Kaspersky Security Center 9

 
 
 

How to connect a slave server

Back to "Server Maintenance"
2012 Jul 06 ID: 7782
 
 
 
 

Applies to Kaspersky Security Center 9.0

Kaspersky Security Center 9.0 allows creating a master-slave hierarchy of Administration servers in a corporate network. Each administration server can have several slave administration servers in a hierarchy.

How to connect two servers:

  • Enable visibility of slave servers in Administration Server properties. Right-click the Administration server nod ein the administration console and select View > Configuring interface, enable the Display slave Administration Servers option.

  • Choose master and slave.

  • Open Master server administration console and select a group to assign the Slave server to. Right-click the Administration servers node and select New > Slave Administration Server to start the Wizard. The Wizard requests the following data:
    • Slave administration server address. It can be IP address, NetBios name, or full domain name (FQDN) of the Slave administration server.

      Warning Although optional, this step is recommended as it shortens the Slave server connection procedure – step 3 is skipped. It can be used only if current user account (the one running the Console) is included into KLAdmins group on the Slave administration server. Otherwise you will be prompted to indicate another account which has this privilege. Unless you have this privilege, the administrator of the Slave administration server has to complete Step 3 of the connection procedure.

    • Slave Administration Server display name. Slave server name to display in administration Servers node of the corresponding group.

    • Master server address and connection properties. It can be IP address, NetBios name, or full domain name (FQDN) of the Master administration server. This step is required only if you have not already indicated Slave server address.

    • Slave Administration Server certificate file. The certificate is used for Slave server authentication when establishing a connection between two servers. An administration server certificate is generated automatically when installing an Administration server; it can be found in the following folder: %ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit\1093\cert.

  • If you decided not no enter Slave server address in the Wizard (or did not have administrator privileges on the Slave server), you should do the following:
    • Open the Slave server administration console.
    • Open its properties and go to the section Advanced > Administration Servers hierarchy.
    • Enable the option This Administration Server is a slave Server in the server hierarchy, and indicate the following properties:

      • Address. Master administration server address. It can be IP address, NetBios name, or full domain name (FQDN) of the Master administration server.
      • Administration Server certificate. Master administration server certificate is required for Master server authentication when establishing a connection between two servers. The certificate is not physically stored on hard disk, but is added to Settings Storage instead.
      • Proxy server properties. For cases when there is a proxy between the two servers.

  • Open Master server administration console, go to the administration group housing the Slave server, and connect to the Slave server. This may take some time depending on local network properties.

    If you cannot see slave servers in the Administration console, click View > Configuring interface in the main menu, and enable the option Display slave Administration Servers.

If connection cannot be established, make sure Master server properties are indicated correctly, and the option This Administration Server is a slave Server in the server hierarchy is enabled on the Slave server.

Warning Permissionы to connect a Slave server and manage its logical network is determined by permissions for the Master server administration group the Slave server belongs/connects to.

A user account requires Reading and Edit Administration Server hierarchy settings permissions to be able to connect a Slave server.

A user account requires Reading permission to be able to view logical network of a connected Slave server.

A user account requires Reading and Execution permissions to be able to manage logical network of a connected Slave server.

Information Kaspersky Security Center allows Slave servers to inherit group tasks created on Master server. You can enable the inheritance mechanism by enabling the Send to slave and virtual Administration Servers option in corresponding task's properties on the General tab. Slave servers cannot inherit Administration server tasks form Master server.

To remove a Slave administration server from an administration group, right-click the Slave administration server and select Delete. By deleting a Server, you automatically disable the option This Administration Server is a slave Server in the server hierarchy in its properties, and eliminate all the policies and tasks assigned by Master server.

Data exchange between Master and Slave server uses ports 14000 and 13000.

 
 
 
 
Did the provided info help you?
Yes No