Multitenancy is a mode in which the solution is used to protect the infrastructures of multiple organizations or branches of the same organization at the same time.
You can use Kaspersky Sandbox to simultaneously protect the infrastructure of multiple organizations or branches of the same organization (hereinafter also referred to as "tenants") using Kaspersky Security Center. To do so, you must create virtual Administration Servers for tenants that you want to protect with Kaspersky Sandbox within a physical Administration Server of the service provider. For more details about creating virtual Administration Servers, see Kaspersky Security Center Online Help. By configuring the structure of Administration Servers, you can use one of the following arrangements to integrate EPP applications, Kaspersky Security Center, and Kaspersky Sandbox:
In this case, the administrator of the Kaspersky Sandbox server can monitor the processing of objects received from all Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts of all tenants in the web interface of Kaspersky Sandbox, as well as in Kaspersky Security Center Web Console.
This arrangement allows evenly balancing the load on Kaspersky Sandbox servers.
How to configure the integration of applications following this arrangement
In this case, the administrator of the Kaspersky Sandbox server can only monitor the processing of objects received from EPP application hosts of their own organization.
With this arrangement, the load on Kaspersky Sandbox servers can be distributed unevenly.
How to configure the integration of applications following this arrangement
The Kaspersky Sandbox Administrator must consider that incorrect connection of Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts to the Kaspersky Sandbox server can result in files being sent for scanning from one tenant's host to another tenant's Kaspersky Sandbox server. This possibility is not restricted on the software level.
The administrator of the physical Administration Server can manage all Kaspersky Sandbox servers and Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts. You can create tasks and policies that can be applied to hosts connected to virtual Administration Servers, manage quarantined files centrally, view information about objects being sent for scanning, and create threat reports on all Administration Servers. You can also manage the Kaspersky Sandbox server and hosts that are connected to it as part of a virtual Administration Server. In this case, all operations listed above are applied only to the selected server and Kaspersky Endpoint Agent or Kaspersky Endpoint Security hosts that connect to it.
The administrator of the virtual Administration Server can manage the Kaspersky Sandbox server only for the specific server that is administered by that administrator.
You can use Kaspersky Sandbox in multitenancy mode only using Kaspersky Security Center and following the integration arrangements outlined above. Kaspersky Sandbox web interface does not support enabling, disabling, or configuring the multitenancy mode. Kaspersky Sandbox features do not change in multitenancy mode.
In multitenancy mode, the administrator of the physical Administration Server can centrally manage the following functional areas of the solution:
You can manage the tasks for adding a license key to Kaspersky Sandbox servers.
You can view reports about the health of the application and detections.
You can manage Kaspersky Sandbox in multitenancy mode only using Kaspersky Security Center Web Console.
You can manage database update tasks and IOC scanning tasks on hosts.
You can use policies to manage the Kaspersky Sandbox integration settings, as well as Quarantine settings.
You can view reports about the health of the application and detections.
You can manage files quarantined as a result of the IOC scanning task.
You can manage Kaspersky Endpoint Security in multitenancy mode only using Kaspersky Security Center Web Console.