Assigning a device a distribution point manually

Kaspersky Security Center allows you to assign devices to act as distribution points.

We recommend that you assign distribution points automatically. In this case, Kaspersky Security Center will select on its own which devices must be assigned distribution points. However, if you have to opt out of assigning distribution points automatically for any reason (for example, if you want to use exclusively assigned servers), you can assign distribution points manually after you calculate their number and configuration.

Devices functioning as distribution points must be protected, including physical protection, against any unauthorized access.

To manually assign a device to act as distribution point:

In the console tree, select the Administration Server node.
In the context menu of the Administration Server, select Properties.
In the Administration Server properties window, select the Distribution points section and click the Add button. This button is available if Manually assign distribution points has been selected.
The Add distribution point window opens.
In the Add distribution point window, perform the following actions:
1. Select a device that will act as distribution point (select one in an administration group, or specify the IP address of a device). When selecting a device, keep in mind the operation features of distribution points and the requirements set for the device that acts as distribution point.
2. Indicate the specific devices to which the distribution point will distribute updates. You can specify an administration group or a network location description.
Click OK.
The distribution point that you have added will be displayed in the list of distribution points, in the Distribution points section.
Select the newly added distribution point in the list and click the Properties button to open its properties window.
Configure the distribution point in the properties window:
- The General section contains the settings of interaction between the distribution point and client devices.
  - SSL port
    The number of the SSL port for encrypted connection between client devices and the distribution point using SSL.
    
    By default, port 13000 is used.
  - Use multicast
    If this check box is selected, IP multicasting will be used for automatic distribution of installation packages to client devices within the group.
    
    IP multicasting decreases the time required to install an application from an installation package to a group of client devices, but increases the installation time when you install an application to a single client device.
  - IP multicast address
    IP address that will be used for multicasting. You can define an IP address in the range of 224.0.0.0 – 239.255.255.255
    
    By default, Kaspersky Security Center automatically assigns a unique IP multicast address within the given range.
  - IP multicast port number
    Number of the port for IP multicasting.
    
    By default, the port number is 15001. If the device with Administration Server installed is specified as the distribution point, port 13001 is used for SSL connection by default.
  - Deploy updates
    If this check box is selected, updates are distributed to client devices through this distribution point.
    
    By default, this check box is selected.
  - Deploy installation packages
    If this check box is selected, installation packages with this update are distributed to client devices through this distribution point.
    
    By default, this check box is selected.
- In the Scope section, specify the scope to which the distribution point will distribute updates (administration groups and / or network location).
- In the KSN Proxy section, you can configure the application to use the distribution point to forward KSN requests from the managed devices.
  - Enable KSN Proxy on distribution point side
    The KSN Proxy service is run on the device that is used as a distribution point. Use this feature to redistribute and optimize traffic on the network.
    
    The distribution point sends the KSN statistics, which are listed in the Kaspersky Security Network statement, to Kaspersky Lab. By default, the KSN statement is located in %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center\ksneula.
    
    By default, this option is disabled. Enabling this option takes effect only if the Use Administration Server as proxy server and I agree to use Kaspersky Security Network options are enabled in the Administration Server properties window.
    
    You can assign a node of an active-passive cluster to a distribution point and enable KSN Proxy on this node.
  - Forward KSN requests to Administration Server
    The distribution point forwards KSN requests from the managed devices to the Administration Server.
    
    By default, this option is enabled.
  - Access KSN Cloud directly over Internet
    The distribution point forwards KSN requests from managed devices to the KSN Cloud.
  - TCP port
    The number of the TCP port that the managed devices will use to connect to KSN Proxy server. The default port number is 13111.
  - UDP port.
    If you need the managed devices to connect to KSN Proxy server through a UDP port, enable the Use UDP port option and specify a UDP port number. By default, this option is enabled. The default UDP port to connect to the KSN Proxy server is 15111.
- In the Device discovery section, configure the polling of Windows domains, Active Directory, and IP ranges by the distribution point.
  - Windows domains
    You can enable device discovery for Windows domains and set the schedule for the discovery.
  - Active Directory
    You can enable network polling for Active Directory and set the schedule for the poll.
    
    If you select the Enable network polling check box, you can select one of the following options:
    - Poll current Active Directory domain.
    - Poll Active Directory domain forest.
    - Poll selected Active Directory domains only. If you select this option, add one or more Active Directory domains to the list.
  - IP ranges
    You can enable device discovery for IP ranges.
    
    If you select the Enable range polling check box, you can add scan ranges and set the schedule for them.
    
    You can add IP ranges to the list of scanned ranges.
- In the Advanced section, specify the folder that the distribution point must use to store distributed data.
  - Use default folder
    If you select this option, the application uses the Network Agent installation folder on the distribution point.
  - Use specified folder
    If you select this option, in the field below, you can specify the path to the folder. It can be a local folder on the distribution point, or it can be a folder on any device on the corporate network.
    
    The user account used on the distribution point to run Network Agent must have read/write access to the specified folder.

The selected devices act as distribution points.

Only devices running a Windows operating system can determine their network location. Network location cannot be determined for devices running other operating systems.

To assign distribution points automatically through the Administration Server:

In the console tree, select the Administration Server node.
In the context menu of the Administration Server, select Properties.
In the Administration Server properties window, in the Distribution points section, select the Automatically assign distribution points option.
If automatic assignment of devices as distribution points is enabled, you cannot configure distribution points manually or edit the list of distribution points.
Click OK.

Administration Server assigns and configures distribution points automatically.

Page top