You can install the following Kaspersky applications on the devices in a cloud environment: Kaspersky Security for Windows Server (for Windows devices) and Kaspersky Endpoint Security for Linux (for Linux devices).
Kaspersky Security Center 13.2 supports the following scenarios:
A client device is discovered by means of an API; the installation is also performed by means of an API. For AWS and Azure cloud environments, this scenario is supported.
A client device is discovered by means of Active Directory polling, Windows domains polling, or IP range polling; the installation is performed by means of Kaspersky Security Center.
A client device is discovered by means of Google API; the installation is performed by means of Kaspersky Security Center. For Google Cloud, only this scenario is supported.
Other ways of installation of the applications are not supported.
To create a task for remote installation of the application on instances by using AWS API or Azure API:
In the console tree, select the Tasks folder.
Click the New task button.
The Add Task Wizard starts. Follow the instructions of the Wizard.
On the Select the task type page, select Install application remotely as the task type.
On the Select devices page, select the relevant devices from the Managed devices\Cloud group.
If Network Agent has not yet been installed on the devices on which you are intending to install the application, on the Selecting an account to run the task page select Account required (Network Agent is not used) and click the Add button in the right part of the window. In the menu that appears, select one of the following:
Select this option if you want to install applications on instances in AWS and you have an AWS IAM access key with the required permissions but do not have an IAM role. Also select this option if you want to install applications on devices in the Azure environment.
In the Account name field, enter a name for these credentials. This name will be displayed in the list of the accounts to run the task.
If you selected AWS, in the Access key ID and Secret key fields, enter the credentials for the IAM user account that has the rights to install applications on the specified devices.
If you selected Azure, in the Azure subscription ID and Azure Application password fields enter the credentials for the Azure account that has the rights to install applications on the specified devices.
If you specify incorrect credentials, the remote installation task will end with an error on the devices for which it is scheduled.
For instances running Windows, select this option in case you do not intend to install the application using AWS or Azure API tools. In this case, make sure that the devices in your cloud segment meet the necessary conditions. Kaspersky Security Center installs applications on its own, without using AWS API or Azure API.
If you specify incorrect data, the remote installation task will end with an error on the devices for which it is scheduled.
Select this option if you want to install applications on the instances in the AWS environment and have an IAM role with the required rights.
If you select this option, but do not have an IAM role with the required rights, the remote installation task will end with an error on the devices for which it is scheduled.
For instances running Linux, select this option if you do not intend to install the application by using AWS API or Azure API tools. In this case, make sure that the devices in your cloud segment meet the necessary conditions. Kaspersky Security Center installs applications on its own, without using AWS API or Azure API.
To specify the private key of the SSH certificate, you can generate it by using the ssh-keygen utility. Note that Kaspersky Security Center supports the PEM format of private keys, but the ssh-keygen utility generates SSH keys in the OPENSSH format by default. The OPENSSH format is not supported by Kaspersky Security Center. To create a private key in the supported PEM format, add the -m PEM option in the ssh-keygen command. For example:
You can provide multiple credentials by clicking the Add button for each new one. If different cloud segments require different credentials, provide the credentials for all the segments.
After the Wizard finishes, the task for remote installation of the application appears in the list of tasks in the workspace of the Tasks folder.
In Microsoft Azure, remote installation of security applications on a virtual machine may result in deleting Custom Script Extension installed on this virtual machine.