- Kaspersky Security for Virtualization 6.2 Light Agent Help
- About Kaspersky Security for Virtualization 6.2 Light Agent
- Solution functions
- Distribution kit
- Hardware and software requirements
- Requirements for Kaspersky Security Center components
- Requirements for installing a Windows-based Integration Server
- Requirements for installing a Linux-based Integration Server
- Requirements for the virtual infrastructure
- Requirements for SVM resources
- Virtual machine requirements for installing Light Agent
- Supported versions of applications in Light Agent mode
- What’s new
- Solution architecture
- Preparing to install the solution
- Files required for installing the solution
- Downloading SVM images using the wizard
- Configuring the ports to use
- Accounts for installing and using the solution
- Configuring the use of secure cryptographic algorithms, ciphers, and protocols
- Configuring rules for moving virtual machines to administration groups
- Installing the Kaspersky Security solution
- Installing a Windows-based Integration Server
- Installing the Linux-based Integration Server
- Installing Kaspersky Security web plug-ins
- Installing Kaspersky Security MMC plug-ins
- SVM deployment using the Integration Server Web Console
- Connecting the Integration Server and the virtual infrastructure
- Creating and running an SVM deployment task
- Selecting infrastructure for SVM deployment
- Selecting the SVM image
- Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
- Specifying SVM settings
- Specifying SVM settings (infrastructures based on OpenStack)
- Configuring SVM network settings (infrastructures based on OpenStack)
- Configuring IP address settings for SVM
- Specifying Kaspersky Security Center connection settings
- Creating the configuration password and the root account password
- Start task for SVM deployment
- Starting an SVM deployment task (OpenStack-based infrastructure)
- Viewing information about task execution
- Deploying SVMs using the Integration Server Console
- Selecting an action
- Selecting infrastructure for SVM deployment
- Selecting the SVM image
- Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
- Specifying SVM settings
- Specifying SVM settings (infrastructures based on OpenStack)
- Configuring SVM network settings (infrastructures based on OpenStack)
- Configuring IP address settings for SVM
- Specifying Kaspersky Security Center connection settings
- Creating the configuration password and the root account password
- Starting SVM deployment
- Starting SVM deployment (infrastructures based on OpenStack)
- SVM deployment
- Finishing SVM deployment
- Automatically creating tasks and a default policy for the Protection Server
- Preparing the Protection Server for operation
- Installing Light Agents and Network Agent
- About installing Kaspersky Security Center Network Agent on virtual machines
- About installing Light Agent for Linux
- About installing Light Agent for Windows
- Installing Light Agent on a template for non-persistent virtual machines
- Compatibility of Light Agent for Windows with virtualization solutions
- Preparing Light Agents for operation
- Displaying virtual machines and SVMs in Kaspersky Security Center
- Viewing the list of SVMs connected to the Integration Server
- Updating Kaspersky Security from the previous version
- Removing the Kaspersky Security solution
- Application management framework
- About managing the solution using Kaspersky Security Center
- About Kaspersky Security management plug-ins
- Starting and closing Kaspersky Security Center Web Console
- Managing the solution using Kaspersky Security Center policies
- Managing the solution using tasks
- About access rights to the settings of policies and tasks in Kaspersky Security Center
- About Integration Server Console
- Connecting to the Integration Server via Integration Server Console
- About the Integration Server Web Console
- Connecting to the Integration Server via Integration Server Web Console
- Licensing Kaspersky Security for Virtualization 6.2 Light Agent
- About the End User License Agreement
- About data provision
- About the license
- About the License Certificate
- About license key
- About the activation code
- About the key file
- About subscription
- License-specific solution functionality
- About activating Kaspersky Security for Virtualization 6.2 Light Agent
- Procedure for activating the solution
- Renewing a license
- Renewing subscription
- Viewing information about the license keys used in Kaspersky Security Center
- View information about the license on a secure virtual machine
- Starting and stopping Kaspersky Security
- Virtual machine protection status
- Connecting SVMs and Light Agents to the Integration Server
- Connecting Light Agents to SVMs
- Protecting large infrastructures
- Updating Kaspersky Security databases and application modules
- Using Kaspersky Security Network
- Additional Protection Server settings
- Reports and notifications
- SVM reconfiguration
- Reconfiguring SVMs using Integration Server Web Console
- Selecting SVM for reconfiguration
- Entering the configuration password
- Editing SVM network settings
- Changing SVM IP settings
- Changing Kaspersky Security Center connection settings
- Changing the configuration password and root account settings
- Start task for SVM reconfiguration
- Start task for SVM reconfiguration (OpenStack)
- SVM reconfiguration using the Integration Server Console
- Selecting an action
- Selecting SVM for reconfiguration
- Entering the configuration password
- Editing SVM network settings
- Editing SVM network settings (infrastructures based on OpenStack)
- Changing SVM IP settings
- Changing Kaspersky Security Center connection settings
- Changing the configuration password and root account settings
- Starting SVM reconfiguration
- Starting SVM reconfiguration (infrastructures based on OpenStack)
- SVM reconfiguration
- Finishing SVM reconfiguration
- Reconfiguring SVMs using Integration Server Web Console
- Configuring Integration Server settings
- Changing passwords of Integration Server accounts
- Changing the settings for connecting to the virtual infrastructure in the Integration Server Web Console
- Changing the settings for connecting to the virtual infrastructure in the Integration Server Console
- Deleting the settings for connection of the Integration Server to the virtual infrastructure
- Replacing the Integration Server and SVM certificates
- Using a backup copy of the database and the Integration Server settings
- SNMP monitoring of SVM status
- Checking the integrity of solution components
- Using Kaspersky Security for Virtualization 6.2 Light Agent in multitenancy mode
- Deploying a tenant protection infrastructure
- Configuring the Integration Server connection settings to the Kaspersky Security Center Administration Server
- Creating a tenant and virtual Administration Server
- Configuring SVM location and Protection Server settings
- Configuring settings for SVM discovery by Light Agents and general tenant protection settings
- Installing a Light Agent on tenant virtual machines
- Registering tenant virtual machines
- Activating a tenant
- Registering existing tenants and their virtual machines
- Enabling and disabling tenant protection
- Getting information about tenants
- Getting tenant protection reports
- Removing virtual machines from the protected infrastructure
- Removing tenants
- Using Integration Server REST API in multi-tenancy scenarios
- Deploying a tenant protection infrastructure
- Contacting Technical Support
- How to get technical support
- Technical Support via Kaspersky CompanyAccount
- Getting information for Technical Support
- Protection Server and Light Agent dump files
- Trace files of the Kaspersky Security Components Installation Wizard
- Trace files of the Integration Server and Integration Server Console
- Trace files of the tool for managing Integration Server and SVM certificates
- Trace files of SVMs, Light Agents and Kaspersky Security management plug-ins
- The SVM Management Wizard log
- Using the utilities and scripts from the Kaspersky Security distribution kit
- Appendices
- Using the klconfig script API to define SVM configuration settings
- Executing configuration commands
- Using the SVM first startup script
- Configuring SVM configuration settings
- Description of commands
- accept_eula_and_privacypolicy
- apiversion
- checkconfig
- connectorlang
- dhcp
- dhcprenew
- dns
- dnslookup
- dnssearch
- dnsshow
- getdnshostname
- gethypervisordetails
- hostname
- listpatches
- manageservices
- nagent
- network
- ntp
- passwd
- permitrootlogin
- productinstall
- reboot
- resetnetwork
- rollbackpatch
- setsshkey
- settracelevel
- test
- timezone
- version
- Settings in the ScanServer.conf file
- Object ID values for SNMP
- How to remove duplicate virtual machines from the list of managed devices in Kaspersky Security Center
- Using the klconfig script API to define SVM configuration settings
- Sources of information about the solution
- Glossary
- Activation code
- Active key
- Administration Server
- Application activation
- Backup
- Backup copy of a file
- Compound file
- Database of malicious web addresses
- Database of phishing web addresses
- Desktop key
- End User License Agreement
- Heuristic Analysis
- Integration Server
- Kaspersky CompanyAccount
- Kaspersky Security databases
- Kaspersky Security Network (KSN)
- Key file
- Key with a limitation on the number of processor cores
- Key with a limitation on the number of processors
- Keylogger
- License
- License certificate
- License key (key)
- Light Agent
- OLE object
- Phishing
- Protected virtual machine
- Reserve key
- Server key
- Signature Analysis
- Startup objects
- SVM
- SVM Management Wizard
- Update source
- Information about third-party code
- Trademark notices
Changing the settings for connecting to the virtual infrastructure in the Integration Server Console
To open the list of virtual infrastructures to which the Integration Server connects:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
A table of virtual infrastructures to which the Integration Server connects will open.
Each row of the table contains the following information:
- Infrastructure
Type of virtual infrastructure and IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server connects for interaction with virtual infrastructure.
For an infrastructure running on VMware vCenter Server with VMware NSX Manager by Kaspersky Security enabled, the column displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of VMware NSX Manager.
- State
Status of the connection between the Integration Server and the virtual infrastructure.
If the Integration Server is not connected to the virtual infrastructure object, the table displays an error message.
The Integration Server verifies the authenticity of all virtual infrastructure objects with which a connection is being established, except a Microsoft Windows Server (Hyper-V) hypervisor.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
Authentication for microservices of the OpenStack platform, VK Cloud platform, and TIONIX Cloud Platform is performed only if you are using HTTPS for connecting the Integration Server to the virtual infrastructure.
To verify authenticity, the Integration Server receives an SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If it fails to ascertain the authenticity of the certificate or public key received from the virtual infrastructure object, the Integration Server breaks the connection with the virtual infrastructure. An error message is displayed in the table. You can resolve this error.
To resolve an SSL certificate validation error or public key validation error received from a virtual infrastructure object, do one of the following:
- Confirm the authenticity of the certificate or public key received from the virtual infrastructure object. To do this, you need to launch the SVM Management Wizard (in the SVM management section of the Integration Server Console) and open the list of virtual infrastructures to which the SVM Management Wizard is configured to connect (for example, see the "Selecting infrastructure for SVM deployment" step in the procedure for installing the Protection Server). The wizard prompts you to verify the authenticity of the certificate or public key in the Verify certificate or Verify public key fingerprint window (depending on the type of virtual infrastructure object).
- Replace the certificate with a new one if you do not believe that the existing certificate is authentic.
If the use of VMware NSX Manager in Kaspersky Security is enabled, the Integration Server also checks the VMware NSX Manager certificate. If the certificate is not trusted by the Integration Server or does not match a previously installed certificate, an error message is displayed in the table. You can resolve this error.
To resolve a VMware NSX Manager SSL certificate validation error, do one of the following:
- Verify the authenticity of the certificate. To view information about the received certificate, you need to click the Confirm VMware NSX Manager certificate authenticity link that is displayed in the error message. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to VMware NSX Manager. To do so, click the Trust the certificate button in the Verify certificate window. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- If you do not consider the certificate to be trusted, you can disconnect by clicking the Cancel button, and replace the certificate with a new one.
How to change the settings for connecting to the virtual infrastructure
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
The list of all virtual infrastructures to which the Integration Server connects opens:
- In the table, select a virtual infrastructure whose connection settings you want to modify, and click the Edit link above the table.
The Change virtual infrastructure connection settings window opens.
The Address field displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server is connected for interaction with protected virtual infrastructure. The Address field cannot be changed.
- Make the necessary changes. You can change the following settings for connecting the Integration Server to the virtual infrastructure:
- Protocol
Protocol used to connect the Integration Server to the virtual infrastructure. By default, HTTPS protocol is used.
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- OpenStack domain
Name of the OpenStack domain that contains an account used to connect the Integration Server to the virtual infrastructure.
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
Name of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.
To connect to a virtual infrastructure based on XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, Alt Virtualization Server, Astra Linux, Numa vServer, VK Cloud platform, or TIONIX Cloud Platform, we recommend using an account that has limited rights to perform actions in the virtual infrastructure.
To connect to a virtual infrastructure running on the Microsoft Hyper-V platform during Kaspersky Security operation, you must use the same user account that is used for SVM deployment, removal and reconfiguration.
- Password
Password of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.
- Protocol
- Click the OK button in the Change virtual infrastructure connection settings window.
How to configure the use of VMware NSX Manager in the Kaspersky Security solution
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
The list of all virtual infrastructures to which the Integration Server connects opens:
- In the table, select the virtual infrastructure managed by VMware vCenter Server, and click the Edit link located above the table.
The Change virtual infrastructure connection settings window opens.
- Configure the settings for connecting the Integration Server to VMware NSX Manager:
- Use VMware NSX Manager
Enables or disables the use of VMware NSX Manager in the Kaspersky Security solution
If VMware NSX Manager is used in the operation of the solution, Kaspersky Security can assign security tags to the protected virtual machine.
- Address
New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.
If your VMware NSX Manager virtual infrastructure is clustered, specify the virtual IP address of the cluster. First, you need to assign a virtual IP address and certificate to the cluster (for more information on configuring a VMware NSX Manager cluster, see the VMware documentation).
- User name
Name of the account that the Integration Server uses to connect to VMware NSX Manager. A VMware NSX Manager account that has been assigned the Enterprise Administrator role is required.
- Password
Password of the account that the Integration Server uses to connect to VMware NSX Manager.
If you change the password for the account used to connect to VMware NSX Manager, the Integration Server will not be able to connect to VMware NSX Manager until at least 15 minutes have passed since the new connection settings were saved.
- Use VMware NSX Manager
- Click the OK button in the Change virtual infrastructure connection settings window.