Creating a tenant policy

A tenant policy is used only if the application is operating in multitenancy mode. A tenant policy lets you configure the File Threat Protection settings for virtual machines that are part of vCloud Director organizations.

To create a tenant policy:

  1. In the Kaspersky Security Center Administration Console, start the New Policy Wizard:
    1. In the console tree, select the folder or administration group in which you want to create a policy.
    2. In the workspace, select the Policies tab and click the New policy button.
  2. At the first step of the Wizard, select Kaspersky Security for Virtualization 6.0 Agentless (for tenants) from the list and proceed to the next step of the Wizard.
  3. Enter the name of the new policy and proceed to the next step of the wizard.
  4. Specify the Integration Server address and proceed to the next step of the Wizard.

    The Wizard establishes a connection to the Integration Server to receive information about the VMware virtual infrastructure.

    The wizard checks the SSL certificate received from the Integration Server. If the received certificate contains an error, the Certificate verification window containing the error message opens. The SSL certificate is used to establish a secure connection to the Integration Server. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To view information on the received certificate, click the View the received certificate button in the window containing the error message. You can install the certificate you received as a trusted certificate to avoid receiving a certificate error message at the next connection to the Integration Server. To do so, select the Install received certificate and stop showing warnings for <Integration Server address> check box.

    To continue connecting, click the Continue button in the Certificate verification window. If you selected the Install received certificate and stop showing warnings for <Integration Server address> check box, the received certificate is saved in the operating system registry on the computer where the Kaspersky Security Center Administration Console is installed. The application also checks the previously installed trusted certificate for the Integration Server. If the received certificate does not match the previously installed certificate, a window opens to confirm replacement of the previously installed certificate. To replace the previously installed certificate with the certificate received from the Integration Server and continue connecting, click the Yes button in this window.

  5. At this step, you can change the default settings of the main protection profile.

    In the policy located in the Managed devices folder of the virtual Administration Server, the main protection profile is assigned by default to all virtual machines within the protected infrastructure of the tenant.

    Proceed to the next step of the wizard.

  6. Decide on whether or not to participate in Kaspersky Security Network. To do so, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
    • If you want the application to use KSN in its operations and you agree to all the terms of the Statement, select I have read, understand, and accept the terms of this Kaspersky Security Network Statement.
    • If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option and confirm your decision in the window that opens.

    You will be able to change your decision later if necessary.

    KSN usage settings (KSN mode and type) are determined by the main policy whose scope includes the virtual machines of the tenant.

    Proceed to the next step of the wizard.

  7. Exit the Policy Wizard.

The created tenant policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.

In a tenant policy that is located in the Managed devices folder of the virtual Administration Server, file protection is enabled by default (the main protection profile is used). If you want to configure different file protection settings for different virtual machines within the protected infrastructure, you need to create and assign additional protection profiles in the policy properties.

In a tenant policy that is located in the Managed devices folder of the main Administration Server or in the administration group that contains the VMware vCloud Director Agentless cluster, file protection is disabled by default.

The policy will be applied to SVMs after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security at the next SVM connection. Kaspersky Security will start protecting virtual machines according to the policy settings.

Page top