- Kaspersky Security for Virtualization 6.2 Light Agent Help
- About Kaspersky Security for Virtualization 6.2 Light Agent
- Solution functions
- Distribution kit
- Hardware and software requirements
- Requirements for Kaspersky Security Center components
- Requirements for installing a Windows-based Integration Server
- Requirements for installing a Linux-based Integration Server
- Requirements for the virtual infrastructure
- Requirements for SVM resources
- Virtual machine requirements for installing Light Agent
- Supported versions of applications in Light Agent mode
- What’s new
- Solution architecture
- Preparing to install the solution
- Files required for installing the solution
- Downloading SVM images using the wizard
- Configuring the ports to use
- Accounts for installing and using the solution
- Configuring the use of secure cryptographic algorithms, ciphers, and protocols
- Configuring rules for moving virtual machines to administration groups
- Installing the Kaspersky Security solution
- Installing a Windows-based Integration Server
- Installing the Linux-based Integration Server
- Installing Kaspersky Security web plug-ins
- Installing Kaspersky Security MMC plug-ins
- SVM deployment using the Integration Server Web Console
- Connecting the Integration Server and the virtual infrastructure
- Creating and running an SVM deployment task
- Selecting infrastructure for SVM deployment
- Selecting the SVM image
- Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
- Specifying SVM settings
- Specifying SVM settings (infrastructures based on OpenStack)
- Configuring SVM network settings (infrastructures based on OpenStack)
- Configuring IP address settings for SVM
- Specifying Kaspersky Security Center connection settings
- Creating the configuration password and the root account password
- Start task for SVM deployment
- Starting an SVM deployment task (OpenStack-based infrastructure)
- Viewing information about task execution
- Deploying SVMs using the Integration Server Console
- Selecting an action
- Selecting infrastructure for SVM deployment
- Selecting the SVM image
- Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
- Specifying SVM settings
- Specifying SVM settings (infrastructures based on OpenStack)
- Configuring SVM network settings (infrastructures based on OpenStack)
- Configuring IP address settings for SVM
- Specifying Kaspersky Security Center connection settings
- Creating the configuration password and the root account password
- Starting SVM deployment
- Starting SVM deployment (infrastructures based on OpenStack)
- SVM deployment
- Finishing SVM deployment
- Automatically creating tasks and a default policy for the Protection Server
- Preparing the Protection Server for operation
- Installing Light Agents and Network Agent
- About installing Kaspersky Security Center Network Agent on virtual machines
- About installing Light Agent for Linux
- About installing Light Agent for Windows
- Installing Light Agent on a template for non-persistent virtual machines
- Compatibility of Light Agent for Windows with virtualization solutions
- Preparing Light Agents for operation
- Displaying virtual machines and SVMs in Kaspersky Security Center
- Viewing the list of SVMs connected to the Integration Server
- Updating Kaspersky Security from the previous version
- Removing the Kaspersky Security solution
- Application management framework
- About managing the solution using Kaspersky Security Center
- About Kaspersky Security management plug-ins
- Starting and closing Kaspersky Security Center Web Console
- Managing the solution using Kaspersky Security Center policies
- Managing the solution using tasks
- About access rights to the settings of policies and tasks in Kaspersky Security Center
- About Integration Server Console
- Connecting to the Integration Server via Integration Server Console
- About the Integration Server Web Console
- Connecting to the Integration Server via Integration Server Web Console
- Licensing Kaspersky Security for Virtualization 6.2 Light Agent
- About the End User License Agreement
- About data provision
- About the license
- About the License Certificate
- About license key
- About the activation code
- About the key file
- About subscription
- License-specific solution functionality
- About activating Kaspersky Security for Virtualization 6.2 Light Agent
- Procedure for activating the solution
- Renewing a license
- Renewing subscription
- Viewing information about the license keys used in Kaspersky Security Center
- View information about the license on a secure virtual machine
- Starting and stopping Kaspersky Security
- Virtual machine protection status
- Connecting SVMs and Light Agents to the Integration Server
- Connecting Light Agents to SVMs
- Protecting large infrastructures
- Updating Kaspersky Security databases and application modules
- Using Kaspersky Security Network
- Additional Protection Server settings
- Reports and notifications
- SVM reconfiguration
- Reconfiguring SVMs using Integration Server Web Console
- Selecting SVM for reconfiguration
- Entering the configuration password
- Editing SVM network settings
- Changing SVM IP settings
- Changing Kaspersky Security Center connection settings
- Changing the configuration password and root account settings
- Start task for SVM reconfiguration
- Start task for SVM reconfiguration (OpenStack)
- SVM reconfiguration using the Integration Server Console
- Selecting an action
- Selecting SVM for reconfiguration
- Entering the configuration password
- Editing SVM network settings
- Editing SVM network settings (infrastructures based on OpenStack)
- Changing SVM IP settings
- Changing Kaspersky Security Center connection settings
- Changing the configuration password and root account settings
- Starting SVM reconfiguration
- Starting SVM reconfiguration (infrastructures based on OpenStack)
- SVM reconfiguration
- Finishing SVM reconfiguration
- Reconfiguring SVMs using Integration Server Web Console
- Configuring Integration Server settings
- Changing passwords of Integration Server accounts
- Changing the settings for connecting to the virtual infrastructure in the Integration Server Web Console
- Changing the settings for connecting to the virtual infrastructure in the Integration Server Console
- Deleting the settings for connection of the Integration Server to the virtual infrastructure
- Replacing the Integration Server and SVM certificates
- Using a backup copy of the database and the Integration Server settings
- SNMP monitoring of SVM status
- Checking the integrity of solution components
- Using Kaspersky Security for Virtualization 6.2 Light Agent in multitenancy mode
- Deploying a tenant protection infrastructure
- Configuring the Integration Server connection settings to the Kaspersky Security Center Administration Server
- Creating a tenant and virtual Administration Server
- Configuring SVM location and Protection Server settings
- Configuring settings for SVM discovery by Light Agents and general tenant protection settings
- Installing a Light Agent on tenant virtual machines
- Registering tenant virtual machines
- Activating a tenant
- Registering existing tenants and their virtual machines
- Enabling and disabling tenant protection
- Getting information about tenants
- Getting tenant protection reports
- Removing virtual machines from the protected infrastructure
- Removing tenants
- Using Integration Server REST API in multi-tenancy scenarios
- Deploying a tenant protection infrastructure
- Contacting Technical Support
- How to get technical support
- Technical Support via Kaspersky CompanyAccount
- Getting information for Technical Support
- Protection Server and Light Agent dump files
- Trace files of the Kaspersky Security Components Installation Wizard
- Trace files of the Integration Server and Integration Server Console
- Trace files of the tool for managing Integration Server and SVM certificates
- Trace files of SVMs, Light Agents and Kaspersky Security management plug-ins
- The SVM Management Wizard log
- Using the utilities and scripts from the Kaspersky Security distribution kit
- Appendices
- Using the klconfig script API to define SVM configuration settings
- Executing configuration commands
- Using the SVM first startup script
- Configuring SVM configuration settings
- Description of commands
- accept_eula_and_privacypolicy
- apiversion
- checkconfig
- connectorlang
- dhcp
- dhcprenew
- dns
- dnslookup
- dnssearch
- dnsshow
- getdnshostname
- gethypervisordetails
- hostname
- listpatches
- manageservices
- nagent
- network
- ntp
- passwd
- permitrootlogin
- productinstall
- reboot
- resetnetwork
- rollbackpatch
- setsshkey
- settracelevel
- test
- timezone
- version
- Settings in the ScanServer.conf file
- Object ID values for SNMP
- How to remove duplicate virtual machines from the list of managed devices in Kaspersky Security Center
- Using the klconfig script API to define SVM configuration settings
- Sources of information about the solution
- Glossary
- Activation code
- Active key
- Administration Server
- Application activation
- Backup
- Backup copy of a file
- Compound file
- Database of malicious web addresses
- Database of phishing web addresses
- Desktop key
- End User License Agreement
- Heuristic Analysis
- Integration Server
- Kaspersky CompanyAccount
- Kaspersky Security databases
- Kaspersky Security Network (KSN)
- Key file
- Key with a limitation on the number of processor cores
- Key with a limitation on the number of processors
- Keylogger
- License
- License certificate
- License key (key)
- Light Agent
- OLE object
- Phishing
- Protected virtual machine
- Reserve key
- Server key
- Signature Analysis
- Startup objects
- SVM
- SVM Management Wizard
- Update source
- Information about third-party code
- Trademark notices
Connecting to the Integration Server via Integration Server Console
If Integration Server Console is installed on the same device where the Kaspersky Security Center Administration Console is installed, you can open Integration Server Console from Kaspersky Security Center Administration Console.
If Integration Server Console is installed on a separate device independent of the Kaspersky Security Center components (for example, if you are using Kaspersky Security Center Linux), you can open Integration Server Console using the executable file located in the Integration Server Console installation folder.
Before starting the Integration Server Console, if the device hosting the Integration Server Console belongs to a Microsoft Windows domain, make sure that your domain account belongs to a local or domain KLAdmins group or local administrator group on the device where the Integration Server is installed.
To open Integration Server Console and connect to the Integration Server:
- In the Kaspersky Security Center Administration Console tree, select the Administration Server: <server name> node.
- In the workspace of the node, on the Monitoring tab, in the Deployment block, follow the link Manage Kaspersky Security for Virtualization <version number> Light Agent, where <version number> is the number of the installed version of the Kaspersky Security solution.
- If one of the following conditions is satisfied, a window opens for entering the Integration Server connection settings:
- If the device hosting the Integration Server Console does not belong to a Microsoft Windows domain.
- If the device hosting the Integration Server Console belongs to a domain, but your domain account does not belong to a local or domain KLAdmins group or the group of local administrators on the device where the Integration Server is installed.
- If the device hosting the Integration Server Console belongs to a domain but a connection to the Integration Server could not be established, the connection address and port specified in the Integration Server settings are used.
Specify the following connection settings:
- Integration Server address
IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the Integration Server Console is installed on the same device as the Kaspersky Security Center Administration Server, the address specified in the settings of the Kaspersky Security Center Administration Server is used to connect to the Integration Server by default. You can change this address in the properties window of the Installation packages folder in the console tree (Additional → Remote installation → Installation packages; the window opens when you select the Settings item in the context menu).
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- Port
Port number for connecting to the Integration Server.
- Account name
Name of the user account being used to establish the connection to the Integration Server.
If the device hosting the Integration Server Console belongs to a domain, and your account belongs to the local or domain KLAdmins group or to the group of local administrators you can use your account. To do so, select the Use domain account check box.
If the device hosting the Integration Server Console does not belong to a domain, or the device belongs to a domain but your domain account does not belong to a local or domain KLAdmins group or to the group of local administrators, you can use only the Integration Server administrator account.
- Password
Password of the user account being used to establish the connection to the Integration Server.
- Use domain account
Use of the domain account of the current user when connecting the Integration Server Console to the Integration Server.
If the check box is selected, the domain account is used to connect to the Integration Server. Make sure that your domain account is part of the KLAdmins group or the local administrator group on the computer where the Integration Server is installed.
If the check box is cleared, the Integration Server administrator account (admin) is used to connect to the Integration Server.
This check box is cleared by default.
Click the Connect button.
- The Console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Verify certificate window with the appropriate message opens. Click the link in this window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.
To continue connecting to the Integration Server, click the Trust the certificate button in the Verify certificate window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the device hosting the Integration Server Console.
The Integration Server Console opens. The Integration Server settings section of Integration Server Console displays the address and port of the Integration Server to which the connection is made, and the Integration Server version.
To open Integration Server Console and connect to the Integration Server:
- Run the following command:
Kaspersky.VIISConsole.UI.exe /lang:<language ID>where:
- Kaspersky.VIISConsole.UI.exe is a file located in the %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\ folder on the device where you installed the Integration Server and Integration Server Console.
- <language ID> – Integration Server Console language identifier formatted as follows: ru, en, de, fr, zh-Hans, zh-Hant, ja. It is case-sensitive.
- Specify the following connection settings:
- Address and port of the Integration Server to which the connection is established.
For the address, you can specify the IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- The Integration Server administrator password that you set when installing Integration Server.
- Address and port of the Integration Server to which the connection is established.
- The Console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Verify certificate window with the appropriate message opens. Click the link in this window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.
To continue connecting to the Integration Server, click the Trust the certificate button in the Verify certificate window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the device hosting the Integration Server Console.
The Integration Server Console opens. The Integration Server settings section of Integration Server Console displays the address and port of the Integration Server to which the connection is made, and the Integration Server version.