Contents
- Preparation work and deployment
- Preparing the administrator and target hosts
- Preparing the hosts for installation of the KUMA services
- Installing a database management system
- Configuring the PostgreSQL or Postgres Pro server for working with Open Single Management Platform
- Preparing the KUMA inventory file
- Distributed deployment: Specifying the installation parameters
- Distributed deployment: Installing Kaspersky Next XDR Expert
- Single node deployment: Specifying the installation parameters
- Single node deployment: Installing Kaspersky Next XDR Expert
- Configuration wizard for the Kaspersky Next XDR Expert deployment
- Configuring internet access for the target hosts
- Installation requirements for the KUMA services
- Synchronizing time on machines
- Installing KUMA services
- Deployment of multiple Kubernetes clusters and Kaspersky Next XDR Expert instances
- Signing in to Kaspersky Next XDR Expert
Preparation work and deployment
This section describes how to prepare your infrastructure for the Kaspersky Next XDR Expert deployment, set the installation parameters that are specific for the distributed or single node deployment, as well as how to use the Configuration wizard to generate the configuration file.
You can learn how to install Kaspersky Next XDR Expert according to the distributed and single node deployment schemes. Also, this section contains information on how to deploy multiple Kubernetes clusters with Kaspersky Next XDR Expert instances and switch between them by using KDT.
Preparing the administrator and target hosts
The administrator host is used to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. The target hosts are included in the Kubernetes cluster and perform the workload of the Kaspersky Next XDR Expert components. Kaspersky Next XDR Expert is deployed on the target hosts by using KDT. KDT runs on the administrator host and connects to target hosts via SSH.
Before installing Kaspersky Next XDR Expert, we recommend that you run the following command on the administrator and target hosts:apt update
Preparing the administrator host
To prepare the administrator host:
- Prepare a device that will act as an administrator host from which KDT will launch.
The administrator host will not be included in the Kubernetes cluster that is created by KDT during the deployment.
Make sure that the hardware and software on the administrator host meet the requirements for KDT.
On the administrator host, allocate at least 10 GB of free space in the temporary files directory (/
tmp) for KDT. If you do not have enough free space in this directory, run the following command to specify the path to another directory:export TMPDIR=<new_directory>/tmp - Install the package for Docker version 20 or later, and then perform post-installation steps to configure the administration host for proper functioning with Docker.
Preparing the target hosts
To prepare the target hosts:
- Prepare the physical or virtual machines on which Kaspersky Next XDR Expert will be deployed.
A minimum cluster configuration for the distributed deployment includes four nodes:
- One primary node
The primary node is intended for managing the cluster, storing metadata, and distributing of the workload.
- Three worker nodes
The worker nodes are intended for performing the workload of the Kaspersky Next XDR Expert components.
For optimal allocation of computing resources, it is recommended to use nodes with the same resources.
You can install the DBMS inside the Kubernetes cluster when you perform the demonstration deployment of Kaspersky Next XDR Expert. In this case, allocate the additional worker node for the DBMS installation. KDT will install the DBMS during the Kaspersky Next XDR Expert deployment.
For the distributed deployment, we recommend installing a DBMS on a separate server outside the cluster.
After you deploy Kaspersky Next XDR Expert, changing the DBMS installed inside the cluster to a DBMS installed on a separate server is not available. You have to remove all Kaspersky Next XDR Expert components, and then install Kaspersky Next XDR Expert again. In this case, the data will be lost.
A minimum cluster configuration for the single node deployment includes one target host, which acts as the primary and worker nodes. On this primary/worker node, the Kubernetes cluster and Kaspersky Next XDR Expert components are installed.
Make sure that the hardware and software on the target hosts meet the requirements for the selected deployment option (the distributed or single node deployment), and the target hosts are located in the same broadcast domain.
For proper functioning of Kaspersky Next XDR Expert the Linux kernel version must be 5.15.0.107 or later on the target hosts with the Ubuntu family operating systems
Do not install Docker on the selected target hosts. KDT will install all necessary software and dependencies during the deployment.
- One primary node
- On each target host, install the sudo package, if this package is not already installed. For Debian family operating systems, install the UFW package on the target hosts.
- On each target host, configure the /etc/environment file, if your organization's infrastructure uses the proxy server to access the internet, as well as you need to connect the target hosts to the internet.
- On the primary node with the UFW configuration, allow IP forwarding. In the
/etc/default/ufwfile, setDEFAULT_FORWARD_POLICYtoACCEPT. - Provide access to the package repository where the packages required for the function of Kaspersky Next XDR Expert are located:
- nfs-common
- tar
- iscsi-package
- wireguard
- wireguard-tools
KDT will try to install these packages during the deployment from the package repository. You can also install these packages manually.
- Ensure that the curl package is installed on the primary node (or on the primary/worker node, if you perform the single node deployment).
- Ensure that the libnfs12 package is installed on the worker nodes (or on the primary/worker node, if you perform the single node deployment).
The curl and libnfs12 packages are not installed during the deployment from the package repository by using KDT. You must install these packages manually if they are not already installed.
- Reserve static IP addresses for the target hosts, for the Kubernetes cluster gateway, and for the DBMS (if the DBMS is installed inside the cluster).
The Kubernetes cluster gateway is intended for connecting to the Kaspersky Next XDR Expert components installed inside the Kubernetes cluster.
- On your DNS server, register the domain names to connect to the Kaspersky Next XDR Expert services.
By default, the Kaspersky Next XDR Expert services are available at the following addresses:
- console.<smp_domain>—Access to the OSMP Console functionality.
- admsrv.<smp_domain>—Access to the Administration Server functionality.
- kuma.<smp_domain>—Access to the KUMA functionality.
- api.<smp_domain>—Access to the Kaspersky Next XDR Expert API functionality.
- psql.<smp_domain>—Interaction with the DBMS (PostgreSQL).
Register the psql.<smp_domain> domain name if you installed the DBMS inside the Kubernetes cluster on the DBMS node and you need to connect to the DBMS.
The listed domain names must correspond to the IP address of the Kubernetes cluster gateway. If you install the DBMS inside the cluster, the gateway IP address is an IP range. The first IP address of the range is the address of the Kaspersky Next XDR Expert services (excluding the DBMS IP address), and the second IP address of the range is the DBMS IP address.
- On the target hosts, create user accounts that will be used for the Kaspersky Next XDR Expert deployment.
These accounts are used for the SSH connection and must be able to elevate privileges (sudo) without entering a password. To do this, add the created user accounts to the
/etc/sudoersfile. - Configure the SSH connection between the administrator and target hosts:
- On the administrator host, generate SSH keys by using the ssh-keygen utility.
- After you generate a pair of SSH keys, copy the public key to every target host (for example, to the
/home/<user_name>/.sshdirectory).
- For proper function of the Kaspersky Next XDR Expert components, provide network access between the target hosts and open the required ports on the firewall of the administrator and target hosts, if necessary.
- Configure time synchronization over Network Time Protocol (NTP) on the administrator and target hosts.
- If necessary, prepare custom certificates for working with Kaspersky Next XDR Expert public services.
You can use one intermediate certificate that is issued off the organization's root certificate or leaf certificates for each of the services. The prepared custom certificates will be used instead of a self-signed certificates.
Preparing the hosts for installation of the KUMA services
The KUMA services (collectors, correlators, and storages) are installed on the KUMA target hosts that are located outside the Kubernetes cluster.
To prepare the KUMA target hosts for installation of the KUMA services:
- Ensure that hardware, software, and installation requirements are met.
- Specify the host names.
We recommend specifying the FQDN, for example: kuma1.example.com.
We do not recommend changing the KUMA host name after installation. This will make it impossible to verify the authenticity of certificates and will disrupt the network communication between the application components.
- Configure the SSH connection between the administrator host and hosts on which the KUMA services will be installed.
You can use the SSH keys created for the target hosts. Alternatively, you can generate new SSH keys by using the ssh-keygen utility:
- On the administrator host, generate SSH keys by using the ssh-keygen utility without a passphrase.
- Copy the public key to hosts on which the KUMA services will be installed by using the ssh-copy-id utility.
- Register the KUMA target hosts in your organization's DNS zone to allow host names to be translated to IP addresses.
- To get the hostname that you must specify in the KUMA inventory file, run the following command:
hostname -fThe prepared hosts must provide access for the administrator host by the hostname.
The hosts are ready for installation of the KUMA services.
Page topInstalling a database management system
Kaspersky Next XDR Expert supports PostgreSQL or Postgres Pro database management systems (DBMS). For the full list of supported DBMSs, refer to the Hardware and software requirements.
Each of the following Kaspersky Next XDR Expert components requires a database:
- Administration Server
- Automation Platform
- Incident Response Platform (IRP)
- Identity and Access Manager (IAM)
Each of the components must have a separate database within the same instance of DBMS. We recommend that you install the DBMS instance outside the Kubernetes cluster.
For the DBMS installation, KDT requires a privileged DBMS account that has permissions to create databases and other DBMS accounts. KDT uses this privileged DBMS account to create the databases and other DBMS accounts required for the Kaspersky Next XDR Expert components.
For information about how to install the selected DBMS, refer to its documentation.
After you install the DBMS, you need to configure the DBMS server parameters to optimize the DBMS work with Open Single Management Platform.
Page topConfiguring the PostgreSQL or Postgres Pro server for working with Open Single Management Platform
Kaspersky Next XDR Expert supports PostgreSQL or Postgres Pro database management systems (DBMS). For the full list of supported DBMSs, refer to the Hardware and software requirements. Consider configuring the DBMS server parameters to optimize the DBMS work with Administration Server.
The default path to the configuration file is: /etc/postgresql/<VERSION>/main/postgresql.conf
Recommended parameters for PostgreSQL and Postgres Pro DBMS for work with Administration Server:
shared_buffers =25% of the RAM value of the device where the DBMS is installedIf RAM is less than 1 GB, then leave the default value.
max_stack_depth =If the DBMS is installed on a Linux device: maximum stack size (execute the 'ulimit -s' command to obtain this value in KB) minus the 1 MB safety marginIf the DBMS is installed on a Windows device, then leave the default value 2 MB.
temp_buffers =24MBwork_mem =16MBmax_connections =151max_parallel_workers_per_gather =0maintenance_work_mem =128 MB
Restart or reload the server after updating the postgresql.conf file to apply changes. Refer to the PostgreSQL documentation for details.
Refer to the following topic for details on how to create and configure accounts for PostgreSQL and Postgres Pro: Configuring accounts for work with PostgreSQL and Postgres Pro.
For detailed information about PostgreSQL and Postgres Pro server parameters and on how to specify the parameters, refer to the corresponding DBMS documentation.
Preparing the KUMA inventory file
The KUMA inventory file is a file in the YAML format that contains installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster. The path to the KUMA inventory file is included in the configuration file that is used by Kaspersky Deployment Toolkit for the Kaspersky Next XDR Expert deployment.
The templates of the KUMA inventory file are located in the distribution package. If you want to install the KUMA services (storage, collector, and correlator) on one host, use the single.inventory.yaml file. To install the services on several hosts in the network infrastructure, use the distributed.inventory.yaml file.
We recommend backing up the KUMA inventory file that you used to install the KUMA services. You can use it to remove KUMA.
To prepare the KUMA inventory file,
Open the KUMA inventory file template located in the distribution package, and then edit the variables in the inventory file.
The KUMA inventory file contains the following blocks:
allblockThe
allblock contains the variables that are applied to all hosts specified in the inventory file. The variables are located in thevarssection.kumablockThe
kumablock contains the variables that are applied to hosts on which the KUMA services will be installed. These hosts are listed in thekumablock in the children section. The variables are located in thevarssection.
The following table lists possible variables, their descriptions, possible values, and blocks of the KUMA inventory file where these variables can be located.
List of possible variables in the vars section
Variable |
Description |
Possible values |
Block |
Variables located in the |
|||
|
Method used to connect to the KUMA service hosts. |
To provide the correct installation of the KUMA services, in the In the |
|
|
User name used to connect to KUMA service hosts to install external KUMA services. |
If the root user is blocked on the target hosts, specify a user name that has the right to establish SSH connections and elevate privileges by using su or sudo. To provide the correct installation of the KUMA services, in the In the |
|
|
Variable used to indicate the need to increase the privileges of the user account that is used to install KUMA components. |
To provide the correct installation of the KUMA services, in the |
|
|
Variable used to indicate the need to increase the privileges of the user account that is used to install KUMA components. |
|
|
|
Method used for increasing the privileges of the user account that is used to install KUMA components. |
|
|
Variables located in the |
|||
|
Group of hosts used for storing the service files and utilities of KUMA. A host can be included in the During the Kaspersky Next XDR Expert deployment, on the hosts that are included in kuma_utils, the following files are copied to the
|
The group of hosts contains the |
|
|
Group of KUMA collector hosts. This group can contain multiple hosts. |
The group of KUMA collector hosts contains the |
|
|
Group of KUMA correlator hosts. This group can contain multiple hosts. |
The group of KUMA correlator hosts contains the |
|
|
Group of KUMA storage hosts. This group can contain multiple hosts. |
The group of KUMA storage hosts contains the |
|
Distributed deployment: Specifying the installation parameters
The configuration file is a file in the YAML format and contains a set of installation parameters for the Kaspersky Next XDR Expert components.
The installation parameters listed in the tables below are required for the distributed deployment of Kaspersky Next XDR Expert. To deploy Kaspersky Next XDR Expert on a single node, use the configuration file that contains the installation parameters specific for the single node deployment.
The template of the configuration file (smp_param.yaml.template) is located in the distribution package in the archive with the KDT utility. You can fill out the configuration file template manually; or use the Configuration wizard to specify the installation parameters that are required for the Kaspersky Next XDR Expert deployment, and then generate the configuration file.
For correct function of KDT with the configuration file, enter an empty line at the end of the file.
The nodes section of the configuration file contains the target host parameters that are listed in the table below.
Installation parameters of the nodes section
Parameter name |
Required |
Description |
|---|---|---|
|
Yes |
The name of the node. |
|
Yes |
Possible parameter values:
|
|
Yes |
The IP address of the node. All nodes must be included in the same subnet. |
|
No |
The node type that specifies the Kaspersky Next XDR Expert component that will be installed on this node. Possible parameter values:
For Kaspersky Next XDR Expert to work correctly, we recommend that you select the node on which Administration Server will work. Also, you can select the node on which you want to install the DBMS. Specify the appropriate values of the |
|
Yes |
The username of the user account created on the target host and used for connection to the node by KDT. |
|
Yes |
The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT. |
The parameters section of the configuration file contains the parameters listed in the table below.
Installation parameters of the parameters section
Parameter name |
Required |
Description |
|---|---|---|
|
Yes |
The connection string for accessing the DBMS that is installed and configured on a separate server. Specify this parameter as follows:
If the We recommend installing a DBMS on a separate server outside the cluster. |
|
Yes |
The language of the OSMP Console interface specified by default. After installation, you can change the OSMP Console language. Possible parameter values:
|
|
Yes |
The reserved static IP address of the Kubernetes cluster gateway. The gateway must be included in the same subnet as all cluster nodes. If you install the DBMS on a separate server, the gateway IP address must contain the subnet mask /32. If you install the DBMS inside the cluster, set the gateway IP address to an IP range in the format |
|
Yes |
The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT. |
|
Yes |
The path to the private part of the SSH key located on the administrator host and used for connection to the nodes with the KUMA services (collectors, correlators, and storages). |
|
Yes |
The The Main administrator role is assigned to this user account. The The The password must comply with the following rules:
|
|
No |
The parameter that indicates that Kaspersky Next XDR Expert is installed on the target host with limited computing resources. Set the Possible parameter values:
|
|
Yes |
The parameter that specifies the amount of disk space for the operation of KUMA Core. This parameter is used only if the |
|
Yes |
The path to the KUMA inventory file located on the administrator host. The inventory file contains the installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster. |
|
No |
The path to the additional KUMA inventory file located on the administrator host. This file contains the installation parameters used to partially add or remove hosts with the KUMA services. If you perform an initial deployment of Kaspersky Next XDR Expert or you do not need to partially add or remove hosts with the KUMA services, set this parameter to |
|
Yes |
The path to the license key of KUMA. |
|
Yes |
The domain name that is used in the addresses of the public Kaspersky Next XDR Expert services. |
|
Yes |
The domain name for which a self-signed or custom certificate is to be generated. The |
|
Yes |
The addresses of the Kaspersky Next XDR Expert services. These addresses contain the domain name, which must match the |
|
Yes |
The list of addresses of the public Kaspersky Next XDR Expert services for which a self-signed or custom certificate is to be generated. These addresses contain the domain name, which must match the |
|
No |
The path to the custom intermediate certificate used to work with public Kaspersky Next XDR Expert services. |
|
No |
The parameter that indicates whether to use the custom intermediate certificate instead of the self-signed certificates for the public Kaspersky Next XDR Expert services. Possible parameter values:
|
|
No |
The paths to the custom leaf certificates used to work with the corresponding public Kaspersky Next XDR Expert services: admsrv.<smp_domain>, api.<smp_domain>, console.<smp_domain>, psql.<smp_domain>. Specify the If you want to specify the leaf custom certificates, set the |
|
Yes |
The address of KUMA Console. This address contains the domain name, which must match the |
|
Yes |
The address of OSMP Console. This address contains the domain name, which must match the |
|
Yes |
The names of the secret files that are stored in the Kubernetes cluster. These names contain the domain name, which must match the |
|
Yes |
The amount of free disk space allocated to store the Administration Server data (updates, installation packages, and other internal service data). Measured in gigabytes, specified as "<amount>Gi". The required amount of free disk space depends on the number of managed devices and other parameters, and can be calculated. The minimum recommended value is 10 GB. |
|
No |
The amount of free disk space allocated to store the internal service KDT data. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 1 GB. |
|
Yes |
The amount of free disk space allocated to store the backups of the Administration Server data. Measured in gigabytes, specified as "<amount>Gi".The minimum recommended value is 10 GB. |
|
Yes |
The amount of free disk space allocated to store metrics. Measured in gigabytes, specified as "<amount>GB". The minimum recommended value is 5 GB. |
|
Yes |
The amount of free disk space allocated to store OSMP logs. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 20 GB. |
|
Yes |
The The The default parameter value is |
|
No |
The parameter that indicates whether to encrypt the traffic between the Kaspersky Next XDR Expert components and the DBMS by using the TLS protocol. Possible parameter values:
|
|
No |
The path to the PEM file that can contain the TLS certificate of the DBMS server or a root certificate from which the TLS server certificate can be issued. |
|
No |
The path to the PEM file that contains a certificate and a private key of the Kaspersky Next XDR Expert component. This certificate is used to establish the TLS connection between the Kaspersky Next XDR Expert components and the DBMS. |
|
No |
The parameter that indicates whether to use the proxy server to connect the Kaspersky Next XDR Expert components to the internet. If the host on which Kaspersky Next XDR Expert is installed has internet access, you can also provide internet access for operation of Kaspersky Next XDR Expert components (for example, Administration Server) and for specific integrations, both Kaspersky and third-party. To establish the proxy connection, you must also specify the proxy server parameters in the Administration Server properties. Possible parameter values:
|
|
No |
The IP address of the proxy server. If the proxy server uses multiple IP addresses, specify these addresses separated by a space (for example, " |
|
No |
The number of the port through which the proxy connection will be established. |
|
Yes |
Parameters for internal use. Do not change the parameter value. |
Sample of the configuration file for the distributed deployment of Kaspersky Next XDR Expert
Page topDistributed deployment: Installing Kaspersky Next XDR Expert
Kaspersky Deployment Toolkit deploys Kaspersky Next XDR Expert by using the configuration file. KDT automatically deploys the Kubernetes cluster within which the Kaspersky Next XDR Expert components and other infrastructure components are installed.
If you need to install multiple Kubernetes clusters with Kaspersky Next XDR Expert instances, you can use the required number of contexts.
To install Kaspersky Next XDR Expert:
- Unpack the downloaded distribution package with KDT on the administrator host.
- Read the End User License Agreement (EULA) of KDT located in the distribution package with the Kaspersky Next XDR Expert components.
When you start using KDT, you accept the terms of the EULA of KDT.
You can read the EULA of KDT after the deployment of Kaspersky Next XDR Expert. The file is located in the
/home/kdt/directory of the user who runs the deployment of Kaspersky Next XDR Expert. - On the administrator host, run the following commands to start deployment of Kaspersky Next XDR Expert. Specify the path to the the transport archive with the Kaspersky Next XDR Expert components and the path to the configuration file that you filled out earlier.
chmod +x kdt./kdt apply -k <path_to_transport_archive> -i <path_to_configuration_file>You can install Kaspersky Next XDR Expert without prompting to read the terms of the EULA and the Privacy Policy of OSMP if you use the
--accept-eulaflag. You can read the EULA and the Privacy Policy of OSMP before the deployment of Kaspersky Next XDR Expert. The files are located in the distribution package with the Kaspersky Next XDR Expert components.If you want to read and accept the terms of the EULA and the Privacy Policy during the deployment, do not use the
--accept-eulaflag. - If you do not use the
--accept-eulaflag in the previous step, read the EULA and the Privacy Policy of OSMP. The text is displayed in the command line window. Press the space bar to view the next text segment. Then, when prompted, enter the following values:- Enter
yif you understand and accept the terms of the EULA.Enter
nif you do not accept the terms of the EULA. To use Kaspersky Next XDR Expert, you must accept the terms of the EULA. - Enter
yif you understand and accept the terms of the Privacy Policy, and you agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.Enter
nif you do not accept the terms of the Privacy Policy.To use Kaspersky Next XDR Expert, you must accept the terms of the EULA and the Privacy Policy.
After you accept the EULA and the Privacy Policy, KDT deploys the Kaspersky Next XDR Expert components within the Kubernetes cluster on the target hosts.
During the Kaspersky Next XDR Expert deployment, a new user is created on the primary Administration Server. To start configuring OSMP Console, this user is assigned the following roles: the XDR role of the Main administrator in the Root tenant and the Kaspersky Security Center role of the Main administrator.
- Enter
- View the installation logs of the Bootstrap component in the directory with the KDT utility and obtain diagnostic information about Kaspersky Next XDR Expert components, if needed.
- Sign in to the OSMP Console and to the KUMA Console.
The default OSMP Console address is
https://console.<smp_domain>:443.The default KUMA Console address is
https://kuma.<smp_domain>:7220.
Single node deployment: Specifying the installation parameters
If you want to deploy Kaspersky Next XDR Expert on a single node, fill out the installation parameters of the configuration file that are required both for the distributed and single node deployment, as well as define the following specific parameters: type, lowResources, vault_replicas, vault_ha_mode, vault_standalone, and defaultClassReplicaCount.
The template of the configuration file for the single node deployment is located in the distribution package with the Kaspersky Next XDR Expert components. You can fill out the configuration file template manually; or use the Configuration wizard to specify the installation parameters that are required for the Kaspersky Next XDR Expert deployment, and then generate the configuration file.
For correct work of KDT with the configuration file, enter an empty line at the end of the file.
The nodes section of the configuration file contains the target host parameters that are listed in the table below.
Installation parameters of the nodes section
Parameter name |
Required |
Description |
Possible values |
|---|---|---|---|
|
Yes |
The name of the node. |
String value |
|
Yes |
For the target host, set the |
|
|
Yes |
The IP address of the node. All nodes must be included in the same subnet. |
IP address |
|
No |
The node type that specifies the Kaspersky Next XDR Expert component that will be installed on this node. If the Do not specify the |
|
|
Yes |
The username of the user account created on the target host and used for connection to the node by KDT. |
String value |
|
Yes |
The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT. |
String value |
The parameters section of the configuration file contains the parameters listed in the table below.
Installation parameters of the parameters section
Parameter name |
Required |
Description |
Possible values |
|---|---|---|---|
|
Yes |
The connection string for accessing the DBMS that is installed and configured on a separate server. Specify this parameter as follows:
If the We recommend installing a DBMS on a separate server outside the cluster. |
String value |
|
Yes |
The language of the OSMP Console interface specified by default. After installation, you can change the OSMP Console language. |
|
|
Yes |
The reserved static IP address of the Kubernetes cluster gateway. The gateway must be included in the same subnet as all cluster nodes. If you install the DBMS on a separate server, the gateway IP address must contain the subnet mask /32. If you install the DBMS inside the cluster, set the gateway IP address to an IP range in the format |
IP address |
|
Yes |
The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT. |
String value |
|
Yes |
The path to the private part of the SSH key located on the administrator host and used for connection to the nodes with the KUMA services (collectors, correlators and storages). |
String value |
|
Yes |
The The Main administrator role is assigned to this user account. The The The password must comply with the following rules:
|
String value |
|
No |
The parameter that indicates that Kaspersky Next XDR Expert is installed on the target host with limited computing resources. Set the |
|
|
No |
The number of replicas of the secret storage in the Kubernetes cluster. Set the |
Integer value |
|
No |
The parameter that indicates whether to run the secret storage in the High Availability (HA) mode. Set the |
|
|
No |
The parameter that indicates whether to run the secret storage in the standalone mode. Set the |
|
|
Yes |
The parameter that specifies the amount of disk space for the operation of KUMA Core. This parameter is used only if the |
String value |
|
Yes |
The path to the KUMA inventory file located on the administrator host. The inventory file contains installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster. |
String value |
|
No |
The path to the additional KUMA inventory file located on the administrator host. This file contains the installation parameters used to partially add or remove hosts with the KUMA services. If you perform an initial deployment of Kaspersky Next XDR Expert or you do not need to partially add or remove hosts with the KUMA services, set this parameter to |
String value |
|
Yes |
The path to the license key of KUMA. |
String value |
|
Yes |
The domain name that is used in the addresses of the public Kaspersky Next XDR Expert services. |
String value |
|
Yes |
The domain name for which a self-signed or custom certificate is to be generated. The |
String value |
|
Yes |
The addresses of the Kaspersky Next XDR Expert services. These addresses contain the domain name, which must match the |
String value |
|
Yes |
The list of addresses of the public Kaspersky Next XDR Expert services for which a self-signed or custom certificate is to be generated. These addresses contain the domain name, which must match the |
String value |
|
No |
The path to the custom intermediate certificate used to work with public Kaspersky Next XDR Expert services. |
String value |
|
No |
The parameter that indicates whether to use the custom intermediate certificate instead of the self-signed certificates for the public Kaspersky Next XDR Expert services. |
|
|
No |
The paths to the custom leaf certificates used to work with the corresponding public Kaspersky Next XDR Expert services: admsrv.<smp_domain>, api.<smp_domain>, console.<smp_domain>, psql.<smp_domain>. Specify the If you want to specify the leaf custom certificates, set the |
String value |
|
Yes |
The address of KUMA Console. This address contains the domain name, which must match the |
String value |
|
Yes |
The address of OSMP Console. This address contains the domain name, which must match the |
String value |
|
Yes |
The names of the secret files that are stored in the Kubernetes cluster. These names contain the domain name, which must match the |
String value |
|
Yes |
The amount of free disk space allocated to store the Administration Server data (updates, installation packages, and other internal service data). |
String value |
|
No |
The number of disk volumes that are used to store the service data of Kaspersky Next XDR Expert components and KDT. The default value is Set the |
Integer value |
|
No |
The amount of free disk space allocated to store the internal service KDT data. The default value is |
String value |
|
Yes |
The amount of free disk space allocated to store metrics. The minimum recommend value is 5 GB. |
String value |
|
Yes |
The amount of free disk space allocated to store OSMP logs. The minimum recommend value is 20 GB. |
String value |
|
Yes |
The The The default parameter value is |
String value |
|
No |
The parameter that indicates whether to encrypt the traffic between the Kaspersky Next XDR Expert components and the DBMS by using the TLS protocol. Set the |
|
|
No |
The path to the PEM file that can contain the TLS certificate of the DBMS server or a root certificate from which the TLS server certificate can be issued. Specify the |
String value |
|
No |
The path to the PEM file that contains a certificate and a private key of the Kaspersky Next XDR Expert component. This certificate is used to establish the TLS connection between the Kaspersky Next XDR Expert components and the DBMS. Specify the |
String value |
|
No |
The parameter that indicates whether to use the proxy server to connect the Kaspersky Next XDR Expert components to the internet. If the host on which Kaspersky Next XDR Expert is installed has internet access, you can also provide internet access for operation of Kaspersky Next XDR Expert components (for example, Administration Server) and for specific integrations, both Kaspersky and third-party. To establish the proxy connection, you must also specify the proxy server parameters in the Administration Server properties. |
|
|
No |
The IP address of the proxy server. If the proxy server uses multiple IP addresses, specify these addresses separated by a space (for example, " |
String value |
|
No |
The number of the port through which the proxy connection will be established. |
String value |
|
No |
The trace level. The default value is |
Integer value ( |
|
Yes |
The parameters for internal use. Do not change the parameter value. |
String value |
Sample of the configuration file for the single node deployment of Kaspersky Next XDR Expert
Page topSingle node deployment: Installing Kaspersky Next XDR Expert
If necessary, you can perform the single node deployment of Kaspersky Next XDR Expert so that the solution requires fewer computing resources (for example, for demonstration purposes).
In this configuration, the administrator host is used to install and manage the Kubernetes cluster and Kaspersky Next XDR Expert, as with distributed deployment. KDT is launched from the administrator host.
One target host, which acts as the primary and worker nodes, manages the Kubernetes cluster, stores metadata, and performs the workload of the Kaspersky Next XDR Expert components. The Kubernetes cluster and Kaspersky Next XDR Expert components are installed on this target host. Only the target host is included in the Kubernetes cluster (the primary worker node of the cluster).
To perform the single node deployment of Kaspersky Next XDR Expert:
- Download the distribution package that has the Kaspersky Next XDR Expert components.
- Install a database management system.
Skip this step if you want to install the DBMS inside the cluster. KDT will install the DBMS during the Kaspersky Next XDR Expert deployment. In this case, the Kaspersky Next XDR Expert components and the DBMS will use one target host.
Alternatively, you can install the DBMS on a separate server outside the cluster.
- Prepare the administrator and target hosts, as with distributed deployment.
Make sure that the hardware and software on the target host meet the requirements for the single node deployment.
For the target host that acts as a primary worker node, perform all preparatory steps necessary for both primary and worker nodes.
- Prepare the KUMA target hosts for installation of the KUMA services.
- Prepare the KUMA inventory file.
- Fill out the configuration file manually or by using the Configuration wizard.
The deployment method (distributed deployment or single node deployment) is determined by the installation parameters. The following installation parameters are specific to the single node deployment:
type,lowResources,vault_replicas,vault_ha_mode,vault_standalone,defaultClassReplicaCount. - Install Kaspersky Next XDR Expert by using KDT.
The Kubernetes cluster and Kaspersky Next XDR Expert components are deployed on the primary worker node, and the KUMA services are installed.
Page topConfiguration wizard for the Kaspersky Next XDR Expert deployment
For the distributed and single node Kaspersky Next XDR Expert deployment, you have to prepare a configuration file that contains the installation parameters of the Kaspersky Next XDR Expert components. The Configuration wizard allows you to specify the installation parameters that are required to deploy Kaspersky Next XDR Expert, and then generate the resulting configuration file.
Prerequisites
Before specifying the installation parameters by using the Configuration wizard, you must do the following:
- Select the option for deploying Kaspersky Next XDR Expert.
- Download the distribution package with the Kaspersky Next XDR Expert components.
- Install a database management system on a separate server that is located outside the Kubernetes cluster, if needed (only for the distributed deployment).
- Prepare the administrator and target hosts.
- Prepare the hosts for installation of the KUMA services.
- Prepare the KUMA inventory file.
Process
To specify the installation parameters by using the Configuration wizard:
- On the administrator host where the KDT utility is located, run the Configuration wizard by using the following command:
./kdt wizard -k <path_to_transport_archive> -o <path_to_configuration_file>where:
<path_to_transport_archive>is the path to the transport archive.<path_to_configuration_file>is the path where you want to save the configuration file and the configuration file name.
The Configuration wizard prompts you to specify the installation parameters. The list of the installation parameters that are specific for the distributed and single node deployment differs.
If you do not have the Write permissions on the specified directory or a file with the same name is located in this directory, an error occurs and the wizard terminates.
- Enter the IPv4 address of a primary node (the
hostparameter of the configuration file).If you want to perform the single node deployment, this node will act as a primary-worker node.
- Enter the username of the user account used for connection to the primary node by KDT (the
userparameter of the configuration file). - Enter the path to the private part of the SSH key located on the administrator host and that is used for connection to the primary node by KDT (the
keyparameter of the configuration file).The default value is
/root/.ssh/id_rsa. - Enter the number of worker nodes.
Possible values:
- 0—Single node deployment.
- 3 or more—Distributed deployment.
This step defines the option of deploying Kaspersky Next XDR Expert. If you want to perform single node deployment, the following parameters specific for this deployment option will take the default values:
type—primary-workerlowResources—truevault_replicas—1vault_ha_mode—falsevault_standalone—truedefaultClassReplicaCount—1
- For each worker node, enter the IPv4 address (the
hostparameter of the configuration file).Note that the primary and worker nodes must be included in the same subnet.
The
kindparameter of the first worker node is set toadmsrvby default. That means that Administration Server will be installed on the first worker node. - For each worker node, enter the username used for connection to the worker node by KDT (the
userparameter of the configuration file). - For each worker node, enter the path to the private part of the SSH key used for connection to the worker node by KDT (the
keyparameter of the configuration file).The default value is
/root/.ssh/id_rsa. - Enter the connection string for accessing the DBMS that is installed and configured on a separate server (the
psql_dsnparameter of the configuration file).Specify this parameter as follows:
postgres://<dbms_username>:<password>@<fqdn>:<port>. - Enter the reserved static IP address of the Kubernetes cluster gateway (the
ipaddressparameter of the configuration file).The gateway must be included in the same subnet as all cluster nodes. The gateway IP address must contain the subnet mask /32.
- Enter the username of the Kaspersky Next XDR Expert user account that will be created by KDT during the installation (the
adminLoginandkumaLoginparameters of the configuration file).The default username of this account is "admin." The Main administrator role is assigned to this user account.
- Enter the password of the Kaspersky Next XDR Expert user account that will be created by KDT during the installation (the
kscpasswordandadminPasswordparameters of the configuration file). - Enter the path to the KUMA inventory file located on the administrator host (the
inventoryparameter of the configuration file).The KUMA inventory file contains the installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster.
- Enter the path to the private part of the SSH key located on the administrator host and used for connection to the nodes with the KUMA services (the
sshkeyparameter of the configuration file). - Enter the path to the LICENSE file of KUMA (the
licenseparameter of the configuration file). - Enter the domain name that is used in the addresses of the public Kaspersky Next XDR Expert services (the
smp_domainparameter of the configuration file). - Enter the path to the custom certificates used to work with the public Kaspersky Next XDR Expert services (the
intermediate_bundleparameter of the configuration file).If you want to use self-signed certificates, press Enter to skip this step.
- Check the specified parameters that are displayed in the numbered list.
To edit the parameter, enter the parameter number, and then specify a new parameter value. Otherwise, press Enter to continue.
- Press Y to save a new configuration file with the specified parameters or N to stop the Configuration wizard without saving.
The configuration file with the specified parameters is saved in the YAML format.
Other installation parameters are included in the configuration file, with default values. You can edit the configuration file manually before the deployment of Kaspersky Next XDR Expert.
Page topConfiguring internet access for the target hosts
If your organization's infrastructure uses the proxy server to access the internet, as well as you need to connect the target hosts to the internet, you must add the IP address of each target host to the no_proxy variable in the /etc/environment file before the Kaspersky Next XDR Expert deployment. This allows you to establish a direct connection of the target hosts to the internet and correctly deploy Kaspersky Next XDR Expert.
To configure internet access for the target hosts:
- On the target host, open the /etc/environment file by using a text editor. For example, the following command opens the file by using the GNU nano text editor:
sudo nano /etc/environment - In the /etc/environment file, add the IP address of the target host to the
no_proxyvariable separated by a comma without a space.For example, the
no_proxyvariable can be initially specified as follows:no_proxy=localhost,127.0.0.1You can add the IP address of the target host (192.168.0.1) to the
no_proxyvariable:no_proxy=localhost,127.0.0.1,192.168.0.1Alternatively, you can specify the subnet that includes the target hosts (in CIDR notation):
no_proxy=localhost,127.0.0.1,192.168.0.0/24 - Save the /etc/environment file.
After you add the IP addresses in the /etc/environment file to each target host, you can continue preparing of the target hosts and further Kaspersky Next XDR Expert deployment.
Page topInstallation requirements for the KUMA services
Before installation of the KUMA services, make sure the following conditions are met:
- The KUMA service hosts satisfy the hardware and software requirements.
- The ports required for installation of the KUMA services are opened.
- The KUMA services are addressed using the fully qualified domain name (FQDN) of the host. Before you install the KUMA services, make sure that the correct host FQDN is returned in the
Static hostnamefield. For this purpose, execute the following command:hostnamectl status - Time synchronization over Network Time Protocol (NTP) is configured on all servers with KUMA services.
- Requirements for the operating system listed in the table below are met.
Installation requirements for the operating system
|
Astra Linux |
Python version |
3.6 or later |
SELinux module |
Disabled |
Package manager |
pip3 |
Basic packages |
The packages can be installed using the following command:
|
Dependent packages |
If you are planning to query Oracle DB databases from KUMA, you must install the libaio1 Astra Linux package. |
User permissions level required to install the application |
To assign the required permissions to the user account used for installing the application, run the following command:
|
Synchronizing time on machines
To configure time synchronization on machines:
- Run the following command to install chrony:
sudo apt install chrony - Configure the system time to synchronize with the NTP server:
- Make sure the virtual machine has internet access.
If access is available, go to step b.
If internet access is not available, edit the
/etc/chrony.conffile. Replace2.pool.ntp.orgwith the name or IP address of your organization's internal NTP server. - Start the system time synchronization service by executing the following command:
sudo systemctl enable --now chronyd - Wait a few seconds, and then run the following command:
sudo timedatectl | grep 'System clock synchronized'If the system time is synchronized correctly, the output will contains the line
System clock synchronized: yes.
- Make sure the virtual machine has internet access.
Synchronization is configured.
Page topInstalling KUMA services
Services are the main components of KUMA that help the system to manage events. Services allow you to receive events from event sources and subsequently bring them to a common form that is convenient for finding correlation, as well as for storage and manual analysis.
Service types:
- Storages are used to save events.
- Collectors are used to receive events and convert them to the KUMA format.
- Correlators are used to analyze events and search for defined patterns.
- Agents are used to receive events on remote devices and forward them to the KUMA collectors.
You must install the KUMA services only after you deploy Kaspersky Next XDR Expert. During the Kaspersky Next XDR Expert deployment, the required infrastructure is prepared: the service directories are created on the prepared hosts, and the files that are required for the service installation are added to these directories. We recommend installing services in the following order: storage, collectors, correlators, and agents.
To install and configure the KUMA services:
- Sign in to the KUMA console.
You can use one of the following methods:
- In the main menu of OSMP Console, go to Settings → KUMA.
- In your browser, go to
https://kuma.<smp_domain>:7220.
- In the KUMA console, create a resource set for each KUMA service (storages, collectors, and correlators) that you want to install on the prepared hosts in the network infrastructure.
- Create services for storages, collectors, and correlators in KUMA Console.
- Obtain the service identifiers to bind the created resource sets and the KUMA services:
- In the KUMA Console main menu, go to Resources → Active services.
- Select the required KUMA service, and then click the Copy ID button.
- On the prepared hosts in the network infrastructure, run the corresponding commands to install the KUMA services. Use the service identifiers that were obtained earlier:
- Installation command for the storage:
sudo /opt/kaspersky/kuma/kuma storage --core https://<KUMA Core server FQDN>:7210 --id <service ID copied from the KUMA Console> --install - Installation command for the collector:
sudo /opt/kaspersky/kuma/kuma collector --core https://<KUMA Core server FQDN>:7210 --id <service ID copied from the KUMA Console> --api.port <port used for communication with the collector> - Installation command for the correlator:
sudo /opt/kaspersky/kuma/kuma correlator --core https://<KUMA Core server FQDN>:7210 --id <service ID copied from the KUMA Console> --api.port <port used for communication with the correlator> --install
By default, the FQDN of the KUMA Core is
kuma.<smp_domain>.The port that is used for connection to KUMA Core cannot be changed. By default, port 7210 is used.
Open ports that correspond to the installed collector and correlator on the server (TCP 7221 and other ports used for service installation as the
--api.port <port>parameter values). - Installation command for the storage:
- During the installation of the KUMA services, read the End User License Agreement (EULA) of KUMA. The text is displayed in the command line window. Press the space bar to view the next text segment. Then, when prompted, enter the following values:
- Enter
yif you understand and accept the terms of the EULA. - Enter
nif you do not accept the terms of the EULA. To use the KUMA services, you must accept the terms of the EULA.
You can read the EULA of KUMA after the installation of the KUMA services in one of the following ways:
- On hosts, it is included in the
kuma_utilsgroup in the KUMA inventory file: open the LICENSE file located in the/opt/kaspersky/kuma/utilsdirectory. - On hosts, it is included in other groups (
kuma_storage, kuma_collector, orkuma_correlator) in the KUMA inventory file: open the LICENSE file located in the/opt/kaspersky/kumadirectory. - Run the following command:
/opt/kaspersky/kuma/kuma license --show
After you accept the EULA, the KUMA services are installed on the prepared machines in the network infrastructure.
- Enter
- If necessary, verify that the collector and correlator are ready to receive events.
- If necessary, install agents in the KUMA network infrastructure.
The files required for the agent installation are located in the
/opt/kaspersky/kuma/utilsdirectory.
The KUMA services required for the function of Kaspersky Next XDR Expert are installed.
Page topDeployment of multiple Kubernetes clusters and Kaspersky Next XDR Expert instances
KDT allows you to deploy multiple Kubernetes clusters with Kaspersky Next XDR Expert instances and switch between them by using contexts. Context is a set of access parameters that define the Kubernetes cluster that the user can select to interact with. The context also includes data for connecting to the cluster by using KDT.
Prerequisites
Before creating contexts and installing Kubernetes clusters with Kaspersky Next XDR Expert instances, you must do the following:
- Prepare the administrator and target hosts.
For the installation of multiple clusters and Kaspersky Next XDR Expert instances, you need to prepare one administration host for all clusters and separate sets of target hosts for each of the clusters. Kubernetes components should not be installed on the target hosts.
- Prepare the hosts for installation of the KUMA services.
For installation of the KUMA services, you need to prepare separate sets of hosts for each Kaspersky Next XDR Expert instance.
- Prepare the KUMA inventory file.
For installation of the KUMA services, you need to prepare separate inventory files for each Kaspersky Next XDR Expert instance.
- Prepare the configuration file.
For installation of multiple clusters and Kaspersky Next XDR Expert instances, you need to prepare configuration files for each Kaspersky Next XDR Expert instance. In these configuration files, specify the corresponding administration and target hosts, and other parameters specific to a particular cluster and Kaspersky Next XDR Expert instance.
Process
To create a context with the Kubernetes cluster and Kaspersky Next XDR Expert instance:
- On the administrator host where the KDT utility is located, run the following command and specify the context name:
./kdt ctx <context_name> --createThe context with the specified name is created.
- Install the Kubernetes cluster and Kaspersky Next XDR Expert.
The cluster with the Kaspersky Next XDR Expert instance is deployed in the context. The creation of the context is finished.
You can repeat this procedure to create the required number of contexts with installed clusters and Kaspersky Next XDR Expert instances.
You must deploy the Kubernetes cluster and the Kaspersky Next XDR Expert instance after you create the context to finish the context creation. If you do not perform the deployment in the context, and then create another context, the first context will be removed.
You can view the list of created contexts by using the following command:
./kdt ctx
If you want to switch to the required context, run the following command and specify the context name:
./kdt ctx <context_name>
After you select the context, KDT connects to the corresponding Kubernetes cluster. Now, you can work with this cluster and the Kaspersky Next XDR Expert instance. KDT commands are applied to the selected cluster.
When you remove the Kaspersky Next XDR Expert components installed in the Kubernetes cluster and the cluster itself by using KDT, the corresponding contexts are also removed. Other contexts and their clusters with Kaspersky Next XDR Expert instances are not removed.
Page topSigning in to Kaspersky Next XDR Expert
To sign in to Kaspersky Next XDR Expert, you must know the web address of Open Single Management Platform Console. In your browser, JavaScript must be enabled.
To sign in to Open Single Management Platform Console:
- In your browser, go to <
Open Single Management Platform Consoleweb address>.The sign-in page is displayed.
- Do one of the following:
- To sign in to Open Single Management Platform Console with a domain user account, enter the user name and password of the domain user.
You can enter the user name of the domain user in one of the following formats:
Username@dns.domain- NTDOMAIN\
Username
Before you sign in with a domain user account, poll the domain controller to obtain the list of domain users.
- Enter the user name and password of the internal user.
- If one or more virtual Servers are created on the Server and you want to sign in to a virtual Server:
- Click Show virtual Server options.
- Type the virtual Server name that you specified while creating the virtual Server.
- Enter the user name and password of the internal or domain user who has rights on the virtual Server.
- To sign in to Open Single Management Platform Console with a domain user account, enter the user name and password of the domain user.
- Click the Sign in button.
After sign-in, the dashboard is displayed, and it contains the language and theme that you used the last time you signed in.
Kaspersky Next XDR Expert allows you to work with Open Single Management Platform Console and KUMA Console interfaces.
If you sign in to one of the consoles, and then open the other console on a different tab of the same browser window, you are signed in to the other console without having to re-enter the credentials. In this case, when you sign out of one console, the session also ends for the other console.
If you use different browser windows or different devices to sign in to Open Single Management Platform Console and KUMA Console, you have to re-enter the credentials. In this case, when you sign out of one console on the browser window or device where it is open, the session continues on the window or device where the other console is open.
To sign out of Open Single Management Platform Console,
In the main menu, go to your account settings, and then select Sign out.
Open Single Management Platform Console is closed and the sign-in page is displayed.
Page top