Following this scenario, you can install Kaspersky Security Center 14 Linux Administration Server and Kaspersky Security Center 14 Web Console, perform initial setup of the Administration Server by using the Quick Start Wizard, and install Kaspersky applications on managed devices by using the Protection Deployment Wizard.
Prerequisites
You must have a license key (activation code) for Kaspersky Endpoint Security for Business or license keys (activation codes) for Kaspersky security applications.
If you first want to try out Kaspersky Security Center 14 Linux, you can get a free 30-day trial at the Kaspersky website.
Stages
The main installation scenario proceeds in stages:
Find out more about the Kaspersky Security Center Linux components. Based on the network configuration and throughput of communication channels, define the number of Administration Servers to use and how they must be distributed among your offices (if you run a distributed network).
Define whether a hierarchy of Administration Servers will be used in your organization. To do this, you must evaluate whether it is possible and expedient to cover all client devices with a single Administration Server or it is necessary to build a hierarchy of Administration Servers. You may also have to build a hierarchy of Administration Servers that is identical to the organizational structure of the organization whose network you want to protect.
If your organization's Public Key Infrastructure (PKI) requires that you use custom certificates issued by a specific certification authority (CA), prepare those certificates and make sure that they meet all the requirements.
Install the DBMS that will be used by Kaspersky Security Center or use an existing one.
You can choose from one of the supported DBMSs.
For information about how to install the selected DBMS, refer to its documentation.
If you use MariaDB, you need to configure the recommended settings for optimal work of the DBMS with Kaspersky Security Center.
Make sure that all the necessary ports are open for interaction between components in accordance with your selected security structure.
If you have to provide internet access to the Administration Server, configure the ports and specify the connection settings, depending on the network configuration.
Select a Linux device that you intend to use as Administration Server, ensure that the device meets the software and hardware requirements, and then install Kaspersky Security Center on the device. The server version of Network Agent is installed together with Administration Server automatically.
Select a Linux device that you intend to use as the administrator's workstation, ensure that the device meets the software and hardware requirements, and then install Kaspersky Security Center 14 Web Console on the device. You can install Kaspersky Security Center 14 Web Console either on the same device where Administration Server is installed or on another device.
Download the Kaspersky Endpoint Security for Linux management web plug-in and then install it on the same device where Kaspersky Security Center 14 Web Console is installed.
By default, the application does not consider the Administration Server device as a managed device. To protect Administration Server against viruses and other threats, and to manage the device as any other managed device, we recommend that you install Kaspersky Endpoint Security for Linux and Network Agent for Linux on the Administration Server device. In this case, Network Agent for Linux is installed and works independently from the server version of Network Agent that you installed together with Administration Server.
When Administration Server installation is complete, the first connection to the Administration Server the Quick Start Wizard starts automatically. Perform initial configuration of Administration Server according to the existing requirements. During the initial configuration stage, the Wizard uses the default settings to create the policies and tasks that are required for protection deployment. However, the default settings may be less than optimal for the needs of your organization. If necessary, you can edit the settings of policies and tasks.
Discover the devices manually. Kaspersky Security Center Linux receives the addresses and names of all devices detected on the network. You can then use Kaspersky Security Center Linux to install Kaspersky applications and software from other vendors on the detected devices. Kaspersky Security Center Linux regularly starts device discovery, which means that if any new instances appear on the network, they will be detected automatically.
In some cases, deploying protection on networked devices in the most convenient way may require you to divide the entire pool of devices into administration groups taking into account the structure of the organization. You can create moving rules to distribute devices among groups or you can distribute devices manually. You can assign group tasks for administration groups, define the scope of policies, and assign distribution points.
Make sure that all managed devices have been correctly assigned to the appropriate administration groups, and that there are no longer any unassigned devices in the network.
Distribution points are assigned to administration groups automatically but you can assign them manually, if necessary. We recommend that you use distribution points on large-scale networks to reduce the load on the Administration Server, and on networks that have a distributed structure to provide the Administration Server with access to devices (or device groups) communicated through channels with low throughput rates.
Deployment of protection on an enterprise network entails installation of Network Agent and security applications on devices that have been detected by Administration Server during the device discovery.
To install the applications remotely, run the Protection Deployment Wizard.
Security applications protect devices against viruses and other programs that pose a threat. Network Agent ensures communication between the device and Administration Server. Network Agent settings are configured automatically by default.
Before you start installing Network Agent and the security applications on networked devices, make sure that these devices are accessible (turned on).
Deploy license keys to client devices to activate managed security applications on those devices.
To apply different application settings to different devices, you can use device-centric security management and/or user-centric security management. Device-centric security management can be implemented by using policies and tasks. You can apply tasks only to those devices that meet specific conditions. To set the conditions for filtering devices, use device selections and tags.
You can monitor your network by using widgets on the dashboard, generate reports from Kaspersky applications, configure and view selections of events received from the applications on the managed devices, and view notification lists.