Deploying protection of the virtual infrastructure of a tenant organization

Deploying protection for the virtual infrastructure of a tenant organization consists of the following steps:

1. Installation and configuration of all Kaspersky Security components in the virtual infrastructure of the anti-virus protection provider. All actions at this step are performed by the provider's administrator.
2. Installation of the Kaspersky Security Center Administration Console on the tenant organization administrator's workstation. You can use the Kaspersky Security Center Administration Console to manage the file protection settings and the settings for scanning your virtual machines, and receive information about events that occur during the protection of your virtual infrastructure. For details on installing the Administration Console, please refer to the Kaspersky Security Center documentation.
3. Installation of the Kaspersky Security administration plug-in for tenants on the tenant organization administrator's workstation.
4. Connection to the virtual Administration Server of Kaspersky Security Center. You need to start the Kaspersky Security Center Administration Console and specify the settings for connecting to the virtual Administration Server given by the provider: address, user name, and account password.
5. Configuration of virtual machine file threat protection using a policy.

   You can also create and configure scan tasks to periodically scan files of virtual machines using new anti-virus databases.

Installation of the Kaspersky Security administration plug-in for tenants

Prior to beginning installation of the Kaspersky Security administration plug-in for tenants, it is recommended to close the Kaspersky Security Center Administration Console.

The administration plug-in for tenants should be installed using an account that has software installation privileges (for example, an account from the group of local administrators).

The Kaspersky Security administration plug-in for tenants must be installed on the same computer on which the Kaspersky Security Center Administration Console is installed.

To install the Kaspersky Security administration plug-in for tenants:

1. On the computer where the Kaspersky Security Center Administration Console is installed, start the file named ksv-t-components_6.0.0.XXX_mlg.exe (6.0.0.ХХХ represents the application version number).

   The Installation Wizard starts for the Kaspersky Security administration plug-in for tenants.

2. Select the localization language of the Wizard and the Kaspersky Security administration plug-in for tenants and proceed to the next step of the Wizard.

   By default, the window uses the localization language of the operating system installed on the computer where the Wizard was started.

3. Read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.

   To continue the installation, you must confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy. To confirm, select both check boxes in the window of the Wizard.

   Proceed to the next step of the wizard.

4. Review the information about the actions that the Wizard will perform and click Next to begin performing the listed actions.
5. Wait for the wizard to finish.

   If an error occurs during wizard operation, the wizard rolls back the changes made.

6. Click Finish to close the Wizard window.

Page top

Creating a policy

To create a tenant policy:

1. In the Kaspersky Security Center Administration Console, select the Managed devices folder.
2. In the workspace, select the Policies tab and click the New policy button.

   The New Policy Wizard starts.

3. At the first step of the Wizard, select Kaspersky Security for Virtualization 6.0 Agentless (for tenants) from the list and proceed to the next step of the Wizard.
4. Enter the name of the new policy and proceed to the next step of the wizard.
5. Specify the Integration Server address and proceed to the next step of the Wizard.

   The Wizard establishes a connection to the Integration Server to receive information about the VMware virtual infrastructure.

   The wizard checks the SSL certificate received from the Integration Server. If the received certificate contains an error, the Certificate verification window containing the error message opens. The SSL certificate is used to establish a secure connection to the Integration Server. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To view information on the received certificate, click the View the received certificate button in the window containing the error message. You can install the certificate you received as a trusted certificate to avoid receiving a certificate error message at the next connection to the Integration Server. To do so, select the Install received certificate and stop showing warnings for <Integration Server address> check box.

   To continue connecting, click the Continue button in the Certificate verification window. If you selected the Install received certificate and stop showing warnings for <Integration Server address> check box, the received certificate is saved in the operating system registry on the computer where the Kaspersky Security Center Administration Console is installed. The application also checks the previously installed trusted certificate for the Integration Server. If the received certificate does not match the previously installed certificate, a window opens to confirm replacement of the previously installed certificate. To replace the previously installed certificate with the certificate received from the Integration Server and continue connecting, click the Yes button in this window.

6. At this step, you can change the default settings of the main protection profile.

   The main protection profile is assigned by default to all virtual machines within the protected infrastructure.

   Proceed to the next step of the wizard.

7. Decide on whether or not to participate in Kaspersky Security Network. To do so, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
   • If you want the application to use KSN in its operations and you agree to all the terms of the Statement, select I have read, understand, and accept the terms of this Kaspersky Security Network Statement.
   • If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option and confirm your decision in the window that opens.

   You will be able to change your decision later if necessary.

   KSN usage settings (KSN mode and type) are determined by the provider's policy whose scope includes the virtual machines of the tenant.

   Proceed to the next step of the wizard.

8. Exit the Policy Wizard.

The created policy is displayed in the list of policies in the Managed devices folder on the Policies tab.

If you want to configure different file protection settings for different virtual machines within the protected infrastructure, you need to create and assign additional protection profiles in the policy properties.