SVM reconfiguration using the Integration Server Console

To change the SVM configuration using the SVM Management Wizard:

1. Open Integration Server Console and connect to the Integration Server.
2. In the SVM management section, click the SVM management button to start the SVM Management Wizard.
3. Follow the wizard instructions.

Selecting an action

At this step, choose the SVM reconfiguration option.

Proceed to the next step of the wizard.

Selecting SVM for reconfiguration

At this step, you must select the SVM or SVMs that you want to reconfigure.

The table displays the following information about the virtual infrastructures, to which the SVM Management Wizard connection is configured, as well as information about the deployed SVMs:

• Name/Address

  Depending on the type of virtual infrastructure, the column may contain the following:

  • IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
  • IP address or the fully qualified domain name of the hypervisor
  • IP address or the fully qualified domain name of the Keystone microservice
  • Name of the OpenStack domain
  • Name of the OpenStack project
  • Name of the SVM deployed on the hypervisor

  If the connection with the virtual infrastructure could not be established, the warning icon is displayed against this connection in the column. A description of the connection error is shown in the table and in the tooltip of the warning icon.

• State

  This column contains information on the state of the virtual infrastructure object or the SVM.

  For the hypervisor, one of the following values is specified: Enabled or Disabled. If a connection to the hypervisor cannot be established, the column shows Disconnected.

  For the Keystone microservice, the OpenStack project, and the OpenStack domain, one of the following values is specified: Enabled or Disconnected.

  One of the following values is specified for an SVM: Enabled, Disabled.

• Protection

  This column contains the SVM version number.

• Type

  This column contains the type of virtual infrastructure object that the SVM Management Wizard will connect to.

You can search the list of virtual infrastructure objects. The search is performed based on the value of the Name/Address. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.

To selecting an SVM for reconfiguration,

In the table, select the check boxes to the left of the names of the SVMs you want to reconfigure.

If SVMs are being reconfigured in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous reconfiguration of SVMs deployed in different infrastructures is not supported. You can reconfigure SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.

SVMs in OpenStack projects that are running on different Keystone microservices cannot be reconfigured simultaneously. You can simultaneously reconfigure SVMs deployed in OpenStack projects that are running on the same Keystone microservice.

If the list does not contain virtual infrastructure, in which you want to reconfigure SVM, you must configure the SVM Management Wizard connection to this virtual infrastructure.

To configure the connection of SVM Management Wizard to the virtual infrastructure:

1. Click the Add button.
2. In the Virtual infrastructure connection settings window that opens, specify the following settings:
   • Type

     Type of virtual infrastructure object that SVM Management Wizard will connect to.

     Depending on the type of virtual infrastructure, select a hypervisor, virtual infrastructure administration server, or Keystone microservice.

   • Protocol

     Protocol used to connect SVM Management Wizard to the virtual infrastructure. By default, the HTTPS protocol is used.

     The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

   • Addresses

     Addresses of the virtual infrastructure objects that SVM Management Wizard will connect to.

     Depending on the type of virtual infrastructure, you need to specify the hypervisor address or the address of the virtual infrastructure administration server. To connect to an OpenStack-based infrastructure, you need to specify the address of the Keystone microservice.

     The address can be specified as the IP address in IPv4 format or the fully qualified domain name (FQDN).

     You can specify multiple addresses by separating them with a semicolon, a space, or a new line. The number of correctly recognized addresses is shown under the list of addresses.

     In this field, you can also specify the port used to connect to the virtual infrastructure object in the format <IP address>:<port>.

     If you are configuring a connection to Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service, you can specify the address of the cluster. All hypervisors that are part of the cluster will be added to the list.

     If you are configuring a connection to VMware ESXi hypervisors managed by VMware vCenter Servers running in Linked mode, you can specify the address of any of these VMware vCenter Servers. All the hypervisors running on VMware vCenter servers in Linked mode will be added to the list.

     If you are configuring a connection to hypervisors that are managed by Microsoft SCVMM, you can specify the settings for connecting to Microsoft SCVMM. All hypervisors that are managed by Microsoft SCVMM will be added to the list.

     If you are configuring a connection to an infrastructure managed by Nutanix Prism Element, you need to specify the Nutanix Prism Element address. If the infrastructure is managed by Nutanix Prism Central, specify the Nutanix Prism Central address. All Nutanix Prism Element servers managed by Nutanix Prism Central will be added to the list.

   • OpenStack domain

     Name of the

     OpenStack domain

     An OpenStack domain is a collection of OpenStack accounts, groups of infrastructure objects, and projects in virtual infrastructures based on OpenStack (including infrastructures based on the VK Cloud platform or TIONIX Cloud Platform). Each account belongs to a particular OpenStack domain.

     that contains an account used to connect SVM Management Wizard to the virtual infrastructure object.

     The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

   • User name

     Name of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration. This account must have privileges that are sufficient for SVM deployment, removal and reconfiguration.

     If you use a domain account to connect to a virtual infrastructure object, you can specify the account name in the <domain>\<user name> or <user name>@<domain> format.

   • Password

     Password of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration.

3. Click the Connect button.

   The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.

   The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.

   Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.

   For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.

   To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.

   If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.

   If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.

   If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.

You can use the Refresh button above the table to update the list of virtual infrastructure objects. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

You can use buttons in the Name/Address column to:

• Remove selected virtual infrastructure from the list.

  The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.

• If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.

  After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

Proceed to the next step of the wizard.

Entering the configuration password

At this step, specify the configuration password that was created during SVM deployment.

Proceed to the next step of the wizard.

Editing SVM network settings

This step is displayed if the SVM reconfiguration is being performed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

At this step, you can change the virtual network(s) that the SVMs use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

Changing the list of networks on SVMs results in the creation of new network adapters. This could change the IP address of an SVM.

To change the list of virtual networks used by an SVM:

1. Select the Change SVM network settings check box.

   The window displays a table containing the following information about SVMs selected for reconfiguration:

   • Hypervisor

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

   • SVM name

     The name that was defined when specifying SVM settings.

2. For each SVM, specify one or more virtual networks in the Network name column.

   The name of the virtual network that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   You can specify one or more virtual networks available on the hypervisor. To add or remove a field for selecting virtual networks, use the buttons next to the network selection field.

   If you intend to use dynamic IP addressing (DHCP) for all SVMs, the network settings will be received from the DHCP server via the first virtual network in the list of networks specified for each SVM. Make sure that the Wizard can connect to the SVM with the network settings of the first virtual network received from the DHCP server.

   If the virtual infrastructure uses the VMware Distributed Virtual Switch component, you can specify a Distributed Virtual Port Group to which the SVM will be connected.

3. If the SVMs that you selected for reconfiguration are deployed in a virtual infrastructure running the Microsoft Hyper-V platform, you can also specify the VLAN ID.

   The ID of the virtual local area network (VLAN) that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   If VLAN is not used, the column shows No.

Proceed to the next step of the wizard.

Editing SVM network settings (infrastructures based on OpenStack)

This step is displayed if you are performing SVM reconfiguration in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

At this step, you can change the virtual network or networks that the SVMs use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server, and can change the Security Group for each virtual network.

Changing the list of networks on SVMs results in the creation of new network adapters. This could change the IP address of an SVM.

To change SVM network settings:

1. Select the Change SVM network settings check box.

   The window displays a table containing the following information about SVMs selected for reconfiguration:

   • OpenStack project

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

   • SVM name

     The name that was defined when specifying SVM settings.

2. For each SVM, specify one or more virtual networks in the Network name column.

   The name of the virtual network that the SVM will use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   You can specify one or more virtual networks available within the OpenStack project. To add or remove a field for selecting virtual networks, use the buttons next to the network selection field.

   If you intend to use dynamic IP addressing (DHCP) for all SVMs, the network settings will be received from the DHCP server via the first virtual network in the list of networks specified for each SVM. Make sure that the Wizard can connect to the SVM with the network settings of the first virtual network received from the DHCP server.

3. If necessary, specify one or more security groups for each selected network in the Security group column.

   Set of network traffic filtering rules that are created in the virtual infrastructure and applied in the virtual network.

   You can specify one or more security groups for each selected virtual network. To add or remove a field for selecting security groups, use the buttons next to the Security groups selection field.

Proceed to the next step of the wizard.

Changing SVM IP settings

For this step, you can edit IP addressing settings used for all SVMs. You can use dynamic or static IP addressing.

To edit the IP address settings:

1. Select the Edit SVM IP settings check box.

   If you added virtual networks for one or more SVMs at the previous step of the Wizard, the Edit SVM IP settings check box is not displayed. You cannot proceed to the next step until the network settings of SVMs selected for reconfiguration have been configured.

2. If you want to use DHCP network settings for all SVMs, select Dynamic IP addressing (DHCP).

   By default, the IP address of the DNS server and the IP address of the alternative DNS server received over the DHCP protocol are used for each SVM. If you specified several virtual networks for the SVM at the previous step, by default the network settings for the SVM are received from the DHCP server of the first virtual network in the list of the specified virtual networks.

   If you want to manually specify the IP address of the DNS server and alternative DNS server, clear the Use list of DNS servers received via DHCP check box. This opens a table containing the following information:

   • Hypervisor

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

     The Hypervisor column is displayed if the SVM is deployed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

     The OpenStack project column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   Specify the IP addresses of DNS servers in the DNS server and Alternative DNS server table columns.

3. If you want to specify all network settings of the SVM manually, select Static IP addressing. This opens a table containing the following information:
   • Hypervisor

     IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

     The Hypervisor column is displayed if the SVM is deployed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

   • OpenStack project

     Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

     The OpenStack project column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.

   • SVM name

     The name that was defined when specifying SVM settings.

   • Network name

     The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

   Specify the following network settings for each SVM:

   • SVM IP address
   • Subnet mask
   • Gateway
   • DNS server
   • Alternative DNS

Proceed to the next step of the wizard.

Changing Kaspersky Security Center connection settings

At this step, you can edit the settings of SVM connection to the Kaspersky Security Center Administration Server.

To edit the settings for connecting SVMs to Kaspersky Security Center Administration Server:

1. Select the Change Kaspersky Security Center connection settings check box.
2. Specify the following settings:
   • Address

     Address of the device hosting the Kaspersky Security Center Administration Server. You can specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device.

   • Port

     Number of the port for connecting the SVM to the Kaspersky Security Center Administration Server.

   • SSL port

     Number of the port for connecting an SVM to the Kaspersky Security Center Administration Server using an SSL certificate.

Proceed to the next step of the wizard.

Changing the configuration password and root account settings

At this step, you can modify the following settings:

• Configuration password (the password used to reconfigure SVMs).
• Root account password.
• Remote access mode to the SVM over SSH for the root user account.

If you want to change the configuration password, select the Change the klconfig account password (configuration password) check box and specify the new configuration password in the Password and Confirmation fields.

If you want to change the root account password, select the Change the root account password check box and specify the new password in the Password and Confirmation fields.

Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.

If you want to change the mode of remote access over SSH to the SVM, select the Change remote access for the root account check box, and then select or clear the Allow remote access to SVM for the root account via SSH check box.

Proceed to the next step of the wizard.

Starting SVM reconfiguration

This step is displayed if the SVM reconfiguration is being performed in a virtual infrastructure based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux, or Numa vServer.

At this step, the Wizard displays all of the previously entered settings required for reconfiguration of the SVM.

General settings for all SVMs:

• Number of SVMs

  Number of SVMs to be reconfigured.

• Configuration password

  Information on the need to change the configuration password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• Root account password

  Information regarding the need to change the root account password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• SSH-based remote access to the SVM for the root account

  Information on the need to change the option of remote access to SVMs via SSH.

  Possible values: Change to Allowed, Change to Blocked, Leave unchanged.

• Kaspersky Security Center connection settings

  Information on the need to change the settings for connecting SVMs to Kaspersky Security Center.

  Possible values: Leave unchanged, Changes are needed.

• SVM IP settings

  Information on the need to change the IP addressing settings for all SVMs.

  Possible values: use DHCP, use static IP addressing, leave unchanged.

Individual settings for each SVM:

• Hypervisor

  IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.

• SVM name

  The name that was defined when specifying SVM settings.

• Network name

  The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

• VLAN ID

  The ID of the virtual local area network (VLAN) that the SVM uses to connect to virtual machines, the Integration Server and the Kaspersky Security Center Administration Server.

  The VLAN ID column is displayed only if the SVMs that you selected for reconfiguration are deployed in a virtual infrastructure running the Microsoft Hyper-V platform.

• All IP addressing settings that you provided for the SVM.

To start the reconfiguration of the SVM, go to the next step in the wizard.

Starting SVM reconfiguration (infrastructures based on OpenStack)

This step is displayed if you are reconfiguring an SVM in a virtual infrastructure running the TIONIX Cloud Platform or in a virtual infrastructure running the OpenStack platform.

At this step, the Wizard displays all of the previously entered settings required for reconfiguration of the SVM.

General settings for all SVMs:

• Keystone microservice address

  IP address or fully qualified domain name (FQDN) of the Keystone microservice that manages the OpenStack project in which the SVMs are deployed.

• Number of SVMs

  Number of SVMs to be reconfigured.

• Configuration password

  Information on the need to change the configuration password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• Root account password

  Information regarding the need to change the root account password on SVMs.

  Possible values: Leave unchanged, Changes are needed.

• SSH-based remote access to the SVM for the root account

  Information on the need to change the option of remote access to SVMs via SSH.

  Possible values: Change to Allowed, Change to Blocked, Leave unchanged.

• Kaspersky Security Center connection settings

  Information on the need to change the settings for connecting SVMs to Kaspersky Security Center.

  Possible values: Leave unchanged, Changes are needed.

• SVM IP settings

  Information on the need to change the IP addressing settings for all SVMs.

  Possible values: use DHCP, use static IP addressing, leave unchanged.

Individual settings for each SVM:

• OpenStack project

  Name of the OpenStack project that the SVM is deployed in, as well as project path in the infrastructure.

• SVM name

  The name that was defined when specifying SVM settings.

• Network name

  The name of the virtual network that the SVM uses to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.

• Security group

  Security group selected for the virtual network.

• All IP addressing settings that you provided for the SVM.

To start the reconfiguration of the SVM, go to the next step in the wizard.

SVM reconfiguration

At this step, the SVMs are reconfigured.

The window displays, one row at a time, the stages of SVM reconfiguration of each SVM with the status of each stage: Pending, Connecting, Processing N%, Completed, Error.

The process takes some time. Please wait until the process is complete.

Proceed to the next step of the wizard.

Finishing SVM reconfiguration

This step displays information about the results of SVM reconfiguration.

The wizard displays links that you can use to open a brief report and the SVM Management Wizard log.

The brief report contains the following information:

• Addresses of hypervisors whose SVM configuration was changed, or OpenStack project names containing the deployed SVMs that have been reconfigured (depending on type of the virtual infrastructure).
• Names of SVMs that have been reconfigured.
• Brief description of the completed stages of reconfiguration of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.

The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.

The SVM Management Wizard log saves information specified by you at every step of the wizard. If errors occur during reconfiguration of SVMs, you can use the wizard log when contacting Technical Support.

The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.

Finish the wizard.