Multitenancy
Multitenancy is a mode in which the solution is used to protect the infrastructures of multiple organizations or branches of the same organization at the same time.
You can use Kaspersky Sandbox to simultaneously protect the infrastructure of multiple organizations or branches of the same organization (hereinafter also referred to as "tenants") using Kaspersky Security Center. To do so, you must create virtual Administration Servers for tenants that you want to protect with Kaspersky Sandbox within a physical Administration Server of the service provider. For more details about creating virtual Administration Servers, see Kaspersky Security Center Online Help. By configuring the structure of Administration Servers, you can use one of the following arrangements to integrate EPP applications, Kaspersky Security Center, and Kaspersky Sandbox:
- The Kaspersky Sandbox server is connected to the Administration Server of the service provider. All hosts with the EPP application of all tenants are connected to the cluster of Kaspersky Sandbox servers.
In this case, the administrator of the Kaspersky Sandbox server can monitor the processing of objects received from all Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts of all tenants in the web interface of Kaspersky Sandbox, as well as in Kaspersky Security Center Web Console.
This arrangement allows evenly balancing the load on Kaspersky Sandbox servers.
- The Kaspersky Sandbox server is connected to the virtual Administration Server of the service provider. Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts of each tenant connect to a separate Kaspersky Sandbox server.
In this case, the administrator of the Kaspersky Sandbox server can only monitor the processing of objects received from EPP application hosts of their own organization.
With this arrangement, the load on Kaspersky Sandbox servers can be distributed unevenly.
The Kaspersky Sandbox Administrator must consider that incorrect connection of Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts to the Kaspersky Sandbox server can result in files being sent for scanning from one tenant's host to another tenant's Kaspersky Sandbox server. This possibility is not restricted on the software level.
The administrator of the physical Administration Server can manage all Kaspersky Sandbox servers and Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts. You can create tasks and policies that can be applied to hosts connected to virtual Administration Servers, manage quarantined files centrally, view information about objects being sent for scanning, and create threat reports on all Administration Servers. You can also manage the Kaspersky Sandbox server and hosts that are connected to it as part of a virtual Administration Server. In this case, all operations listed above are applied only to the selected server and Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts that connect to it.
The administrator of the virtual Administration Server can manage the Kaspersky Sandbox server only for the specific server that is administered by that administrator.
You can use Kaspersky Sandbox in multitenancy mode only using Kaspersky Security Center and following the integration arrangements outlined above. Kaspersky Sandbox web interface does not support enabling, disabling, or configuring the multitenancy mode. Kaspersky Sandbox features do not change in multitenancy mode.
In multitenancy mode, the administrator of the physical Administration Server can centrally manage the following functional areas of the solution:
- Kaspersky Sandbox:
- Tasks
You can manage the tasks for adding a license key to Kaspersky Sandbox servers.
- Reports
You can view reports about the health of the application and detections.
You can manage Kaspersky Sandbox in multitenancy mode only using Kaspersky Security Center Web Console.
- Tasks
- Kaspersky Endpoint Agent or Kaspersky Endpoint Security:
- Tasks
You can manage database update tasks and IOC scanning tasks on hosts.
- Policies
You can use policies to manage the Kaspersky Sandbox integration settings, as well as Quarantine settings.
- Reports
You can view reports about the health of the application and detections.
- Quarantine
You can manage files quarantined as a result of the IOC scanning task.
You can manage Kaspersky Endpoint Security in multitenancy mode only using Kaspersky Security Center Web Console.
- Tasks