To create a Protection Server policy:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies and policy profiles.

   A list of policies and policy profiles opens.

2. Select the administration group containing the SVMs to which the policy should be applied. To do so, click the link in the Current path field located above the list of policies and policy profiles, and select an administration group in the window that opens. The new policy will determine the operating settings of Protection Servers installed on SVMs in the selected administration group.
3. Click the Add button located above the list of policies and profiles.

   The New Policy Wizard starts.

4. At the first step of the wizard, select Kaspersky Security for Virtualization 6.2 Light Agent – Protection Server from the list.

   Proceed to the next step of the wizard.

5. Decide whether you want to use Kaspersky Security Network (KSN) in the operation of the Protection Server. To do so, carefully read the Kaspersky Security Network Statement. Then select one of the following options:
   • I confirm that I have fully read, understand, and accept the terms and conditions of the Kaspersky Security Network Statement

     If you select this option, you agree to the terms and conditions set forth in the Kaspersky Security Network Statement. If the KSN Proxy service is enabled in the properties of the Kaspersky Security Center Administration Server, the use of KSN in the operation of the Protection Server will be enabled. KSN services are used when protecting virtual machines and when running scan tasks on virtual machines.

     The Kaspersky Security Center Administration Server properties are where the KSN infrastructure type (KSN or KPSN) is selected and the use of KPSN is configured. See Kaspersky Security Center help for more information.

     By default, KSN is used in extended mode. If needed, you can disable the use of extended KSN in the Protection Server policy properties.

   • I do not accept the terms and conditions of the Kaspersky Security Network Statement

     If this option is selected, you decline to use Kaspersky Security Network.

     KSN services will not be used in the operation of the Protection Server.

   If necessary, you can later change the decision to use KSN and configure the KSN mode in the Protection Server policy properties.

   If you want to use KSN in the operation of the Protection Server, make sure that the KSN settings are configured in the properties of the Kaspersky Security Center Administration Server (in the KSN proxy server settings section). The KSN infrastructure type (KSN or KPSN), KSN proxy server settings, and KPSN settings are defined in the Administration Server properties. See Kaspersky Security Center help for more information.

   KSN settings configured for the Protection Server do not affect the use of KSN in the operation of Light Agents. For information on configuring KSN for Light Agents, see the Help of the applications that you are using Light Agent mode. We recommend specifying the same KSN usage settings for the Protection Server and the Light Agent that interacts with the Protection Server.

   Proceed to the next step of the wizard.

6. Configure the connection of SVMs to the Integration Server:
   1. Click the Settings button.
   2. In the Connection to the Integration Server window that opens, enter the following settings:
      • Address

        IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.

        If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.

      • Port

        Port for connecting to the Integration Server.

        By default, port number 7271 is specified.

   3. Click the Validate button.

      The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains errors or is not trusted, a corresponding message is displayed in the Connection to the Integration Server window. Click View the received certificate to view information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.

   4. To save the received certificate and continue connecting to the Integration Server, in the Select an action block, select the Ignore option.
   5. Specify the password of the Integration Server administrator (password of the admin account) and click the Validate button.

      The New Policy Wizard connects to the Integration Server. If the connection fails, an error message appears in the window. If the connection succeeds, the Connection to the Integration Server window closes, and the Connection to the Integration Server field of the New Policy Wizard window shows the Connected status.

   Proceed to the next step of the wizard.

7. On the General tab, specify the name of the new policy, define its status (Active or Inactive) and configure inheritance settings. For details, please refer to the Kaspersky Security Center help.
8. If necessary, modify the default policy settings on the Application settings tab.
9. Click Save to complete the policy creation.

The created policy will be displayed in the list of policies on the Policies and policy profiles tab.

The policy will be propagated to the SVM and will begin to be applied in the operation of the Protection Server on this SVM after the Kaspersky Security Center Administration Server sends information to the Protection Server the next time the SVM connects.

If Network Agent is not running on the SVM, the created policy is not applied on it.

If on the General tab you specified the Inactive policy status, the created policy is not applied to the SVMs.

To create a Protection Server policy:

1. In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the SVMs on which the policy should be applied. The policy will determine the operating settings of the Protection Servers installed on these SVMs.

   On the Devices tab of the folder with the name of the administration group, you can view a list of SVMs that belong to this administration group.

2. In the workspace, select the Policies tab.
3. Click the New policy button to start the New Policy Wizard.

   You can also start the wizard using the New → Policy option in the context menu of the policy list.

4. At the first step of the wizard, select Kaspersky Security for Virtualization 6.2 Light Agent – Protection Server from the list.

   Proceed to the next step of the wizard.

5. Enter a name for the new policy.
6. To use the settings from the policy for the Protection Server of the previous version of Kaspersky Security in the policy being created, select the Use policy settings for the earlier application version check box.

   Proceed to the next step of the wizard.

7. Decide whether you want to use Kaspersky Security Network (KSN) in the operation of the Protection Server. To do so, carefully read the Kaspersky Security Network Statement. Then select one of the following options:
   • I confirm that I have fully read, understand, and accept the terms and conditions of the Kaspersky Security Network Statement

     If you select this option, you agree to the terms and conditions set forth in the Kaspersky Security Network Statement. If the KSN Proxy service is enabled in the properties of the Kaspersky Security Center Administration Server, the use of KSN in the operation of the Protection Server will be enabled. KSN services are used when protecting virtual machines and when running scan tasks on virtual machines.

     The Kaspersky Security Center Administration Server properties are where the KSN infrastructure type (KSN or KPSN) is selected and the use of KPSN is configured. See Kaspersky Security Center help for more information.

     By default, KSN is used in extended mode. If needed, you can disable the use of extended KSN in the Protection Server policy properties.

   • I do not accept the terms and conditions of the Kaspersky Security Network Statement

     If this option is selected, you decline to use Kaspersky Security Network.

     KSN services will not be used in the operation of the Protection Server.

   If necessary, you can later change the decision to use KSN and configure the KSN mode in the Protection Server policy properties.

   If you want to use KSN in the operation of the Protection Server, make sure that the KSN settings are configured in the properties of the Kaspersky Security Center Administration Server (in the KSN proxy server section). The KSN infrastructure type (KSN or KPSN), KSN proxy server settings, and KPSN settings are defined in the Administration Server properties. See Kaspersky Security Center help for more information.

   KSN settings configured for the Protection Server do not affect the use of KSN in the operation of Light Agents. For information on configuring KSN for Light Agents, see the Help of the applications that you are using Light Agent mode. We recommend specifying the same KSN usage settings for the Protection Server and the Light Agent that interacts with the Protection Server.

   Proceed to the next step of the wizard.

8. Configure settings for downloading updates of databases and application modules to SVMs:
   • If you want to receive updates of the solution's application modules together with the solution database update package, select the Update solution modules check box.

     Enables/disables receiving updates for Kaspersky Security application modules along with updates to the solution databases.

     If the check box is selected, the Protection Server receives updates of application modules for Kaspersky Security components along with database updates from the Kaspersky Security Center Administration Server storage.

     This check box is cleared by default.

     If you edit a setting, the new value is applied the next time the database update task on the Protection Server runs.

   • If necessary, use the check boxes to configure the list of versions of Light Agents for which the Protection Server will receive updates. At least one version must be selected.

     The list contains the supported versions of Light Agents. If the version of the Light Agent you want to receive updates for is not listed, click the Refresh button.

   Proceed to the next step of the wizard.

9. If you want to get SVM status using a network management system that uses the SNMP protocol, select the Enable SNMP monitoring of SVM status check box.

   Enabling / disabling SNMP monitoring of SVM status.

   If the check box is selected, the SNMP agent installed on an SVM relays information about the status of the SVM to the network management system of your organization.

   If the check box is cleared, no information about SVM state is sent.

   This check box is cleared by default.

   Proceed to the next step of the wizard.

10. If you have enabled display of additional Protection Server policy settings, configure the additional Protection Server settings.
    • Maximum number of simultaneous scan requests

      Maximum number of scan requests from Light Agents simultaneously processed by the Protection Server. Light Agents generate scan requests during protection of virtual machines and while running scan tasks.

      By default, the Protection Server can process 75 scan requests simultaneously.

    • Maximum number of scan tasks started by schedule

      Maximum number of simultaneous scan tasks running on the Protection Server that have been started according to the Light Agent schedule. These scan tasks are low-priority tasks for the Protection Server.

      By default, five low-priority scan tasks are performed simultaneously.

    • Maximum number of scan tasks started manually

      Maximum number of simultaneous scan tasks running on the Protection Server that were started manually. These scan tasks are high-priority tasks for the Protection Server.

      By default, five high-priority scan tasks are performed simultaneously.

    • Trace level

      Drop-down list where you can select the trace level for the Protection Server (scanserver service on the SVM). The trace levels are arranged so that each level includes all of the levels below it.

      The following items are available from the drop-down list:

      • Default value. Default value.
      • Tracing is disabled (0). Creation of trace files is disabled.
      • Starting and stopping components (100). Informational messages about starting and stopping the Protection Server.
      • Critical errors (200). Messages about critical errors in the operation of the Protection Server.
      • Errors (300). Messages about errors and critical errors in the operation of the Protection Server.
      • Critical warnings (400). Critical warnings and messages about ordinary and critical errors.
      • Warnings (500). All warnings and messages about ordinary and critical errors.
      • Important messages (600). Important messages, all warnings and messages about ordinary and critical errors.
      • Informational messages (700). Informational messages, important messages and all warnings and messages about ordinary and critical errors.
      • Debugging messages (800). Debugging messages and all informational and important messages, as well as all warnings and messages about ordinary and critical errors.
      • Detailed debugging messages (900). Debugging messages with more detailed information and all informational and important messages, as well as all warnings and messages about ordinary and critical errors.
      • All messages (1000). All possible messages and warnings.
    • Restore default settings

      Restores the default settings.

    Proceed to the next step of the wizard.

11. Configure the connection of SVMs to the Integration Server.
    • Address

      IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.

      If the device on which Kaspersky Security Center Administration Console is installed is part of a domain, the field indicates the domain name of this device by default.

      If the device on which the Kaspersky Security Center Administration Console is installed is not part of a domain or the Integration Server is installed on another device, the field must be filled in manually.

      If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.

    • Port

      Port for connecting to the Integration Server.

      By default, port number 7271 is specified.

    Proceed to the next step of the wizard.

    If the device hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the KLAdmins local or domain group or to the local administrator group, in the Connection to the Integration Server window that opens, specify the Integration Server administrator password (password of the admin account).

    The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.

12. If required, enable the use of encryption to protect the connection between Light Agents and Protection Servers.
    • Encrypt data channel between Light Agent and the Protection Server

      Encrypt the connection between Light Agents and Protection Servers.

      If the check box is selected, a secure connection is established between the Light Agent and the policy-controlled Protection Server after the Light Agent connects to the SVM with this Protection Server. A Light Agent can connect to an SVM that has connection protection enabled only if the Light Agent also has connection protection enabled or the SVM allows unsecure connections.

      If the check box is cleared, an unsecure connection is established between the Light Agent and the Protection Server after the Light Agent connects to the SVM with this Protection Server.

      This check box is cleared by default.

    • Allow nonsecure connection if secure connection cannot be established

      Allow an unsecure connection between Light Agents and Protection Servers.

      If the check box is selected, an unsecure connection may be established between Light Agents and policy-controlled Protection Servers if a secure connection cannot be established.

      If the check box is cleared, only a secure connection can be established between Light Agents and policy-controlled Protection Servers. A Light Agent will not be able to connect to the SVM if a secure connection cannot be established to the Protection Server on this SVM.

      This check box is cleared by default.

    Proceed to the next step of the wizard.

13. If you want to control Light Agents' connection to SVMs using connection tags, configure the settings for using connection tags:
    • Allow connection of Light Agents with specified tags

      Allow SVM connections only for Light Agents that are assigned the tags specified in the field below.

      If the check box is selected, only Light Agents with the specified tags can connect to the SVM.

      If the check box is cleared, only Light Agents that do not have tags assigned to them can connect to the SVM.

      The check box is cleared by default.

    • Tag list

      Only Light Agents that are assigned the tags specified in this field can connect to the SVM.

      You can specify one or more tags separated by semicolons.

14. If required, Enable optimization for protection of large infrastructures.

    Proceed to the next step of the wizard.

15. Exit the Policy Wizard.

The created policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.

The policy will be propagated to the SVM and will begin to be applied in the operation of the Protection Server on this SVM after the Kaspersky Security Center Administration Server sends information to the Protection Server the next time the SVM connects.

If Network Agent is not running on the SVM, the created policy is not applied on it.

If you selected the Inactive policy option during the previous step of the New Policy Wizard, the newly created policy is not applied on the SVM.

To edit Protection Server policy settings:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies and policy profiles.

   A list of policies opens.

2. Select the administration group containing the SVMs on which the policy is applied. To do so, click the link in the Current path field in the upper part of the window and select an administration group in the window that opens.

   The list displays the policies configured for the selected administration group.

3. Click on the name of the desired policy in the list.

   The policy properties window opens.

4. Modify the policy settings on the Application settings tab.

   If you want to configure additional settings of SVM operation, you need to enable the display of advanced Protection Server policy properties in the operating system registry.

5. To save changes, click the Save button.

To edit Protection Server policy settings:

1. In the Managed devices folder in the Kaspersky Security Center Administration Console tree, open the folder with the name of the administration group to which the required SVMs belong.
2. In the workspace, select the Policies tab.
3. Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.

   You can also open the policy properties window using the Settings item of the policy context menu or by clicking the Configure policy settings link located to the right of the list of policies in the policy settings section.

4. Edit the policy settings.

   If you want to configure additional settings of SVM operation, you need to enable the display of advanced Protection Server policy properties in the operating system registry.

   The General and Event notification sections of the Settings: <Policy name> window are the standard sections of Kaspersky Security Center. For descriptions of the standard sections, please refer to the Kaspersky Security Center help.

5. Click OK in the Properties: <Policy name> window.

To create a Protection Server task:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Tasks.

   A list of tasks opens.

2. Click the Add button.

   The New Task Wizard starts.

3. At the first step of the Wizard:
   1. In the Application drop-down list, select Kaspersky Security for Virtualization 6.2 Light Agent – Protection Server.
   2. In the Task type drop-down list, select the type of task you want to create.
   3. In the Task name field, enter the name for the new task.
   4. In the Select devices to which the task will be assigned section, select a method for determining the task scope. A task scope is a set of SVMs on which a task will run.
      • Select the Assign task to an administration group option to execute the task on all SVMs belonging to the specified administration group.
      • Select the Specify device addresses manually or import from list option to execute the task on the specified SVMs.
      • Select the Assign task to selected devices option to execute the task on the SVMs included in the selection of devices according to a predefined criterion. For details on creating a selection of devices, please refer to the Kaspersky Security Center help.

   Proceed to the next step of the wizard.

4. Depending on the selected method for defining the task scope, do one of the following:
   • In the administration group tree, select the check boxes next to the required administration groups.
   • In the list of devices, select the check boxes next to the required SVMs. If the required SVMs are not listed, you can add them in the following ways:
     • Using the Add devices button. You can add devices by names or IP addresses, add devices from the specified IP address range, or select devices from the list of devices detected by the Administration Server when polling the organization’s local network.
     • Using the Import devices from file button. Addresses are imported from a TXT file with a list of addresses of SVMs, with each address in a separate row.

     If you import a list of SVMs from file or specify the addresses manually and the SVMs are identified by name, the list of SVMs for which the task is being created can be supplemented only with those SVMs whose details have already been included in the Administration Server database upon connection of SVMs or following a poll of the local area network.

   • In the list, select the name of the selection containing the required SVMs.

   Proceed to the next step of the wizard.

5. Configure the available task settings following the instructions of the wizard. The available options depend on the type of task being created.
6. If you want to configure the schedule and other task settings that are not available in the New Task Wizard, select the Open task properties window after creation check box at the last step of the wizard.
7. Click the Finish button to exit the Wizard.

To create a Protection Server task:

1. In the Kaspersky Security Center Administration Console, perform one of the following actions:
   • If you want to create a task that will run on SVMs included in the selected administration group, select this administration group in the console tree. Then in the workspace, select the Tasks tab and click the New task button.

     A wizard starts to create a task for devices of the selected administration group.

   • If you want to create a task that will run on one or more SVMs (a task for a set of devices), select the Tasks folder in the console tree and click the New task button in the workspace.

     A wizard starts to create a new task for a set of devices.

2. At the first step of the wizard, select Kaspersky Security for Virtualization 6.2 Light Agent – Protection Server and the task type.

   Proceed to the next step of the wizard.

3. If you are creating a task for a set of devices, the wizard will prompt you to define the task scope. A task scope is a set of SVMs on which a task will run.
   1. Specify the method for defining the task scope: select SVMs from the list of devices discovered by the Administration Server, manually specify the SVM addresses, import a list of SVMs from a file, or specify a previously configured selection of devices (for details, see the Kaspersky Security Center Help).
   2. Depending on the specified method for defining the scope, perform one of the following operations in the window that opens:
      • In the list of detected devices, specify the SVMs on which the task will be run. To do so, select the check boxes in the list, on the left of the device names.
      • Click the Add or Add IP range button and enter the addresses of SVMs manually.
      • Click the Import button, and in the window that opens select a TXT file with the list of addresses of SVMs.
      • Click the Browse button, and in the window that opens specify the name of the selection containing the SVMs for which you want to create the task.

   Proceed to the next step of the wizard.

4. Configure the available task settings following the instructions of the wizard.
5. Enter the name of the new task and proceed to the next step of the wizard.
6. If you want the task to start as soon as the wizard finishes, at the last step of the wizard, select the Run task when the wizard is complete check box.
7. Finish the wizard.

To edit Protection Server task settings:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Tasks.

   A list of tasks opens.

2. Do one of the following:
   • If you want to change the settings of a task that runs on all SVMs that are part of a specific administration group, click the link in the Current path field at the top of the window and select an administration group in the window that opens.

     The list displays only the tasks configured for the selected administration group.

   • If you want to change the settings of a task that runs on one or more SVMs (tasks for a set of devices), click on the link in the Current path field at the top of the window and select the top node named Administration Server in the window that opens.

     The list will display all tasks created on the Administration Server.

3. In the list of tasks, select the required task and open the task properties window by clicking the link in the task name.
4. Configure the task settings:
   • On the General tab, you can edit the task name.
   • On the Application settings tab, you can configure specific task settings. The set of configurable options depends on the type of task.
   • On the Schedule tab, you can configure the task launch schedule and advanced settings for starting and stopping the task.

   The General, Results, Settings, Schedule and Revision History tabs of the task properties window are standard for Kaspersky Security Center. For more information, see the Kaspersky Security Center Help.

5. To save changes, click the Save button.

To edit Protection Server task settings:

1. In the Kaspersky Security Center Administration Console, perform one of the following actions:
   • If you want to change the settings of a task that is executed on SVMs that are part of a specific administration group, select the administration group in the console tree, and then select the Tasks tab in the workspace.
   • If you want to edit the settings of a task that runs one or more SVMs (tasks for a set of devices), select the Tasks folder in the console tree.
2. In the list of tasks, select the required task and double-click it to open the Settings: <Task name> window.

   You can also open the task properties window using the Settings item of the task context menu.

3. Modify the task settings.
4. Click the Apply button or the OK button in the Settings: <Task name> window to save the changes.

To start or stop a Protection Server task:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Tasks.

   A list of tasks opens.

2. Do one of the following:
   • If you want to start or stop a task running on all SVMs that are part of a specific administration group, click the link in the Current path field at the top of the window and select an administration group in the window that opens.

     The list displays only the tasks created for the selected administration group.

   • If you want to start or stop a task that runs on one or more SVMs (a task for a set of devices), click the link in the Current path field at the top of the window and select the top node named Administration Server in the window that opens.

     The list will display all tasks created on the Administration Server.

3. In the list of tasks, select the check box to the left of the task that you want to start or stop.
4. Do one of the following:
   • If you want to start the task, click the Run button.
   • If you want to stop the task, click the Stop button.

To start or stop a Protection Server task:

1. In the Kaspersky Security Center Administration Console, perform one of the following actions:
   • If you want to start or stop a task that runs on SVMs that are part of a specific administration group, select the administration group in the console tree, and then select the Tasks tab in the workspace.
   • If you want to start or stop a task that runs one or more SVMs (tasks for a set of devices), select the Tasks folder in the console tree.
2. In the list of tasks, select the required task, open the context menu of the task, and select the action you want to perform.

To view Protection Server task execution information:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Tasks.

   A list of tasks opens.

2. Do one of the following:
   • If you want to view information about a task that runs on all SVMs that are part of a specific administration group, click the link in the Current path field at the top of the window and select an administration group in the window that opens.

     The list displays only the tasks configured for the selected administration group.

   • If you want to change the settings of a task that runs on one or more SVMs (tasks for a set of devices), click on the link in the Current path field at the top of the window and select the top node named Administration Server in the window that opens.

     The list will display all tasks created on the Administration Server.

   Concise task execution information appears in the Status column in the task list.

3. To view more detailed information about a task, do one of the following:
   • Open the task properties window by clicking the link in the task name and go to the Results tab.

     The table on the Results tab displays information about the execution of the task on devices.

   • Select the check box next to the name of the desired task in the task list and click the Execution Result button located above the list.

     The Task status window that opens displays a chart with information about the execution of the task on devices. The View results button opens the Results tab in the task properties window.

You can view information on the progress and results of tasks in the Administration Console of Kaspersky Security Center in one of the following ways:

• In the Task results window. The window can be opened using the Results item in the task context menu.
• In the list of events that the Kaspersky Security solution sends to the Kaspersky Security Center Administration Server. You can view the lists of events on the Events tab in the workspace of the Administration Server <server name> node. Information on the Events tab is displayed as a set of event selections. Each selection includes only the events of a certain type. The list displays events from the selection that is currently specified in the Event selections drop-down list. To display a list of the selection events, use the Run selection button. To refresh the list, use the Refresh link.

Before starting the Integration Server Console, if the device hosting the Integration Server Console belongs to a Microsoft Windows domain, make sure that your domain account belongs to a local or domain KLAdmins group or local administrator group on the device where the Integration Server is installed.

To open Integration Server Console and connect to the Integration Server:

1. In the Kaspersky Security Center Administration Console tree, select the Administration Server: <server name> node.
2. In the workspace of the node, on the Monitoring tab, in the Deployment block, follow the link Manage Kaspersky Security for Virtualization <version number> Light Agent, where <version number> is the number of the installed version of the Kaspersky Security solution.
3. If one of the following conditions is satisfied, a window opens for entering the Integration Server connection settings:
   • If the device hosting the Integration Server Console does not belong to a Microsoft Windows domain.
   • If the device hosting the Integration Server Console belongs to a domain, but your domain account does not belong to a local or domain KLAdmins group or the group of local administrators on the device where the Integration Server is installed.
   • If the device hosting the Integration Server Console belongs to a domain but a connection to the Integration Server could not be established, the connection address and port specified in the Integration Server settings are used.

   Specify the following connection settings:

   • Integration Server address

     IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.

     If the Integration Server Console is installed on the same device as the Kaspersky Security Center Administration Server, the address specified in the settings of the Kaspersky Security Center Administration Server is used to connect to the Integration Server by default. You can change this address in the properties window of the Installation packages folder in the console tree (Additional → Remote installation → Installation packages; the window opens when you select the Settings item in the context menu).

     If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.

   • Port

     Port number for connecting to the Integration Server.

   • Account name

     Name of the user account being used to establish the connection to the Integration Server.

     If the device hosting the Integration Server Console belongs to a domain, and your account belongs to the local or domain KLAdmins group or to the group of local administrators you can use your account. To do so, select the Use domain account check box.

     If the device hosting the Integration Server Console does not belong to a domain, or the device belongs to a domain but your domain account does not belong to a local or domain KLAdmins group or to the group of local administrators, you can use only the Integration Server administrator account.

   • Password

     Password of the user account being used to establish the connection to the Integration Server.

   • Use domain account

     Use of the domain account of the current user when connecting the Integration Server Console to the Integration Server.

     If the check box is selected, the domain account is used to connect to the Integration Server. Make sure that your domain account is part of the KLAdmins group or the local administrator group on the computer where the Integration Server is installed.

     If the check box is cleared, the Integration Server administrator account (admin) is used to connect to the Integration Server.

     This check box is cleared by default.

   Click the Connect button.

4. The Console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Verify certificate window with the appropriate message opens. Click the link in this window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.

   To continue connecting to the Integration Server, click the Trust the certificate button in the Verify certificate window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the device hosting the Integration Server Console.

The Integration Server Console opens. The Integration Server settings section of Integration Server Console displays the address and port of the Integration Server to which the connection is made, and the Integration Server version.

To open Integration Server Console and connect to the Integration Server:

1. Run the following command:

   Kaspersky.VIISConsole.UI.exe /lang:<language ID>

   where:

   • Kaspersky.VIISConsole.UI.exe is a file located in the %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\ folder on the device where you installed the Integration Server and Integration Server Console.
   • <language ID> – Integration Server Console language identifier formatted as follows: ru, en, de, fr, zh-Hans, zh-Hant, ja. It is case-sensitive.
2. Specify the following connection settings:
   • Address and port of the Integration Server to which the connection is established.

     For the address, you can specify the IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.

     If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.

   • The Integration Server administrator password that you set when installing Integration Server.
3. The Console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Verify certificate window with the appropriate message opens. Click the link in this window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.

   To continue connecting to the Integration Server, click the Trust the certificate button in the Verify certificate window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the device hosting the Integration Server Console.

The Integration Server Console opens. The Integration Server settings section of Integration Server Console displays the address and port of the Integration Server to which the connection is made, and the Integration Server version.