Kaspersky Security for Virtualization 5.2 Light Agent
5.2
English

Contents

[Topic 64743]

Requirements for Kaspersky Security Center components

For the installation and operation of Kaspersky Security in an organization's local network, one of the following versions of Kaspersky Security Center must be installed:

  • Kaspersky Security Center 15 Linux.

    Interaction with the Kaspersky Security Center Linux Administration Server is performed using Kaspersky Security Center Web Console.

  • Kaspersky Security Center 15.1 Windows.
  • Kaspersky Security Center 14 Windows.
  • Kaspersky Security Center 13 Windows.
  • Kaspersky Security Center 12 Windows.

This Guide describes how to work with Kaspersky Security Center 13 Windows.

The operation of Kaspersky Security requires the following Kaspersky Security Center components:

  • Administration Server.

    The following services must be configured on Administration Server:

    • The activation proxy service is used when activating Kaspersky Security. The activation proxy service is configured in the properties of the Kaspersky Security Center Administration Server. If the activation proxy service is disabled, the application cannot be activated using the activation code.
    • The KSN Proxy service facilitates data exchange between Kaspersky Security and Kaspersky Security Network. The KSN Proxy service is configured in the properties of the Kaspersky Security Center Administration Server.

    For more detailed information about the activation proxy service and KSN Proxy service, please refer to the Kaspersky Security Center help.

  • Network Agent. Network Agent is responsible for interaction between Administration Server and virtual machines on which Kaspersky Security is installed.

    Network Agent must be installed on all virtual machines that you want to protect:

    The Network Agent does not need to be installed on SVMs because this component is included in the SVM images.

  • Kaspersky Security Center Administration Console. You can use the MMC-based Administration Console (hereinafter also referred to as "Administration Console") or Kaspersky Security Center Web Console (hereinafter also referred to as "Web Console").

For information on installing Kaspersky Security Center components, please refer to the Kaspersky Security Center help.

The operating system of the device on which Kaspersky Security Center is installed must meet the requirements of the Integration Server component.

Page top
[Topic 71464]

Requirements for the Integration Server installation

The device must have one of the following operating systems to support installation and operation of the Integration Server and Integration Server Console:

  • Windows Server 2022 Standard/Datacenter/Essentials
  • Windows Server 2019 Standard/Datacenter/Essentials
  • Windows Server 2016 Standard/Datacenter
  • Windows Server 2012 R2 Standard/Datacenter/Essentials
  • Windows Server 2012 Standard/Datacenter/Essentials

On the device where you want to install the Integration Server Console, the operating system must be installed in the Desktop Experience mode.

The Microsoft .NET Framework 4.6 platform is required for the operation of the Integration Server, Integration Server Console, and Kaspersky Security management MMC plug-ins. If the platform is not installed and Internet access is available, the Kaspersky Security Components Installation Wizard will suggest installing it during the installation of the Integration Server, Integration Server Console and MMC plug-ins.

The device must meet the following minimum hardware requirements to support the installation and operation of the Integration Server and Integration Server Console:

  • Quad-core 2 GHz virtual processor
  • Available disk space:
    • 4 GB for the Integration Server Console
    • 4 GB for the Integration Server
  • Available RAM:
    • 4 GB for the Integration Server Console
    • 4 GB for the Integration Server

The required volume of RAM and free disk space may change depending on the size of the virtual infrastructure. To improve the performance of the Integration Server, 10 GB of free disk space is recommended.

Windows PowerShell version 4.0 or later is required for the operation of PowerShell cmdlets. A cmdlet is used to replace the self-signed SSL certificate of the Integration Server. It is recommended to replace it after installation of the Integration Server. Windows PowerShell is not required for the operation of Kaspersky Security and protection of the virtual infrastructure.

Page top
[Topic 175614]

Requirements for the virtual infrastructure

Installation and operation of Kaspersky Security application is supported on the following virtualization platforms:

  • Microsoft Hyper-V platform.

    To install and run Kaspersky Security in the virtual infrastructure, one of the following hypervisors must be installed:

    • Microsoft Windows Server 2019 Hyper-V (Desktop experience/Core) hypervisor
    • Microsoft Windows Server 2016 Hyper-V (Desktop experience/Core) hypervisor with all available updates
    • Microsoft Windows Server 2012 R2 Hyper-V (Desktop experience/Core) hypervisor with all available updates

    The application can be installed and run on Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service. Cluster Shared Volumes technology must be enabled on cluster nodes.

    To deploy SVMs on Microsoft Windows Server Hyper-V hypervisors, you can use a Microsoft System Center Virtual Machine Manager (referred to as Microsoft SCVMM) of one of the following versions:

    • Microsoft SCVMM 2019 with the latest updates.
    • Microsoft SCVMM 2016 with the latest updates.
    • Microsoft SCVMM 2012 R2 with the latest updates.
  • Citrix Hypervisor platform.

    For Kaspersky Security to install and run in the virtual infrastructure, Citrix Hypervisor 8.2 LTSR hypervisor must be installed in the virtual infrastructure.

  • VMware vSphere platform.

    To install and run Kaspersky Security in the virtual infrastructure, one of the following hypervisors must be installed:

    • VMware ESXi 8.0 hypervisor with the latest updates.
    • VMware ESXi 7.0 hypervisor with the latest updates.
    • VMware ESXi 6.7 hypervisor with the latest updates.
    • VMware ESXi 6.5 hypervisor with the latest updates.

    VMware vCenter Server 8.0, VMware vCenter Server 7.0, VMware vCenter Server 6.7, or VMware vCenter Server 6.5 virtual infrastructure administration server with all available updates must be installed in virtual infrastructure. There is support for the installation and operation of the application in an infrastructure managed by standalone VMware vCenter servers and by a group of VMware vCenter servers running in Linked mode.

    If you are using VMware NSX Manager in an infrastructure running the VMware vSphere platform, Kaspersky Security can assign security tags to the protected virtual machines. Kaspersky Security supports compatibility with one of the following types of VMware NSX Manager:

    • VMware NSX-V Manager from VMware NSX Data Center for vSphere 6.4.6 package.
    • VMware NSX-T Manager from VMware NSX-T Data Center 3.0.0 package.
    • VMware NSX-T Manager from VMware NSX-T Data Center 2.5.1 package.

    Simultaneous use of VMware NSX-V Manager and VMware NSX-T Manager for the same VMware vCenter Server is not supported.

    To deploy SVMs on VMware ESXi hypervisors, you can use a Microsoft SCVMM virtual infrastructure administration server of one of the following versions:

    • Microsoft SCVMM 2019 with the latest updates.
    • Microsoft SCVMM 2016 with the latest updates.
    • Microsoft SCVMM 2012 R2 with the latest updates.
  • KVM (Kernel-based Virtual Machine) platform.

    For Kaspersky Security to install and run in the virtual infrastructure, KVM hypervisor based on one of the following operating systems must be installed:

    • Ubuntu 20.04 LTS.
    • Ubuntu 18.04 LTS.
    • Red Hat Enterprise Linux Server 7.9.
    • CentOS 7.9.

    To deploy an SVM on KVM hypervisors running the CentOS operating system, you must delete or comment out the "Defaults requiretty" line in the /etc/sudoers configuration file of the hypervisor’s operating system.

    If you are using VMware NSX-T Manager in an infrastructure running the KVM platform, Kaspersky Security can assign security tags to the protected virtual machines. Kaspersky Security supports compatibility with one of the following versions of VMware NSX-T Manager:

    • VMware NSX-T Manager from VMware NSX-T Data Center 3.0.0 package.
    • VMware NSX-T Manager from VMware NSX-T Data Center 2.5.1 package.
  • Proxmox VE platform.

    To install and run Kaspersky Security in the virtual infrastructure, one of the following hypervisors must be installed:

    • Proxmox VE 6.4 hypervisor
    • Proxmox VE 6.3 hypervisor

    Only KVM-based Proxmox VE is supported. Operation of the application on a Proxmox VE hypervisor using LXC (Linux Containers) is not supported.

  • Skala-R platform.

    R-Virtualization hypervisor 7.0.13 must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.

    Skala-R Management 1.93 virtual infrastructure administration server must be installed in the virtual infrastructure to support deployment and operation of an SVM on R-Virtualization hypervisors.

  • HUAWEI FusionSphere platform.

    HUAWEI FusionCompute CNA hypervisor 8.0 and later must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.

    HUAWEI FusionCompute VRM 8.0 and later virtual infrastructure administration server must be installed in the virtual infrastructure to support deployment and operation of an SVM on HUAWEI FusionCompute CNA hypervisors.

  • Nutanix Acropolis platform.

    Nutanix AHV 5.19.1 hypervisor must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.

    Nutanix Prism 5.19.1 and later virtual infrastructure administration server must be installed in the virtual infrastructure to support deployment and operation of an SVM on Nutanix AHV hypervisors.

  • Enterprise Cloud Platform VeiL platform.

    A VeiL Node 5.1.2 hypervisor must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.

    There are some limitations on the installation and operation of the application in a virtual infrastructure running the Enterprise Cloud Platform VeiL platform. Please refer to the Knowledge Base for details.

  • SharxBase platform.

    SharxBase 5.10.x hypervisor must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.

    There are some limitations on the installation and operation of the application in the SharxBase virtual infrastructure. Please refer to the Knowledge Base for details.

  • TIONIX Cloud Platform.

    For Kaspersky Security to install and run, one of the following TIONIX Cloud Platform versions must be installed: 2.8, 2.9 or 3.0.

    The following microservices must be installed as part of the TIONIX Cloud Platform:

    • Keystone – authentication microservice.
    • Compute (Nova) – microservice used for creating virtual machine and operations with infrastructure.
    • Cinder – microservice used for operations with storages.
    • Glance – microservice used for operations with virtual machine images.
    • Neutron – microservice used for operations with networks.

    A KVM hypervisor must be installed in the virtual infrastructure.

  • OpenStack platform.

    For Kaspersky Security to install and run, one of the following OpenStack platform releases must be installed: Stein, Victoria, Wallaby or Xena.

    The following microservices must be installed as part of the OpenStack platform:

    • Keystone – authentication microservice.
    • Compute (Nova) – microservice used for creating virtual machine and operations with infrastructure.
    • Cinder – microservice used for operations with storages.
    • Glance – microservice used for operations with virtual machine images.
    • Neutron – microservice used for operations with networks.

    A KVM hypervisor must be installed in the virtual infrastructure.

  • ALT Virtualization Server.

    The ALT Virtualization Server version 10.0 platform is required for installation and operation of the Kaspersky Security application.

    A basic hypervisor of the ALT Virtualization Server 10.0 platform (KVM-based hypervisor) must be installed as part of the platform.

  • Brest Virtualization Software Platform.

    Brest Virtualization Software Platform version 2.9 or 3.2 is required for installation and operation of the Kaspersky Security application.

    A KVM hypervisor must be installed in the virtual infrastructure.

    There are some limitations on the installation and operation of the application in a virtual infrastructure running on the Brest Virtualization Software Platform. Please refer to the Knowledge Base for details.

  • zVirt virtualization environment.

    A zVirt Node 3.x and 4.x hypervisor must be installed in the virtual infrastructure to support installation and operation of Kaspersky Security.

    There are some limitations on the installation and operation of the application in a virtual infrastructure running the zVirt Virtualization Environment. Please refer to the Knowledge Base for details.

  • ROSA Virtualization Environment Management System Platform.

    ROSA Virtualization Environment Management System Platform version 2.1 is required for installation and operation of the Kaspersky Security application.

    A KVM hypervisor must be installed in the virtual infrastructure.

    There are some limitations on the installation and operation of the application in a virtual infrastructure running on the ROSA Virtualization Environment Management System Platform. Please refer to the Knowledge Base for details.

    You can remove the limitations related to use of the Integration Server in a virtual infrastructure running on the ROSA Virtualization platform. If you want to use the extended functionality for SVM discovery by Light Agents (use the Integration Server and the advanced SVM selection algorithm), you can manually add infrastructure information to the Integration Server. Please refer to the Knowledge Base for details.

  • RED Virtualization platform.

    RED Virtualization platform version 7.3 is required for installation and operation of the Kaspersky Security application.

    A KVM hypervisor must be installed in the virtual infrastructure.

    There are some limitations when installing and operating the application in a virtual infrastructure running the RED Virtualization platform. Please refer to the Knowledge Base for details.

  • Astra Linux Platform.

    Installation and operation of Kaspersky Security requires Astra Linux Special Edition RUSB.10015-01 (regular update 1.7) with Update 2022-1221SE17MD installed (operational update 1.7.3.UU.1).

    A KVM hypervisor must be installed in the virtual infrastructure.

  • SpaceVM Cloud Platform.

    SpaceVM Cloud Platform 6.2 required for installation and operation of the Kaspersky Security application in the virtual infrastructure.

    There are some limitations on the installation and operation of the application in the virtual infrastructure on SpaceVM Cloud Platform. Please refer to the Knowledge Base for details.

  • VK Cloud platform

    To install and run the Kaspersky Security solution, you need one of the following OpenStack platform releases: Havana, Stein, Newton, Victoria, Zed, or Antelope.

    The following microservices must be installed as part of the VK Cloud platform:

    • Keystone – authentication microservice.
    • Compute (Nova) – microservice used for creating virtual machine and operations with infrastructure.
    • Cinder – microservice used for operations with storages.
    • Glance – microservice used for operations with virtual machine images.
    • Neutron – microservice used for operations with networks.

    A KVM hypervisor must be installed in the virtual infrastructure.

  • R-Virtualization server virtualization system.

    R-Virtualization hypervisor 7.0.13 or later must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.

    Some limitations apply to the installation and operation of the application in a virtual infrastructure based on the ROSA Virtualization platform. Please refer to the Knowledge Base for details.

  • Yandex Cloud Platform.

    Yandex Cloud Platform is required to install and run Kaspersky Security in a virtual infrastructure.

    There are some limitations on the installation and operation of the solution in a virtual infrastructure on the Yandex Cloud Platform. Please refer to the Knowledge Base for details.

Page top
[Topic 175610]

Requirements for SVM resources with Kaspersky Security Protection Server

To run Kaspersky Security on an SVM, the following minimum system resources are required:

  • Dual-core virtual processor
  • 30 GB available disk space
  • 2 GB available RAM
  • Virtualized network interface with bandwidth of 100 Mbit/s
Page top
[Topic 175611]

Virtual machine requirements for installing the Light Agent for Windows

To install and operate the Light Agent for Windows, the virtual machine must meet the following minimum hardware requirements:

  • 1.5 GHz virtual processor
  • 2 GB available disk space
  • 2 GB available RAM
  • Virtualized network interface with bandwidth of 100 Mbit/s

For installation and proper operation of Light Agent for Windows together with Kaspersky Endpoint Agent, the virtual machine must meet the following minimum hardware requirements:

  • Two 2.4 GHz virtual processors
  • 3 GB available disk space
  • 4 GB available RAM
  • Virtualized network interface with bandwidth of 100 Mbit/s

Kaspersky Security for Virtualization 5.2 Light Agent can be integrated with Kaspersky Endpoint Agent 3.11.

Before installing Light Agent for Windows on a virtual machine managed by Citrix Hypervisor, the XenTools application must be installed.

The VMware Tools kit must be installed before installing the Light Agent for Windows on a virtual machine powered by a VMware ESXi hypervisor.

The HUAWEI Tools kit must be installed before installing the Light Agent for Windows on a virtual machine powered by a HUAWEI FusionCompute CNA hypervisor.

Before installing Light Agent for Windows on a virtual machine managed by Microsoft Windows Server (Hyper-V) hypervisor, an Integration Services package must be installed.

QEMU Guest Agent must be installed before installing Light Agent for Windows on a virtual machine managed by a KVM hypervisor (including those running on the OpenStack Platform, VK Cloud platform, TIONIX Cloud Platform, and Astra Linux Platform) or by an ALT Virtualization Server platform basic hypervisor.

One of the following guest operating systems must be installed on the virtual machine to support the installation and operation of the Light Agent for Windows:

  • Windows 11 21H2 Pro/Enterprise/Education
  • Windows 10 Desktop Pro 19H1/19H2/20H1/20H2/21H1 (32 / 64-bit)
  • Windows 10 Enterprise 2016 LTSC/2019 LTSC/19H1/19H2/20H1/20H2/21H1 (32 / 64-bit)
  • Windows 8.1 Update 1 Professional/Enterprise (32 / 64-bit)
  • Windows 7 Professional/Enterprise Service Pack 1 (32/64-bit)
  • Windows Server 2022 Standard/Datacenter/Essentials (Desktop experience/Core)
  • Windows Server 2019 Standard/Datacenter (Desktop experience/Core)
  • Windows Server 2016 Standard/Datacenter (Desktop experience/Core)
  • Windows Server 2012 R2 Standard/Datacenter/Essentials (Desktop experience/Core)
  • Windows Server 2012 Standard/Datacenter/Essentials (Desktop experience/Core)
  • Windows Server 2008 R2 Service Pack 1 Standard/Enterprise/Datacenter (Desktop experience/Core)

The set of Light Agent functional components that you can use on a virtual machine depends on the guest operating system of the virtual machine.

To avoid delays in installing the application under Windows 7 and Windows Server 2008 R2, make sure that the Windows operating system automatically updates lists of trusted and untrusted (revoked) software vendor certificates online via Windows Update. For systems without access to Windows Update or systems on which automatic updating of lists of trusted and untrusted certificates is disabled, these lists must be kept up to date manually in accordance with the Microsoft technical support recommendations at: https://support.microsoft.com/en-us/kb/2677070 and https://support.microsoft.com/en-us/kb/2813430.

The Light Agent for Windows can protect virtual machines that are part of an infrastructure employing the following virtualization solutions:

  • Citrix Virtual Apps and Desktops 7 1912 LTSR with the latest updates installed.
  • Citrix XenApp and XenDesktop 7.15 LTSR with the latest updates installed.
  • Citrix Provisioning 7 1912 LTSR with the latest updates installed.
  • Citrix Provisioning Services 7.15 LTSR with the latest updates installed.
  • VMware Horizon 8.2 (2103).
  • VMware App Volumes (2103).
  • HUAWEI FusionAccess 8.0 and later.
Page top
[Topic 175612]

Virtual machine requirements for installing the Light Agent for Linux

To install and operate the Light Agent for Linux, the virtual machine must meet the following minimum hardware requirements:

  • 1.5 GHz virtual processor
  • 2 GB available disk space
  • 2 GB available RAM
  • Virtualized network interface with bandwidth of 100 Mbit/s

Software requirements for installation and operation of Light Agent for Linux:

  • Perl interpreter: version 5.0 or later, (visit http://www.perl.org)
  • The which utility
  • Installed dmidecode package
  • The procedure for remote installation of Light Agent for Linux requires that the sudo package is installed

Before installing Light Agent for Linux on a virtual machine managed by Citrix Hypervisor, the XenTools application must be installed.

The VMware Tools kit must be installed before installing the Light Agent for Linux on a virtual machine powered by a VMware ESXi hypervisor.

The Huawei Tools kit must be installed before installing the Light Agent for Linux on a virtual machine powered by a HUAWEI FusionCompute CNA hypervisor.

Before installing Light Agent for Linux on a virtual machine managed by Microsoft Windows Server (Hyper-V) hypervisor, an Integration Services package must be installed.

QEMU Guest Agent must be installed before installing Light Agent for Linux on a virtual machine managed by a KVM hypervisor (including those running on the OpenStack Platform, VK Cloud platform, TIONIX Cloud Platform, and Astra Linux Platform) or by an ALT Virtualization Server platform basic hypervisor.

One of the following guest server operating systems must be installed on the virtual machine to support the installation and operation of the Light Agent for Linux:

  • Astra Linux Special Edition RUSB.10015-01 (regular update 1.7) (without support for capability-based access restriction and closed software environment modes)
  • Astra Linux Special Edition RUSB.10015-16 (version 1) (regular update 1.6) (without support for capability-based access restriction and closed software environment modes)
  • Astra Linux Special Edition RUSB.10015-01 (regular update 1.6) (without support for capability-based access restriction and closed software environment modes)
  • Astra Linux Special Edition RUSB.10015-01 (regular update 1.5) (without support for capability-based access restriction and closed software environment modes)
  • CentOS 8.0 and later (64-bit)
  • CentOS 7.3 and later (64-bit)
  • Debian GNU/Linux 10.1 or later (32/64-bit).
  • Debian GNU/Linux 9.4 or later (32/64-bit)
  • Oracle Linux 8.0 and later (64-bit)
  • Oracle Linux 7.3 and later (64-bit)

    Before installing Light Agent for Linux on a virtual machine running Oracle Linux, the tar archiver must be installed.

  • Red Hat Enterprise Linux Server 8.0 or later (64-bit).
  • Red Hat Enterprise Linux Server 7.3 and later (64-bit)
  • SUSE Linux Enterprise Server 15 SP2 (64-bit)
  • Ubuntu 20.04 LTS (64-bit).
  • Ubuntu 18.04 LTS (64-bit).
  • ALT 8 SP (64-bit).
  • Red OS 7.3 (64-bit).

Due to the limitations of the fanotify technology, Light Agent for Linux does not support the following file systems: autofs, aufs, binfmt_misc, cgroup, configfs, debugfs, devpts, fuse, fuse.gvfsd-fuse, gvfs, hpsa_fuse, hugetlbfs, mqueue, nfsd, proc, pstore, rpc_pipefs, securityfs, selinuxfs, sysfs.

Page top
[Topic 175613]