Connecting Light Agent to SVM
For the Kaspersky Security solution to function, constant interaction between the Light Agent and the Protection Server is required. If there is no connection to the Protection Server, the Light Agent cannot transfer file fragments to the Protection Server for scanning, and scanning is not performed. If Light Agent loses a connection to the Protection Server for more than 5 minutes while running scan tasks, the scan tasks stop and return an error.
To interact with the Protection Server, the Light Agent establishes and maintains a connection to the SVM on which this Protection Server is installed.
Light Agent can only connect to an SVM whose version is compatible with the Light Agent version.
To connect to an SVM, Light Agent must receive information about the SVMs to which a connection can be made. Light Agent selects an available SVM that is optimal for connection according to the SVM selection algorithm.
Regardless of the algorithm used in selecting SVMs, Light Agents also take into account the following parameters:
- Availability of a valid license (a license key that is not in the denylist is added to the SVM, and the license associated with the key has not expired). Light Agent first connects to the SVM on which the solution is activated (the key is added).
- Type of the license key added to the SVM. If you use a licensing scheme based on the number of virtual machines protected by the solution (server keys and desktop keys), the Light Agent first connects to the SVM on which the key type matches the operating system installed on the virtual machine with the Light Agent.
- Protecting the connection between the Light Agent and the Protection Server. A Light Agent for which connection protection is enabled can only connect to SVMs for which encryption of the data channel between the Light Agent and the Protection Server is enabled. A Light Agent for which connection protection is disabled can only connect to SVMs for which channel encryption is disabled or an unsecure connection between the Light Agent and the Protection Server is allowed.
- SVM connection tags. If a tag is assigned to a Light Agent, the Light Agent can only connect to SVMs that are configured to use that connection tag.
The ability to connect the Light Agent to the SVM also depends on the settings for downloading updates to the SVM, which are specified in the policy for the Protection Server. Only Light Agents for which database updates are downloaded to this SVM can connect to the SVM.
Keep in mind that the scope of functionality available on the Light Agent depends on the license under which the solution is activated on the SVM:
- If you want to use the Light Agent functionality included in the Enterprise license, you need to connect the Light Agent to a SVM on which the solution is activated under the Enterprise license. When connecting to an SVM on which the solution is activated under a Standard license, less functionality is available on the Light Agent.
- If you want to use additional Light Agent functionality (for example, integration the Kaspersky Detection and Response solution or integration with Kaspersky Unified Monitoring and Analysis Platform), you need to connect the Light Agent to an SVM on which the solution is activated under a license that includes this additional functionality, or to an SVM for which a separate license key for activating the additional functionality has been added. When a Light Agent is disconnected from the current SVM and connects to an SVM on which additional functionality has not been activated, the functionality becomes unavailable on the Light Agent.
To prevent Light Agents from switching between SVMs with different license types, you can use connection tags or a list of SVMs available for connection to limit the number of SVMs available to a Light Agent.
You can get information about the status of the Light Agent's connection to the SVM in the following ways:
- For Light Agent for Linux: using the Kaspersky Endpoint Security for Linux command
kesl-control --svm-info. For details, see the Kaspersky Endpoint Security for Linux Help of the relevant version. - For Light Agent for Windows:
- in the local interface of Kaspersky Endpoint Security for Windows
- using the Kaspersky Endpoint Security for Windows command
avp.com SVMINFO.
For details, see the Kaspersky Endpoint Security for Windows Help of the relevant version.
The lack of a connection between Light Agent and an SVM is communicated in Kaspersky Security Center through the status of the host device: if the connection to an SVM is not established, the status of the protected virtual machine changes to Critical. Information about the loss and restoration of the connection of the Light Agent and SVM is saved as events in Kaspersky Security Center.
We do not recommend using live snapshots of virtual machines taken on a running guest OS for SVMs and virtual machines with Light Agent for Linux installed. Restoring from such snapshots results in loss of the connection between Light Agents and the SVMs and degrades the performance of the virtual infrastructure. You can use virtual machine snapshots taken on a running guest OS only if the "Notify only" mode is enabled in the Light Agent settings. For details, see the Kaspersky Endpoint Security for Linux Help of the relevant version.