machines need to be protected, create a virtual Administration Server and account that will be used by the tenant administrator to connect to the virtual Administration Server.
2. In the Kaspersky Security Center Administration Console, create the account that the Integration Server will use to connect to the Kaspersky Security Center Administration Server. This connection is required for obtaining information about virtual Administration Servers created in Kaspersky Security Center, and for configuring mappings between virtual Administration Servers and vCloud Director organizations that contain virtual machines of tenants.
3. In the Integration Server Console, connect the Integration Server to the Kaspersky Security Center Administration Server and configure the list of mappings of vCloud Director organizations to virtual Administration Servers of Kaspersky Security Center.

   If a vCloud Director organization is not mapped to a virtual Administration Server, Kaspersky Security does not protect the virtual machines that are part of this vCloud Director organization.

4. Provide the following information to the tenant administrator:
   • Integration Server address.
   • Address of the virtual Administration Server configured for this tenant.
   • Name and password of the account used to connect to the virtual Administration Server.
5. Make sure that the application is prepared for operation and that policies are configured for the protection of the virtual infrastructure of each tenant:
   • For File Threat Protection, a tenant policy must be configured on each virtual Administration Server of Kaspersky Security Center corresponding to the tenant organization.
   • For Network Threat Protection, there must be a configured main policy whose scope includes the virtual machines of the tenant.

Creating a virtual Administration Server for a tenant

The actions described in this section must be performed only if you are using the application in multitenancy mode.

A virtual Administration Server is required for managing the protection of virtual machines that are part of a vCloud Director organization.

The virtual Administration Server needs to be created in the Administration Servers subfolder within the administration group that contains the "VMware vCloud Director Agentless" cluster. A cluster must correspond to the VMware vCloud Director Server managed by the vCloud Director organization containing the virtual machines of the tenant.

To create a virtual Administration Server of Kaspersky Security Center:

1. In the Kaspersky Security Center Administration Console, in the Managed devices folder, select the administration group containing the "VMware vCloud Director Agentless" cluster and then select the Administration Servers subfolder.
2. In the workspace of the Administration Servers folder, click the Add virtual Administration Server link.

   The New Virtual Administration Server Wizard starts.

3. At the first step of the Wizard, specify the name of the created virtual Administration Server.

   The name of a virtual Administration Server cannot contain more than 255 characters or the following special characters: " * < > ? \ : |.

   Proceed to the next step of the wizard.

4. Please specify the Kaspersky Security Center Administration Server address on which the virtual administration server is created, and proceed to the next step of the Wizard.
5. Specify the account that the tenant administrator will use to connect to the virtual Administration Server. You can specify a previously created account of an internal user of Kaspersky Security Center or create an account by using the Create button.

   Proceed to the next step of the wizard.

6. Start the creation of the virtual Administration Server by clicking Next.
7. At the next step, clear the All packages check box (installation packages are not required for application operation), proceed to the next step, and finish the Wizard.

A node named Administration Server – <Virtual Server name> will be created in the console tree.

For more details about working with virtual Administration Servers, please refer to the Kaspersky Security Center documentation.

Connecting the Integration Server to the Kaspersky Security Center Administration Server

The actions described in this section must be performed only if you are using the application in multitenancy mode.

The Integration Server must be connected to the Kaspersky Security Center Administration Server to receive information about virtual Administration Servers created in Kaspersky Security Center.

To connect the Integration Server to the Kaspersky Security Center Administration Server:

1. Start the Integration Server Console.
2. In the list on the left, select the Manage protection of tenant organizations section.
3. In the Settings for connecting to Kaspersky Security Center section, specify the connection settings:
   • IP address in IPv4 format or fully qualified domain name (FQDN) of the Kaspersky Security Center Administration Server.
   • Name and password of the account used by the Integration Server to connect to the Kaspersky Security Center Administration Server.
4. Click the Connect button. The status of the connection between the Integration Server and the Kaspersky Security Center Administration Server is displayed in the Kaspersky Security Center connection status in the upper part of the window.

After connecting the Integration Server to the Kaspersky Security Center Administration Server, you can map virtual Administration Servers to vCloud Director organizations containing virtual machines of tenants.

If a connection was already established and you want to change the connection settings, you can disconnect the current connection by using the Disconnect button located in the Kaspersky Security Center connection status section and then connect with the new settings.

If the Kaspersky Security Center Administration Server includes one or multiple virtual Administration Servers that are mapped to vCloud Director organizations, a warning is displayed when there is a disconnection attempt. If there is no connection, you cannot set new mappings between virtual Administration Servers and vCloud Director organizations. The previously set mappings are retained.

Configuring a list of mappings of vCloud Director organizations to virtual Administration Servers

The actions described in this section must be performed only if you are using the application in multitenancy mode.

The list of mappings of vCloud Director organizations to virtual Administration Servers is configured in the Integration Server Console. In the list of mappings, you can do the following:

• Map vCloud Director organizations to virtual Kaspersky Security Center Administration Servers.
• View the list of mappings.
• Cancel mapping.

To open the list of mappings of vCloud Director organizations to virtual Administration Servers:

1. Start the Integration Server Console.
2. In the list on the left, select the Manage protection of tenant organizations section and make sure that the Integration Server is connected to the Kaspersky Security Center Administration Server. Connect if a connection is not already established.

   If the Integration Server is not connected to the Kaspersky Security Center Administration Server, you cannot set new mappings between virtual Administration Servers and vCloud Director organizations. Previously set mappings are retained, but you can cancel them.

3. Open the list of mappings of vCloud Director organizations to virtual Administration Servers by using one of the following methods:
   • In the Virtual infrastructure protection section, expand the list of available actions for a VMware vCloud Director Server that manages a vCloud Director organization, and click the Map vCloud Director organizations link. This opens the list of mappings for vCloud Director organizations that are managed by one VMware vCloud Director Server.
   • In the Manage protection of tenant organizations section, click the Open list button located in the vCloud Director organizations to virtual administration Servers mapping list section. This opens the list of mappings for vCloud Director organizations that are managed by all VMware vCloud Director servers.

   The vCloud Director organizations to virtual administration Servers mapping list window opens.

The list of mappings is displayed as a table. Each row of the table contains the following data:

• Virtual Server – name of the virtual Administration Server mapped to an organization from the vCloud Director organization column. If no mapping to a vCloud Director organization is set for this virtual Administration Server, the column displays the value none.
• vCloud Director organization is the name of the vCloud Director organization mapped to the virtual Administration Server from the Virtual Server column. If no mapping to a virtual Administration Server is set for this vCloud Director organization, the column displays the value none.
• VMware vCloud Director – IP address or name of the VMware vCloud Director Server that manages the organization from the vCloud Director organization column. If a vCloud Director organization is not indicated in this row of the table, the column displays the value none.

When viewing the list of mappings, you can use the following capabilities:

• Filter. To apply a filter, you can use the following links located above the table:
  • All – show all rows in the table. This value is selected by default.
  • Mapped – show only rows displaying the name of a vCloud Director organization and the name of the virtual Administration Server that is mapped to it.
  • Not mapped – show only rows displaying the name of a vCloud Director organization or the name of a virtual Administration Server that is not mapped.
• Search any column of the table. You can enter a search criterion in the search bar located above the table to find a vCloud Director organization, virtual Administration Server, or VMware vCloud Director Server. The search starts as you enter characters. The table displays all rows that contain a value that satisfies the search criteria. To reset the search results, delete the contents of the search field.

Mapping a vCloud Director organization to a virtual Administration Server

The actions described in this section must be performed only if you are using the application in multitenancy mode.

To map a vCloud Director organization to a virtual Administration Server:

1. Start the Integration Server Console.
2. Select the Manage protection of tenant organizations section and make sure that the Integration Server is connected to the Kaspersky Security Center Administration Server. Connect if a connection is not already established.
3. Open the list of mappings of vCloud Director organizations to virtual Administration Servers.
4. Do one of the following:
   • If you want to set mapping for a vCloud Director organization, in the table find the row that contains the name of the vCloud Director organization, and click the link located in the Virtual Server column. The Select a virtual Administration Server window opens. The window displays a list of all virtual Administration Servers that have not yet been mapped to a vCloud Director organization.
   • If you want to set mapping for a virtual Administration Server, in the table find the link that contains the name of the virtual Administration Server, and click the link located in the vCloud Director organization column. The Select a vCloud Director organization window opens. The window displays a list of all vCloud Director organizations that have not yet been mapped to a virtual Administration Server. The list of vCloud Director organizations is grouped by VMware vCloud Director servers.

   To search for the relevant row in the table, you can use the filter or search bar.

5. In the opened window, select the virtual Administration Server or vCloud Director organization and click OK.

   The selection window closes, the new mapping appears in the vCloud Director organizations to virtual administration Servers mapping list window.

Page top

Unmapping a vCloud Director organization from a virtual Administration Server

The actions described in this section must be performed only if you are using the application in multitenancy mode.

If a vCloud Director organization was removed from VMware vCloud Director or if the virtual machines that are part of a vCloud Director organization no longer need to be protected, you can cancel a previously set mapping between a vCloud Director organization and a virtual Administration Server.

To cancel mapping between a vCloud Director organization and a virtual Administration Server:

1. Start the Integration Server Console.
2. Open the list of mappings of vCloud Director organizations to virtual Administration Servers.
3. In the table, find the row containing the vCloud Director organization and virtual Administration Server whose mapping you want to cancel.

   To search for the relevant row in the table, you can use the filter or search bar.

4. Click the icon located in the row, and confirm the unmapping in the opened window.
5. Close the vCloud Director organizations to virtual administration Servers mapping list window.

If a vCloud Director organization is not mapped to a virtual Administration Server, Kaspersky Security does not protect the virtual machines that are part of this vCloud Director organization.

Page top