Kaspersky Security for Virtualization 5.2 Light Agent

About the SVM selection algorithms

Light Agents can apply one of the following SVM selection algorithms for connection:

  • A standard SVM selection algorithm.

    The result of applying the standard SVM selection algorithm depends on the Kaspersky Security license edition that is used.

    • If you use standard application license and apply this algorithm, then Light Agent selects a SVM, which is local for Light Agent, after it has been installed and started on the virtual machine.

      SVM locality relative to Light Agent is determined depending on the type of virtual infrastructure:

      • In a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform, an SVM is considered to be local for Light Agent if it is deployed on the same hypervisor as the virtual machine with the installed Light Agent.
      • In the virtual infrastructure running on OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, you can specify how to determine SVM locality relative to the Light Agent using the OpenStackStandardAlgorithmSvmLocality parameter in the Integration Server configuration file (%ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\viislaservice.exe.config).

        The OpenStackStandardAlgorithmSvmLocality parameter can take the following values:

        • Server Group – if this value is selected, SVM is considered local for Light Agent if it is located within the same server group as the virtual machine where Light Agent is installed. This value is used by default.
        • Project – if this value is selected, SVM is considered as local for Light Agent if it is deployed within the same OpenStack project, as the virtual machine with the installed Light Agent.
        • Availability Zone – if this value is selected, SVM is considered as local for Light Agent, if it is located within the same availability zone, as the virtual machine with the installed Light Agent.

      If there are no local SVMs for connection, Light Agent selects a SVM with the lowest number of Light Agent connections regardless of SVM location in the virtual infrastructure.

    • If you use enterprise application license and apply this algorithm, after being installed and started on a virtual machine, Light Agent selects a SVM with the lowest number of Light Agent connections regardless of the SVM location in the virtual infrastructure.
  • An extended SVM selection algorithm.

    An extended SVM selection algorithm may be applied only if you are using the application under an enterprise license.

    If this algorithm is applied, you can specify how to determine SVM locality relative to Light Agent in the Light Agent policy, and specify whether or not Light Agents must take into the account SVM location in the virtual infrastructure when selecting SVM for connection.

    In a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform, an SVM is considered to be local for Light Agent in one of the following cases:

    • SVM is deployed on the same hypervisor, as the virtual machine with the installed Light Agent.
    • SVM is deployed on the same hypervisor cluster, as the virtual machine with the installed Light Agent.
    • SVM is deployed in the same data center, as the virtual machine with the installed Light Agent.

    In a virtual infrastructure running on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, an SVM can be considered as local for Light Agent in one of the following cases:

    • SVM is located in the same server group, as the virtual machine with the installed Light Agent.
    • SVM is deployed within the same OpenStack project, as the virtual machine with the installed Light Agent.
    • SVM is located in the same availability zone, as the virtual machine with the installed Light Agent.

    You can select SVM location type, which will be taken into the account when determining SVM locality relative to Light Agent. Light Agent can connect only to local SVMs.

    For example, if you specify hypervisor cluster as SVM path type, all SVMs deployed on this hypervisor cluster will be considered as local for Light Agent, and Light Agent can connect only to one of this SVMs. If there are no SVMs available for connection in the same cluster in which the Light Agent is running, the Light Agent does not connect to an SVM.

    You can also specify that Light Agents must not take into the account SVM location in the virtual infrastructure when selecting SVM for connection. In this case, Light Agents can connect to any available SVMs.

    If an advanced SVM selection algorithm is applied and you selected a custom list of SVM addresses as the method for Light Agents to discover SVMs, Light Agents can connect to SVMs only if the location of the SVM is not taken into account.

    When selecting an SVM, Light Agents take into account the number of connected Light Agents to ensure that Light Agents are evenly distributed between SVMs that are available for connection.

If you use the application under an enterprise license, you can specify the SVM selection algorithm to be used by the Light Agents, and configure advanced SVM selection settings.

If you use the application under a standard license, Light Agents use the standard SVM selection algorithm to select SVMs for connection.

Regardless of the algorithm used in selecting SVMs, Light Agents also take into account the following parameters:

  • Availability of a valid license (the SVM possesses a license key that is not in the denylist, and the license associated with the key has not expired). Light Agent first connects to the SVM on which the solution is activated (possess a key).
  • Type of the license key added to the SVM. If you add a server or desktop key to the SVM, the Light Agent first connects to the SVM on which the key type corresponds to the operating system installed on the virtual machine with Light Agent.
  • Encrypting the connection between a Light Agent and SVM. A Light Agent for which connection encryption is enabled can connect only to SVMs on which connection encryption is also enabled. A Light Agent for which connection encryption is disabled can connect only to SVMs on which connection encryption is also disabled or protection is enabled, but a non-secure connection is allowed.
  • Tags for connecting to the SVM (only if you use application under an enterprise license). If a Light Agent has been assigned a tag, this Light Agent can connect only to SVMs for which connection of Light Agents with the specified tag is allowed.
Page top
[Topic 94001]