When configuring virtual infrastructure protection, it is recommended to account for the specific features of Kaspersky Security policies.
The policy scope, which is a set of virtual machines for which a policy can be used for protection, depends on the type of policy and the protected infrastructure that was selected during configuration of the policy and policy scope (set of SVMs on which the policy is applied).
Kaspersky Security policy types
The following types of policies are provided for Kaspersky Security:
If the application is operating in multitenancy mode, the main policy determines the Network Threat Protection settings for all virtual machines and the File Threat Protection settings for virtual machines that are not part of vCloud Director organizations.
It is recommended to create main policies on the main Administration Server of Kaspersky Security Center. Main policies are created using the Kaspersky Security main administration plug-in.
You can create tenant policies on the main Administration Server or on virtual Administration Servers of Kaspersky Security Center by using the Kaspersky Security administration plug-in for tenants.
Protected infrastructure of a policy
Depending on the protected infrastructure that you select when configuring a policy, the following policies are distinguished as follows:
Policy application scope
In Kaspersky Security, a policy is applied on SVMs. Each SVM can protect only the virtual machines running on the same hypervisor where the SVM is deployed. Therefore, the policy protection scope (set of virtual machines for which a policy can be used for protection) depends on the policy application scope (set of SVMs on which the policy is applied).
The policy application scope is determined by the location of the policy within the hierarchy of Kaspersky Security Center administration groups. A policy is applied on SVMs as follows:
Inheriting policy settings
According to the order of inheritance of Kaspersky Security Center policies, by default the settings of policies are transferred to policies of nested administration groups and subordinate Administration Servers (for more details, please refer to the Kaspersky Security Center documentation). The settings and settings groups of policies have a "lock" attribute, that shows whether or not you are allowed to change these settings in nested policies. If a setting or a group of settings in a policy is "locked" (), the values of these settings are defined in nested policies and cannot be redefined.
Page top