Concerning to Kaspersky Administration Kit 8.0
Administration Server maintains a constant data exchange with logical network objects (client PCs and slave Administration Servers). The Server sends policies and tasks to client PCs and slave Administration Servers, and they send to the Server current information about status of applications and execution of tasks, occurring events, start of client PCs, and other data.
Administration Server and logical network objects may exchange data using the SSL (Secure Socket Layer) protocol. It provides identification of communicating parties, encryption of transferred data and its security and integrity during transfer. The essence of the SSL protocol used in secure connections is authentication of communicating parties, and data encryption using the private key method.
Connection of client PCs and slave Administration Servers to the Administration Server is provided by the Network Agent installed on these network nodes. In order to be able to establish connections, the TCP port 13000 (for secure connection using the SSL protocol) or 14000 (for non-secure connection) must be open on the PC with installed Administration Server.
Master and slave Administration Servers
Once a hierarchy has been build, a slave Server attempts to connect to the master Administration Server. If the master Server rights receive confirmation (on the basis of master Server certificate specified during creation of a hierarchy), the slave Server will establish an uninterrupted connection to the master. This connection will only interrupt when the slave Server is excluded from the hierarchy. In case of an unexpected interruption of connection with the master, the slave Server will keep repeating attempts to reestablish it.
In order to receive notifications about loss of connection between master and slave Servers:
- Open Administration Server properties (or Server policy) on the tab Events.
- Select Warning in the drop-down menu.
- Select the events Connection to slave Administrator Server is lost and Disconnected from master Administration Server (holding Shift key), and click Properties. Configure registration of these events in Administration Server database and notification options.
Administration Server and client PCs
There exist three scenarios for Client-Server synchronization:
- client Pc connects to the Server.
Connection of this type is regularly established according to Network Agent settings (every 15 minutes, by default). You can change the synchronization interval in the Network Agent policy on the tab Network (option Synchronization interval). Still, if any event occurs on a client PC, information about it will be delivered to the Server immediately. For example, once you install the Agent, it will connect to the Administration Server in order to transmit the data about the client PC to Administration Server database.
- server initiates a connection with a Client.
Server sends a connection request to client PC UDP port 15000. Upon receipt of such a request, the rights of the Server to connect to the Client are verified (on the basis of Administration Server’s digital signature). If it is positive, the Network Agent will establish a connection with the Server.
This scenario is used for establishing unscheduled Client-Server connections:
- for immediate transmission of new policy and task properties (when they are created/modified);
- to receive statistics on the Kaspersky Lab applications running on the client PC;
- when administrator forces a manual synchronization (All tasks > Force synchronization in the contextual menu of a client PC).
If there is a limitation on UDP traffic set on a client PC or UDP port 15000 is closed, the Agent cannot receive such connection requests. In this case, the data exchange will be realized during a scheduled synchronization.
- uninterrupted Client-Server connection.
Sometimes an uninterrupted control over the status of applications on a client PC is needed (to receive real statistics about the PC, manage local tasks on-line, or troubleshoot connection problems), but Server and Client cannot establish a connection for some reason (a firewall protected connection, it is prohibited to open ports on the client, client IP address is unknown, etc.). In this case the administrator can establish an uninterrupted Client-Server connection by checking the box Do not disconnect from the Administration Server in client PC properties. An uninterrupted connection will be established once the first Client-Server connection has been established after checking the box.
It is advised to maintain uninterrupted connection only with the most important client PCs, because the total number of simultaneous uninterrupted connections maintained with a Server is limited (it is not recommended to go beyond a few dozens of them).
Each time Agent connects to the Server, client and Server exchange all necessary data, regardless of the connection scenario.
In order to receive notifications about loss of connection between Administration Server and a client PC:
- Open properties of the administration group containing the desired PCs, and go to the Computer status tab.
- Enable the conditions Not connected for a long time and Out of control for PC status definition. Click OK in the group properties window.
Now in case of an extended loss of Agent-Server connection, client PC status will change to Warning, and then to Critical.
- Open Server properties (or Server policy) on the Events tab.
- Select Warning in the drop-down menu.
- Select the event Computer status “Warning”, and click Properties. Configure registration of these events in Administration Server database and notification options. Click OK.
- Select Critical in the drop-down menu on the Events tab.
- Select the event Computer status “Critical”, and click Properties. Configure registration of these events in Administration Server database and notification options. Click OK.