You can make an Administration Server running on-premises function as a secondary Administration Server, thus establishing a "primary/secondary" hierarchy on your network. For the Administration Server that is in the Kaspersky infrastructure, both primary and secondary Administration Servers on your network are secondary Servers. You can add a Windows-based Administration Server as well as a Linux-based Administration Server.
To add a secondary Administration Server that is available for connection:
Make sure that the future secondary Administration Server has Kaspersky Security Center Web Console installed.
On the future secondary Administration Server, download the Administration Server certificate and save it so you can add it to the primary Administration Server during one of the steps of the Add secondary Administration Server wizard.
Perform the following actions via the Kaspersky Security Center Web Console on the future Secondary Administration Server (alternatively, you can prompt the administrator of the future Secondary Administration Server to perform these actions):
In the main menu, click the settings icon () next to the name of the future secondary Administration Server.
On the properties page that opens, proceed to the Hierarchy of Administration Servers section of the General tab.
Select the This Administration Server is secondary in the hierarchy option.
Select Cloud Console as the type of the primary Administration Server.
The fields for settings to establish connection between secondary and primary Administration Servers become available.
In the HDS server address (from primary Administration Server on Cloud Console) and HDS server ports fields, enter the address and port of the Kaspersky Security Center Cloud Console primary Administration Server.
You can find HDS Server address and HDS Server port in the Kaspersky Security Center Cloud Console Administration Server, in the Hierarchy of Administration Servers section of the General tab of the properties window. You can copy and paste this data into the fields in the window of the secondary Administration Server.
Click the Specify primary Administration Server certificate button, and then select the certificate.
You can download this certificate from Kaspersky Security Center Cloud Console Administration Server, in the Hierarchy of Administration Servers section of the General tab of the properties window, by clicking the View Administration Server certificate button.
Click the Specify Hosted Discovery Service certificates button, and then select the certificate.
You can download this certificate from Kaspersky Security Center Cloud Console Administration Server, in Hierarchy of Administration Servers section of the General tab of the properties window, by clicking the HDS root CA certificate button.
If you use a proxy server to connect to the Kaspersky Security Center Cloud Console Administration Server (that is, the primary Server in the hierarchy that you have built), specify this and enter the proxy server credentials.
Select the Connect primary Administration Server to secondary Administration Server in DMZ option if the secondary Administration Server is in a demilitarized zone.
Click Save to save the changes and exit the window.
In the main menu, click the settings icon () next to the name of the future primary Administration Server.
On the properties page that opens, click the Administration Servers tab.
Select the check box next to the name of the administration group to which you want to add the secondary Administration Server.
On the menu line, click Connect secondary Administration Server.
The Add secondary Administration Server wizard starts. Proceed through the wizard by using the Next button.
A name by which the secondary Administration Server will be displayed in the hierarchy. If you want, you can enter the IP address as a name, or you can use a name like, for example, "Secondary Server for group 1".
Specify the IP address or the domain name of the secondary Administration Server.
This parameter is required if the Connect primary Administration Server to secondary Administration Server in DMZ option is enabled.
If you use a proxy server to connect to the Kaspersky Security Center Cloud Console Administration Server (that is, the future primary Server), specify this and enter the proxy server credentials.
Follow the further instructions of the wizard.
After the wizard finishes, the "primary/secondary" hierarchy is built. The primary Administration Server starts receiving connection from the secondary Administration Server through port 13000. The tasks and policies from the primary Administration Server are received and applied. The secondary Administration Server is displayed on the primary Administration Server, in the administration group to which it was added.