Configuring Integration Server settings
You can perform the following actions to configure the Integration Server settings:
- Change passwords of internal Integration Server accounts. The following accounts are provided:
Account names cannot be edited.
- Change settings that the Integration Server uses to connect to the virtual infrastructure.
The Integration Server connects to each protected virtual infrastructure and receives information necessary for the operation of the solution. Depending on the type of protected virtual infrastructure the Integration Server connects to one of the following virtual infrastructure objects:
- hypervisor;
- virtual infrastructure administration server;
- Keystone microservice.
If you used the Integration Server Console to deploy SVMs, the Integration Server connects to the virtual infrastructure with the settings that you specified in the SVM Management Wizard.
If you used the Integration Server Web Console to deploy SVMs, the Integration Server connects to the virtual infrastructure with the settings that you specified in the Integration Server Web Console before SVM deployment.
You can edit the settings for connecting the Integration Server to the virtual infrastructure (except for the infrastructure address).
In a VMware vSphere infrastructure, you can also enable or disable the use of VMware NSX Manager in Kaspersky Security, as well as change the settings for connecting the Integration Server to VMware NSX Manager.
- Remove the Integration Server connection settings to the virtual infrastructure.
You can edit the settings of the Integration Server in the Integration Server Console or in the Integration Server Web Console.
Page top
[Topic 256399]
Changing passwords of Integration Server accounts
You can change the passwords of Integration Server accounts in Integration Server Web Console or in Integration Server Console.
Expand all | Collapse all
How to change the passwords of Integration Server user accounts in the Integration Server Web Console
To change the passwords of Integration Server accounts:
- Open Integration Server Web Console and connect to the Integration Server.
- Go to the Integration Server accounts section.
- In the window that opens, select the name of the account whose password you want to change.
The Change password window will open. The Account name field displays the name of the selected account.
- Enter the new password in the New password and Confirm password fields.
Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
- Click the Save button in the Change password window.
How to change the passwords of Integration Server user accounts in the Integration Server Console
To change the passwords of Integration Server accounts:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Integration Server user accounts section.
- In the table on the right, select the name of the account whose password you want to change.
- Click the Change the account password link located above the table to open the Account password window and enter the new password in the Password and Confirm password fields.
Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
- In the Account password window, click OK.
If you changed the account password for connecting SVMs to the Integration Server, you need to reconfigure the SVM connection to the Integration Server.
If the Light Agent policy is configured to connect Light Agents to the Integration Server and you have changed the account password for connecting Light Agents, you need to re-configure the Light Agents' connection to the Integration Server.
Page top
[Topic 256396]
Changing the settings for connecting to the virtual infrastructure in the Integration Server Web Console
- Open Integration Server Web Console and connect to the Integration Server.
- In the workspace, select the List of virtual infrastructures section.
The window that opens displays a table of virtual infrastructures to which the Integration Server connects. Each row of the table displays the following information about the virtual infrastructure:
- Infrastructure object address
This column contains the IP addresses or fully qualified domain names (FQDN) of the virtual infrastructure objects to which the Integration Server connects, and the names of the SVMs deployed on the hypervisors.
Depending on the type of virtual infrastructure, the column may display:
- IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
- IP address or the fully qualified domain name of the hypervisor
- IP address or the fully qualified domain name of the Keystone microservice
- OpenStack project and domain name.
- Infrastructure object type
The column contains the type of the virtual infrastructure object that the Integration Server will connect to.
- Status
This column contains information about the status of the Integration Server's connection to the virtual infrastructure, the state of the infrastructure objects to which the connection is made, and the state of the SVMs deployed in the infrastructure.
If the Integration Server is not connected to the virtual infrastructure object, the column displays an error message.
- VMware NSX Manager
For an infrastructure running on VMware vCenter Server with VMware NSX Manager by Kaspersky Security enabled, the column contains the IP address in IPv4 format or the fully qualified domain name (FQDN) of VMware NSX Manager.
Using the buttons above the table, you can:
- edit the account with administrator rights that the Integration Server uses to connect to the virtual infrastructure
- edit the account with restricted permissions to perform actions in the virtual infrastructure that the Integration Server uses while Kaspersky Security is running in order to get information about SVMs available for connection and to distribute Light Agents between SVMs
- change the settings for connecting the Integration Server to VMware NSX Manager (in a virtual infrastructure based on VMware vSphere)
- confirm the authenticity of a certificate or public key fingerprint received from a virtual infrastructure if its authenticity could not be established.
Expand all | Collapse all
How to edit the account with administrator rights
- In the List of virtual infrastructures section, select the virtual infrastructure for which you want to change the connection settings, click the Edit button located above the table, and select Administrator account settings.
- In the window that opens, specify the account settings:
- Click the Save button.
How to edit the account with limited permissions
- In the List of virtual infrastructures section, select the virtual infrastructure for which you want to change the connection settings, click the Edit button located above the table, and select Settings for account with restricted permissions.
- In the window that opens, specify the account settings:
- Click the Save button.
How to change VMware NSX Manager connection settings
- In the List of virtual infrastructures section, select the virtual infrastructure for which you want to change the connection settings, click the Edit button located above the table, and select VMware NSX Manager settings.
- In the window that opens, specify the account settings:
- Address
New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.
If your VMware NSX Manager virtual infrastructure is clustered, specify the virtual IP address of the cluster. First, you need to assign a virtual IP address and certificate to the cluster (for more information on configuring a VMware NSX Manager cluster, see the VMware documentation).
- User name
Name of the account that the Integration Server uses to connect to VMware NSX Manager. A VMware NSX Manager account that has been assigned the Enterprise Administrator role is required.
- Password
Password of the account that the Integration Server uses to connect to VMware NSX Manager.
- Click the Save button.
How to confirm a certificate or public key fingerprint
- In the List of virtual infrastructures section, select the virtual infrastructure for which you want to confirm the authenticity of a certificate or public key, and click the Confirm certificate button.
The Verify certificate or Verify public key fingerprint window opens (depending on the type of virtual infrastructure object).
By clicking on the link in this window you can view information about the received certificate or the key fingerprint.
- If the certificate complies with your organization's security policy, click the Confirm and continue button.
The received certificate or public key fingerprint will be saved on the device where the Integration Server is installed.
If you do not consider this public key is authentic, click the Cancel connection button to terminate the connection.
[Topic 256525]
Changing the settings for connecting to the virtual infrastructure in the Integration Server Console
To open the list of virtual infrastructures to which the Integration Server connects:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
A table of virtual infrastructures to which the Integration Server connects will open.
Each row of the table contains the following information:
- Infrastructure
Type of virtual infrastructure and IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server connects for interaction with virtual infrastructure.
For an infrastructure running on VMware vCenter Server with VMware NSX Manager by Kaspersky Security enabled, the column displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of VMware NSX Manager.
- State
Status of the connection between the Integration Server and the virtual infrastructure.
If the Integration Server is not connected to the virtual infrastructure object, the table displays an error message.
The Integration Server verifies the authenticity of all virtual infrastructure objects with which a connection is being established, except a Microsoft Windows Server (Hyper-V) hypervisor.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
Authentication for microservices of the OpenStack platform, VK Cloud platform, and TIONIX Cloud Platform is performed only if you are using HTTPS for connecting the Integration Server to the virtual infrastructure.
To verify authenticity, the Integration Server receives an SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If it fails to ascertain the authenticity of the certificate or public key received from the virtual infrastructure object, the Integration Server breaks the connection with the virtual infrastructure. An error message is displayed in the table. You can resolve this error.
To resolve an SSL certificate validation error or public key validation error received from a virtual infrastructure object, do one of the following:
- Confirm the authenticity of the certificate or public key received from the virtual infrastructure object. To do this, you need to launch the SVM Management Wizard (in the SVM management section of the Integration Server Console) and open the list of virtual infrastructures to which the SVM Management Wizard is configured to connect (for example, see the "Selecting infrastructure for SVM deployment" step in the procedure for installing the Protection Server). The wizard prompts you to verify the authenticity of the certificate or public key in the Verify certificate or Verify public key fingerprint window (depending on the type of virtual infrastructure object).
- Replace the certificate with a new one if you do not believe that the existing certificate is authentic.
If the use of VMware NSX Manager in Kaspersky Security is enabled, the Integration Server also checks the VMware NSX Manager certificate. If the certificate is not trusted by the Integration Server or does not match a previously installed certificate, an error message is displayed in the table. You can resolve this error.
To resolve a VMware NSX Manager SSL certificate validation error, do one of the following:
- Verify the authenticity of the certificate. To view information about the received certificate, you need to click the Confirm VMware NSX Manager certificate authenticity link that is displayed in the error message. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to VMware NSX Manager. To do so, click the Trust the certificate button in the Verify certificate window. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- If you do not consider the certificate to be trusted, you can disconnect by clicking the Cancel button, and replace the certificate with a new one.
Expand all | Collapse all
How to change the settings for connecting to the virtual infrastructure
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
The list of all virtual infrastructures to which the Integration Server connects opens:
- In the table, select a virtual infrastructure whose connection settings you want to modify, and click the Edit link above the table.
The Change virtual infrastructure connection settings window opens.
The Address field displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server is connected for interaction with protected virtual infrastructure. The Address field cannot be changed.
- Make the necessary changes. You can change the following settings for connecting the Integration Server to the virtual infrastructure:
- Protocol
Protocol used to connect the Integration Server to the virtual infrastructure. By default, HTTPS protocol is used.
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- OpenStack domain
Name of the OpenStack domain that contains an account used to connect the Integration Server to the virtual infrastructure.
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
Name of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.
To connect to a virtual infrastructure based on XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, Alt Virtualization Server, Astra Linux, Numa vServer, VK Cloud platform, or TIONIX Cloud Platform, we recommend using an account that has limited rights to perform actions in the virtual infrastructure.
To connect to a virtual infrastructure running on the Microsoft Hyper-V platform during Kaspersky Security operation, you must use the same user account that is used for SVM deployment, removal and reconfiguration.
- Password
Password of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.
- Click the OK button in the Change virtual infrastructure connection settings window.
How to configure the use of VMware NSX Manager in the Kaspersky Security solution
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
The list of all virtual infrastructures to which the Integration Server connects opens:
- In the table, select the virtual infrastructure managed by VMware vCenter Server, and click the Edit link located above the table.
The Change virtual infrastructure connection settings window opens.
- Configure the settings for connecting the Integration Server to VMware NSX Manager:
- Use VMware NSX Manager
Enables or disables the use of VMware NSX Manager in the Kaspersky Security solution
If VMware NSX Manager is used in the operation of the solution, Kaspersky Security can assign security tags to the protected virtual machine.
- Address
New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.
If your VMware NSX Manager virtual infrastructure is clustered, specify the virtual IP address of the cluster. First, you need to assign a virtual IP address and certificate to the cluster (for more information on configuring a VMware NSX Manager cluster, see the VMware documentation).
- User name
Name of the account that the Integration Server uses to connect to VMware NSX Manager. A VMware NSX Manager account that has been assigned the Enterprise Administrator role is required.
- Password
Password of the account that the Integration Server uses to connect to VMware NSX Manager.
If you change the password for the account used to connect to VMware NSX Manager, the Integration Server will not be able to connect to VMware NSX Manager until at least 15 minutes have passed since the new connection settings were saved.
- Click the OK button in the Change virtual infrastructure connection settings window.
[Topic 256506][Topic 256497]