Main policy in the Managed devices folder of the main Administration Server
This policy is automatically created using the Quick Start Wizard for the managed application after installing the Kaspersky Security main administration plug-in. You can also create such policy manually using the Policy Wizard.
The policy is applied on all SVMs of all KSC clusters.
The entire protected infrastructure must be selected as the protected infrastructure for this policy. The Integration Server serves as the root element of the protected infrastructure.
The scope of this policy includes the following virtual machines:
File protection and network protection are disabled by default.
To enable file protection, you need to assign protection profiles to objects of the protected infrastructure in policy properties. You can assign the automatically created main protection profile or create and assign additional protection profiles.
Please keep in mind that the settings of the main policy located in the Managed devices folder are inherited by the main policies located in all nested administration groups. Settings that are closed with a "lock" cannot be redefined in nested policies.
To enable network protection, you need to configure the settings for Intrusion Prevention and Web Addresses Scan in policy properties.
Main policy in the group that contains the "VMware vCenter Agentless" cluster
You can create this policy manually by using the New Policy Wizard. The policy is applied on all SVMs of this "VMware vCenter Agentless" cluster.
You must select one VMware vCenter Server as the protected infrastructure for this policy and indicate the VMware vCenter Server corresponding to the "VMware vCenter Agentless" cluster. The root element of the protected infrastructure is the indicated VMware vCenter Server.
The scope of this policy includes all virtual machines within the protected infrastructure of this "VMware vCenter Agentless" cluster.
File protection is enabled by default: the main protection profile is assigned to the VMware vCenter Server and is inherited by all child objects of the virtual infrastructure. If you want to configure different file protection settings for different virtual machines within the protected infrastructure of this KSC cluster, you need to create and assign additional protection profiles in the policy properties.
Network protection is disabled by default. To enable network protection, you need to configure the settings for Intrusion Prevention and Web Addresses Scan in policy properties.
Main policy in the group that contains the "VMware Cloud Director Agentless" cluster
You can create this policy manually by using the New Policy Wizard. The policy is applied on all SVMs of this "VMware Cloud Director Agentless" cluster.
The entire protected infrastructure must be selected as the protected infrastructure for this policy. The Integration Server serves as the root element of the protected infrastructure.
The scope of this policy includes the following virtual machines:
File protection and network protection are disabled by default.
To enable file protection, you need to assign protection profiles to objects of the protected infrastructure in policy properties. You can assign the automatically created main protection profile or create and assign additional protection profiles.
In the properties of the main policy for the "VMware Cloud Director Agentless" cluster, you can assign protection profiles to any objects of the protected infrastructure. However, file protection settings will be applied only for protecting virtual machines that are not part of Cloud Director organizations and are managed by VMware vCenter Servers connected to VMware Cloud Director mapped to the "VMware Cloud Director Agentless" cluster.
To enable network protection, you need to configure the settings for Intrusion Prevention and Web Addresses Scan in policy properties.
Tenant policy in the Managed devices folder of the main Administration Server
This policy is automatically created using the Quick Start Wizard for the managed application after installing the Kaspersky Security administration plug-in for tenants on the main Administration Server. You can also create such policy manually using the Policy Wizard.
If the Managed devices folder of the main Administration Server is missing a tenant policy, Kaspersky Security Center does not register events that occur when scanning and protecting virtual machines of tenants, and does not display virtual machines of tenants within the KSC cluster protected infrastructure or in the list of virtual machines protected by SVMs.
The settings of this policy are not used directly for the protection of virtual machines: the protected infrastructure is not selected for this policy. However, the settings of the main protection profile and KSN usage settings configured in this policy may be inherited in tenant policies located in nested administration groups, for example, in the Managed devices folder of the virtual Administration Server. This way, you can define the same file protection settings for the virtual infrastructures of all tenants.
In this policy, you can configure the settings for notifications about events that occur when protecting and scanning virtual machines of tenants.
Please keep in mind that the settings that are closed with a "lock" in a tenant policy on the main Administration Server will be unavailable for editing on virtual Administration Servers. The administrators of tenants will not be able to configure these settings.
If you want to centrally enable Kaspersky Security Network usage for protection of all the tenant virtual machines, you need first to obtain the consent of the tenants to send KSN usage information and other information to Kaspersky depending on the KSN usage mode that you selected (standard KSN or extended KSN).
Tenant policy in the group that contains the "VMware Cloud Director Agentless" cluster
This policy is equivalent to a tenant policy in the Managed devices folder of the main Administration Server (see above). You can create this policy manually by using the New Policy Wizard.
Tenant policy in the Managed devices folder of the virtual Administration Server
You can create this policy manually by using the New Policy Wizard.
The policy is applied on all SVMs of the "VMware Cloud Director Agentless" cluster corresponding to VMware Cloud Director mapped to the Cloud Director organization that containing the virtual machines of the tenant.
The protected infrastructure for this policy is selected automatically. The root element is the "Cloud Director organization" object that combines all virtual Datacenters of the tenant.
The scope of this policy includes all virtual machines within the Cloud Director organization that corresponds to this virtual Administration Server.
File protection is enabled by default: the main protection profile is assigned to the "Cloud Director organization" root element and is inherited by all objects of the tenant virtual infrastructure. If you want to configure different file protection settings for different virtual machines within the virtual infrastructure of the tenant, you need to create and assign additional protection profiles in the policy properties.
Page top