Deploying SVMs and configuring protection settings in the infrastructure managed by VMware NSX-T Manager

To protect virtual machines in the infrastructure managed by VMware NSX-T Manager, perform the following actions in the VMware NSX Manager Web Console:

1. Deploy SVMs with Kaspersky Security components on VMware ESXi hypervisors. For this purpose, you need to deploy Kaspersky Security services on VMware clusters:
   • If you want to protect virtual machines from file threats, you need to deploy Kaspersky File Antimalware Protection service. The SVMs with the File Threat Protection component will be deployed on the hypervisors.
   • If you want to protect virtual machines from network threats, you need to deploy Kaspersky Network Protection service. The SVMs with the Network Threat Protection component will be deployed on the hypervisors.

   When deploying an SVM in the infrastructure managed by VMware NSX-T Manager, the certificate used to sign the SVM image is verified. If the certificate verification fails, SVM deployment from this image finishes with an error. If a certificate verification error occurs during SVM deployment, perform the following actions:

   1. Remove Kaspersky Security service deployment that finishes with an error.
   2. Connect to VMware NSX-T Manager using SSH with the root account permissions.
   3. Open the /config/vmware/auth/ovf_validation.properties file.
   4. Set the following value of the setting: THIRD_PARTY_OVFS_VALIDATION_FLAG=2 and save the file.
   5. Redeploy the Kaspersky Security service.

   After SVMs are deployed, the Integration Server sends to each new SVM the settings that you specified when registering Kaspersky Security services.

   Kaspersky Security Center places the deployed SVMs to KSC clusters.

2. Include virtual machines that you want to protect into one or several NSX Groups.
3. Create NSX Policies for Kaspersky Security services:
   • To protect virtual machines from file threats, create an NSX policy for File Threat Protection. To do so, perform the following actions:
     1. Create an NSX Service Profile for the Kaspersky File Antimalware Protection service.
     2. Create an NSX policy for File Threat Protection and configure the Endpoint Protection Rule in the policy. In the rule settings, specify the NSX group that includes the protected virtual machines, and the Kaspersky File Antimalware Protection service profile created before.
   • To protect the virtual machines from network threats, create an NSX policy for Network Threat Protection and configure the rules for redirecting network traffic of the protected virtual machines to Kaspersky Security network protection service. To do so, perform the following actions:
     1. Create an NSX Service Profile for the Kaspersky Network Protection service.
     2. Create an NSX Service Chain that uses the Kaspersky Network Protection service profile created before.
     3. Create an NSX policy that redirects traffic to the NSX Service Chain that contains Kaspersky Network Protection service profile. Depending on the type of traffic you want to scan, configure a rule for incoming and/or outgoing traffic in the policy. Specify the NSX group, which includes the protected virtual machines, in the rule settings.