Kaspersky Security for Virtualization 6.0 Agentless
6.0
English

Contents

About Kaspersky Security tasks

It is recommended to use the following types of tasks for managing Kaspersky Security through Kaspersky Security Center:

  • Group task – a task that is performed on the client devices of the selected administration group. For Kaspersky Security, group tasks can be run on SVMs of one KSC cluster or on all SVMs.
  • Global task. A task for one or more SVMs regardless of whether or not they are included in an administration group.

For more information about managing tasks, see Kaspersky Security Center manuals.

The following tasks are available for Kaspersky Security:

  • Full and Custom Scan tasks, which let you scan all or just the specified virtual machines within the task scope.
  • Service tasks, which let you activate the application, update the application databases, roll back updates, and install application patches.
Page top
[Topic 60077]

Full Scan task

The Full Scan task lets you run a virus scan on the files of all virtual machines within the task scope. The scope of a task depends on where the task is located within the hierarchy of administration groups of Kaspersky Security Center, and depends on the Kaspersky Security administration plug-in that you use to create the task.

You can create Full Scan tasks by using one of the Kaspersky Security administration plug-ins:

  • Main administration plug-in – to scan virtual machines that are not part of a vCloud Director organization.
  • Administration plug-in for tenants – to scan virtual machines that are part of a vCloud Director organization, which means to scan virtual machines of tenants.

Full Scan task created using the main administration plug-in

If you are creating a Full Scan task using the Kaspersky Security main administration plug-in, the task scope is determined as follows:

  • This task in the Managed devices folder of the main Administration Server of Kaspersky Security Center lets you scan all virtual machines within the entire protected infrastructure that are not part of a vCloud Director organization.
  • This task in a group that contains a KSC cluster lets you scan all virtual machines within the protected infrastructure of this KSC cluster that are not part of a vCloud Director organization.
  • The task in the Tasks folder configured for one or more SVMs lets you scan all virtual machines that are protected by the specified SVMs but that are not part of a vCloud Director organization.

    An SVM can scan only the virtual machines running on the same hypervisor where the SVM is deployed.

Full Scan task created using the administration plug-in for tenants

Creation of a Full Scan task for virtual machines of tenants is supported only on a virtual Administration Server of Kaspersky Security Center. You can create a Full Scan task using the Kaspersky Security administration plug-in for tenants in the Managed devices folder of the virtual Administration Server. The scope of this task includes all virtual machines within the vCloud Director organization that corresponds to this virtual Administration Server.

Page top
[Topic 187399]

Custom Scan task

The Custom Scan task lets you run a virus scan on files of specified virtual machines from the task scope. The scope of a task depends on where the task is located within the hierarchy of administration groups of Kaspersky Security Center, and depends on the Kaspersky Security administration plug-in that you use to create the task.

You can create Custom Scan tasks by using one of the Kaspersky Security administration plug-ins:

  • Main administration plug-in – to scan virtual machines that are not part of a vCloud Director organization.
  • Administration plug-in for tenants – to scan virtual machines that are part of a vCloud Director organization, which means to scan virtual machines of tenants.

Custom Scan task created using the main administration plug-in

A Custom Scan task created using the main administration plug-in lets you scan virtual machines that are managed by one VMware vCenter Server and are not part of a vCloud Director organization.

It is recommended to create Custom Scan tasks by using the main administration plug-in in the following administration groups:

  • If you want to scan virtual machines that are managed by a standalone VMware vCenter Server, you need to create a task in the group that contains the VMware vCenter Agentless cluster corresponding to this VMware vCenter Server and indicate this VMware vCenter Server as the task scope.
  • If you want to scan virtual machines managed by a VMware vCenter Server connected to VMware vCloud Director, you need to create a task in the group that contains the "VMware vCloud Director Agentless" cluster corresponding to VMware vCloud Director, and indicate the necessary VMware vCenter Server as the task scope. You need to create a separate Custom Scan task for each VMware vCenter Server connected to VMware vCloud Director.

In the selected scope, you need to indicate the virtual machines that need to be scanned. You can specify individual virtual machines, VMware virtual infrastructure objects of a higher level of the hierarchy, or NSX Security Groups that include the relevant virtual machines.

Due to the specifics of configuring the scope of a Custom Scan task, it is recommended to create a Custom Scan task only in the specified administration groups, which means group tasks. If a Custom Scan task is configured for one or more SVMs (meaning a local or global task), correct configuration of the task scope cannot be guaranteed.

Custom Scan task created using the administration plug-in for tenants

Creation of a Custom Scan task for virtual machines of tenants is supported only on a virtual Administration Server of Kaspersky Security Center. You can create a Custom Scan task using the Kaspersky Security administration plug-in for tenants in the Managed devices folder of the virtual Administration Server. The scope of this task includes all virtual machines within the vCloud Director organization that corresponds to this virtual Administration Server. In this scope, you need to indicate the virtual machines that need to be scanned. You can specify individual virtual machines or VMware virtual infrastructure objects of a higher level of the hierarchy.

Page top
[Topic 187400]

Service tasks

You can use the following service tasks to manage the application:

  • Update. This task installs updates for application databases on the SVMs on which the task is run.
  • Rollback. This task rolls back the last update of application databases on the SVMs on which the task is run.
  • Application activation. As a result of this task, a license key for activating the application or for renewing the license term is added to SVMs on which the task is run.
  • Automatic installation of patches. This task installs application patches on the SVMs on which the task is run.

You can create service tasks using the Kaspersky Security main administration plug-in on the main Administration Server.

The set of SVMs on which service tasks are run depends on the task's location within the hierarchy of Kaspersky Security Center administration groups:

  • A task in the Managed devices folder is run on all SVMs.
  • A task in a group that contains a KSC cluster is run on all SVMs of one KSC cluster.
  • A task in the Tasks folder configured for one or more SVMs is run on the specified SVMs.
Page top
[Topic 187401]