Creating and running an SVM deployment task

To create and run an SVM deployment task for the Integration Server:

1. Open Integration Server Web Console and connect to the Integration Server.
2. Go to the SVM management section.
3. Click the New task button and select SVM deployment from the drop-down list.

   The Integration Server New Task Wizard will start.

4. Follow the wizard instructions.

Selecting infrastructure for SVM deployment

At this step, the table displays information about the virtual infrastructures to which connections are configured for the Integration Server. If SVMs are already deployed in the virtual infrastructure, the table also contains information about them. Each row of the table displays the following information about the virtual infrastructure:

• Name/Address

  This column contains the IP addresses or fully qualified domain names (FQDN) of the virtual infrastructure objects to which the Integration Server connects, and the names of the SVMs deployed on the hypervisors.

  Depending on the type of virtual infrastructure, the column may display:

  • IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
  • IP address or the fully qualified domain name of the hypervisor
  • IP address or the fully qualified domain name of the Keystone microservice
  • OpenStack project and domain name.
• Status

  This column contains information about the status of the Integration Server's connection to the virtual infrastructure, the state of the infrastructure objects to which the connection is made, and the state of the SVMs deployed in the infrastructure.

  If the Integration Server is not connected to the virtual infrastructure object, the column displays an error message.

• Infrastructure object type

  The column contains the type of the virtual infrastructure object that the Integration Server will connect to.

• SVM version

  This column contains the SVM version number.

You can search the list of virtual infrastructure objects based on the Name/Address column. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the search field.

You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Integration Server verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

To select infrastructure for SVM deployment:

1. Depending on the type of the virtual infrastructure, select checkboxes in the table to the left of the names of the hypervisors on which you want to deploy an SVM, or the OpenStack projects in which you want to deploy an SVM. You can select hypervisors or OpenStack projects to which the Integration Server has successfully connected.

   If SVMs are being deployed in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous SVM deployment in different infrastructures is not supported. You can deploy SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.

   The simultaneous deployment of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously deploy SVMs only in OpenStack projects that are running on the same Keystone microservice.

   Simultaneous deployment of SVMs to hypervisors of different types (for example, to a VMware ESXi hypervisor and a KVM hypervisor) is not supported.

2. If you want to allow parallel deployment of multiple SVMs, select the Allow parallel deployment of N SVMs check box and specify the number of SVMs that should be deployed in parallel.

Proceed to the next step of the wizard.

Selecting the SVM image

At this step, select the file of the SVM image for deployment. The SVM image file and SVM image description file (in XML format) must be placed on the device where the Integration Server is installed, into a single folder that the Integration Server has read access to.

To specify the SVM image, in the field, enter the path to the SVM image description file (in XML format) relative to the file system of the device on which the Integration Server is installed, and click the Select button.

The Wizard automatically selects the required SVM image file:

• An XVA file for deployment on a XenServer hypervisor or on a Numa vServer hypervisor.
• An OVA file for deployment on a VMware ESXi hypervisor.
• A QCOW2 file for deployment on a KVM hypervisor (including on a KVM hypervisor running on OpenStack platform, Astra Linux, VK Cloud Platform or TIONIX Cloud Platform), on a Proxmox VE hypervisor, on a R-Virtualization hypervisor, on a HUAWEI FusionCompute CNA hypervisor, on a Nutanix AHV hypervisor, or on an ALT Virtualization Server platform basic hypervisor.

The window displays the following information about the selected image:

• Vendor is the name of the vendor of the solution that the SVM is part of.
• Publisher is the name of the publisher of the solution that the SVM is part of. If the image is authentic, the Publisher field displays the value AO Kaspersky Lab.

  If the authenticity of the image has not been verified, an error message is displayed at the top of the window, and Unknown is displayed in the Publisher field.

  If the authenticity of the image has not been verified, it is recommended to use a different image for SVM deployment. To do this, you need to re-download the archive with the files necessary for SVM deployment.

• Solution name is the name of the solution that the SVM is part of.
• SVM version is the SVM version number.
• Description is a brief description of the SVM image.
• Virtual drive size is the amount of disk space required to deploy the SVM.

It is recommended to validate the SVM image. To do so, click the Validate button in the SVM image integrity check section. The verification results are displayed in the window as follows:

• If the image file integrity check is successful, the Completed successfully message is displayed.
• If the image file gets modified or corrupted while being transmitted from the publisher to the end user or if the image format is not supported, the upper part of the window shows an error message and the SVM image integrity check section displays information about the detected problem.

If an SVM image file integrity check ended with an error, it is recommended to use a different image for SVM deployment. To do this, you need to re-download the archive with the files necessary for SVM deployment.

If the authenticity of an image has been verified and the image file integrity check completed successfully, proceed to the next step of the Wizard.

If the authenticity of an image has not been verified or an image file integrity check has not been performed or ended with an error but you accept the risk and want to use the selected SVM image, to proceed to the next step of the Wizard you need to select the check box located in the lower part of the window.

Selecting the number of SVMs for deployment (infrastructures based on OpenStack)

This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

For this step, you must specify the number of SVMs to be deployed on the hypervisors within each selected OpenStack project. The OpenStack project name column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.

In the Number of SVMs column, specify the number of SVMs to be deployed on the hypervisors within the OpenStack project.

Proceed to the next step of the wizard.

Specifying SVM settings

This step is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

At this step, you need to specify the name of the SVM and select the storage on the hypervisor where the SVM will be deployed. The Hypervisor address column displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM will be deployed.

Specify the following settings:

• SVM name

  An arbitrary name for new SVM.

• Storage

  Data storage for SVM image.

  The drop-down list displays the storage repositories available for SVM deployment.

  If you are deploying SVMs on a Microsoft Windows Server (Hyper-V) hypervisor that is part of a cluster, only shared repositories can be selected in the list.

  If you are deploying SVMs on a Microsoft Windows Server (Hyper-V) hypervisor that is not part of a cluster, you can manually enter the path to the repository.

Proceed to the next step of the wizard.

Specifying SVM settings (infrastructures based on OpenStack)

This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

On this step, you must specify deployment settings for each SVM that is to be deployed within the selected OpenStack projects. The OpenStack project name column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.

Specify the following settings required for SVM deployment:

• SVM name

  An arbitrary name for new SVM.

• Virtual machine type

  Virtual machine type (instance type) determines RAM volume, disk size, number of CPU cores, and other settings of created virtual machine.

  Select appropriate virtual machine type for SVM deployment from available types for OpenStack project. Virtual machine type must match recommendations of Kaspersky experts concerning the resource allocation for SVMs.

  If there is no virtual machine of the suitable type in the list, use the virtual infrastructure to create the required virtual machine type. After that, to refresh the list of available virtual machine types, you can go back to the infrastructure selection step and select the Refresh button or restart the SVM deployment procedure.

You can also specify the following settings:

• Volume type

  Volume type determines which data storage will be used for disk creation during the SVM deployment. Select a volume type from available types for OpenStack project.

• Availability zone

  A logical collection of hypervisors used to provide fault tolerance in infrastructures based on OpenStack. Select an availability zone into which the SVM will be located.

• Server group

  Grouping of virtual machines according to the policy that determines the hypervisors on which virtual machines will be started. Select a Server group, into which the SVM will be located.

Proceed to the next step of the wizard.

Configuring SVM network settings (infrastructures based on OpenStack)

For this step, you must specify network settings for each SVM to be deployed.

The window displays the following information:

• Hypervisor address

  IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM will be deployed.

  The Hypervisor address column is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

• OpenStack project name

  Name of the OpenStack project selected for SVM deployment, as well as project path in the infrastructure.

  The OpenStack project name column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

  • SVM name

    The name that was defined when specifying SVM settings.

For each SVM, specify one or more virtual networks in the Network name column.

You can also specify the following settings:

• VLAN ID

  The ID of the virtual local area network (VLAN) that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

  If VLAN is not used, the column shows No.

  The VLAN ID column is displayed if you are deploying the SVM in a virtual infrastructure based on Microsoft Hyper-V platform or in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

• Security group

  Set of network traffic filtering rules that are created in the virtual infrastructure and applied in the virtual network.

  The drop-down list displays all available security groups. You can specify one or more security groups for each selected virtual network. To select a security group, select the check box to the left of its name. The names of the selected security groups are displayed in the field.

  The Security group column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

Proceed to the next step of the wizard.

Configuring IP address settings for SVM

For this step, you must specify IP addressing settings for all SVMs. You can use dynamic or static IP addressing.

If you want to specify all network settings of the SVM manually, select:

1. Select Static IP addressing. This opens a table containing the following information:
   • Hypervisor address

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM will be deployed.

     The Hypervisor address column is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project name

     Name of the OpenStack project selected for SVM deployment, as well as project path in the infrastructure.

     The OpenStack project name column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   • Network name

     The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

2. Specify the following IP addressing settings for each SVM:
   • DNS server
   • alternative DNS server
   • SVM IP address
   • Subnet mask
   • gateway

   If you specified several virtual networks for the SVM at the previous step, specify the settings for each virtual network.

If you want to use DHCP network settings for all SVMs:

1. Select Dynamic IP addressing (DHCP).

   By default, the IP address of the DNS server and the IP address of the alternative DNS server received over the DHCP protocol are used for each SVM (the Use list of DNS servers received via DHCP check box is selected). If you specified several virtual networks for the SVM at the previous step, by default the network settings for the SVM are received from the DHCP server of the first virtual network in the list of the specified virtual networks.

2. If you want to manually specify the IP address of the DNS server and alternative DNS server, clear the Use list of DNS servers received via DHCP check box. This opens a table containing the following information:
   • Hypervisor address

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM will be deployed.

     The Hypervisor address column is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project name

     Name of the OpenStack project selected for SVM deployment, as well as project path in the infrastructure.

     The OpenStack project name column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   Specify the IP addresses of DNS servers in the DNS server and Alternative DNS server table columns.

Proceed to the next step of the wizard.

Specifying Kaspersky Security Center connection settings

At this step, you must specify the settings of SVM connection to the Kaspersky Security Center Administration Server.

Specify the following settings:

• Address

  Address of the device hosting the Kaspersky Security Center Administration Server. You can specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device.

• Port

  Number of the port for connecting the SVM to the Kaspersky Security Center Administration Server.

• SSL port

  Number of the port for connecting an SVM to the Kaspersky Security Center Administration Server using an SSL certificate.

Proceed to the next step of the wizard.

Creating the configuration password and the root account password

At this step, you need to create a klconfig account password (configuration password) and a root account password on the SVM.

The configuration password is required for SVM reconfiguration. The root user account is used for access to the operating system on SVMs.

Enter passwords for each account into the Password and Confirm password fields.

Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

If you want to configure access to SVMs over SSH under the root account, select the Allow remote access to SVM for the root account via SSH check box.

Proceed to the next step of the wizard.

Start task for SVM deployment

This step is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

This step displays all the settings of the created SVM deployment task for the Integration Server:

• The task name is generated automatically and contains the task type. You can use this name to find the task in the list in Integration Server Web Console, in the SVM management section.
• The list at the top of the window contains general settings for all SVMs that will be deployed by the task:
  • SVM image description file

    The full path and name of the SVM image description file (in XML format) that you specified at the SVM image selection step.

  • SVM IP settings

    Method of configuring IP addressing settings.

    Possible values: Dynamic IP addressing using the list of DNS servers received via DHCP, Dynamic IP addressing using the list of manually defined DNS servers, Static IP addressing.

  • SSH-based remote access to the SVM for the root account

    Remote access to the SVM over SSH for the root user account.

    Possible values: Allowed, Blocked.

  • Kaspersky Security Center connection settings

    IP address in IPv4 format or fully qualified domain name (FQDN) of the device hosting the Kaspersky Security Center Administration Server, and port numbers for connecting the SVM to the Kaspersky Security Center Administration Server.

  • Parallel deployment

    The number of SVMs to be deployed concurrently.

• The table at the bottom of the window contains individual settings for each SVM:
  • Hypervisor address

    IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM will be deployed.

  • SVM name

    The name that was defined when specifying SVM settings.

  • Storage

    Data storage for SVM image.

  • Network name

    The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

  • VLAN ID

    The ID of the virtual local area network (VLAN) that the SVM uses to connect to virtual machines, the Integration Server and the Kaspersky Security Center Administration Server.

    The VLAN ID is displayed if you are deploying the SVM in the virtual infrastructure running on Microsoft Hyper-V platform.

  • All IP addressing settings that you provided for the SVM.

To start the SVM deployment task, click the Start button.

You can monitor the task progress in Integration Server Web Console, in the SVM management section.

Starting an SVM deployment task (OpenStack-based infrastructure)

This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

This step displays all the settings of the created SVM deployment task for the Integration Server:

• The task name is generated automatically and contains the task type. You can use this name to find the task in the list in Integration Server Web Console, in the SVM management section.
• The list at the top of the window contains general settings for all SVMs that will be deployed by the task:
  • Keystone microservice address

    IP address or fully qualified domain name (FQDN) of the Keystone microservice that manages the OpenStack project in which the SVMs are being deployed.

  • SVM image description file

    The full path and name of the SVM image description file (in XML format) that you specified at the SVM image selection step.

  • SVM IP settings

    Method of configuring IP addressing settings.

    Possible values: Dynamic IP addressing using the list of DNS servers received via DHCP, Dynamic IP addressing using the list of manually defined DNS servers, Static IP addressing.

  • SSH-based remote access to the SVM for the root account

    Remote access to the SVM over SSH for the root user account.

    Possible values: Allowed, Blocked.

  • Kaspersky Security Center connection settings

    IP address in IPv4 format or fully qualified domain name (FQDN) of the device hosting the Kaspersky Security Center Administration Server, and port numbers for connecting the SVM to the Kaspersky Security Center Administration Server.

  • Parallel deployment

    The number of SVMs to be deployed concurrently.

• The table at the bottom of the window contains individual settings for each SVM:
  • OpenStack project name

    Name of the OpenStack project selected for SVM deployment, as well as project path in the infrastructure.

  • SVM name

    The name that was defined when specifying SVM settings.

  • Virtual machine type

    Type of virtual machine (instance type) selected for SVM.

  • Volume type

    Volume type to be used during SVM deployment.

  • Availability zone

    Logical collection of hypervisors where the SVM will be located.

  • Server group

    Group of virtual machines in which the SVM will be located.

  • Network name

    The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

  • VLAN ID

    The ID of the virtual local area network (VLAN) that the SVM uses to connect to virtual machines, the Integration Server and the Kaspersky Security Center Administration Server.

  • Security group

    Security group selected for the virtual network.

  • All IP addressing settings that you provided for the SVM.

  To start the SVM deployment task, click the Start button.

You can monitor the task progress in Integration Server Web Console, in the SVM management section.