Installing Kaspersky Security Center Web Console connected to Administration Server installed on Kaspersky Security Center Linux failover cluster nodes

Expand all | Collapse all

This section describes how to install Kaspersky Security Center Web Console Server (hereinafter also referred to as Kaspersky Security Center Web Console), that connects to Administration Server installed on Kaspersky Security Center Linux failover cluster nodes. Prior to installing Kaspersky Security Center Web Console, install a DBMS and Kaspersky Security Center Linux Administration Server on Kaspersky Security Center Linux failover cluster nodes.

Kaspersky Security Center Web Console does not support clustering. We recommend installing Kaspersky Security Center Web Console on a separate server.

To install Kaspersky Security Center Web Console that connects to Administration Server installed on Kaspersky Security Center Linux failover cluster nodes:

1. Perform step 1 and step 2 of the Kaspersky Security Center Web Console installation.
2. At step 3, in the response file, specify the trusted installation parameter to allow the Kaspersky Security Center Web Console to connect to Kaspersky Security Center Linux failover cluster.

   Components of the trusted installation parameter

   You can sign in to Kaspersky Security Center Web Console by using the following methods:

   • By using domain authentication (single sign-on)
   • By specifying the name and password of the domain user
   • By specifying the name and password of the internal user

   If you want to connect to the Kaspersky Security Center Linux failover cluster by using domain authentication with SSO, specify the trusted installation parameter as follows:

   "trusted": {

   "<Administration Server name>": {

   "iamHost": "ksc-iam.example.com",

   "iamOAuthPort": 4444,

   "iamProxyPort": 9050,

   "iamCertPath": "<shared data folder>/iam/main_certificate.pem",

   "iamPATPath": "<shared data folder>/iam/initial_token.txt",

   "kscPort": 13299,

   "kscCertPath": "<shared data folder>/1093/cert/klserver.cer"

   }

   }

   where:

   • <Administration Server name> is the Kaspersky Security Center Linux failover cluster name that will be displayed in the login window of Kaspersky Security Center Web Console.
   • iamHost is the address of the device where Administration Server and IAM are installed. If you created a secondary network adapter when preparing the cluster nodes, use the FQDN, host name, or IP address of the adapter as the Kaspersky Security Center Linux failover cluster address. Otherwise, specify the FQDN, host name, or IP address of the third-party load balancer that you use.
   • iamOAuthPort is the port that is used for exchanging authentication tokens over the OpenID Connect authentication protocol (default value is 4444). This port is used both for communication between Kaspersky Security Center Web Console Server and Administration Server with IAM, and between the browser (used with Kaspersky Security Center Web Console) and Administration Server with IAM.
   • iamProxyPort is the port that is used for connecting Kaspersky Security Center Web Console Server to IAM (default value is 9050).
   • iamCertPath is the path to the certificate of IAM. The default path to the certificate: <shared data folder>/iam/main_certificate.pem. The certificate is located in the shared data storage of the Kaspersky Security Center Linux failover cluster.
   • iamPATPath is the path to the token used for registration of Kaspersky Security Center Web Console as an OAuth-client in IAM. This file is generated during the Kaspersky Security Center Linux installation. The default path to the token: <shared data folder>/iam/initial_token.txt. The token is located in the shared data storage of the Kaspersky Security Center Linux failover cluster.
   • kscPort is the OpenAPI port that Kaspersky Security Center Web Console and IAM use to connect to Administration Server (default value is 13299).
   • kscCertPath is the Administration Server certificate that is located in the shared data storage of the Kaspersky Security Center Linux failover cluster. The default path to the certificate file is: <shared data folder>\1093\cert\klserver.cer.

     Copy the Administration Server certificate file (specified by kscCertPath), the IAM certificate file (specified by iamCertPath), and the token file (specified by iamPATPath) from the shared data storage to the device where you install Kaspersky Security Center Web Console. Specify the local path to the Administration Server certificate.

   If you want to connect to the Kaspersky Security Center Linux failover cluster by entering the user name and password of the domain user or the internal user, specify the trusted installation parameter as follows:

   "trusted": {

   "<Administration Server name>": {

   "kscHost": "ksc.example.com",

   "kscPort": 13299,

   "kscCertPath": "<shared data folder>/1093/cert/klserver.cer"

   }

   }

   where:

   • <Administration Server name> is the Kaspersky Security Center Linux failover cluster name that will be displayed in the login window of Kaspersky Security Center Web Console.
   • kscHost is the Administration Server address. If you created a secondary network adapter when preparing the cluster nodes, use the IP address of the adapter as the Kaspersky Security Center Linux failover cluster address. Otherwise, specify the IP address of the third-party load balancer that you use.
   • kscPort is the OpenAPI port that Kaspersky Security Center Web Console uses to connect to Administration Server (default value is 13299).
   • kscCertPath is the Administration Server certificate that is located in the shared data storage of the Kaspersky Security Center Linux failover cluster. The default path to the certificate file is: <shared data folder>\1093\cert\klserver.cer. Copy the certificate file from the shared data storage to the device where you install Kaspersky Security Center Web Console. Specify the local path to the Administration Server certificate.

3. Continue with the standard installation of Kaspersky Security Center Web Console.

After the installation is complete, a shortcut appears on your desktop, and you can log in to Kaspersky Security Center Web Console.