At this step of tenant security infrastructure deployment, you can perform the following actions:
You can deploy SVMs that will protect tenant virtual machines in any folder or administration group on the main Kaspersky Security Center Administration Server.
It is not recommended to deploy SVMs and Protection Server policy in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
If you want the SVM to protect virtual machines of only particular tenants, restrict the Light Agent access to SVM in one of the following ways:
It is not recommended to configure connection tags in Light Agent policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
Per the order of Kaspersky Security Center policy inheritance on all SVMs in the hierarchy of administration groups, the default Protection Server policy is applied. It is created in the Managed devices folder on the main Administration Server as a result Kaspersky Security MMC plug-ins installation. If you want to configure specific operation settings for the SVMs that will protect tenant virtual machines, create a Protection Server policy in the folder where the SVM that protects tenant virtual machines is located.
If you want to centrally enable Kaspersky Security Network usage to protect tenant virtual machines, make sure that the personal data of tenants is legally processed.Page top