SVM reconfiguration

You can change the following settings in the configuration of deployed SVMs:

• Mode for remote access to SVMs via SSH.
• List of virtual networks that SVMs use to connect to Light Agents, the Integration Server, and the Kaspersky Security Center Administration Server, as well as SVM IP addressing settings.
• IP addresses of DNS servers.
• Settings of SVM connection to the Kaspersky Security Center Administration Server.
• Configuration password and root account password.

You can reconfigure an SVM in the following ways:

• Using the Integration Server Web Console.
• Using the SVM Management Wizard, which is launched in the Integration Server Console.
• Without using the Integration Server management consoles, using the Integration Server REST API (open a description of REST API requests).

You can also reconfigure SVMs using the klconfig script API manually or using automation tools.

Reconfiguring SVMs using Integration Server Web Console

To manage SVM settings using Integration Server Web Console, you need to create and run a task an SVM reconfiguration task for the Integration Server to reconfigure the selected SVM.

After it starts, the task appears in the task list in Integration Server Web Console, in the SVM management section, and is added to the task queue on the Integration Server. You can view information about each task and its execution status.

When the task completes successfully, the selected SVM is reconfigured.

To create and run an SVM reconfiguration task for the Integration Server:

1. Open Integration Server Web Console and connect to the Integration Server.
2. Go to the SVM management section.
3. Click the New task button and select SVM reconfiguration from the drop-down list.

   The Integration Server New Task Wizard will start.

4. Follow the wizard instructions.

Selecting SVM for reconfiguration

At this step, you must select the SVM or SVMs that you want to reconfigure.

The table displays information about the virtual infrastructures to which connections are configured for the Integration Server. The table also contains information about deployed SVMs. Each row of the table displays the following information about the virtual infrastructure object:

• Name/Address

  This column contains the IP addresses or fully qualified domain names (FQDN) of the virtual infrastructure objects to which the Integration Server connects, and the names of the SVMs deployed on the hypervisors.

  Depending on the type of virtual infrastructure, the column may display:

  • IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
  • IP address or the fully qualified domain name of the hypervisor
  • IP address or the fully qualified domain name of the Keystone microservice
  • OpenStack project and domain name.
• Status

  This column contains information about the status of the Integration Server's connection to the virtual infrastructure, the state of the infrastructure objects to which the connection is made, and the state of the SVMs deployed in the infrastructure.

  If the Integration Server is not connected to the virtual infrastructure object, the column displays an error message.

• SVM version

  This column contains the SVM version number.

• Infrastructure object type

  The column contains the type of the virtual infrastructure object that the Integration Server will connect to.

You can search the list of virtual infrastructure objects based on the Name/Address column. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the search field.

You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Integration Server verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

If the virtual infrastructure in which you want to reconfigure the SVM is not in the list, you need to configure a connection from the Integration Server to this virtual infrastructure.

To selecting an SVM for reconfiguration,

In the table, select the check boxes to the left of the names of the SVMs you want to reconfigure.

If SVMs are being reconfigured in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous reconfiguration of SVMs deployed in different infrastructures is not supported. You can reconfigure SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.

SVMs in OpenStack projects that are running on different Keystone microservices cannot be reconfigured simultaneously. You can simultaneously reconfigure SVMs deployed in OpenStack projects that are running on the same Keystone microservice.

Proceed to the next step of the wizard.

Entering the configuration password

At this step, specify the configuration password that was created during SVM deployment.

Proceed to the next step of the wizard.

Editing SVM network settings

At this step, you can edit the network settings of the SVM.

Changing the list of networks on SVMs results in the creation of new network adapters. This could change the IP address of an SVM.

To change SVM network settings:

1. Select the Change SVM network settings check box.

   The window displays a table containing the following information about SVMs selected for reconfiguration:

   • Hypervisor address

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

     The Hypervisor address column is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project name

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

     The OpenStack project name column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

2. For each SVM, specify one or more virtual networks in the Network name column.

   The name of the virtual network that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   You can specify one or more virtual networks. To add a field for selecting virtual networks, use the button located next to the network selection field.

   If you intend to use dynamic IP addressing (DHCP) for all SVMs, the network settings will be received from the DHCP server via the first virtual network in the list of networks specified for each SVM. Make sure that the Wizard can connect to the SVM with the network settings of the first virtual network received from the DHCP server.

   If the virtual infrastructure uses the VMware Distributed Virtual Switch component, you can specify a Distributed Virtual Port Group to which the SVM will be connected.

3. If you have selected to reconfigure SVMs deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, you can also specify one or more security groups for each selected network in the Security group column.

   Set of network traffic filtering rules that are created in the virtual infrastructure and applied in the virtual network.

   The drop-down list displays all available security groups. You can specify one or more security groups for each selected virtual network. To select a security group, select the check box to the left of its name. The names of the selected security groups are displayed in the field.

4. If the SVMs that you selected for reconfiguration are deployed in a virtual infrastructure running the Microsoft Hyper-V platform, you can also specify the VLAN ID.

   The ID of the virtual local area network (VLAN) that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   If VLAN is not used, the column shows No.

Proceed to the next step of the wizard.

Changing SVM IP settings

For this step, you can edit IP addressing settings used for all SVMs. You can use dynamic or static IP addressing.

To edit the IP address settings:

1. Select the Edit SVM IP settings check box.

   If you added virtual networks for one or more SVMs at the previous step of the Wizard, the Edit SVM IP settings check box is not displayed. You cannot proceed to the next step until the network settings of SVMs selected for reconfiguration have been configured.

2. If you want to specify all network settings of the SVM manually, select Static IP addressing. This opens a table containing the following information:
   • Hypervisor address

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

     The Hypervisor address column is displayed if the SVM is deployed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project name

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

     The OpenStack project name column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   • Network name

     The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   Specify the following network settings for each SVM:

   • SVM IP address
   • Subnet mask
   • Gateway
   • DNS server
   • Alternative DNS
3. If you want to use DHCP network settings for all SVMs, select Dynamic IP addressing (DHCP).

   By default, the IP address of the DNS server and the IP address of the alternative DNS server received over the DHCP protocol are used for each SVM. If you specified several virtual networks for the SVM at the previous step, by default the network settings for the SVM are received from the DHCP server of the first virtual network in the list of the specified virtual networks.

   If you want to manually specify the IP address of the DNS server and alternative DNS server, clear the Use list of DNS servers received via DHCP check box. This opens a table containing the following information:

   • Hypervisor address

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

     The Hypervisor address column is displayed if the SVM is deployed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project name

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

     The OpenStack project name column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   Specify the IP addresses of DNS servers in the DNS server and Alternative DNS server table columns.

Proceed to the next step of the wizard.

Changing Kaspersky Security Center connection settings

At this step, you can edit the settings of SVM connection to the Kaspersky Security Center Administration Server.

To edit the settings for connecting SVMs to Kaspersky Security Center Administration Server:

1. Select the Edit settings for SVM connection to Kaspersky Security Center check box.
2. Specify the following settings:
   • Address

     Address of the device hosting the Kaspersky Security Center Administration Server. You can specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device.

   • Port

     Number of the port for connecting the SVM to the Kaspersky Security Center Administration Server.

   • SSL port

     Number of the port for connecting an SVM to the Kaspersky Security Center Administration Server using an SSL certificate.

Proceed to the next step of the wizard.

Changing the configuration password and root account settings

At this step, you can modify the following settings:

• Configuration password (the password used to reconfigure SVMs).
• Root account password.
• Remote access mode to the SVM over SSH for the root user account.

If you want to change the configuration password, select the Change the klconfig account password (configuration password) check box and specify the new configuration password in the Password and Confirm password fields.

If you want to change the root account password, select the Change the root account password check box and specify the new password in the Password and Confirm password fields.

Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

If you want to change the mode of remote access over SSH to the SVM, select the Change remote access for the root account check box, and then select or clear the Allow remote access to SVM for the root account via SSH check box.

Proceed to the next step of the wizard.

Start task for SVM reconfiguration

This step is displayed if the SVM reconfiguration is being performed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

This step displays all the settings of the created SVM reconfiguration task for the Integration Server:

• The task name is generated automatically and contains the task type. You can use this name to find the task in the list in Integration Server Web Console, in the SVM management section.
• The list at the top of the window contains information about which configuration settings will be changed for all the SVMs that you selected when creating the task. For the settings that will be changed, the new value is displayed.
• The table at the bottom of the window contains the individual settings for each SVM.

To start the SVM reconfiguration task, click the Start button.

You can monitor the task progress in Integration Server Web Console, in the SVM management section.

Start task for SVM reconfiguration (OpenStack)

This step is displayed if you are reconfiguring an SVM in a virtual infrastructure running the TIONIX Cloud Platform or in a virtual infrastructure running the OpenStack platform.

This step displays all the settings of the created SVM reconfiguration task for the Integration Server:

• The task name is generated automatically and contains the task type. You can use this name to find the task in the list in Integration Server Web Console, in the SVM management section.
• The upper part of the window displays the IP address or fully qualified domain name (FQDN) of the Keystone microservice that manages the OpenStack project in which the SVMs are deployed. The list below contains information about which configuration settings will be changed for all the SVMs that you selected when creating the task. For the settings that will be changed, the new value is displayed.
• The table at the bottom of the window contains individual settings for each SVM:

To start the SVM reconfiguration task, click the Start button.

You can monitor the task progress in Integration Server Web Console, in the SVM management section.

SVM reconfiguration using the Integration Server Console

To change the SVM configuration using the SVM Management Wizard:

1. Open Integration Server Console and connect to the Integration Server.
2. In the SVM management section, click the SVM management button to start the SVM Management Wizard.
3. Follow the wizard instructions.

Selecting an action

At this step, choose the SVM reconfiguration option.

Proceed to the next step of the wizard.

Selecting SVM for reconfiguration

At this step, you must select the SVM or SVMs that you want to reconfigure.

The table displays the following information about the virtual infrastructures, to which the SVM Management Wizard connection is configured, as well as information about the deployed SVMs:

• Name/Address

  Depending on the type of virtual infrastructure, the column may contain the following:

  • IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
  • IP address or the fully qualified domain name of the hypervisor
  • IP address or the fully qualified domain name of the Keystone microservice
  • Name of the OpenStack domain
  • Name of the OpenStack project
  • Name of the SVM deployed on the hypervisor

  If the connection with the virtual infrastructure could not be established, the warning icon is displayed against this connection in the column. A description of the connection error is shown in the table and in the tooltip of the warning icon.

• State

  This column contains information on the state of the virtual infrastructure object or the SVM.

  For the hypervisor, one of the following values is specified: Enabled or Disabled. If a connection to the hypervisor cannot be established, the column shows Disconnected.

  For the Keystone microservice, the OpenStack project, and the OpenStack domain, one of the following values is specified: Enabled or Disconnected.

  One of the following values is specified for an SVM: Enabled, Disabled.

• Protection

  This column contains the SVM version number.

• Type

  This column contains the type of virtual infrastructure object that the SVM Management Wizard will connect to.

You can search the list of virtual infrastructure objects. The search is performed based on the value of the Name/Address. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.

To selecting an SVM for reconfiguration,

In the table, select the check boxes to the left of the names of the SVMs you want to reconfigure.

If SVMs are being reconfigured in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous reconfiguration of SVMs deployed in different infrastructures is not supported. You can reconfigure SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.

SVMs in OpenStack projects that are running on different Keystone microservices cannot be reconfigured simultaneously. You can simultaneously reconfigure SVMs deployed in OpenStack projects that are running on the same Keystone microservice.

If the list does not contain virtual infrastructure, in which you want to reconfigure SVM, you must configure the SVM Management Wizard connection to this virtual infrastructure.

To configure the connection of SVM Management Wizard to the virtual infrastructure:

1. Click the Add button.
2. In the Virtual infrastructure connection settings window that opens, specify the following settings:
   • Type

     Type of virtual infrastructure object that SVM Management Wizard will connect to.

     Depending on the type of virtual infrastructure, select a hypervisor, virtual infrastructure administration server, or Keystone microservice.

   • Protocol

     Protocol used to connect SVM Management Wizard to the virtual infrastructure. By default, the HTTPS protocol is used.

     The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

   • Addresses

     Addresses of the virtual infrastructure objects that SVM Management Wizard will connect to.

     Depending on the type of virtual infrastructure, you need to specify the hypervisor address or the address of the virtual infrastructure administration server. To connect to an OpenStack-based infrastructure, you need to specify the address of the Keystone microservice.

     The address can be specified as the IP address in IPv4 format or the fully qualified domain name (FQDN).

     You can specify multiple addresses by separating them with a semicolon, a space, or a new line. The number of correctly recognized addresses is shown under the list of addresses.

     In this field, you can also specify the port used to connect to the virtual infrastructure object in the format <IP address>:<port>.

     If you are configuring a connection to Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service, you can specify the address of the cluster. All hypervisors that are part of the cluster will be added to the list.

     If you are configuring a connection to VMware ESXi hypervisors managed by VMware vCenter Servers running in Linked mode, you can specify the address of any of these VMware vCenter Servers. All the hypervisors running on VMware vCenter servers in Linked mode will be added to the list.

     If you are configuring a connection to hypervisors that are managed by Microsoft SCVMM, you can specify the settings for connecting to Microsoft SCVMM. All hypervisors that are managed by Microsoft SCVMM will be added to the list.

     If you are configuring a connection to an infrastructure managed by Nutanix Prism Element, you need to specify the Nutanix Prism Element address. If the infrastructure is managed by Nutanix Prism Central, specify the Nutanix Prism Central address. All Nutanix Prism Element servers managed by Nutanix Prism Central will be added to the list.

   • OpenStack domain

     Name of the

     OpenStack domain

     An OpenStack domain is a collection of OpenStack accounts, groups of infrastructure objects, and projects in virtual infrastructures based on OpenStack (including infrastructures based on the VK Cloud platform or TIONIX Cloud Platform). Each account belongs to a particular OpenStack domain.

     that contains an account used to connect SVM Management Wizard to the virtual infrastructure object.

     The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

   • User name

     Name of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration. This account must have privileges that are sufficient for SVM deployment, removal and reconfiguration.

     If you use a domain account to connect to a virtual infrastructure object, you can specify the account name in the <domain>\<user name> or <user name>@<domain> format.

   • Password

     Password of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration.

3. Click the Connect button.

   The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.

   The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.

   Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.

   For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.

   To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.

   If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.

   If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.

   If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.

You can use the Refresh button above the table to update the list of virtual infrastructure objects. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

You can use buttons in the Name/Address column to:

• Remove selected virtual infrastructure from the list.

  The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.

• If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.

  After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

Proceed to the next step of the wizard.

Entering the configuration password

At this step, specify the configuration password that was created during SVM deployment.

Proceed to the next step of the wizard.

Editing SVM network settings

This step is displayed if the SVM reconfiguration is being performed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

At this step, you can change the virtual network(s) that the SVMs use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

Changing the list of networks on SVMs results in the creation of new network adapters. This could change the IP address of an SVM.

To change the list of virtual networks used by an SVM:

1. Select the Change SVM network settings check box.

   The window displays a table containing the following information about SVMs selected for reconfiguration:

   • Hypervisor

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

   • SVM name

     The name that was defined when specifying SVM settings.

2. For each SVM, specify one or more virtual networks in the Network name column.

   The name of the virtual network that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   You can specify one or more virtual networks available on the hypervisor. To add or remove a field for selecting virtual networks, use the buttons next to the network selection field.

   If you intend to use dynamic IP addressing (DHCP) for all SVMs, the network settings will be received from the DHCP server via the first virtual network in the list of networks specified for each SVM. Make sure that the Wizard can connect to the SVM with the network settings of the first virtual network received from the DHCP server.

   If the virtual infrastructure uses the VMware Distributed Virtual Switch component, you can specify a Distributed Virtual Port Group to which the SVM will be connected.

3. If the SVMs that you selected for reconfiguration are deployed in a virtual infrastructure running the Microsoft Hyper-V platform, you can also specify the VLAN ID.

   The ID of the virtual local area network (VLAN) that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   If VLAN is not used, the column shows No.

Proceed to the next step of the wizard.

Editing SVM network settings (infrastructures based on OpenStack)

This step is displayed if you are performing SVM reconfiguration in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

At this step, you can change the virtual network or networks that the SVMs use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server, and can change the Security Group for each virtual network.

Changing the list of networks on SVMs results in the creation of new network adapters. This could change the IP address of an SVM.

To change SVM network settings:

1. Select the Change SVM network settings check box.

   The window displays a table containing the following information about SVMs selected for reconfiguration:

   • OpenStack project

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

   • SVM name

     The name that was defined when specifying SVM settings.

2. For each SVM, specify one or more virtual networks in the Network name column.

   The name of the virtual network that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   You can specify one or more virtual networks available within the OpenStack project. To add or remove a field for selecting virtual networks, use the buttons next to the network selection field.

   If you intend to use dynamic IP addressing (DHCP) for all SVMs, the network settings will be received from the DHCP server via the first virtual network in the list of networks specified for each SVM. Make sure that the Wizard can connect to the SVM with the network settings of the first virtual network received from the DHCP server.

3. If necessary, specify one or more security groups for each selected network in the Security group column.

   Set of network traffic filtering rules that are created in the virtual infrastructure and applied in the virtual network.

   You can specify one or more security groups for each selected virtual network. To add or remove a field for selecting security groups, use the buttons next to the Security groups selection field.

Proceed to the next step of the wizard.

Changing SVM IP settings

For this step, you can edit IP addressing settings used for all SVMs. You can use dynamic or static IP addressing.

To edit the IP address settings:

1. Select the Edit SVM IP settings check box.

   If you added virtual networks for one or more SVMs at the previous step of the Wizard, the Edit SVM IP settings check box is not displayed. You cannot proceed to the next step until the network settings of SVMs selected for reconfiguration have been configured.

2. If you want to use DHCP network settings for all SVMs, select Dynamic IP addressing (DHCP).

   By default, the IP address of the DNS server and the IP address of the alternative DNS server received over the DHCP protocol are used for each SVM. If you specified several virtual networks for the SVM at the previous step, by default the network settings for the SVM are received from the DHCP server of the first virtual network in the list of the specified virtual networks.

   If you want to manually specify the IP address of the DNS server and alternative DNS server, clear the Use list of DNS servers received via DHCP check box. This opens a table containing the following information:

   • Hypervisor

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

     The Hypervisor column is displayed if the SVM is deployed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

     The OpenStack project column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   Specify the IP addresses of DNS servers in the DNS server and Alternative DNS server table columns.

3. If you want to specify all network settings of the SVM manually, select Static IP addressing. This opens a table containing the following information:
   • Hypervisor

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

     The Hypervisor column is displayed if the SVM is deployed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

     The OpenStack project column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   • Network name

     The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   Specify the following network settings for each SVM:

   • SVM IP address
   • Subnet mask
   • Gateway
   • DNS server
   • Alternative DNS

Proceed to the next step of the wizard.

Changing Kaspersky Security Center connection settings

At this step, you can edit the settings of SVM connection to the Kaspersky Security Center Administration Server.

To edit the settings for connecting SVMs to Kaspersky Security Center Administration Server:

1. Select the Change Kaspersky Security Center connection settings check box.
2. Specify the following settings:
   • Address

     Address of the device hosting the Kaspersky Security Center Administration Server. You can specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device.

   • Port

     Number of the port for connecting the SVM to the Kaspersky Security Center Administration Server.

   • SSL port

     Number of the port for connecting an SVM to the Kaspersky Security Center Administration Server using an SSL certificate.

Proceed to the next step of the wizard.

Changing the configuration password and root account settings

At this step, you can modify the following settings:

• Configuration password (the password used to reconfigure SVMs).
• Root account password.
• Remote access mode to the SVM over SSH for the root user account.

If you want to change the configuration password, select the Change the klconfig account password (configuration password) check box and specify the new configuration password in the Password and Confirmation fields.

If you want to change the root account password, select the Change the root account password check box and specify the new password in the Password and Confirmation fields.

Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

If you want to change the mode of remote access over SSH to the SVM, select the Change remote access for the root account check box, and then select or clear the Allow remote access to SVM for the root account via SSH check box.

Proceed to the next step of the wizard.

Starting SVM reconfiguration

This step is displayed if the SVM reconfiguration is being performed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

At this step, the Wizard displays all of the previously entered settings required for reconfiguration of the SVM.

General settings for all SVMs:

• Number of SVMs

  Number of SVMs to be reconfigured.

• Configuration password

  Information on the need to change the configuration password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• Root account password

  Information regarding the need to change the root account password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• SSH-based remote access to the SVM for the root account

  Information on the need to change the option of remote access to SVMs via SSH.

  Possible values: Change to Allowed, Change to Blocked, Leave unchanged.

• Kaspersky Security Center connection settings

  Information on the need to change the settings for connecting SVMs to Kaspersky Security Center.

  Possible values: Leave unchanged, Changes are needed.

• SVM IP settings

  Information on the need to change the IP addressing settings for all SVMs.

  Possible values: use DHCP, use static IP addressing, leave unchanged.

Individual settings for each SVM:

• Hypervisor

  IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

• SVM name

  The name that was defined when specifying SVM settings.

• Network name

  The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

• VLAN ID

  The ID of the virtual local area network (VLAN) that the SVM uses to connect to virtual machines, the Integration Server and the Kaspersky Security Center Administration Server.

  The VLAN ID column is displayed only if the SVMs that you selected for reconfiguration are deployed in a virtual infrastructure running the Microsoft Hyper-V platform.

• All IP addressing settings that you provided for the SVM.

To start the reconfiguration of the SVM, go to the next step in the wizard.

Starting SVM reconfiguration (infrastructures based on OpenStack)

This step is displayed if you are reconfiguring an SVM in a virtual infrastructure running the TIONIX Cloud Platform or in a virtual infrastructure running the OpenStack platform.

At this step, the Wizard displays all of the previously entered settings required for reconfiguration of the SVM.

General settings for all SVMs:

• Keystone microservice address

  IP address or fully qualified domain name (FQDN) of the Keystone microservice that manages the OpenStack project in which the SVMs are deployed.

• Number of SVMs

  Number of SVMs to be reconfigured.

• Configuration password

  Information on the need to change the configuration password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• Root account password

  Information regarding the need to change the root account password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• SSH-based remote access to the SVM for the root account

  Information on the need to change the option of remote access to SVMs via SSH.

  Possible values: Change to Allowed, Change to Blocked, Leave unchanged.

• Kaspersky Security Center connection settings

  Information on the need to change the settings for connecting SVMs to Kaspersky Security Center.

  Possible values: Leave unchanged, Changes are needed.

• SVM IP settings

  Information on the need to change the IP addressing settings for all SVMs.

  Possible values: use DHCP, use static IP addressing, leave unchanged.

Individual settings for each SVM:

• OpenStack project

  Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

• SVM name

  The name that was defined when specifying SVM settings.

• Network name

  The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

• Security group

  Security group selected for the virtual network.

• All IP addressing settings that you provided for the SVM.

To start the reconfiguration of the SVM, go to the next step in the wizard.

SVM reconfiguration

At this step, the SVMs are reconfigured.

The window displays, one row at a time, the stages of SVM reconfiguration of each SVM with the status of each stage: Pending, Connecting, Processing N%, Completed, Error.

The process takes some time. Please wait until the process is complete.

Proceed to the next step of the wizard.

Finishing SVM reconfiguration

This step displays information about the results of SVM reconfiguration.

The wizard displays links that you can use to open a brief report and the SVM Management Wizard log.

The brief report contains the following information:

• Addresses of hypervisors whose SVM configuration was changed, or OpenStack project names containing the deployed SVMs that have been reconfigured (depending on type of the virtual infrastructure).
• Names of SVMs that have been reconfigured.
• Brief description of the completed stages of reconfiguration of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.

The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.

The SVM Management Wizard log saves information specified by you at every step of the wizard. If errors occur during reconfiguration of SVMs, you can use the wizard log when contacting Technical Support.

The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.

Finish the wizard.