Getting started

Following this scenario, you can install Kaspersky Security Center Linux Administration Server and Kaspersky Security Center Web Console, perform initial setup of the Administration Server by using the quick start wizard, and install Kaspersky applications on managed devices by using the Protection deployment wizard.

Prerequisites

You must have a license key (activation code) for Kaspersky Endpoint Security for Business or license keys (activation codes) for Kaspersky security applications.

If you first want to try out Kaspersky Security Center Linux, you can get a free 30-day trial at the Kaspersky website.

Stages

The main installation scenario proceeds in stages:

  1. Selecting a structure for protection of an organization

    Find out more about the Kaspersky Security Center Linux components. Based on the network configuration and throughput of communication channels, define the number of Administration Servers to use and how they must be distributed among your offices (if you run a distributed network).

    Define whether a hierarchy of Administration Servers will be used in your organization. To do this, you must evaluate whether it is possible and expedient to cover all client devices with a single Administration Server or it is necessary to build a hierarchy of Administration Servers. You may also have to build a hierarchy of Administration Servers that is identical to the organizational structure of the organization whose network you want to protect.

  2. Preparation for the use of custom certificates

    If your organization's Public Key Infrastructure (PKI) requires that you use custom certificates issued by a specific certification authority (CA), prepare those certificates and make sure that they meet all the requirements.

  3. Installing a database management system (DBMS)

    Install the DBMS that will be used by Kaspersky Security Center Linux or use an existing one.

    You can choose from one of the supported DBMSs. For information about how to install the selected DBMS, refer to its documentation.

    If the distribution of your Linux-based operating system does not contain a supported DBMS, you can install the DBMS from a third-party package repository. If installing distributions from third-party repositories is prohibited, you can install the DBMS on a separate device.

    If you decide to install PostgreSQL or Postgres Pro DBMS, ensure that you specified a password for the superuser. If the password is not specified, Administration Server might not be able to connect to the database.

    If you install MariaDB, PostgreSQL, or Postgres Pro, use the recommended settings to ensure the DBMS functions properly.

    If you want to change the DBMS type after the installation, you have to reinstall Kaspersky Security Center Linux. The data can be partially and manually transferred to another database.

  4. Configuring ports

    Make sure that all the necessary ports are open for interaction between components in accordance with your selected security structure.

    If you have to provide internet access to the Administration Server, configure the ports and specify the connection settings, depending on the network configuration.

  5. Installing Kaspersky Security Center Linux

    Select a Linux device that you intend to use as Administration Server, ensure that the device meets the software and hardware requirements, and then install Kaspersky Security Center Linux on the device. The server version of Network Agent is installed together with Administration Server automatically.

  6. Installing Kaspersky Security Center Web Console and management web plug-ins

    Select a Linux device that you intend to use as the administrator's workstation, ensure that the device meets the software and hardware requirements, and then install Kaspersky Security Center Web Console on the device. You can install Kaspersky Security Center Web Console either on the same device where Administration Server is installed or on another device.

    Download the Kaspersky Endpoint Security for Linux management web plug-in and then install it on the same device where Kaspersky Security Center Web Console is installed.

  7. Installing Kaspersky Endpoint Security for Linux and Network Agent on the Administration Server device

    By default, the application does not consider the Administration Server device as a managed device. To protect Administration Server against viruses and other threats, and to manage the device as any other managed device, we recommend that you install Kaspersky Endpoint Security for Linux and Network Agent for Linux on the Administration Server device. In this case, Network Agent for Linux is installed and works independently from the server version of Network Agent that you installed together with Administration Server.

  8. Performing initial setup

    When Administration Server installation is complete, the first connection to the Administration Server the quick start wizard starts automatically. Perform initial configuration of Administration Server according to the existing requirements. During the initial configuration stage, the wizard uses the default settings to create the policies and tasks that are required for protection deployment. However, the default settings may be less than optimal for the needs of your organization. If necessary, you can edit the settings of policies and tasks.

  9. Discovery of networked devices

    Discover the devices manually. Kaspersky Security Center Linux receives the addresses and names of all devices detected on the network. You can then use Kaspersky Security Center Linux to install Kaspersky applications and software from other vendors on the detected devices. Kaspersky Security Center Linux regularly starts device discovery, which means that if any new instances appear on the network, they will be detected automatically.

  10. Arranging devices into administration groups

    In some cases, deploying protection on networked devices in the most convenient way may require you to divide the entire pool of devices into administration groups taking into account the structure of the organization. You can create moving rules to distribute devices among groups or you can distribute devices manually. You can assign group tasks for administration groups, define the scope of policies, and assign distribution points.

    Make sure that all managed devices have been correctly assigned to the appropriate administration groups, and that there are no longer any unassigned devices in the network.

  11. Assigning distribution points

    Distribution points are assigned to administration groups automatically but you can assign them manually, if necessary. We recommend that you use distribution points on large-scale networks to reduce the load on the Administration Server, and on networks that have a distributed structure to provide the Administration Server with access to devices (or device groups) communicated through channels with low throughput rates.

  12. Installing Network Agent and security applications on networked devices

    Deployment of protection on an enterprise network entails installation of Network Agent and security applications on devices that have been detected by Administration Server during the device discovery.

    To install the applications remotely, run the Protection deployment wizard.

    Security applications protect devices against viruses and other programs that pose a threat. Network Agent ensures communication between the device and Administration Server. Network Agent settings are configured automatically by default.

    Before you start installing Network Agent and the security applications on networked devices, make sure that these devices are accessible (turned on).

  13. Deploying license keys to client devices

    Deploy license keys to client devices to activate managed security applications on those devices.

  14. Configuring Kaspersky application policies

    To apply different application settings to different devices, you can use device-centric security management and/or user-centric security management. Device-centric security management can be implemented by using policies and tasks. You can apply tasks only to those devices that meet specific conditions. To set the conditions for filtering devices, use device selections and tags.

  15. Monitoring the network protection status

    You can monitor your network by using widgets on the dashboard, generate reports from Kaspersky applications, configure and view selections of events received from the applications on the managed devices, and view notification lists.

In this section

Installation

Quick start wizard

Protection deployment wizard

Page top