Configuring Administration Server settings for connecting mobile devices

Before connecting mobile devices to Kaspersky Security Center Web Console, you must define the connection settings in the Administration Server properties.

To configure Administration Server settings for connecting mobile devices:

1. In the main window of Kaspersky Security Center Web Console, click the settings icon () next to the name of the Administration Server.
2. In the Administration Server properties window that opens, configure the Administration Server port that will be used by mobile devices:
   1. In the General tab, select the Additional ports section.
   2. Enable the Open port for mobile devices toggle button.

      If this option is enabled, the port for mobile devices will be open on the Administration Server.

   3. In the Port for mobile device synchronization field, specify the port through which mobile devices will connect to the Administration Server.

      Port 13292 is used by default.

      If the Open port for mobile devices toggle button is off or an incorrect connection port is specified, mobile devices will not be able to connect to the Administration Server.

3. If necessary, edit the certificate that will be used by mobile devices to connect to the Administration Server.

   By default, Administration Server uses the certificate created after the port for mobile devices is opened. You can reissue or replace the certificate issued through the Administration Server with another certificate.

   To edit the certificate:

   1. In the General tab, select the Certificates section.
   2. Define the required settings.

      For more details on working with certificates in Kaspersky Security Center Linux, refer to the Kaspersky Security Center Help.

4. Click Save to save the changes you have made and exit the Administration Server properties window.

The mobile device connection settings are configured.

Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console

This scenario describes how to configure a connection gateway to connect mobile devices to Kaspersky Security Center Administration Server.

Requirements

For a connection gateway to work correctly with mobile devices, the following requirements must be met:

• Port 13292 must be open on the host with the connection gateway.
• Port 13000 must be open between the connection gateway and Kaspersky Security Center. It does not need to be open outside the DMZ.
• The host must have a static address accessible from the internet.

Stages

The configuration proceeds in the following steps:

1. Installing Network Agent in the connection gateway role on a host

   First, you need to install Network Agent on the selected host device acting in the gateway connection role.

   For information about generating a Network Agent installation package, refer to the Kaspersky Security Center Help.

   You can install Network Agent in interactive mode by specifying installation parameters step by step. Alternatively, you can use an answer file—a text file that contains a custom set of installation parameters: variables and their respective values. Using this answer file allows you to run an installation in silent mode, that is, without user participation. For information on installing Network Agent in silent mode, refer to the Kaspersky Security Center Help.

2. Configuring the connection gateway on Kaspersky Security Center Administration Server

   Once you have installed Network Agent in the connection gateway role, you must connect it to Administration Server. Administration Server does not yet list the device with the connection gateway among the managed devices because the connection gateway has not tried to connect to Administration Server.

   You must create a new group under the Managed Devices group and add the device acting as a connection gateway to the group that you have created. For information on manually adding devices to groups in Kaspersky Security Center Web Console, refer to the Kaspersky Security Center Help.

   After that, assign the device as a distribution point and configure the distribution point to act as a connection gateway in the Connection gateway section of the distribution point properties. Then enable the Open port for mobile devices (SSL authentication of the Administration Server only) and Open port for mobile devices (two-way SSL authentication) options and specify ports and DNS domain names of the distribution point to connect mobile devices.

Results

The connection gateway will be configured. You will be able to add new mobile devices by specifying the connection gateway address.

Adding installation packages to Administration Server repository

For further deployment of mobile management systems, you need to add the following installation packages to the Administration Server repository:

• Network Agent Linux installation package (for later installation of Network Agent on a workstation).
• iOS MDM Server installation package (for later installation of iOS MDM Server to connect and manage iOS devices).
• Kaspersky Endpoint Security for Android installation package (for later installation of Kaspersky Endpoint Security for Android on devices).

For instructions on adding installation packages to the Administration Server repository, refer to the Kaspersky Security Center Help.

Adding a license key to the Administration Server repository

To connect mobile devices to Kaspersky Security Center Web Console and manage them, you must add a license key that supports the Mobile Device Management solution to the Administration Server repository.

The license under which the solution is used determines a scope of basic or advanced settings you can configure. With a license that does not provide the extended Kaspersky Secure Mobility Management functionality, only basic device protection settings are available in the Kaspersky Mobile Devices Protection and Management plug-in. For detailed information on licenses, refer to the About the license section.

To add a license key to the Administration Server repository:

• In the main window of Kaspersky Security Center Web Console, click the settings icon () next to the name of the Administration Server.

  In the Administration Server properties window that opens:

  1. In the General tab, select the License keys section.
  2. In the Current license block of settings, click Select and specify the KEY file you want to add.

     The license you choose must support the Mobile Management solution.

  3. Click Save.

The license key is added to the Administration Server repository.

To view the list of the license keys added to the Administration Server repository:

In the main window of Kaspersky Security Center Web Console, select Operations > Kaspersky licenses.

The displayed list contains the key files and activation codes added to the Administration Server repository.

To view the detailed information about a license key:

1. In the main window of Kaspersky Security Center Web Console, select Operations > Kaspersky licenses.
2. Click the name of the required license key.

   In the license key properties window that opens, on the General tab, you can view the detailed information about the selected license key.

Installing Network Agent Linux

Network Agent Linux is a Kaspersky Security Center component that enables interaction between the Administration Server and Kaspersky applications that are installed on a workstation or server.

To deploy an iOS device management system, you must install Network Agent on a workstation on which iOS MDM Server will later be deployed. After Network Agent is installed, you will be able to configure and install iOS MDM Server on it to subsequently connect and manage iOS devices.

For the instructions on installing Network Agent Linux, refer to the Kaspersky Security Center Help.

Configuring Kaspersky Security Center Linux Web Server settings

Kaspersky Security Center Linux Web Server (Web Server) is a component of Kaspersky Security Center Linux installed together with the Administration Server. Web Server is designed for network transmission of stand-alone installation packages, device management profiles, and files from a shared folder.

Installation packages that have been created are published on Web Server automatically and then removed after the first download. The administrator can send a new link to the user in any convenient way, such as by email.

For detailed information, refer to the Kaspersky Security Center Help.

To connect mobile devices, make sure the Web Server FQDN is specified correctly in the Administration Server properties:

1. In the main window of Kaspersky Security Center Web Console, click the settings icon () next to the name of the Administration Server.
2. In the Administration Server properties window that opens, on the General tab, select the Web Server section.
3. In the Web Server FQDN field, check if the specified FQDN (a fully qualified domain name) is publicly resolvable by DNS servers.