Preparing client devices in a cloud environment for work with Kaspersky Security Center
For each Amazon EC2 instance on which you intend to install Network Agent and Kaspersky Lab anti-virus applications, the following conditions must be fulfilled:
The configuration of security groups make available the following ports on the Administration Server (minimum set of ports required for deployment):
8060 HTTP (for transfer of Network Agent installation packages and security application installation packages from the Administration Server to protected instances)
8061 HTTPS (for transfer of Network Agent installation packages and security application installation packages from the Administration Server to protected instances)
13000 TCP (for transfers from protected instances and slave Administration Servers to the master Administration Server using SSL)
13000 UDP (for transfer of information about shutdown of instances to the Administration Server)
14000 TCP (for transfers from protected instances and slave Administration Servers to the master Administration Server without using SSL)
13291 (for connecting Administration Console to the Administration Server)
You can configure security groups in the AWS Console. If you intend to use Kaspersky Security Center in a non-default configuration (for example, not to install Administration Console on the Administration Server device but install it on your workstation instead, or to use a KSN proxy server), please also refer to Help page https://support.kaspersky.com/9297#block1.
Port 15000 UDP is available on protected instances (for receipt of requests for communication with the Administration Server).
The IAM role is set under which the applications will be installed on the instance.
Systems Manager Agent (SSM Agent) is installed and running.
SSM Agent enables Kaspersky Security Center to automatically install applications to devices and groups of devices without asking for administrator confirmation each time.
On instances that are running a Windows operating system and were deployed from AMIs later than November 2016, SSM Agent is installed and running. You will have to manually install SSM Agent on all other devices. For details about installing SSM Agent on devices running Windows and Linux operating systems, please refer to the AWS reference page.
The instance is visible to the Administration Server.
If an instance is not found during cloud segment polling, make sure that the instance has the running status—not the stopped status—in the AWS Console.