At this step, cloud segment polling starts and a special administration group for instances is created. The instances found during polling are placed into this group. The cloud segment polling schedule is configured (every 5 minutes by default).
A Synchronize with Cloud automatic moving rule is also created. For each subsequent scan of the cloud network, virtual devices detected will be moved to the corresponding subgroup within the Managed devices\Cloud group.
On the Synchronization with the cloud segment page, you can define the following settings:
If this option is enabled, the Cloud group is automatically created within the Managed devices group and a cloud device discovery is started. The instances and virtual machines detected during each cloud network scan are placed into the Cloud group. The structure of the administration subgroups within this group matches the structure of your cloud segment (in AWS, availability zones and placement groups are not represented in the structure; in Azure, subnets are not represented in the structure). Devices that have not been identified as instances in the cloud environment are in the Unassigned devices group. This group structure allows you to use group installation tasks to install anti-virus applications on instances, as well as set up different policies for different groups.
If this option is disabled, the Cloud group is also created and the cloud device discovery is also started; however, subgroups matching the cloud segment structure are not created within the group. All detected instances are in the Cloud administration group so they are displayed in a single list. If your work with Kaspersky Security Center requires synchronization, you can modify the properties of the Synchronize with Cloud rule and enforce it. Enforcing this rule alters the structure of subgroups in the Cloud group so that it matches the structure of your cloud segment.
If this option is selected, the Wizard creates a task to install security applications on instances. After the Wizard finishes, the Protection Deployment Wizard automatically starts on the devices in your cloud segments, and you will be able to install Network Agent and security applications on those devices.
Kaspersky Security Center can perform the deployment with its native tools. If you do not have permissions to install the applications on EC2 instances or Azure virtual machines, you can configure the Remote installation task manually and specify an account with the required permissions. In this case, the Remote installation task will not work for the devices discovered using AWS API or Azure. This task will only work for the devices discovered using Active Directory polling, Windows domains polling, or IP range polling.
If this option is not selected, the Protection Deployment Wizard is not started and tasks for installing security applications on instances are not created. You can manually perform both actions later.
For Google Cloud, you can only perform the deployment with Kaspersky Security Center native tools. If you selected Google Cloud, the Deploy protection option is not available.