KASPERSKY Security for Virtualization 1.1 User Manual
Kaspersky Security for Virtualization 1.1
Administrator's Guide
APPLICATION VERSION: 1.1 CRITICAL FIX 1
2
Dear User,
Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers
to most questions that may arise.
Attention! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to
this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal
reproduction or distribution of this document or parts hereof will result in civil, administrative, or criminal liability under
applicable law.
Any type of reproduction or distribution of any materials, including translations, may be allowed only with written
permission from Kaspersky Lab.
This document and related graphic images can be used exclusively for informational, non-commercial, or personal use.
This document may be amended without prior notice. You can find the latest version of this document at the Kaspersky
Lab website, at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any third-party materials used
herein, or for any potential harm associated with the use of such materials.
Document revision date: 7/3/2012
© 2012 Kaspersky Lab ZAO. All Rights Reserved.
http://www.kaspersky.com
http://support.kaspersky.com
3
CONTENTS
ABOUT THIS GUIDE .....................................................................................................................................................7
In this document .......................................................................................................................................................7
Document conventions .............................................................................................................................................9
SOURCES OF INFORMATION ABOUT THE APPLICATION......................................................................................11
Sources of information for independent research ...................................................................................................11
Discussing Kaspersky Lab applications on the Forum............................................................................................12
Contacting the Sales Department ...........................................................................................................................12
Contacting Technical Writing and Localization Unit by email ..................................................................................12
KASPERSKY SECURITY FOR VIRTUALIZATION 1.1 ................................................................................................13
Distribution kit .........................................................................................................................................................14
Hardware and software requirements .....................................................................................................................14
APPLICATION ARCHITECTURE.................................................................................................................................16
Contents of the Kaspersky Security virtual machine image ....................................................................................17
Integration of Kaspersky Security and the VMware virtual infrastructure ................................................................17
CONCEPT OF ADMINISTERING THE APPLICATION THROUGH KASPERSKY SECURITY CENTER ...................19
About Kaspersky Security policy and protection profiles ........................................................................................20
Protection profile inheritance.............................................................................................................................21
About the root protection profile ........................................................................................................................21
About Kaspersky Security tasks .............................................................................................................................21
INSTALLING AND REMOVING THE APPLICATION...................................................................................................22
Preparing for installation .........................................................................................................................................22
Requirements to the configuration of Kaspersky Security Center and VMware virtual infrastructure ................22
VMware vCenter Server accounts ....................................................................................................................23
Installing Kaspersky Security Console Plug-in ..................................................................................................24
Upgrading from a previous version of the application .............................................................................................24
Conversion procedure for policies and tasks ..........................................................................................................25
Step 1. Select application..................................................................................................................................25
Step 2. Select policies for conversion ...............................................................................................................25
Step 3. Select tasks for conversion ...................................................................................................................25
Step 4. Complete the conversion of policies and tasks .....................................................................................26
Application installation procedure ...........................................................................................................................26
Step 1. Select action .........................................................................................................................................26
Step 2. Connection to VMware vCenter Server ................................................................................................26
Step 3. Select the image file of an SVM ............................................................................................................27
Step 4. Review the license agreements ............................................................................................................27
Step 5. Select VMware ESXi hosts ...................................................................................................................27
Step 6. Select deployment scenario ..................................................................................................................27
Step 7. Select data storage ...............................................................................................................................28
Step 8. Match virtual networks ..........................................................................................................................28
Step 9. Specify network settings .......................................................................................................................28
Step 10. Specify network settings manually ......................................................................................................29
Step 11. Change account passwords on SVMs ................................................................................................29
Step 12. Register SVMs in VMware vShield Manager ......................................................................................29
Step 13. Log into the VMware vCenter Server account ....................................................................................29
A D M I N I S T R A T O R ' S G U I D E
4
Step 14. Launch the deployment of SVMs ........................................................................................................30
Step 15. Deployment of SVMs ..........................................................................................................................30
Step 16. Finish installation of the application ....................................................................................................30
Modifications to Kaspersky Security Center after application installation ...............................................................30
Changing the configuration of SVMs ......................................................................................................................30
Step 1. Select action .........................................................................................................................................31
Step 2. Connection to VMware vCenter Server ................................................................................................31
Step 3. Select SVMs .........................................................................................................................................32
Step 4. Enter the klconfig account password ....................................................................................................32
Step 5. Edit the settings of SVM connection to VMware vCenter Server ..........................................................32
Step 6. Edit the klconfig account password.......................................................................................................33
Step 7. Start the reconfiguration of SVMs .........................................................................................................33
Step 8. Changing the configuration of SVMs ....................................................................................................33
Step 9. End the reconfiguration of SVMs ..........................................................................................................33
Getting started ........................................................................................................................................................33
Step 1. Enter the policy name ...........................................................................................................................34
Step 2. Select application..................................................................................................................................34
Step 3. Configure the root protection profile......................................................................................................34
Step 4. Configuring additional settings ..............................................................................................................38
Step 5. Completing creation of a policy .............................................................................................................38
Removing the application .......................................................................................................................................38
Application removal procedure ...............................................................................................................................38
Step 1. Select action .........................................................................................................................................39
Step 2. Connection to VMware vCenter Server ................................................................................................39
Step 3. Select VMware ESXi hosts ...................................................................................................................40
Step 4. Cancel the registration of SVMs in VMware vShield Manager ..............................................................40
Step 5. Confirm removal ...................................................................................................................................40
Step 6. Remove SVMs ......................................................................................................................................40
Step 7. Finish application removal ....................................................................................................................41
APPLICATION LICENSING .........................................................................................................................................42
About the End User License Agreement .................................................................................................................42
About the license ....................................................................................................................................................42
About the key file ....................................................................................................................................................43
Activating the application ........................................................................................................................................44
Renewing a license.................................................................................................................................................44
Creating the key installation task ............................................................................................................................44
Step 1. Enter the name of the key installation task ...........................................................................................45
Step 2. Selecting the task type..........................................................................................................................45
Step 3. Select the key file..................................................................................................................................45
Step 4. Select the key installation task run mode..............................................................................................46
Step 5. Finish key installation task creation ......................................................................................................46
Running the key installation task ............................................................................................................................46
Viewing the details of installed keys .......................................................................................................................47
Viewing key details in the Keys folder ...............................................................................................................47
Viewing key details in the properties of the application .....................................................................................48
Viewing key details in the properties of the key installation task .......................................................................49
Viewing the key usage report ............................................................................................................................50
C O N T E N T S
5
STARTING AND STOPPING THE APPLICATION ......................................................................................................52
MANAGING PROTECTION .........................................................................................................................................53
PROTECTION OF VIRTUAL MACHINES ....................................................................................................................54
About protection of virtual machines .......................................................................................................................54
Editing packer scan settings ...................................................................................................................................55
Viewing the protected infrastructure of the KSC cluster..........................................................................................55
Disabling protection on a virtual machine ...............................................................................................................57
Manage protection profiles .....................................................................................................................................58
Creating a protection profile ..............................................................................................................................58
Editing protection profile settings ......................................................................................................................62
Assigning a protection profile to a virtual machine ............................................................................................62
Deleting a protection profile ..............................................................................................................................64
SCANNING OF VIRTUAL MACHINES ........................................................................................................................65
About virtual machine scan .....................................................................................................................................65
Creating a full scan task .........................................................................................................................................65
Step 1. Enter the full scan task name................................................................................................................66
Step 2. Selecting the task type..........................................................................................................................66
Step 3. Configuring scan settings .....................................................................................................................66
Step 4. Editing the scan scope..........................................................................................................................69
Step 5. Select the full scan task run mode ........................................................................................................70
Step 6. Finish full scan task creation .................................................................................................................70
Creating a custom scan task...................................................................................................................................70
Step 1. Enter the custom scan task name.........................................................................................................71
Step 2. Selecting the task type..........................................................................................................................71
Step 3. Connection to VMware vCenter Server ................................................................................................71
Step 4. Select the action scope.........................................................................................................................72
Step 5. Configuring scan settings .....................................................................................................................72
Step 6. Editing the scan scope..........................................................................................................................75
Step 7. Select the custom scan task run mode .................................................................................................75
Step 8. Finish custom scan task creation ..........................................................................................................75
Starting and stopping a full scan task or custom scan task ....................................................................................76
ANTI-VIRUS DATABASE UPDATE .............................................................................................................................77
About anti-virus database updates .........................................................................................................................77
Automatic updates of anti-virus databases .............................................................................................................77
Creating an update distribution task .......................................................................................................................78
Step 1. Enter the name of the update distribution task .....................................................................................78
Step 2. Selecting the task type..........................................................................................................................78
Step 3. Select the update distribution task run mode ........................................................................................79
Step 4. Finish update distribution task creation.................................................................................................79
Rolling back the last anti-virus database update.....................................................................................................79
Creating an update rollback task ............................................................................................................................79
Step 1. Enter the name of the rollback task ......................................................................................................80
Step 2. Selecting the task type..........................................................................................................................80
Step 3. Select the rollback task run mode .........................................................................................................80
Step 4. Finish rollback task creation .................................................................................................................81
Running an update rollback task.............................................................................................................................81
A D M I N I S T R A T O R ' S G U I D E
6
BACKUP ......................................................................................................................................................................82
About Backup .........................................................................................................................................................82
Configuring Backup settings ...................................................................................................................................82
Managing backup copies of files .............................................................................................................................83
Viewing the list of backup copies of files ...........................................................................................................84
Saving files from Backup the hard drive ............................................................................................................84
Deleting backup copies of files..........................................................................................................................85
REPORTS AND NOTIFICATIONS ...............................................................................................................................86
About events and notifications ................................................................................................................................86
Report types ...........................................................................................................................................................86
Kaspersky Lab application versions report........................................................................................................87
Protection deployment report ............................................................................................................................88
Most infected computers report.........................................................................................................................89
Viruses report....................................................................................................................................................89
Errors report ......................................................................................................................................................90
Anti-virus database usage report ......................................................................................................................91
Viewing reports .......................................................................................................................................................92
Configuring notification settings ................................................................ ..............................................................93
TROUBLESHOOTING IN REGISTRATION OF SVMS ................................................................................................95
About probable issues in registration of SVMs in VMware vShield Manager ..........................................................95
Troubleshooting procedure in registration of SVMs in VMware vShield Manager ..................................................95
Step 1. Select action .........................................................................................................................................96
Step 2. Connection to VMware vCenter Server ................................................................................................96
Step 3. Connection to VMware vShield Manager..............................................................................................97
Step 4. Selecting issues to fix ...........................................................................................................................97
Step 5. Confirming the actions ..........................................................................................................................97
Step 6. Fixing issues ......................................................................................................................................... 98
Step 7. Completing issues fixing .......................................................................................................................98
CONTACTING TECHNICAL SUPPORT ......................................................................................................................99
How to obtain technical support ..............................................................................................................................99
Technical support by phone ....................................................................................................................................99
Obtaining technical support via Personal Cabinet ................................................................................................100
Collecting information for Technical Support ........................................................................................................101
Using a trace file ...................................................................................................................................................101
GLOSSARY ...............................................................................................................................................................102
KASPERSKY LAB ZAO .............................................................................................................................................104
INFORMATION ABOUT THIRD-PARTY CODE.........................................................................................................105
TRADEMARK NOTICES ............................................................................................................................................106
INDEX ........................................................................................................................................................................107
7
ABOUT THIS GUIDE
IN THIS SECTION:
In this document ................................................................................................ ................................................................ 7
Document conventions ...................................................................................................................................................... 9
This document is an Administrator's Guide to Kaspersky Security for Virtualization 1.1 (hereinafter also "Kaspersky
Security").
This Guide is intended for technical specialists tasked with installing and administering Kaspersky Security and providing
support to companies that use Kaspersky Security. This Guide is intended for technical specialists experienced in
handling virtual infrastructures under VMware™ vSphere™ platform and Kaspersky Security Center, a system designed
for remote centralized management of Kaspersky Lab applications.
This Guide is intended to do the following:
Describes the operating principles of Kaspersky Security, system requirements, common deployments, and
specifics of integration with other applications.
Helps plan the rollout of Kaspersky Security on a corporate network.
Describes the preparation for the installation of Kaspersky Security as well as installation and activation of the
application.
Describes the way to use Kaspersky Security.
Describe additional sources of information about the application and ways of receiving technical support.
IN THIS DOCUMENT
This Guide comprises the following sections:
Sources of information about the application (see page 11)
This section describes sources of information about the application and lists websites that you can use to discuss
application operation.
Kaspersky Security for Virtualization 1.1 (see page 13)
This section describes the purpose, key features, and composition of the application.
Application architecture (see page 16)
This section describes the application components and their interaction logic, also covering the application integration
with Kaspersky Security Center system and VMware virtual infrastructure.
Concept of administering the application through Kaspersky Security Center (see page 19)
This section describes the concept of administering the application through Kaspersky Security Center.
A D M I N I S T R A T O R ' S G U I D E
8
Installing and removing the application (see page 22)
This section describes how you can install the application in the VMware virtual infrastructure or remove it from the
VMware virtual infrastructure.
Application licensing (see page 42)
This section contains information about the basic concepts of application activation. This section describes the purpose
of the End User License Agreement, the types of licenses, the ways to activate the application, and how to renew your
license.
Starting and stopping the application (see page 52)
This section describes how you can start and stop the application.
Managing protection (see page 53)
This section describes how you can check the protection status of virtual machines and see if there are any problems
with protection.
Virtual machine protection (see page 54)
This section describes how Kaspersky Security protects virtual machines on VMware ESXi hosts controlled by a VMware
ESXi hypervisor against viruses and other threats, and how you can configure the virtual machine protection settings.
Virtual machine scan (see page 65)
This section describes the Kaspersky Security scan task performed on files of virtual machines on VMware ESXi hosts
controlled by a VMware ESXi hypervisor and provides instructions for configuring the scan task settings.
Anti-virus database update (see page 77)
This section contains information on database updates (hereinafter also known as "updates"), and instructions on how to
configure update settings.
Backup (see page 82).
This section covers Backup and provides instructions on managing Backup.
Reports and notifications (see page 86)
This section describes the ways to get information about the operation of Kaspersky Security.
Troubleshooting in registration of SVMs (see page 95)
This section provides descriptions of probable issues in registration of SVMs in VMware vShield™ Manager and
respective ways of solving them.
Contacting Technical Support (see page 99)
This section provides information about how to obtain technical support and the requirements for receiving help from
Technical Support.
Glossary (see page 102)
This section contains a list of terms mentioned in the document and their respective definitions.
A B O U T T H I S G U I D E
9
SAMPLE TEXT
DESCRIPTION OF DOCUM ENT CONVENT ION
Note that...
Warnings are highlighted in red and boxed.
Warnings provide information about possible unwanted actions that may lead to
data loss, failures in equipment operation or operating system problems.
We recommended that you use...
Notes are boxed.
Notes may contain useful hints, recommendations, specific values for settings, or
important special cases in operation of the application.
Example:
...
Examples are given on a yellow background under the heading "Example".
Kaspersky Lab ZAO (see page 104)
This section provides information about Kaspersky Lab ZAO.
Information on third-party code (see page 105)
This section contains information on third-party code.
Trademark notices (see page 106)
This section contains information on trademarks used in this document.
Index
This section allows you to quickly find required information within the document.
DOCUMENT CONVENTIONS
The document text is accompanied by semantic elements to which we recommend paying particular attention: warnings,
hints, and examples.
Document conventions are used to highlight semantic elements. The following table shows document conventions and
examples of their use.
Table 1. Document conventions
A D M I N I S T R A T O R ' S G U I D E
10
SAMPLE TEXT
DESCRIPTION OF DOCUM ENT CONVENT ION
Update means...
The Databases are out of date event
occurs.
The following semantic elements are italicized in the text:
New terms
Names of application statuses and events
Press ENTER.
Press ALT+F4.
Names of keyboard keys appear in bold and are capitalized.
Names of keys that are connected by a + (plus) sign indicate the use of a key
combination. Those keys must be pressed simultaneously.
Click the Enable button.
Names of application interface elements, such as entry fields, menu items, and
buttons, are set off in bold.
To configure a task schedule:
Introductory phrases of instructions are italicized and are accompanied by the
arrow sign.
In the command line, type help.
The following message then appears:
Specify the date in dd:mm:yy format.
The following types of text content are set off with a special font:
Text in the command line
Text of messages that the application displays on screen
Data that the user must enter.
<User name>
Variables are enclosed in angle brackets. Instead of the variable, insert the
corresponding value, not including the angle brackets.
11
SOURCES OF INFORMATION ABOUT THE
IN THIS SECTION:
Sources of information for independent research ............................................................................................................ 11
Discussing Kaspersky Lab applications on the Forum .................................................................................................... 12
Contacting the Sales Department.................................................................................................................................... 12
Contacting Technical Writing and Localization Unit by email .......................................................................................... 12
APPLICATION
This section describes sources of information about the application and lists websites that you can use to discuss
application operation.
You can select the most suitable information source, depending on the level of importance and urgency of the issue.
SOURCES OF INFORMATION FOR INDEPENDENT RESEARCH
You can use the following sources of information to research on your own:
Application page on the Kaspersky Lab website
Application page on the Technical Support website (Knowledge Base)
Online help
Documentation
If you cannot find a solution for your issue, we recommend that you contact Kaspersky Lab Technical Support (see the
section "Technical support by phone" on page 99).
An Internet connection is required to use information sources on the Kaspersky Lab website.
Application page on the Kaspersky Lab website
The Kaspersky Lab website features an individual page for each application.
On the web page (http://www.kaspersky.com/security-virtualization), you can view general information about the
application, its functions, and its features.
The page http://www.kaspersky.com contains a link to the eStore. There you can purchase or renew the application.
Application page on the Technical Support website (Knowledge Base)
Knowledge Base is a section on the Technical Support website that provides advice on using Kaspersky Lab
applications. The Knowledge Base consists of reference articles that are grouped by topic.
A D M I N I S T R A T O R ' S G U I D E
12
On the page of the application in the Knowledge Base (http://support.kaspersky.com/ksv), you can read articles that
provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install,
and use the application.
Articles may provide answers to questions relating not just to Kaspersky Security, but also to other Kaspersky Lab
applications. They also may contain news from Technical Support.
Online help
The help of the application comprises context help. Context help contains information about each window of Kaspersky
Security Console Plug-in: list of settings and their description.
Documentation
The distribution kit includes documents that help you to install and activate the application on the computers of a local
area network, configure its settings, and find information about the basic techniques for using the application.
DISCUSSING KASPERSKY LAB APPLICATIONS ON THE FORUM
If your question does not require an immediate answer, you can discuss it with the Kaspersky Lab experts and other
users in our forum (http://forum.kaspersky.com).
In this forum you can view existing topics, leave your comments, and create new discussion topics.
CONTACTING THE SALES DEPARTMENT
If you have any questions on how to select, purchase, or renew the application, you can contact our Sales Department
specialists in one of the following ways:
By calling our central office in Moscow by phone (http://www.kaspersky.com/contacts).
By sending a message with your question to sales@kaspersky.com.
Service is provided in Russian and in English.
CONTACTING TECHNICAL WRITING AND LOCALIZATION UNIT BY EMAIL
To contact the Technical Writing and Localization Unit, send an email to docfeedback@kaspersky.com. Please use
"Kaspersky Help Feedback: Kaspersky Security for Virtualization 1.1" as the subject line in your message.
13
KASPERSKY SECURITY FOR VIRTUALIZATION 1.1
Kaspersky Security is an integrated solution that protects virtual machines on a VMware ESXi host managed by the
VMware ESXi hypervisor against viruses and other computer security threats (hereinafter "viruses and other threats"). The
application is integrated into a virtual architecture managed by VMware ESXi hypervisor (hereinafter referred to as "VMware
virtual architecture") by means of VMware vShield Endpoint™ technology. VMware vShield Endpoint integration helps
protect virtual machines without the need to install additional antivirus software on guest operating systems.
Kaspersky Security protects virtual machines with Windows® guest operating systems, including server operating
systems (see the "Hardware and software requirements" section on page 14).
Kaspersky Security protects virtual machines when they are active (online, that is, not disabled or paused) and if they
have the VMware vShield Endpoint Thin Agent driver installed and enabled.
Kaspersky Security makes it possible to configure the protection of virtual machines at any level of the hierarchy of
VMware inventory objects: VMware vCenter™ Server, data center, VMware cluster, VMware ESXi host that is not part of
a VMware cluster, resource pool, vApp object, and virtual machine. The application supports the protection of virtual
machines during their migration within the DRS cluster of VMware.
Kaspersky Security features:
Protection. The application protects the file system of the guest operating system of a virtual machine
(hereinafter also "virtual machine files"). The application scans all files opened or closed by the user or a
different application on a virtual machine for viruses and other threats.
If a file is free from viruses and other threats, Kaspersky Security grants access to the file.
If a file is found to contain viruses and other threats, Kaspersky Security performs the action specified in its
settings; for example, deletes or blocks the file.
Scan. The application scans virtual machine files for viruses and other threats. Virtual machine files have to be
scanned regularly with new anti-virus databases to prevent the spread of malicious objects. You can perform an
on-demand scan or schedule a scan.
Storing backup copies of files. The application allows storing backup copies of files that have been deleted or
modified in the course of disinfection. Backup copies of files are stored in Backup in a special format and pose
no danger. If a disinfected file contained information that is partly or completely inaccessible after disinfection,
you can attempt to save the file from its backup copy.
Anti-virus database updates. The application downloads updated anti-virus databases. Updates keep the
virtual machine protected against new viruses and other threats at all times. You can update anti-virus
databases on demand or schedule an update.
Kaspersky Security is administered using the Kaspersky Security Center system for remote administration and
maintenance of Kaspersky Lab applications.
You can use the tools of Kaspersky Security Center to:
install the application in a VMware virtual infrastructure
configure the application settings
administer the application
manage the protection of virtual machines
manage the scan task
manage the application keys
A D M I N I S T R A T O R ' S G U I D E
14
update anti-virus databases of the application
IN THIS SECTION:
Distribution kit .................................................................................................................................................................. 14
Hardware and software requirements ............................................................................................................................. 14
handle copies of files in Backup
generate application event reports
delete the application from a VMware virtual infrastructure.
Kaspersky Security may require an additional configuration due to the specifics of concurrent operation of the application
and VMware vShield Manager.
DISTRIBUTION KIT
The application is available from online stores of Kaspersky Lab (for example, http://www.kaspersky.com, the eStore
section) or partner companies.
The distribution kit contains the following items:
Application files
Application manuals
license agreement that stipulates the terms, on which you can use the application.
The content of the distribution kit may differ depending on the region, in which the application is distributed.
Information that is required for application activation is sent to you by email after payment.
For more details on ways of purchasing and the distribution kit, contact the Sales Department by sending a message to
sales@kaspersky.com.
HARDWARE AND SOFTWARE REQUIREMENTS
For Kaspersky Security to operate properly, the local area network must meet the following software requirements:
Kaspersky Security Center 9.0 Critical Fix 2.
The computer with the Kaspersky Security Center Administration Console installed must have Microsoft® .NET
Framework 3.5 or later.
Software requirements for the VMware virtual architecture:
VMware ESXi 5.0 hypervisor, patch 1, build 474610 or later, or VMware ESXi 4.1 hypervisor, patch
3, build 433742 or later.
VMware vCenter Server 4.1 or VMware vCenter Server 5.0.
VMware vShield Endpoint 5.0.
K A S P E R S K Y S E C U R I T Y F O R V I R T U A L I Z A T I O N 1 . 1
15
VMware vShield Manager 5.0.0.
VMware vShield Endpoint Thin Agent driver. The driver is included in the VMware Tools kit supplied
together with VMware ESXi 5.0 hypervisor, patch 1. The driver has to be installed on the virtual machine
protected by Kaspersky Security.
Software requirements for the guest operating system of the virtual machine protected by Kaspersky Security:
Desktop operating systems:
Windows Vista® (32 bit)
Windows 7 (32 / 64 bit)
Windows XP SP2 or later (32 bit)
Server operating systems:
Windows Server® 2003 (32 / 64 bit)
Windows Server 2003 R2 (32 / 64 bit)
Windows Server 2008 (32 / 64 bit)
Windows Server 2008 R2 (64 bit)
For hardware requirements for Kaspersky Security Center, see the Kaspersky Security Center Rollout Manual.
For hardware requirements for the VMware virtual infrastructure, see VMware product manuals
http://www.vmware.com/pdf/vshield_50_quickstart.pdf.
For hardware requirements for the Window operating system, see Windows product manuals.
16
APPLICATION ARCHITECTURE
Kaspersky Security is an integrated solution that protects virtual machines on a VMware ESXi host managed by the
VMware ESXi hypervisor (see figure below).
Figure 1. Application architecture
Kaspersky Security is supplied as an image of a virtual machine (see the "Contents of the Kaspersky Security virtual
machine image" section on page 17), installed on a VMware ESXi host that is managed by a VMware ESXi hypervisor,
and protects virtual machines deployed on this ESXi host against viruses and other threats.
Secure virtual machine – a virtual machine with Kaspersky Security deployed on VMware ESXi host.
One SVM protects virtual machines on one VMware ESXi host. This eliminates the need to install the application on each
virtual machine in order to protect such virtual machines.
The VMware virtual infrastructure may contain several VMware ESXi hosts. Kaspersky Security should be installed on
each VMware ESXi host whose virtual machines you want to protect with Kaspersky Security.
Kaspersky Security is installed, configured, and administered via Kaspersky Security Center, a system for remote
administration of Kaspersky Lab applications (see Kaspersky Security Center Administrator's Guide).
The interaction between Kaspersky Security and Kaspersky Security Center is ensured by Network Agent, a component
of Kaspersky Security Center. The Network Agent is included in the Kaspersky Security virtual machine image.
The Kaspersky Security Console Plug-in provides the interface for managing the Kaspersky Security application through
Kaspersky Security Center. The Kaspersky Security Console Plug-in is included in the Kaspersky Security Center
installation package. The Kaspersky Security Console Plug-in should be installed on the computer (see the "Installing
Kaspersky Security Console Plug-in" section on page 24) that hosts the Kaspersky Security Center Administration
Console component.
A P P L I C A T I O N A R C H I T E C T U R E
17
IN THIS SECTION:
Contents of the Kaspersky Security virtual machine image ............................................................................................. 17
Integration of Kaspersky Security and the VMware virtual infrastructure ........................................................................ 17
CONTENTS OF THE KASPERSKY SECURITY VIRTUAL
MACHINE IMAGE
The Kaspersky Security virtual machine image comprises:
SUSE® Linux® Enterprise Server 11 SP2 operating system
Kaspersky Security
The EPSEC library – a component provided by VMware. The EPSEC library provides access to the files of
virtual machines protected by Kaspersky Security.
Administration Agent – a component of Kaspersky Security Center. Administration Agent interacts with
Kaspersky Security Center Administration Server, enabling the latter to manage the Kaspersky Security
application.
INTEGRATION OF KASPERSKY SECURITY AND THE VMWARE VIRTUAL INFRASTRUCTURE
The following components are required for Kaspersky Security integration with the VMware virtual infrastructure:
VMware vShield Endpoint ESX Module. This component is installed on the VMware ESXi host. The
component ensures interaction between the VMware vShield Endpoint Thin Agent driver installed on a virtual
machine and the EPSEC library installed on the SVM.
VMware vCenter Server. This component is intended for administering and automating operational tasks within
the VMware virtual infrastructure. The component participates in the rollout of Kaspersky Security. The
component provides information about virtual machines installed on VMware ESXi hosts.
VMware vShield Manager. This component ensures the installation of the VMware vShield Endpoint ESX
Module on VMware ESXi hosts and registration of SVMs.
The enumerated components must be installed in the VMware virtual infrastructure prior to the installation of Kaspersky
Security.
The VMware vShield Endpoint Thin Agent driver ensures the collection of data on virtual machines and transmission of
files for scanning by Kaspersky Security. To enable Kaspersky Security to protect virtual machines, you have to install
and enable the VMware vShield Endpoint Thin Agent driver on these virtual machines. The driver is included in the
VMware Tools kit supplied together with VMware ESXi 5.0 hypervisor, patch 1.
A D M I N I S T R A T O R ' S G U I D E
18
Interaction between Kaspersky Security and the VMware virtual infrastructure
Kaspersky Security interacts with the VMware virtual infrastructure as follows:
1. The user or an application opens, saves or executes files on a virtual machine protected by Kaspersky Security.
2. The VMware vShield Endpoint Thin Agent intercepts information about these events and relays it to the VMware
vShield Endpoint ESX Module component installed on the VMware ESXi host.
3. The VMware vShield Endpoint ESX Module component relays this event information to the EPSEC library
installed on the SVM.
4. The EPSEC library relays this event information to Kaspersky Security installed on the SVM and provides
access to files on the virtual machine.
5. Kaspersky Security scans files opened, saved or executed by the user on the virtual machine for viruses and
other threats.
If the files are free from viruses and other threats, the application allows the user to access these files.
If the files are found to contain viruses and other threats, the application performs the action configured in
the settings of the protection profile (see the "About Kaspersky Security policy and protection profiles"
section on page 20) assigned to this virtual machine. For example, the application disinfects or blocks a file.
19
CONCEPT OF ADMINISTERING THE
IN THIS SECTION:
About Kaspersky Security policy and protection profiles ................................................................................................. 20
About Kaspersky Security tasks ...................................................................................................................................... 21
APPLICATION THROUGH KASPERSKY
SECURITY CENTER
Kaspersky Security for Virtualization 1.1 is controlled via Kaspersky Security Center, a centralized system enabling
remote control of Kaspersky Lab applications. In the case of Kaspersky Security for Virtualization 1.1, the SVM is the
equivalent of a Kaspersky Security Center client computer. Automatic data synchronization between SVMs and the
Kaspersky Security Center Administration Server happens in the same way as data synchronization between client
computers and Administration Server (see Kaspersky Security Center Administrator's Guide).
SVMs installed on VMware ESXi hosts controlled by a single VMware vCenter Server platform and the virtual machines
protected by them are combined into a KSC cluster at Kaspersky Security Center (Kaspersky Security Center cluster)
(see figure below). The KSC cluster is assigned the name of the corresponding VMware vCenter Server platform.
VMware inventory objects as part of this VMware vCenter Server platform form the protected infrastructure of the KSC
cluster.
Figure 2. KSC cluster
The operation of Kaspersky Security is controlled through Kaspersky Security Center by means of policies and tasks:
A policy defines the protection settings for VMs, the scan settings for packers (see section "Getting started" on
page 33), and the settings of backups on SVMs (see section "About Backup" on page 82).
Scan tasks define the virtual machine scan settings (see the "Scanning of virtual machines" section on
page 65).
For detailed information on policies and tasks see the Kaspersky Security Center Administrator's Guide.
A D M I N I S T R A T O R ' S G U I D E
20
ABOUT KASPERSKY SECURITY POLICY AND PROTECTION
IN THIS SECTION:
Protection profile inheritance ........................................................................................................................................... 21
About the root protection profile ...................................................................................................................................... 21
PROFILES
In Kaspersky Security, a policy is applied to a KSC cluster. Accordingly, a policy is applied to all SVMs that are part of
the KSC cluster and defines the protection settings of all virtual machines that are part of the protected infrastructure of
this KSC cluster.
Virtual machine protection settings within a policy are defined by a protection profile (see figure below). A policy can
comprise several protection profiles. A protection profile is assigned to VMware inventory objects within the protected
infrastructure of a KSC cluster. Only one protection profile may be assigned to a single VMware inventory object.
Figure 3. Protection profiles
The SVM protects the virtual machine using the settings configured in the protection profile assigned to the SVM.
Protection profiles let you flexibly configure different protection settings for different virtual machines.
Kaspersky Security Center makes it possible to form a complex hierarchy of administered groups and policies (for details
see Kaspersky Security Center Administrator's Guide). In Kaspersky Security, each policy uses one collection of settings
in order to connect to VMware vCenter Server. If you use a complex hierarchy of administration groups and policies, a
lower-level policy inherits the incorrect settings for connection to VMware vCenter Server, which may lead to a
connection error. We do not recommend creating a complex hierarchy of administration groups and policies when
adjusting Kaspersky Security settings, but creating an individual policy for each KSC cluster instead.
C O N C E P T O F A D M I N I S T E R I N G T H E A P P L I C A T I O N T H R O U G H K A S P E R S K Y S E C U R I T Y C E N T E R
21
PROTECTION PROFILE INHERITANCE
Kaspersky Security uses protection profile inheritance according to the hierarchy of VMware inventory objects.
A protection profile assigned to a VMware inventory object is inherited by all of its child objects, including virtual machines,
unless the child object / virtual machine has been assigned a protection profile of its own (see the "Assigning a protection
profile to a virtual machine" section on page 62) or the child object / virtual machine has been excluded from protection (see
the "Disabling protection on a virtual machine" section on page 57). This means that you can either assign a specific
protection profile to a virtual machine or let the protection profile inherited from its parent object to be applied to it.
A VMware inventory object can be excluded from protection. If you have excluded a VMware inventory object from
protection, all child objects, including virtual machines, are also excluded from protection. Child objects / virtual machines
have been assigned a protection profile of their own remain protected.
Protection profile inheritance makes it possible to assign identical protection settings to several virtual machines
simultaneously. For example, you can assign identical protection profiles to virtual machines within a VMware cluster or
resource pool.
ABOUT THE ROOT PROTECTION PROFILE
The root protection profile is formed during policy creation. The root protection profile is assigned to the root object within
the structure of VMware inventory objects – VMware vCenter Server. By virtue of protection profile inheritance, all
VMware inventory objects, including virtual machines within the protected infrastructure of a KSC cluster, inherit the root
protection profile. In this way all virtual machines within the protected infrastructure of the KSC cluster are assigned
identical protection settings.
After creating a policy, you will be able to form additional protection profiles and use them to configure virtual machine
protection more flexibly.
While the root protection profile cannot be deleted, you can edit its settings.
ABOUT KASPERSKY SECURITY TASKS
Kaspersky Security Center controls the operation of SVMs by means of tasks. Tasks implement the primary application
functions, such as scanning of virtual machines and anti-virus database updates.
You can use group tasks to control Kaspersky Security via Kaspersky Security Center. Group tasks are performed on the
client computers of the selected administration group. In terms of Kaspersky Security, group tasks (hereinafter
"tasks") are performed on all SVMs that are part of the KSC cluster.
You can use the following tasks to control Kaspersky Security:
Full Scan. SVMs scan all virtual machines within all KSC clusters for viruses and other threats.
Custom Scan. SVMs scan selected virtual machines within the specified KSC cluster for viruses and other threats.
Updates distribution. Kaspersky Security Center automatically distributes anti-virus database updates and
installs them on SVMs.
Rollback. Kaspersky Security Center rolls back the latest anti-virus database updates on SVMs.
Add a key. Kaspersky Security Center adds a key to SVMs to activate the application or renew the license.
You can perform the following actions with tasks:
Run or pause.
Create new tasks.
Edit task settings.
22
INSTALLING AND REMOVING THE
IN THIS SECTION:
Preparing for installation.................................................................................................................................................. 22
Upgrading from a previous version of the application...................................................................................................... 24
Conversion procedure for policies and tasks ................................................................................................................... 25
Application installation procedure .................................................................................................................................... 26
Modifications to Kaspersky Security Center after application installation ........................................................................ 30
Changing the configuration of SVMs ............................................................................................................................... 30
Preparing for use after installation ................................................................................................................................... 33
Removing the application ................................................................................................................................................ 38
Application removal procedure ................................................................................................................................ ........ 38
APPLICATION
This section describes how you can install the application in the VMware virtual infrastructure or remove it from the
VMware virtual infrastructure.
PREPARING FOR INSTALLATION
This section contains the requirements for the composition of Kaspersky Security Center components and VMware
virtual infrastructure and describes the preparatory steps that precede the installation.
REQUIREMENTS TO THE CONFIGURATION OF KASPERSKY SECURITY CENTER AND VMWARE VIRTUAL INFRASTRUCTURE
Before installing the application, check:
the composition of Kaspersky Security Center components
the composition of VMware virtual infrastructure components
Whether the Kaspersky Security Center components and VMware components meet the software requirements
for the installation of Kaspersky Security (see the "Hardware and software requirements" section on page 14).
Kaspersky Security Center components:
Administration Server.
Administration Console.
Network Agent. This component is included in the Kaspersky Security virtual machine image.
For Kaspersky Security Center installation, see the Kaspersky Security Center Deployment Guide.
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
23
VMware virtual infrastructure components:
VMware vCenter Server.
VMware vSphere Client.
VMware vShield Endpoint. The component is installed on VMware ESXi hosts and provides the EPSEC library.
VMware vShield Manager. The component enables centralized management of a VMware vShield network.
An array of VMware ESXi hosts on which virtual machines are deployed.
VMware vShield Endpoint Thin Agent driver. The driver is included in the VMware Tools kit supplied together
with VMware ESXi 5.0 hypervisor, patch 1. The driver has to be installed and enabled on virtual machines that
you intend to protect with Kaspersky Security.
See VMware product manuals about the VMware vShield Endpoint Thin Agent driver.
Before installing the application, make sure that:
The version of Microsoft .NET Framework on the computer with the Kaspersky Security Center Administration
Console installed is 3.5 or later. Microsoft .NET Framework 3.5 or later is needed for the Setup Wizard.
No anti-virus software is installed on virtual machines that you intend to protect with Kaspersky Security.
Parallel operation of Kaspersky Security and anti-virus software can cause a conflict.
VMWARE VCENTER SERVER ACCOUNTS
The following VMware vCenter Server accounts are required for the application operation:
Installing or uninstalling the application requires an administrator account that has been assigned a system role
with the following rights:
Global / Licenses.
Datastore / Allocate space.
vApp / Import.
Network / Assign network.
Host / Inventory / Modify cluster.
Host / Configuration / Virtual machine autostart configuration.
Tasks / Create task.
Global / Cancel task.
Virtual machine / Configuration / Add new disk.
Virtual machine / Interaction / Power on.
Virtual machine / Inventory / Create new.
A D M I N I S T R A T O R ' S G U I D E
24
Virtual machine / Interaction / Power off.
VirtualMachine / Inventory / Remove.
The name and password of the administrator account are not saved in the application settings.
The application operation and reconfiguration of SVMs require an account that has been assigned the preset
system role ReadOnly. By default, ReadOnly system role has System.View, System.Read, and
System.Anonymous rights. The user name and password of the account are stored on SVMs in encrypted form.
Roles should be assigned to accounts at the top level of the hierarchy of VMware management objects, i.e. at that of
VMware vCenter Server.
See VMware manuals about creating a VMware vCenter Server account.
INSTALLING KASPERSKY SECURITY CONSOLE PLUG-IN
To control the application via Kaspersky Security Center, install Kaspersky Security Console Plug-in on the computer
where Administration Console is installed.
To install Kaspersky Security Console Plug-in:
1. Copy the installation file klcfginst.exe from the Kaspersky Security Center installation package to the computer
where Administration Console is installed.
2. Run the installation file for Kaspersky Security Console Plug-in on the administrator's workstation.
The Kaspersky Security Console Plug-in will be installed to the installation package of Kaspersky Security Center.
After it has been installed, Kaspersky Security Console Plug-in appears in the list of control plug-ins in the properties
of Administration Server. For details see the Kaspersky Security Center Administrator's Guide.
UPGRADING FROM A PREVIOUS VERSION OF THE
APPLICATION
Updating the previous version of the application comprises the following steps:
1. Removing the SVMs with the previous version of the application on VMware ESXi hosts (see section
"Application removal procedure" on page 38). While removing SVMs, the Removal Wizard also removes backup
copies of files from Backup and traces files that have been stored on SVMs.
2. Updating the Kaspersky Security Console Plug-in To do this, you should reinstall the Kaspersky Security
Console Plug-in (see section "Installing Kaspersky Security Console Plug-in" on page 24). You do not have to
remove the previous Kaspersky Security Console Plug-in, since the Plug-in Installation Wizard will do it
automatically.
3. Conversion of the existing policies and tasks (see section "Conversion procedure for policies and tasks" on page 25 ).
4. Installation of SVMs with the new version of the application to VMware ESXi hosts (see section "Application
installation procedure" on page 26).
5. Application activation (see section "Application activation" on page 44).
6. Updating the anti-virus databases (see section "Automatic retrieval of updates for the anti-virus databases" on
page 77).
Since virtual machines are not protected while the application is updated, it is recommended to turn off the PVMs for the
duration of the update process.
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
25
IN THIS SECTION:
Step 1. Select application ................................................................................................................................................ 25
Step 2. Select policies for conversion.............................................................................................................................. 25
Step 3. Select tasks for conversion ................................................................................................................................. 25
Step 4. Complete the conversion of policies and tasks ................................................................................................... 26
CONVERSION PROCEDURE FOR POLICIES AND TASKS
To convert policies and tasks:
1. Open the Administration Console of Kaspersky Security Center.
2. Select the Administration Server in the console tree.
3. Right-click to open the context menu and select All tasks → Policies and Tasks Conversion Wizard.
The Policies and Tasks Conversion Wizard launches.
4. Follow the instructions of the Policies and Tasks Conversion Wizard.
To manage the Policies and Tasks Conversion Wizard:
To return to the previous step of the Policies and Tasks Conversion Wizard, click the Back button.
To proceed with the Policies and Tasks Conversion Wizard, click the Next button.
STEP 1. SELECT APPLICATION
To close the Policies and Tasks Conversion Wizard, click the Cancel button.
At this step, select the name of Kaspersky Security for Virtualization 1.1 from the Application name list.
Proceed to the next step of the Policies and Tasks Conversion Wizard by clicking the Next button.
STEP 2. SELECT POLICIES FOR CONVERSION
At this step, select policies to convert. To select a policy, select the check box on the left from the name of that policy.
Proceed to the next step of the Policies and Tasks Conversion Wizard by clicking the Next button.
STEP 3. SELECT TASKS FOR CONVERSION
At this step, select tasks to convert. To select a task, select the check box on the left from the name of that task.
Proceed to the next step of the Policies and Tasks Conversion Wizard by clicking the Next button.
A D M I N I S T R A T O R ' S G U I D E
26
STEP 4. COMPLETE THE CONVERSION OF POLICIES AND TASKS
Click Finish at this step. The Policies and Tasks Conversion Wizard closes.
The converted policies will be displayed on the list of policies, on the Policies tab of the folder with the name of the KSC
cluster. The converted policies are named as follows: "<original policy name> (converted)". Delete the original policies
(see the Kaspersky Security Center Administrator's Guide).
The converted policies will be displayed on the list of policies, on the Tasks tab of the folder with the name of the KSC
cluster. The converted tasks are named as follows: "<original task name> (converted)". Delete the original tasks.
APPLICATION INSTALLATION PROCEDURE
The application is installed in the VMware virtual infrastructure by deploying SVMs on VMware ESXi hosts.
To install the application in the VMware virtual infrastructure:
1. Open the Administration Console of Kaspersky Security Center.
2. Select the Administration Server in the console tree.
3. Click the Install / Delete / Change SVMs configuration link to launch the Setup Wizard. The link is located in
the Deployment section in the workspace.
4. Follow the instructions of the Setup Wizard.
You can manage the Setup Wizard as follows:
To return to the previous step of the Setup Wizard, click the Back button.
To proceed with the Setup Wizard, click the Next button.
To stop the Setup Wizard, click the Cancel button.
STEP 1. SELECT ACTION
At this step, choose the Installation option.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 2. CONNECTION TO VMWARE VCENTER SERVER
At this step, specify the settings of the Setup Wizard connection to VMware vCenter Server:
VMware vCenter Server address. IP address in IPv4 format or domain name of a VMware vCenter Server with
which a connection is established.
User name. Name of the user account under which a connection to the VMware vCenter Server is established.
Specify the name of an administrator account with privileges to create virtual machines.
Password. Password of the user account under which a connection to the VMware vCenter Server is
established. Specify the password of an administrator account with privileges to create virtual machines.
Proceed to the next window of the Setup Wizard by clicking the Next button.
The Setup Wizard checks if a connection to VMware vCenter Server can be established using the name and password of
the specified account. If the account does not have enough rights, the Setup Wizard informs you of this and stops at the
current step. If the account has more rights than it is required, the Setup Wizard informs you of this at the next step (see
section "VMware vCenter Server accounts" on page 23).
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
27
After that, the Setup Wizard establishes a connection to VMware vCenter Server.
If the connection to VMware vCenter Server is not established, check the connection settings. If the connection settings
are specified correctly, finish the Setup Wizard, make sure the VMware vCenter Server is available over the network, and
restart application installation.
STEP 3. SELECT THE IMAGE FILE OF AN SVM
At this step, select the image file of an SVM. To do so, click the Browse button and select the SVM image file in the
window that opens.
The Setup Wizard will check the image of the SVM.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 4. REVIEW THE LICENSE AGREEMENTS
At this step, review the license agreements concluded between you and Kaspersky Lab and between you and Novell®.
Novell holds copyright to the SUSE Linux Enterprise Server 11 SP2 operating system installed on the SVM.
Carefully review the license agreements and, if you accept all of their terms, select I accept the terms.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 5. SELECT VMWARE ESXI HOSTS
At this step, select the VMware ESXi hosts on which you want to install the SVM.
The table contains details on all VMware ESXi hosts within a single VMware vCenter Server platform:
VMware ESXi host – IP address of the VMware ESXi host.
State – the current status of the VMware ESXi host: available, unavailable.
SVM – whether the VMs of this VMware ESXi host are protected:
Installed – an SVM is installed on a VMware ESXi host;
Not installed – an SVM is not installed on a VMware ESXi host.
You can select those enabled VMware ESXi hosts on which an SVM is not installed.
To select a VMware ESXi host, select the check box to the left of the name of this VMware ESXi host in the table.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 6. SELECT DEPLOYMENT SCENARIO
At this step, select the scenario for the deployment of an SVM in the data storage of the VMware ESXi host:
Thin provisioned store. During space provisioning, the minimum required space is reserved for the SVM in the
data storage of the VMware ESXi host. This space can be increased, if necessary. This option is set by default.
Thick provisioned store. During space provisioning, the entire required volume of space is reserved for the
SVM in the data storage of the VMware ESXi host.
Proceed to the next step of the Setup Wizard by clicking the Next button.
A D M I N I S T R A T O R ' S G U I D E
28
STEP 7. SELECT DATA STORAGE
At this step, for each SVM, select a data storage from the list of data storages connected to VMware ESXi hosts.
The table columns show the following details:
VMware ESXi host – IP address of the VMware ESXi host.
SVM name – the name of the SVM deployed on this VMware ESXi host. SVMs are automatically assigned the
name KSV-<N>, where N represents the IP address of the VMware ESXi host on which the SVM is deployed.
For example, ksv-192-168-0-2.
You can change the name of the SVM. To perform this action, double-click the Name column and type a new
name.
Data storage – the drop-down list shows the names of data storages connected to the VMware ESXi host. If
one data storage is connected to a VMware ESXi host, the drop-down list shows one name.
In the drop-down list of the Data storage column, select a data storage for each SVM.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 8. MATCH VIRTUAL NETWORKS
At this step, match the virtual network of the SVM to the virtual network of the VMware ESXi host:
The VMware ESXi host column shows the IP address of the VMware ESXi host on which the SVM is installed.
In the drop-down list of the VMware vShield network column, select the virtual network of the VMware ESXi
host to be used by the SVM to communicate with the VMware vShield Endpoint ESX Module component. This
component is installed on the VMware ESXi host. The component ensures interaction between the VMware
vShield Endpoint Thin Agent driver installed on a virtual machine and the EPSEC library installed on the SVM.
In the drop-down list of the User network column, select the virtual network of the VMware ESXi host to be
used by the SVM to communicate with an external network environment.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 9. SPECIFY NETWORK SETTINGS
At this step, specify the network settings of SVMs:
Use DHCP. This option enables the DHCP network protocol that lets SVMs receive network settings
automatically. This option is set by default.
Assign manually for each SVM. Network settings are specified for SVMs manually.
Assign manually using common settings. Network settings are specified for SVMs manually within the
selected range. After selecting this option, specify the network settings in the Main gateway, DNS server, and
Subnet mask fields.
Proceed to the next step of the Setup Wizard by clicking the Next button.
I N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
29
STEP 10. SPECIFY NETWORK SETTINGS MANUALLY
This step is available if you have selected the option to Assign manually for each SVM or Assign manually using
common settings at the previous step of the setup wizard. If you have selected Use DHCP, this step is skipped.
If you have selected the option to Assign manually for each SVM at the previous step of the Setup Wizard, specify all
network settings of SVMs manually. If you leave a settings field of any SVM blank, network settings received over the
DHCP protocol are used for this SVM.
If you have selected the option to Assign manually using common settings at the previous step of the Setup Wizard,
the Main gateway, DNS-server, and Subnet mask columns of the table are filled with the values specified previously.
Type the IP addresses of SVMs manually.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 11. CHANGE ACCOUNT PASSWORDS ON SVMS
Two accounts – root and klconfig – are configured on SVMs by default. These accounts are used to configure SVMs.
At this step, change the default passwords of the root and klconfig accounts on the SVMs.
It is recommended to use alphanumeric Latin characters in passwords.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 12. REGISTER SVMS IN VMWARE VSHIELD MANAGER
At this step, specify the settings of SVM registration in VMware vShield Manager:
VMware vShield Manager address. IP address (in IPv4 format) or domain name of VMware vShield Manager
to which SVMs are connected.
User name. Name of the administrator account for connecting to VMware vShield Manager.
Password. Password of the administrator account for connecting to VMware vShield Manager.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 13. LOG INTO THE VMWARE VCENTER SERVER ACCOUNT
At this step, specify the settings of the VMware vCenter Server account to which the preset system role ReadOnly has
been assigned. This account is used during the operation of SVMs.
VMware vCenter Server address.
IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established.
User name.
Name of the user account under which a connection to the VMware vCenter Server is established. You
should specify the name of the account to which the preset system role ReadOnly has been assigned.
Password.
Password of the user account under which a connection to the VMware vCenter Server is established. You
should specify the password of the account to which the preset system role ReadOnly has been assigned.
A D M I N I S T R A T O R ' S G U I D E
30
Proceed to the next step of the Setup Wizard by clicking the Next button.
The Setup Wizard checks if connection to VMware vCenter Server can be established using the name and password of
the specified account. If the account does not have enough rights, the Setup Wizard informs you of this and stops at the
current step. If the account has more rights than it is required, the Setup Wizard informs you of this at the next step (see
section "VMware vCenter Server accounts" on page 23).
STEP 14. LAUNCH THE DEPLOYMENT OF SVMS
All settings needed to launch SVMs on VMware ESXi hosts have been specified.
Click the Next button to launch the deployment of SVMs.
STEP 15. DEPLOYMENT OF SVMS
At this step, SVMs are deployed on VMware ESXi hosts. This process takes some time. Wait for the deployment to end.
SVM deployment progress is reflected in the table. The start and end times of the deployment process on each of the
VMware ESXi hosts are shown in the Start time and End time columns.
An SVM is automatically enabled after being deployed.
Proceed to the next step of the Setup Wizard by clicking the Next button.
STEP 16. FINISH INSTALLATION OF THE APPLICATION
At this step, the results of SVM deployment on VMware ESXi hosts are displayed.
Click the Finish button to finish the Setup Wizard.
MODIFICATIONS TO KASPERSKY SECURITY CENTER
AFTER APPLICATION INSTALLATION
After Kaspersky Security has been installed in the VMware virtual infrastructure, SVMs send their details to Kaspersky
Security Center. Based on this information, Kaspersky Security Center combines the SVMs installed on VMware ESXi
hosts into a single VMware vCenter Server platform, and the virtual machines protected by them into a KSC cluster. The
KSC cluster is assigned the name of the corresponding VMware vCenter Server platform.
In the Managed computers folder of the Administration Console, Kaspersky Security Center creates folders for each
KSC cluster and assigns the names of KSC clusters to those folders (see section "Concept of administering the
application through Kaspersky Security Center" on page 19).
CHANGING THE CONFIGURATION OF SVMS
You can change the configuration of SVMs: settings of SVM connection to VMware vCenter Server and password of the
klconfig account.
To change the configuration of SVMs:
1. Open the Administration Console of Kaspersky Security Center.
2. Select the Administration Server in the console tree.
Loading...