Kaspersky Security for Virtualization 6.1 Light Agent

Configuring Integration Server settings

You can configure the Integration Server settings in the Integration Server Console:

You can perform the following actions to configure the Integration Server settings:

  • Change passwords for Integration Server accounts:
    • Integration Server administrator account (admin).
    • The account (svm) that is used for connecting SVMs to the Integration Server.
    • The account (agent) that is used for connecting Light Agents to the Integration Server.
    • The account (multitenancy) that is used for interaction with the Integration Server REST API in multitenancy scenarios.

    Account names cannot be edited.

  • Change settings that the Integration Server uses to connect to the virtual infrastructure.

    The Integration Server connects to each protected virtual infrastructure and receives information necessary for the operation of the solution. Depending on the type of protected virtual infrastructure the Integration Server connects to one of the following virtual infrastructure objects:

    • hypervisor;
    • virtual infrastructure administration server;
    • Keystone microservice.

    The Integration Server connects to the virtual infrastructure with the settings that you specified in the SVM Management Wizard.

    You can edit the settings for connecting the Integration Server to the virtual infrastructure (except for the infrastructure address).

    In a VMware vSphere infrastructure, you can also enable or disable the use of VMware NSX Manager in Kaspersky Security, as well as change the settings for connecting the Integration Server to VMware NSX Manager.

  • Remove the Integration Server connection settings to the virtual infrastructure.

In this Help section

Changing passwords of Integration Server accounts

Changing the settings for connecting to the virtual infrastructure in the Integration Server Console

Deleting the settings for connection of the Integration Server to the virtual infrastructure

Page top
[Topic 256399]

Changing passwords of Integration Server accounts

To change the passwords of Integration Server user accounts in the Integration Server Console:

To change the passwords of Integration Server accounts:

  1. Open Integration Server Console and connect to the Integration Server.
  2. In the list on the left, select the Integration Server user accounts section.
  3. In the table on the right, select the name of the account whose password you want to change.
  4. Click the Change the account password link located above the table to open the Account password window and enter the new password in the Password and Confirm password fields.

    Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

In the Account password window, click OK.

If you changed the account password for connecting SVMs to the Integration Server, you need to reconfigure the SVM connection to the Integration Server.

If the Light Agent policy is configured to connect Light Agents to the Integration Server and you have changed the account password for connecting Light Agents, you need to re-configure the Light Agents' connection to the Integration Server.

Page top
[Topic 256396]

Changing the settings for connecting to the virtual infrastructure in the Integration Server Console

To open the list of virtual infrastructures to which the Integration Server connects:

  1. Open Integration Server Console and connect to the Integration Server.
  2. In the list on the left, select the Infrastructure connection settings section.

    A table of virtual infrastructures to which the Integration Server connects will open.

Each row of the table contains the following information:

  • Infrastructure

    Type of virtual infrastructure and IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server connects for interaction with virtual infrastructure.

    For an infrastructure running on VMware vCenter Server with VMware NSX Manager by Kaspersky Security enabled, the column displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of VMware NSX Manager.

  • State

    Status of the connection between the Integration Server and the virtual infrastructure.

For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure to which the SVM Management Wizard connects.

If the Integration Server is not connected to the virtual infrastructure object, the table displays an error message.

The Integration Server verifies the authenticity of all virtual infrastructure objects with which a connection is being established, except a Microsoft Windows Server (Hyper-V) hypervisor.

Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.

Authentication for microservices of the OpenStack platform, VK Cloud platform, and TIONIX Cloud Platform is performed only if you are using HTTPS for connecting the Integration Server to the virtual infrastructure.

To verify authenticity, the Integration Server receives an SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.

If it fails to ascertain the authenticity of the certificate or public key received from the virtual infrastructure object, the Integration Server breaks the connection with the virtual infrastructure. An error message is displayed in the table. You can resolve this error.

To resolve an SSL certificate validation error or public key validation error received from a virtual infrastructure object, do one of the following:

  • Confirm the authenticity of the certificate or public key received from the virtual infrastructure object. To do this, you need to launch the SVM Management Wizard (in the SVM management section of the Integration Server Console) and open the list of virtual infrastructures to which the SVM Management Wizard is configured to connect (for example, see the "Selecting infrastructure for SVM deployment" step in the procedure for installing the Protection Server). The wizard prompts you to verify the authenticity of the certificate or public key in the Certificate verification or Open key fingerprint verification window (depending on the type of virtual infrastructure object).
  • Replace the certificate with a new one if you do not believe that the existing certificate is authentic.

If the use of VMware NSX Manager in Kaspersky Security is enabled, the Integration Server also checks the VMware NSX Manager certificate. If the certificate is not trusted by the Integration Server or does not match a previously installed certificate, an error message is displayed in the table. You can resolve this error.

To resolve a VMware NSX Manager SSL certificate validation error, do one of the following:

  • Verify the authenticity of the certificate. To view information about the received certificate, you need to click the Confirm VMware NSX Manager certificate authenticity link that is displayed in the error message. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to VMware NSX Manager. To do so, click the Trust the certificate button in the Verify certificate window. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
  • If you do not consider the certificate to be trusted, you can disconnect by clicking the Cancel button, and replace the certificate with a new one.

Expand all | Collapse all

How to change the settings for connecting to the virtual infrastructure

  1. Open Integration Server Console and connect to the Integration Server.
  2. In the list on the left, select the Infrastructure connection settings section.

    The list of all virtual infrastructures to which the Integration Server connects opens:

  3. In the table, select a virtual infrastructure whose connection settings you want to modify, and click the Edit link above the table.

    The Change virtual infrastructure connection settings window opens.

    The Address field displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server is connected for interaction with protected virtual infrastructure. The Address field cannot be changed.

  4. Make the necessary changes. You can change the following settings for connecting the Integration Server to the virtual infrastructure:
    • Protocol

      Protocol used to connect the Integration Server to the virtual infrastructure. By default, HTTPS protocol is used.

      The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

    • OpenStack domain

      Name of the OpenStack domain that contains an account used to connect the Integration Server to the virtual infrastructure.

      The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

    • User name

      Name of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.

      To connect to a virtual infrastructure based on XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, Alt Virtualization Server, Astra Linux, Numa vServer, VK Cloud platform, or TIONIX Cloud Platform, we recommend using an account that has limited rights to perform actions in the virtual infrastructure.

      To connect to a virtual infrastructure running on the Microsoft Hyper-V platform during Kaspersky Security operation, you must use the same user account that is used for SVM deployment, removal and reconfiguration.

    • Password

      Password of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.

  5. Click the OK button in the Change virtual infrastructure connection settings window.

How to configure the use of VMware NSX Manager in the Kaspersky Security solution

  1. Open Integration Server Console and connect to the Integration Server.
  2. In the list on the left, select the Infrastructure connection settings section.

    The list of all virtual infrastructures to which the Integration Server connects opens:

  3. In the table, select the virtual infrastructure managed by VMware vCenter Server, and click the Edit link located above the table.

    The Change virtual infrastructure connection settings window opens.

  4. Configure the settings for connecting the Integration Server to VMware NSX Manager:
    • Use VMware NSX Manager

      Enables or disables the use of VMware NSX Manager in the Kaspersky Security solution

      If VMware NSX Manager is used in the operation of the solution, Kaspersky Security can assign security tags to the protected virtual machine.

    • Address

      New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.

      If your VMware NSX Manager virtual infrastructure is clustered, specify the virtual IP address of the cluster. First, you need to assign a virtual IP address and certificate to the cluster (for more information on configuring a VMware NSX Manager cluster, see the VMware documentation).

    • User name

      Name of the account that the Integration Server uses to connect to VMware NSX Manager. A VMware NSX Manager account that has been assigned the Enterprise Administrator role is required.

    • Password

      Password of the account that the Integration Server uses to connect to VMware NSX Manager.

    If you change the password for the account used to connect to VMware NSX Manager, the Integration Server will not be able to connect to VMware NSX Manager until at least 15 minutes have passed since the new connection settings were saved.

  5. Click the OK button in the Change virtual infrastructure connection settings window.
Page top
[Topic 256506]

Deleting the settings for connection of the Integration Server to the virtual infrastructure

If you want the Integration Server to stop receiving information from the virtual infrastructure, you can remove this infrastructure from the list of infrastructures, to which the Integration Server connects.

It is recommended to remove a virtual infrastructure from the list only if it has no installed Kaspersky Security solution components.

To delete a virtual infrastructure in the Integration Server Console:

To delete a virtual infrastructure:

  1. Open Integration Server Console and connect to the Integration Server.
  2. In the list on the left, select the Infrastructure connection settings section.
  3. In the table on the right side of the window, select a virtual infrastructure you want to remove, and click the Delete link.

    For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure to which the SVM Management Wizard connects.

  4. Confirm the deletion in the window that opens.

If you have removed the virtual infrastructure from this list, it is recommended to remove it also from the list of virtual infrastructures, to which the SVM Management Wizard connection is configured (see, for example, the "Selecting SVMs to remove" step of the SVM removal procedure).

Page top
[Topic 256497]