Contents
- Deploying SVMs using the Integration Server Console
- Selecting an action
- Selecting infrastructure for SVM deployment
- Selecting the SVM image
- Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
- Specifying SVM settings
- Specifying SVM settings (infrastructures based on OpenStack)
- Configuring SVM network settings (infrastructures based on OpenStack)
- Configuring IP address settings for SVM
- Specifying Kaspersky Security Center connection settings
- Creating the configuration password and the root account password
- Starting SVM deployment
- Starting SVM deployment (infrastructures based on OpenStack)
- SVM deployment
- Finishing SVM deployment
Deploying SVMs using the Integration Server Console
If you use the Integration Server Console, SVMs are deployed using the SVM Management Wizard, which is launched from the Integration Server Console.
Following the instructions of the SVM Management Wizard, you need to configure the wizard's connection to the virtual infrastructure, specify all the SVM deployment settings, and start the deployment.
Information about SVM deployment results is displayed in the last step of the wizard.
Before deployment, you need to download the SVM images and SVM image description files.
To deploy SVMs using the Integration Server Console:
- Open Integration Server Console and connect to the Integration Server.
- In the SVM management section, click the SVM management button to start the SVM Management Wizard.
- Follow the wizard instructions.
Selecting an action
At this step, choose the SVM deployment option.
Proceed to the next step of the wizard.
Page topSelecting infrastructure for SVM deployment
At this step, you need to select the virtual infrastructure in which you want to deploy the SVM. If SVM deployment was not previously performed in this virtual infrastructure, you need to configure the connection of the SVM Management Wizard to the virtual infrastructure. Then select the hypervisors or OpenStack projects for SVM deployment depending on the type of virtual infrastructure.
To configure the connection of SVM Management Wizard to the virtual infrastructure:
- Click the Add button.
- In the Virtual infrastructure connection settings window that opens, specify the following settings:
- Type
- Protocol
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- Addresses
- OpenStack domain
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
- Password
- If you are deploying SVMs in a virtual infrastructure based on XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, Alt Virtualization Server, Astra Linux, Numa vServer, VK Cloud platform, or TIONIX Cloud Platform, to connect the Integration Server to the virtual infrastructure while Kaspersky Security is running, we recommend using an account that has limited rights to perform actions in the virtual infrastructure. Select the Account with restricted permissions check box and specify the settings of the user account that the Integration Server will use to connect to the virtual infrastructure during operation of Kaspersky Security.
If the check box is cleared, during Kaspersky Security operation the Integration Server will connect to the virtual infrastructure using the same user account that is used for SVM deployment, removal and reconfiguration.
In a virtual infrastructure running on the Microsoft Hyper-V platform, you can connect to the virtual infrastructure during Kaspersky Security operation only by using the same user account that is used for SVM deployment, removal and reconfiguration.
- Click the Connect button.
The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.
The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.
To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.
If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.
If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.
The table displays information about the virtual infrastructures to which connections are configured in the SVM Management Wizard. If SVMs are already deployed in the virtual infrastructure, the table also contains information about them. Each row of the table displays a hierarchical list of virtual infrastructure objects and the following information:
You can search the list of virtual infrastructure objects based on the Name/Address column. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.
You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
You can use buttons in the Name/Address column to:
- Remove selected virtual infrastructure from the list.
The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.
- If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.
After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
To select infrastructure for SVM deployment:
- Depending on the type of the virtual infrastructure, select check boxes in the table to the left of the names of the hypervisors on which you want to deploy an SVM, or the OpenStack projects in which you want to deploy an SVM.
You can select hypervisors or OpenStack projects that are not subject to SVM deployment restrictions.
If SVMs are being deployed in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous SVM deployment in different infrastructures is not supported. You can deploy SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.
The simultaneous deployment of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously deploy SVMs only in OpenStack projects that are running on the same Keystone microservice.
- If you want to allow concurrent deployment of multiple SVMs, select the Allow parallel deployment on N hypervisors or Allow parallel deployment on N SVMs check box (depending on the type of virtual infrastructure) and specify the number of SVMs to be deployed concurrently.
Proceed to the next step of the wizard.
Page topSelecting the SVM image
At this step, select the file of the SVM image for deployment on the hypervisor. The SVM image file and SVM image description file (in XML format) must be placed in the same folder on the device where the Kaspersky Security Center Administration Console is installed, or in the same folder on a network resource to which the user account performing the installation has read access. If you are installing the Protection Server on different types of hypervisors, the SVM image files for each type of hypervisor and the SVM image description file must be located in the same folder.
To specify the SVM image, click Browse and in the window that opens select the SVM image description file (in XML format).
After a file has been selected, the field to the left of the button displays the full path to the file and its name. The Wizard automatically selects the required SVM image file:
- A VHDX file for deployment on a Microsoft Windows Server (Hyper-V) hypervisor.
- An XVA file for deployment on a XenServer hypervisor or on a Numa vServer hypervisor.
- An OVA file for deployment on a VMware ESXi hypervisor.
- A QCOW2 file for deployment on a KVM hypervisor (including on a KVM hypervisor running on OpenStack platform, Astra Linux, VK Cloud Platform or TIONIX Cloud Platform), on a Proxmox VE hypervisor, on a R-Virtualization hypervisor, on a HUAWEI FusionCompute CNA hypervisor, on a Nutanix AHV hypervisor, or on an ALT Virtualization Server platform basic hypervisor.
The window displays the following information about the selected image:
- Vendor is the name of the vendor of the solution that the SVM is part of.
- Publisher is the name of the publisher of the solution that the SVM is part of.
- Solution name is the name of the solution that the SVM is part of.
- SVM version is the version number of the SVM image.
- Description is a brief description of the SVM image.
- Virtual drive size is the amount of disk space required to deploy the SVM.
The Wizard verifies the authenticity of the image. The verification results are displayed in the window as follows:
- If the image is authentic, the Publisher field displays the value
AO Kaspersky Lab. - If the authenticity of the image has not been verified, an error message is displayed at the top of the window, and
Unknownis displayed in the Publisher field.
If the authenticity of the image has not been verified, it is recommended to use a different image for SVM deployment. To do this, you need to re-download the archive with the files necessary for SVM deployment using the Kaspersky Security Components Installation Wizard or on the Kaspersky website.
The SVM image integrity check section displays information about the results of SVM image file integrity check for each type of hypervisor. If integrity check was not performed, the Validation not performed message is displayed.
It is recommended to validate the SVM image. To do so, click the Validate button in the SVM image integrity check section. The verification results are displayed in the window as follows:
- If the image file successfully passed the integrity check, the
Validmessage is displayed. - If the image file gets modified or corrupted while being transmitted from the publisher to the end user or if the image format is not supported, the upper part of the window shows an error message and the SVM image integrity check section displays information about the detected problem.
If an SVM image file integrity check ended with an error, it is recommended to use a different image for SVM deployment. To do this, you need to re-download the archive with the files necessary for SVM deployment using the Kaspersky Security Components Installation Wizard or on the Kaspersky website.
If the authenticity of an image has been verified and the image file integrity check completed successfully, proceed to the next step of the Wizard.
If the authenticity of an image has not been verified or an image file integrity check has not been performed or ended with an error but you accept the risk and want to use the selected SVM image, to proceed to the next step of the Wizard you need to select the check box located in the lower part of the window.
Page topSelecting the number of SVMs for deployment (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
For this step, you must specify the number of SVMs to be deployed on the hypervisors within each selected OpenStack project. The OpenStack project column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.
In the Number of SVMs column, specify the number of SVMs to be deployed on the hypervisors within the OpenStack project.
Proceed to the next step of the wizard.
Page topSpecifying SVM settings
This step is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.
For this step, you must specify deployment options for each SVM to be deployed on the selected hypervisors. The Hypervisor column displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM will be deployed.
Specify the following settings required for SVM deployment:
If you are deploying an SVM in a virtual infrastructure running the Microsoft Hyper-V platform, you can also specify the VLAN ID.
Proceed to the next step of the wizard.
Page topSpecifying SVM settings (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
On this step, you must specify deployment settings for each SVM that is to be deployed within the selected OpenStack projects. The OpenStack project column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.
Specify the following settings required for SVM deployment:
You can also specify the following settings:
Proceed to the next step of the wizard.
Page topConfiguring SVM network settings (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
For this step, you must specify network settings for each SVM to be deployed within the selected OpenStack projects. The OpenStack project column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.
For each SVM, specify one or more virtual networks in the Network name column.
You can also specify the following settings:
Proceed to the next step of the wizard.
Page topConfiguring IP address settings for SVM
For this step, you must specify IP addressing settings for all SVMs. You can use dynamic or static IP addressing.
If you want to use DHCP network settings for all SVMs:
- Select Dynamic IP addressing (DHCP).
By default, the IP address of the DNS server and the IP address of the alternative DNS server received over the DHCP protocol are used for each SVM (the Use list of DNS servers received via DHCP check box is selected). If you specified several virtual networks for the SVM at the previous step, by default the network settings for the SVM are received from the DHCP server of the first virtual network in the list of the specified virtual networks.
- If you want to manually specify the IP address of the DNS server and alternative DNS server, clear the Use list of DNS servers received via DHCP check box. This opens a table containing the following information:
- Hypervisor
The Hypervisor column is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.
- OpenStack project
The OpenStack project column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
- SVM name
Specify the IP addresses of DNS servers in the DNS server and Alternative DNS server table columns.
- Hypervisor
If you want to specify all network settings of the SVM manually, select:
- Select Static IP addressing. This opens a table containing the following information:
- Hypervisor
The Hypervisor column is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.
- OpenStack project
The OpenStack project column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
- SVM name
- Network name
- Hypervisor
- Specify the following IP addressing settings for each SVM:
- SVM IP address
- Subnet mask
- Gateway
- DNS server
- Alternative DNS
If you specified several virtual networks for the SVM at the previous step, specify the settings for each virtual network.
Proceed to the next step of the wizard.
Page topSpecifying Kaspersky Security Center connection settings
This step is performed if the wizard cannot automatically determine the settings for connecting to Kaspersky Security Center.
At this step, you must specify the settings of SVM connection to the Kaspersky Security Center Administration Server.
Specify the following settings:
Proceed to the next step of the wizard.
Page topCreating the configuration password and the root account password
At this step, you need to create a klconfig account password (configuration password) and a root account password on the SVM.
The configuration password is required for SVM reconfiguration. The root user account is used for access to the operating system on SVMs.
Enter passwords for each account into the Password and Confirm password fields.
Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
If you want to configure access to SVMs over SSH under the root account, select the Allow remote access to SVM for the root account via SSH check box.
Proceed to the next step of the wizard.
Page topStarting SVM deployment
This step is displayed if you are deploying the SVM to a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.
For this step, the wizard window displays all previously entered settings required for deploying the SVM:
General settings for all SVMs:
- SVM image description file
- SVM IP settings
- SSH-based remote access to the SVM for the root account
- Kaspersky Security Center connection settings
- Parallel deployment
Individual settings for each SVM:
- Hypervisor
- SVM name
- Storage
- Network name
- VLAN ID
The VLAN ID is displayed if you are deploying the SVM in the virtual infrastructure running on Microsoft Hyper-V platform.
- All IP addressing settings that you provided for the SVM.
To start deploying SVMs, go to the next step of the wizard.
Page topStarting SVM deployment (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
For this step, the wizard window displays all previously entered settings required for deploying the SVM:
General settings for all SVMs:
- Keystone microservice address
- SVM image description file
- SVM IP settings
- SSH-based remote access to the SVM for the root account
- Kaspersky Security Center connection settings
- Parallel deployment
Individual settings for each SVM:
- OpenStack project
- SVM name
- Virtual machine type
- Volume type
- Availability zone
- Server group
- Network name
- VLAN ID
- Security group
- All IP addressing settings that you provided for the SVM.
To start deploying SVMs, go to the next step of the wizard.
Page topSVM deployment
At this step, SVMs are deployed on hypervisors. The process takes some time. Please wait until deployment is complete.
The window shows, one row at a time, the stages of deployment of each SVM with the status of each stage: Processing N%, Pending, Skipped, Completed, Error.
After SVM deployment is complete, you are advised to make sure that the Integration Server is running and can be accessed by the SVM over the network.
If an error occurs on a hypervisor during the SVM deployment process, the Wizard rolls back the changes on this hypervisor. Deployment continues on the other hypervisors.
When deployment is completed, SVM is turned on automatically.
Proceed to the next step of the wizard.
Page topFinishing SVM deployment
This step displays information about the SVM deployment results in the virtual infrastructure.
You can use the links to open a brief report and the SVM Management Wizard log.
You can view the following information in the brief report:
- Addresses of the hypervisors on which SVMs were deployed, or OpenStack projects, within which SVMs were deployed (depending on the type of virtual infrastructure).
- Names of deployed SVMs.
- Brief description of the completed stages of deployment of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.
The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.
The SVM Management Wizard log saves information specified by you at every step of the wizard. If the SVM deployment process ends in an error, you can use the wizard log when contacting Technical Support.
The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.
Finish the wizard.
If your virtual infrastructure uses a Microsoft Windows Server (Hyper-V) hypervisor, after SVM deployment the event log may contain an event indicating the need to update the Integration Services package on the SVM. You can ignore this notification because the Integration Services do not need to be updated to operate the SVM.
Page top