Solution architecture

Protection Server component

Kaspersky Security Protection Server (hereinafter also referred to as the "Protection Server") is a scanserver service installed on a special virtual machine called an SVM (secure virtual machine). An SVM is included in the Kaspersky Security distribution kit as a virtual machine image. During installation of the solution, you need to deploy SVMs from an image on hypervisors in the virtual infrastructure.

Protection Server performs the following functions:

• Scans the fragments of files sent by Light Agents installed on virtual machines for viruses and other malware. The SharedCache technology is used for scan. It optimizes the speed of file scan by excluding files that have been already scanned on another virtual machine. The Protection Server stores information about scanned files in a cache on the SVM in order to not scan them again.
• This ensures that the application receives an update package from the Kaspersky Security Center Administration Server repository, which contains the database and application module updates necessary for operation of the solution.
• Manages license keys and licensing restrictions.

Light Agent component

Kaspersky Security Light Agent (hereinafter also referred to as "Light Agent") is an application installed on each virtual machine that needs to be protected using the Kaspersky Security solution. A virtual machine with the Light Agent component installed is called protected virtual machine.

If Kaspersky Security is used to protect VDI, Light Agent is installed on virtual machine templates from which persistent or non-persistent virtual machines are created.

The Kaspersky Security solution includes:

• The Light Agent for Linux component is designed to protect virtual machines with Linux operating systems.

  The Kaspersky Security solution uses Kaspersky Endpoint Security for Linux in Light Agent mode as the Light Agent for Linux. The application protects virtual machines running Linux operating systems from various types of threats, network attacks and fraud. For more information about the capabilities of Kaspersky Endpoint Security for Linux commands, see the application help of the relevant version.

• The Light Agent for Windows component is designed to protect virtual machines with Windows operating systems.

  The Kaspersky Security solution uses Kaspersky Endpoint Security for Windows in Light Agent mode as the Light Agent for Windows. The application protects virtual machines running Windows operating systems from various types of threats, network attacks and fraud. For more information about the capabilities of Kaspersky Endpoint Security for Windows commands, see the application help of the relevant version.

When launched, the Light Agent establishes and maintains a connection to the SVM in order to interact with the Protection Server component.

Integration Server component

Kaspersky Security for Virtualization Light Agent Integration Server (hereinafter also referred to as the "Integration Server") is an application designed to be installed on a device running the Linux operating system or on a device running a Windows operating system in your infrastructure. The Integration Server facilitates interaction between the Kaspersky Security solution components and the virtual infrastructure.

The Integration Server is used for performing the following tasks:

• Deploying, removing, and reconfiguring SVMs with Protection Servers.
• Receiving information about the protected infrastructure from the virtual infrastructure and sending it to Protection Servers. The Integration Server can connect to hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices to acquire this information (depending on the type of virtual infrastructure).
• Receipt by Light Agents of a list of SVMs available for connection and information about them. This information is necessary for interaction between Light Agents and Protection Servers on the SVMs.
• Deploying and using the Kaspersky Security solution in multi-tenancy mode.

The Kaspersky Security solution includes:

• An Integration Server designed to be installed on a device with a Windows operating system (hereinafter also referred to as the "Windows-based Integration Server").
• An Integration Server designed to be installed on a device with a Linux operating system (hereinafter also referred to as the "Linux-based Integration Server").

You can use the Integration Server that corresponds to your infrastructure.

To manage the Windows-based Integration Server, you can use the following management consoles:

• Integration Server Console
• Integration Server Web Console

To manage the Linux-based Integration Server, you can use Integration Server Web Console.

We do not recommend using Integration Server Console to manage the Linux-based Integration Server.

You can also manage the Integration Server using the Integration Server REST API without using management consoles (open a description of REST API requests).

To use the Integration Server in the operation of Light Agents and Protection Servers, you need to configure the settings for connecting SVMs and Light Agents to the Integration Server.

After configuring the settings for connecting SVM to the Integration Server, SVM transmits the following information to the Integration Server every 5 minutes:

• IP address and number of ports for connecting to the SVM.
• Information about the SVM path in the virtual infrastructure.
• Information about the license used to activate the solution on the SVM.
• Information about the average load of the Protection Server on the SVM.

A Light Agent attempts to connect to the Integration Server once every 30 seconds if the Light Agent has no information about any SVM and the last attempt to connect to the Integration Server failed. After a Light Agent receives information about SVMs from the Integration Server, the connection interval increases to 5 minutes.

During its operation, the Integration Server saves the following information:

• Internal Integration Server accounts. These accounts are used to connect management consoles, SVMs and Light Agents to the Integration Server.
• Settings for connecting the Integration Server to the virtual infrastructure and the Kaspersky Security Center Administration Server.
• If the solution is used in multi-tenancy mode: a list of registered tenants and information about the time that virtual machines were protected by the solution.
• SVM service data.

All data is stored in encrypted form. Information is stored on the device on which Integration Server is installed and is not sent to Kaspersky.

Management plug-ins and Network Agent

The interface for managing Kaspersky Security solution components using Kaspersky Security Center is provided by Kaspersky Security management plug-ins.

Network Agent, a component of Kaspersky Security Center, facilitates interaction between the Kaspersky Security solution and Kaspersky Security Center, and also provides the ability to manage Kaspersky Security solution components via Kaspersky Security Center.

Network Agent must be installed on each virtual machine that needs to be protected using the Kaspersky Security solution. Network Agent does not need to be installed on SVMs because this component is included in the SVM images.

In this Help section SVM deployment options Connecting Light Agent to SVM About data processing

Page top