Kaspersky Security for Virtualization 6.1 Light Agent

Updating Kaspersky Security from the previous version

You can upgrade the Kaspersky Security for Virtualization 6.0 Light Agent solution to Kaspersky Security for Virtualization 6.1 Light Agent.

Upgrading of earlier Kaspersky Security versions to version 6.1 is not provided.

Before you begin the upgrade, you need to prepare the files required to install the solution and complete the steps necessary to prepare the virtual infrastructure for installation of the solution.

Updating the version of the solution to Kaspersky Security to Kaspersky Security for Virtualization 6.1 Light Agent involves the following steps:

  1. Updating the Integration Server

    The procedure for updating the Integration Server depends on which version of Kaspersky Security Center you are using to manage the Kaspersky Security solution:

    • If you are using a Windows-based Kaspersky Security Center, and in accordance with the recommendations of Kaspersky experts, you used the Kaspersky Security components installation wizard to install the Integration Server and Integration Server Console, we recommend updating using the wizard as well.
    • If you are using a Linux-based Kaspersky Security Center, the Kaspersky Security Components Installation Wizard cannot be used to update the Integration Server and Integration Server Console. The update is performed by manually installing the new version of the Integration Server and the Integration Server Console.

    After upgrading the Integration Server, we recommend to replace the self-signed SSL certificate of the Integration Server with a more secure certificate. You can create a new certificate and install it using the certificate management tool included with the solution.

  2. Updating Kaspersky Security management plug-ins

    Depending on your choice of Kaspersky Security Center management console, you need to update the web or management MMC plug-ins of the Protection Server and Light Agent for Linux.

  3. Updating the Protection Servers

    Deploy SVMs with the new version of the Protection Server on your hypervisors.

  4. Preparing the Protection Servers for operation

    You must follow the steps to prepare the updated Protection Servers for operation.

  5. Converting or creating policies and tasks in Kaspersky Security Center

    Policies and tasks configured for Kaspersky Security version 6.0 are not compatible with the updated version of the solution.

    If you are using the Kaspersky Security Center Administration Console to manage solution components and, after updating the solution, you want to use the settings previously configured in Kaspersky Security Center for the old version of the solution components, you must convert policies and tasks.

    The policy and task conversion procedure is not available in Kaspersky Security Center Web Console. If you are using the Web Console to manage solution components, you must create new policies and tasks for the upgraded solution components. You can migrate some policy and task settings from the previous version by exporting and importing settings.

    After completing the update of the solution components, you can delete policies and tasks of the previous version of the Protection Server and Light Agent.

  6. Updating the Network Agent and Light Agent for Linux

    You must update the Network Agent and Light Agent for Linux (the Kaspersky Endpoint Security application running in Light Agent mode) on virtual machines and virtual machine templates with Linux guest operating systems.

    For a description of the Network Agent for Linux and Kaspersky Endpoint Security for Linux update procedure, please refer to the Kaspersky Endpoint Security for Linux Help.

  7. Preparing Light Agents for Linux for operation

    You must follow the steps to prepare the updated Light Agents for operation.

In this Help section

Updating the Integration Server and Integration Server Console

About the upgrade of the Protection Server

About updating management plug-ins

Using settings configured for a previous version of Kaspersky Security

Using components of the previous version of Kaspersky Security

Page top
[Topic 259223]

Updating the Integration Server and Integration Server Console

The Integration Server and Integration Server Console must be updated using an account that belongs to local administrator group.

Close the Integration Server Console before starting the update.

The update is performed by installing the new version of the Integration Server and the Integration Server Console.

Updating requires at least 4 GB of free space on the drive containing the %ProgramData% folder on the device where the previous version of the Integration Server and Integration Server Console are installed.

You can remove the Integration Server and Integration Server Console in one of the following ways:

  • If you use a Windows-based Kaspersky Security Center to manage Kaspersky Security, and in accordance with the recommendations of Kaspersky specialists, you used the Kaspersky Security Components Installation Wizard to install the Integration Server and Integration Server Console, we recommend to also perform the update using the wizard.

    You can update the Integration Server and Integration Server Console by using the Kaspersky Security Components Installation Wizard in interactive mode or in silent mode.

    During the update, you can save a backup copy of the database and settings and the Integration Server certificate of the previous version.

    If you want to save a backup copy of the database and settings of the Integration Server of the previous version, the upgrade requires additional space on the drive containing the %ProgramData% folder.

    The backup copy of the Integration Server database and settings contains the following data:

    • Accounts for connecting the Integration Server Console, SVM, and Light Agents to the Integration Server.
    • Settings for connecting the Integration Server to the virtual infrastructure and the Kaspersky Security Center Administration Server.
    • If the solution is used in multitenancy mode: a list of registered tenants and protection statistics of the tenant virtual machines is displayed.
    • Configuration files that define the Integration Server operation settings.

    The backup copy is used to revert to the previous version of the Integration Server if the update produces errors in the operation of the Integration Server. The backup copy of the database and settings of the Integration Server can be deleted automatically when removing the Integration Server, or you can delete it manually. The default path is %ProgramData%\Kaspersky Lab\VIISLA\Backup\VIISData(1). The number in the folder name is incremented by 1 each time an update is done.

  • If you use Kaspersky Security Center Linux to manage Kaspersky Security, the Kaspersky Security Components Installation Wizard cannot be used to update the Integration Server and Integration Server Console. The update is performed by manually installing the new version of the Integration Server and the Integration Server Console.

After upgrading the Integration Server, we recommend to replace the self-signed SSL certificate of the Integration Server with a more secure certificate. You can create a new certificate and install it using the certificate management tool included with the solution.

In this section:

Updating in interactive mode using the wizard

Updating in silent mode using the wizard

Page top
[Topic 259189]

Updating in interactive mode using the wizard

We recommend to close the Kaspersky Security Center Administration Console before starting the update.

To update the Integration Server and Integration Server Console in interactive mode using the wizard:

  1. On the device where the Administration Console and Kaspersky Security Center Administration Server are installed, run the ksvla-components_<version number>_mlg.exe file, where <version number> is the version number of the solution in X.X.X.X format. This file is included in the distribution kit.

    Kaspersky Security components installation Wizard starts.

  2. Select the localization language of the Wizard and of the Kaspersky Security components that you are installing and proceed to the next step of the Wizard.

    By default, the localization language of the operating system installed on the device where the Wizard was started is used.

  3. Make sure that the Install management components option is selected and proceed to the next step of the Wizard.
  4. If you want to save a backup copy of the database and settings and the certificate of the previously installed Integration Server, select the Create a backup copy of the Integration Server database, settings, and certificate check box. The default path is %ProgramData%\Kaspersky Lab\VIISLA_Backup\VIISData(1). The number in the folder name is incremented with each subsequent update attempt.

    The Wizard checks the amount of free space on the drive that contains the %ProgramData% folder. If there is insufficient free space on the drive, the Wizard displays an error message and you cannot proceed to the next step of the Wizard. If this is the case, close the Wizard, free up space on the drive, and restart the Kaspersky Security Components Installation Wizard.

  5. In the next step, read the Kaspersky Security End User License Agreement, which is concluded between you and Kaspersky, and the Privacy Policy, which describes the processing and transmission of data.

    To continue the installation, you must confirm that you have fully read and accept the terms of the End-User License Agreement and the Privacy Policy. To confirm, select both check boxes in the window of the Wizard.

    Proceed to the next step of the wizard.

  6. Create the password of the Integration Server administrator (admin) account. The admin account is used to connect the Integration Server Console to the Integration Server if the device on which the Integration Server Console is installed is not part of the Microsoft Windows domain.

    Enter a password in the Password and Confirm password fields. The account name cannot be edited.

    A password must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

    Proceed to the next step of the wizard.

  7. Review the information about the actions that the wizard will perform and click the Install button to begin performing the listed actions.
  8. Wait for the wizard to finish.

    If an error occurs during wizard operation, the wizard rolls back the changes made.

  9. Click Finish to close the Wizard window.

Information about the work of the Wizard is written to trace files of the Kaspersky Security Components Installation Wizard. If the wizard completed with an error, you can use these files when contacting Technical Support.

After the update is complete, in Kaspersky Security Center Administration Console, in the workspace of the Administration Server <server name> node on the Monitoring tab, the Deployment section displays a Manage Kaspersky Security for Virtualization <version number> Light Agent link (where <version number> is the number of the updated version of the Kaspersky Security solution). This link is used to start the Integration Server Console.

Page top
[Topic 263790]

Updating in silent mode using the wizard

We recommend to close the Kaspersky Security Center Administration Console before starting the update.

To update the Integration Server and Integration Server Console in silent mode using the wizard,

Run the following command:

ksvla-components_<version number>_mlg.exe -q --lang=<language ID> --accept-EulaAndPrivacyPolicy=yes --viisPass=<password> [--log-path=<file path>] [--createBackup] [--backupFolder=<folder path>]

where:

  • <solution version> is the version number of the solution in X.X.X.X format.
  • -q is an option specifying that the update is performed in silent mode. If you want to run the update interactively from the command line, do not specify this option.
  • --lang=<language ID> is the identifier of the language of the components to install.

    The language ID must be indicated in the following format: ru, en, de, fr, zh-Hans, zh-Hant, ja. It is case-sensitive.

  • --accept-EulaAndPrivacyPolicy=yes means that you accept the terms of the Kaspersky Security End User License Agreement, concluded between you and Kaspersky, and the Privacy Policy, which describes the processing and transmission of data. By setting this parameter to yes, you confirm the following:
    • You have fully read, understood and accept the terms and conditions of the Kaspersky Security End User License Agreement.
    • You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.

    The text of the End User License Agreement and Privacy Policy is included in the solution's distribution kit. Accepting the terms of the End User License Agreement and Privacy Policy is a prerequisite for updating the Integration Server and Integration Server Console.

    You can read the text of the End-User License Agreement and the Privacy Policy by executing the following command:

    ksvla-components_<solution version>_mlg.exe --lang=<language ID> --show-EulaAndPrivacyPolicy

    The text of the End-User License Agreement and the Privacy Policy is output to the license_<language ID>.txt file in the tmp folder.

  • --viisPass=<password> is the password of the Integration Server administrator account (admin). The admin account is used to connect the Integration Server Console to the Integration Server if the device on which the Integration Server Console is installed is not part of the Microsoft Windows domain.

    A password must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

  • --log-path=<path to file> is the path to the file where information about update results is saved.

    Optional parameter. If the path is not specified, update results are logged to trace files saved at %temp%\Kaspersky_Security_for_Virtualization_<version number>_Light_Agent_BundleInitialInstall_logs_<date and time>.zip, where:

    • <version number> refers to the number of the installed version of the Kaspersky Security solution;
    • <date and time> refers to the date and time when the update was completed, in the dd_MM_yyyy_HH_mm_ss format.
  • --createBackup

    Optional parameter. Indicates that it is necessary to save a backup copy of the database and settings and the certificate of the previously installed Integration Server. By default, the data is saved in the %ProgramData%\Kaspersky Lab\VIISLA_Backup\VIISData(1) folder. The number in the folder name is incremented each time an update is done. You can select the path for saving this data using the --backupFolder option:

  • --backupFolder=<path to folder> is the path to the folder where the backup copy of the database and settings and certificate of the previously installed Integration Server will be saved.

    Optional parameter. If this option is not specified, the data will be saved to the default folder.

To view a description of all available command line parameters for installing and updating Kaspersky Security components, use the --help parameter.

Updating the Integration Server and Integration Server Console takes some time.

After the update is complete, in Kaspersky Security Center Administration Console, in the workspace of the Administration Server <server name> node on the Monitoring tab, the Deployment section displays a Manage Kaspersky Security for Virtualization <version number> Light Agent link (where <version number> is the number of the updated version of the Kaspersky Security solution). This link is used to start the Integration Server Console.

Page top
[Topic 263791]

About the upgrade of the Protection Server

The Protection Server is updated by deploying SVMs with the new version of the Protection Server in the virtual infrastructure. You can deploy SVMs in the following ways:

You can also deploy SVMs using the virtual infrastructure tools and then configure SVM settings using the klconfig script API manually or using automation tools.

After deploying SVMs with the new version of the Protection Server, you must prepare the Protection Server for operation.

If you are using a licensing scheme based on the number of cores in physical processors on the hypervisors, then after the solution is activated on a new SVM, Kaspersky Security may send Kaspersky Security Center an event indicating that the license restriction has been exceeded. You can ignore this event.

SVMs with the previous version of the Protection Server continue to work on hypervisors. They ensure that the previous version of Light Agents for Linux work on virtual machines that have not yet been updated, and ensure that the Light Agents for Windows work if you are using Kaspersky Security for Virtualization 5.2 Light Agent to protect virtual machines with Windows guest operating systems.

If you plan to continue using the previous version of SVMs, you need to configure connection settings for these SVMs to connect to the updated Integration Server.

If you have updated all Light Agents for Linux and are not using Kaspersky Security for Virtualization 5.2 Light Agent, you can delete the SVMs running the previous version of Protection Server.

SVMs that have been removed continue to be displayed in the Administration Console of Kaspersky Security Center. When the period specified in Kaspersky Security Center settings elapses (see Kaspersky Security Center help for details), the SVMs are automatically removed from the Administration Console.

You can manually remove SVMs with the previous version of the Protection Server from the Administration Console of Kaspersky Security Center as soon as the upgrade process has been completed.

Page top
[Topic 256291]

About updating management plug-ins

The Protection Server management plug-in is updated by installing a new version of the management plug-in. Depending on the console you are using to manage Kaspersky Security Center, you will need to install:

  • Management MMC plug-ins for Light Agent for Linux (Kaspersky Endpoint Security for Linux running in Light Agent mode).
  • Management web plug-ins for Light Agent for Linux (Kaspersky Endpoint Security for Linux running in Light Agent mode).

After installing the Protection Server management plug-in, it is recommended to run the Download updates to the repository task in Kaspersky Security Center and make sure that the task completes successfully. For details, please refer to the Kaspersky Security Center help.

If you are using the Kaspersky Security Center Administration Console to manage solution components, after updating management MMC plug-ins, you can migrate previous policy and task settings to policies and tasks of the updated version of solution components.

Management plug-ins of the previous version continue to operate after installation of the new version of the Kaspersky Security management plug-ins. You can use them to manage SVMs and Light Agents of the previous version of Kaspersky Security.

After all the application components are updated, you can remove the management plug-ins of the previous version.

If you are using the Light Agent for Windows component included in Kaspersky Security for Virtualization 5.2 Light Agent, management plug-ins of Protection Server version 5.2 and Light Agent for Windows version 5.2 should continue to work.

Page top
[Topic 265506]

Using settings configured for a previous version of Kaspersky Security

Policies and tasks configured in Kaspersky Security Center for the previous version of solution components are not compatible with the updated version of the solution.

If you are using the Kaspersky Security Center Administration Console to manage solution components, after updating the management plug-ins, you can convert policies and tasks using the Kaspersky Security Center Policies and tasks batch conversion wizard.

The converted policies and tasks use the settings of policies and tasks of the previous version of Kaspersky Security components. The settings that were not configured in the policies and tasks of the previous version take default values in the converted policies and tasks.

The policy and task conversion procedure is not available in Kaspersky Security Center Web Console. If you are using the Web Console to manage solution components, you must create new policies and tasks for the updated solution components. You can migrate some policy and task settings for Light Agent from the previous version of a policy or task to the new version by exporting and importing settings (for details, please refer to the Kaspersky Endpoint Security for Linux Help).

To convert policies and tasks that were configured in Kaspersky Security Center for the previous version of Kaspersky Security:

  1. Open Kaspersky Security Center Administration Console.
  2. In the console tree, select the Administration Server: <server name> node.
  3. Open the context menu and select the All tasksPolicies and Tasks Batch Conversion Wizard.

    The Policies and Tasks Batch Conversion Wizard starts.

  4. At the first step of the Wizard, select one of the following options from the Application name list:
    • Kaspersky Security for Virtualization 6.1 Light Agent – Protection Server – if you want to convert tasks that are performed on SVMs, and Protection Server policies.
    • Kaspersky Endpoint Security 12.1 for Linux – if you want to convert tasks that were created in Kaspersky Security Center and are performed on protected virtual machines with Linux operating systems, and Light Agent for Linux policies.

    Proceed to the next step of the Policies and Tasks Conversion Wizard.

  5. Select the policies to convert. To select a policy, select the check box to the left of the name of that policy.

    Proceed to the next step of the Policies and Tasks Conversion Wizard.

  6. The Kaspersky Security Network window opens. You can read the Kaspersky Security Network Statement in this window.

    To continue the procedure for converting policies and tasks, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:

    • If you accept all the terms of the Statement and want the application to use KSN, select the I confirm that I have fully read, understand, and accept the terms and conditions of the Kaspersky Security Network Statement option.
    • If you do not want to use KSN, select the I do not accept the terms and conditions of the Kaspersky Security Network Statement option and confirm your decision in the displayed window.

    If necessary, you can change your decision regarding KSN participation later.

  7. Select the tasks to convert. To select a task, select the check box to the left of the name of that task.

    Proceed to the next step of the Policies and Tasks Conversion Wizard.

  8. Exit the Policies and Tasks Conversion Wizard.

The converted policies and tasks have names "<Original policy/task name> (converted)".

Page top
[Topic 265742]

Using components of the previous version of Kaspersky Security

Kaspersky Security for Virtualization 6.1 Light Agent protects virtual machines running Linux guest operating systems; the Light Agent for Windows component is not included in Kaspersky Security for Virtualization 6.1 Light Agent. If you want to protect virtual machines running Windows guest operating systems, you need to use the Light Agent for Windows component included in Kaspersky Security for Virtualization 5.2 Light Agent.

For Light Agents for Windows to continue working, you must also use the SVM with the Protection Server included in Kaspersky Security for Virtualization 5.2 Light Agent. Light Agent can connect only to an SVM on which the version of the Protection Server is compatible with the version of the Light Agent.

If you did not remove Light Agents for Windows and SVMs of version 5.2 when updating Kaspersky Security to version 6.0, you can update Kaspersky Security to version 6.1 and continue using Light Agents for Windows and SVMs of version 5.2. To do this, you need to:

  1. Complete the Kaspersky Security update procedure without removing Light Agents for Windows and SVMs of Kaspersky Security for Virtualization 5.2 Light Agent from virtual machines.
  2. Configure the connection of Light Agents for Windows to the updated Integration Server.
  3. Configure the connection of SVMs with the previous version of the Protection Server to the updated Integration Server.

You can configure the connection using a policy for Light Agent for Windows and a policy for Protection Server version 5.2. For more information, see the Kaspersky Security for Virtualization 5.2 Light Agent Help.

Page top
[Topic 261279]