Contents
Managing policies in Web Console
The following Kaspersky Security Center policies are used to manage Kaspersky Security settings by means of the Web Console:
- Protection Server policy. The policy defines the Protection Server settings and is applied on all SVMs belonging to the administration group for which the policy is configured.
- Light Agent for Windows policy. This policy defines the settings of Light Agents installed on protected virtual machines with Windows guest operating systems.
- Light Agent for Linux policy. This policy defines the settings of Light Agents installed on protected virtual machines with Linux guest operating systems.
Creating and modifying Protection Server policy in Web Console
To create a Protection Server policy in the Web Console:
- Start the Web Console.
- If you want to create a policy for SVMs belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Click the Add button.
The New Policy Wizard starts.
- At the first step of the wizard, in the list of applications select Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server.
Proceed to the next step of the wizard.
- Decide on whether or not to participate in Kaspersky Security Network (KSN). To do so, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
- If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
- If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option.
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
If necessary, you can change your decision regarding KSN participation later.
If you want Kaspersky Security to use the KSN, please make sure the required KSN type is configured in Kaspersky Security Center. To use Global KSN, the KSN proxy server service must be enabled in Kaspersky Security Center. To use the Private KSN, it must be enabled and configured in Kaspersky Security Center. The KSN proxy server service and Private KSN can be configured in the properties of the Kaspersky Security Center Administration Server in the KSN proxy server settings section. See Kaspersky Security Center help for more information.
Proceed to the next step of the wizard.
- Verify the address and port specified for connecting SVMs to the Integration Server. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
Click the Next button.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains errors or is not trusted, the Verify Integration Server certificate group of settings opens. By clicking the View the received certificate link, you can open a window with information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, select the Ignore option.
- In the window that opens, specify the Integration Server administrator password (password for the admin account) and click the Validate button.
Proceed to the next step of the wizard.
- On the General tab, specify the name of the new policy, define its status and configure inheritance settings. For details, please refer to the Kaspersky Security Center help.
- If required, modify the default policy settings on the Application settings tab.
- Click Save to complete the policy creation.
The created policy will be displayed in the list of policies on the Policies and policy profiles tab.
The policy will be applied to SVMs after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security at the next SVM connection. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on the SVM, the created policy is not applied on it.
If on the General tab you specified the Inactive policy status, the created policy is not applied to the SVMs.
To modify the Protection Server policy in the Web Console:
- Start the Web Console.
- If you want to modify the policy settings for SVMs belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Open the properties of the required policy using the link in the policy name.
- Modify the policy settings on the Application settings tab.
If you want to configure additional settings of SVM operation, you need to enable the display of advanced Protection Server policy properties in the operating system registry.
- To save changes, click the Save button.
Creating and modifying Light Agent for Windows policy in Web Console
To create a Light Agent for Windows policy in the Web Console:
- Start the Web Console.
- If you want to create a policy for virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Click the Add button.
The New Policy Wizard starts.
- At the first step of the wizard, in the list of applications select Kaspersky Security for Virtualization 5.2 Light Agent for Windows.
Proceed to the next step of the wizard.
- Configure SVM discovery settings for Light Agents:
- If you want to use the Integration Server:
- Select the Use Integration Server option.
- In the window that opens verify the address and port used for connecting SVMs to the Integration Server. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
Click the Next button.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains errors or is not trusted, click the View the received certificate link to view information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, select the Ignore option.
- In the window that opens, specify the Integration Server administrator password (password for the admin account) and click the Validate button.
- If you want to use the list of SVM addresses:
- Select the Use a custom list of SVM addresses option.
- Enter one or more addresses using the Add button.
If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.
Proceed to the next step of the wizard.
- If you want to use the Integration Server:
- On the General tab, specify the name of the new policy, define its status and configure inheritance settings. For details, please refer to the Kaspersky Security Center help.
- If required, modify the default policy settings on the Application settings tab.
- Click Save to complete the policy creation.
The created policy will be displayed in the list of policies on the Policies and policy profiles tab.
The policy will be applied to protected virtual machines after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on a protected virtual machine, the created policy is not applied on this protected virtual machine.
If on the General tab you specified the Inactive policy status, the created policy is not applied to the virtual machines.
To modify the Light Agent for Windows policy in the Web Console:
- Start the Web Console.
- If you want to modify the policy settings for protected virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Open the properties of the required policy using the link in the policy name.
- Modify the policy settings on the Application settings tab.
- To save changes, click the Save button.
Creating and modifying Light Agent for Linux policy in Web Console
To create a Light Agent for Linux policy in the Web Console:
- Start the Web Console.
- If you want to create a policy for virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Click the Add button.
The New Policy Wizard starts.
- At the first step of the wizard, in the list of applications select Kaspersky Security for Virtualization 5.2 Light Agent for Linux.
Proceed to the next step of the wizard.
- Configure SVM discovery settings for Light Agents:
- If you want to use the Integration Server:
- Select the Use Integration Server option.
- In the window that opens verify the address and port used for connecting SVMs to the Integration Server. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
Click the Next button.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains errors or is not trusted, click the View the received certificate link to view information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, select the Ignore option.
- In the window that opens, specify the Integration Server administrator password (password for the admin account) and click the Validate button.
- If you want to use the list of SVM addresses:
- Select the Use a custom list of SVM addresses option.
- Enter one or more addresses using the Add button.
If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.
Proceed to the next step of the wizard.
- If you want to use the Integration Server:
- On the General tab, specify the name of the new policy, define its status and configure inheritance settings. For details, please refer to the Kaspersky Security Center help.
- If required, modify the default policy settings on the Application settings tab.
- Click Save to complete the policy creation.
The created policy will be displayed in the list of policies on the Policies and policy profiles tab.
The policy will be applied to protected virtual machines after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on a protected virtual machine, the created policy is not applied on this protected virtual machine.
If on the General tab you specified the Inactive policy status, the created policy is not applied to the virtual machines.
To modify the Light Agent for Linux policy in the Web Console:
- Start the Web Console.
- If you want to modify the policy settings for protected virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Open the properties of the required policy using the link in the policy name.
- Modify the policy settings on the Application settings tab.
- To save changes, click the Save button.