Kaspersky Security for Virtualization 6.2 Light Agent

Connecting the Integration Server and the virtual infrastructure

To configure the Integration Server's connection to the virtual infrastructure:

1. Open Integration Server Web Console and connect to the Integration Server.
2. Go to the List of virtual infrastructures section.
3. Click the Add button.
4. In the Add virtual infrastructure window that opens, specify the following required settings:
   • Infrastructure object type

     Type of the virtual infrastructure object that the Integration Server will connect to.

     Depending on the type of virtual infrastructure, select a hypervisor, virtual infrastructure administration server, or Keystone microservice.

   • Protocol

     Protocol used to connect the Integration Server to the virtual infrastructure. By default, HTTPS protocol is used.

     The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

   • Infrastructure object address

     Address of the virtual infrastructure object that the Integration Server will connect to. Depending on the type of virtual infrastructure, you need to specify the hypervisor address or the address of the virtual infrastructure administration server. To connect to an OpenStack-based infrastructure, you need to specify the address of the Keystone microservice.

     The address can be specified as the IP address in IPv4 format or the fully qualified domain name (FQDN).

     In this field, you can also specify the port used to connect to the virtual infrastructure object in the format <IP address>:<port>.

     If you are configuring a connection to Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service, you can specify the address of the cluster. All hypervisors that are part of the cluster will be added to the list.

     If you are using the Linux-based Integration Server, SVM deployment in a virtual infrastructure based on Microsoft Hyper-V is not supported.

     If you are configuring a connection to VMware ESXi hypervisors managed by VMware vCenter Servers running in Linked mode, you can specify the address of any of these VMware vCenter Servers. All the hypervisors running on VMware vCenter servers in Linked mode will be added to the list.

     If you are configuring a connection to an infrastructure managed by Nutanix Prism Element, you need to specify the Nutanix Prism Element address. If the infrastructure is managed by Nutanix Prism Central, specify the Nutanix Prism Central address. All Nutanix Prism Element servers managed by Nutanix Prism Central will be added to the list.

   • Account settings for connecting to the infrastructure with administrator rights:
     • OpenStack domain

       Name of the OpenStack domain that contains an account used to connect the Integration Server to the virtual infrastructure.

       The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

     • User name

       Name of the user account that the Integration Server uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration. This account must have privileges that are sufficient for SVM deployment, removal and reconfiguration.

     • Password

       Password of the user account that the Integration Server uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration.

5. In a virtual infrastructure based on XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, Alt Virtualization Server, Astra Linux, Numa vServer, VK Cloud platform, or TIONIX Cloud Platform, we also recommend specifying an account that has limited rights to perform actions in the virtual infrastructure. Under this account, the Integration Server will connect to the virtual infrastructure while Kaspersky Security is running in order to get information about SVMs available for connection and to distribute Light Agents between SVMs.

   To set restricted permissions for a user account:

   1. Click Add an account with restricted permissions in the Account with restricted permissions section.
   2. In the window that opens, specify the account name and password.
   3. Click the Save button.

   If an account with restricted permissions is not configured the Integration Server uses the same user account that is used for SVM deployment, removal and reconfiguration, to connect to the virtual infrastructure while Kaspersky Security is running.

   In a virtual infrastructure running on the Microsoft Hyper-V platform, you can connect to the virtual infrastructure during Kaspersky Security operation only by using the same user account that is used for SVM deployment, removal and reconfiguration.

6. In a virtual infrastructure based on the VMware vSphere platform, you can configure the use of VMware NSX Manager by the Kaspersky Security solution:
   1. Click the Specify VMware NSX Manager connection settings button in the VMware NSX Manager block.
   2. This opens a window; in that window, specify the following settings:
      • Address

        New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.

        If your VMware NSX Manager virtual infrastructure is clustered, specify the virtual IP address of the cluster. First, you need to assign a virtual IP address and certificate to the cluster (for more information on configuring a VMware NSX Manager cluster, see the VMware documentation).

      • User name

        Name of the account that the Integration Server uses to connect to VMware NSX Manager. A VMware NSX Manager account that has been assigned the Enterprise Administrator role is required.

      • Password

        Password of the account that the Integration Server uses to connect to VMware NSX Manager.

   3. Click the Save button in the VMware NSX Manager settings window.
7. Click the Save button in the Add virtual infrastructure window.

   The Integration Server adds the selected virtual infrastructure objects to the list and attempts to establish a connection.

   The Integration Server verifies the authenticity of all virtual infrastructure objects with which the connection is established.

   Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.

   For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the Integration Server to the virtual infrastructure.

   To verify authenticity, the Integration Server receives an SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.

   If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Integration Server is installed. If you do not consider this certificate to be authentic, click the Cancel connection button in the Verify certificate window to disconnect, and replace the certificate with a new one.

   If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The public key fingerprint will be saved on the device where the Integration Server is installed. If you do not consider this open key to be authentic, click the Cancel connection button in the Verify public key fingerprint window to terminate the connection.

   If a connection to a virtual infrastructure object could not be established, information about connection errors is displayed in the list of infrastructures in the Status column.

Using the buttons above the table, you can:

• refresh the list of virtual infrastructures
• sort and search the list
• edit the settings for connecting the Integration Server to virtual infrastructures
• delete settings for connecting to virtual infrastructures
• export the list in CSV format