Considerations for deploying the application when using Kaspersky Security Center 15 Linux
If you are planning to use Kaspersky Security Center 15 Linux to manage Kaspersky Security for Virtualization 5.2 Light Agent, the process of installing the application in a virtual infrastructure includes the following steps:
Installing Kaspersky Security management web plug-ins
The web plug-ins provide an interface for managing Kaspersky Security with Kaspersky Security Center Web Console. Kaspersky Security Center 15 Linux does not support Kaspersky Security Center Administration Console and management MMC plug-ins.
In the Kaspersky Security Center Web Console main window, select Console settings → Web plug-ins.
The list of installed web plug-ins opens.
Click the Add button.
A list of all available Kaspersky web plug-ins opens. The list is updated automatically as new web plug-in versions are released.
Find the required web plug-in in the list and click the plug-in name. Install the following plug-ins, in this order:
Kaspersky Security for Virtualization 5.2 Light Agent—Protection Server—Protection Server management web plug-in
Kaspersky Security for Virtualization 5.2 Light Agent for Windows—Light Agent for Windows management web plug-in
Kaspersky Security for Virtualization 5.2 Light Agent for Linux—Light Agent for Linux management web plug-in
In the web plug-in description window that opens, click Install plug-in.
Wait for the installation process to finish and click OK in the information window.
Newly installed plug-ins are displayed in the list of installed web plug-ins.
Installing the Integration Server and Integration Server Console.
Installing and running Integration Server and Integration Server Console requires a device with a Windows OS. The installation process should be run under a local administrator account.
You will need a ksvla-components_5.2.X.X_mlg.exe file, where 5.2.X.X is the application version number. You can download this file from the Kaspersky website in the Kaspersky Security for Virtualization | Light Agent section (Build → Kaspersky Security Components Installation Wizard).
[folder] is the path to the folder to extract the Integration Server and Integration Server Console installation files into. In the absence of a path, the files will be extracted into the data subfolder inside the folder containing ksvla-components_5.2.X.X_mlg.exe.
--accept-EulaAndPrivacyPolicy=yes means that you accept the terms of the Kaspersky Security End User License Agreement, concluded between you and Kaspersky, and the Privacy Policy, which describes the processing and transmission of data. By setting this parameter to yes, you confirm the following:
You have fully read, understood and accept the terms and conditions of the Kaspersky Security End User License Agreement.
You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.
Accepting the terms of the End User License Agreement and Privacy Policy is a prerequisite for installing Integration Server and Integration Server Console. You can read the text of the End-User License Agreement and the Privacy Policy by executing the following command:
The text of the End-User License Agreement and the Privacy Policy is output to the license_<language ID>.txt file in the tmp folder.
Running the command creates two subfolders with files inside the specified folder. The AttachedContainer subfolder contains, among others, files required for installing Integration Server and Integration Server Console:
viis_service.msi
viis_console.msi
Start the Integration Server installation process by running:
viis_service.msi ADMIN_VIIS_PASSWORD=<password>
where:
<password> is the password of the Integration Server administrator account (admin). The admin account is used for connecting Integration Server Console to Integration Server.
A password must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
Launch the Integration Server Console installation process by running:
viis_console.msi
After the installation process is completed, you can start Integration Server Console by opening Kaspersky.VIISConsole.UI.exe, which is located in %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\.
Kaspersky.VIISConsole.UI.exe is a file located in the %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\ folder on the device where you installed the Integration Server and Integration Server Console.
<language ID> – Integration Server Console language identifier formatted as follows: ru, en, de, fr, zh-Hans, zh-Hant, ja. It is case-sensitive.
Specify the following connection settings:
Address and port of the Integration Server to which the connection is established.
For the address, you can specify the IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
The Integration Server administrator password that you set when installing Integration Server.
The Console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Verify certificate window with the appropriate message opens. Click the link in this window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.
To continue connecting to the Integration Server, click the Trust the certificate button in the Verify certificate window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the device hosting the Integration Server Console.
Preparing the Protection Servers for operation. To prepare Protection Servers for operation, complete the following actions:
Create a policy for Protection Server in Kaspersky Security Center Web Console and configure the policy settings for connecting SVMs to Integration Server.
Installing Light Agent for Windows and/or Light Agent for Linux on virtual machines.
The installation is performed remotely, with the help of Kaspersky Security Center Web Console, and consists of the following steps:
Preparing installation packages.
The remote installation process uses installation packages, which you need to prepare in advance.
Installing on Windows virtual machines requires a Light Agent for Windows installation package and a Kaspersky Security Center Network Agent installation package.
Installing on Linux virtual machines requires a Light Agent for Linux installation package. A separate Kaspersky Security Center Network Agent installation package is not required, as Network Agent is part of a Light Agent for Linux installation package.
Copy the WindowsAgent folder located in the unpacked folder to a ZIP archive.
In the Kaspersky Security Center Web Console main window, select Device discovery and deployment → Deploy and assign → Installation packages.
A list of installation packages available on Administration Server opens.
Click the Add button.
The New Package Wizard starts.
On the first wizard page, select a method for creating an installation package: Create installation package from file.
Enter a package name, click Browse and select the prepared archive.
While creating an installation package, you will need to accept the terms of the End User License Agreement and the Privacy Policy. When prompted by the wizard, read the End User License Agreement between you and Kaspersky, and the Privacy Policy that describes the processing and transmission of data. To continue creating the installation package, you must confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy.
The newly created installation package is displayed in the list of installation packages. You can use the installation package to install Light Agent for Windows remotely.
In the Kaspersky Security Center Web Console main window, select Device discovery and deployment → Deploy and assign → Installation packages.
A list of installation packages available on Administration Server opens.
Click the Add button.
The New Package Wizard starts.
On the first wizard page, select a method for creating an installation package: Create a Kaspersky application installation package.
A list of distribution kits available on Kaspersky servers opens.
Select a Kaspersky Security Center Network Agent for Windows distribution kit and click its name.
In the window on the right, review the kit details and click Download and create installation package. The process of creating a new installation package starts.
While creating an installation package, you will need to accept the terms of the End User License Agreement. Click Show End User License Agreement. To continue creating the installation package, you have to confirm that you have fully read and accept the terms of the End User License Agreement.
Close the kit details window.
The newly created installation package is displayed in the list of installation packages. You can use the installation package to install Light Agent for Windows remotely.
Copy the LinuxAgent folder located in the unpacked folder to a ZIP archive.
In the Kaspersky Security Center Web Console main window, select Device discovery and deployment → Deploy and assign → Installation packages.
A list of installation packages available on Administration Server opens.
Click the Add button.
The New Package Wizard starts.
On the first wizard page, select a method for creating an installation package: Create installation package from file.
Enter a package name, click Browse and select the prepared archive.
While creating an installation package, you will need to accept the terms of the End User License Agreement and the Privacy Policy. When prompted by the wizard, read the End User License Agreement between you and Kaspersky, and the Privacy Policy that describes the processing and transmission of data. To continue creating the installation package, you must confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy.
The newly created installation package is displayed in the list of installation packages.
After the Light Agent for Linux installation package is created, you need to configure the settings for connecting Network Agent, which will be installed on the virtual machine together with Light Agent for Linux, to Kaspersky Security Center Administration Server.
To do this:
On the device with Kaspersky Security Center 15 Linux installed, locate the folder that contains the files of the newly created installation package. The path to the folder is displayed in Path, in the package properties window that opens from the list of installation packages in Kaspersky Security Center Web Console.
In klnagent.ini, in the KLNAGENT_SERVERS key, specify the IP address in IPv4 format or fully qualified domain name (FQDN) of the device where Kaspersky Security Center Administration Server is installed.
Save klnagent.ini.
You can use the installation package to install Light Agent for Linux remotely.
Starting a remote installation task in Kaspersky Security Center Web Console.
Specify the prepared Network Agent installation package in the properties of the Light Agent for Windows remote installation task. For more information about the remote installation task, see the Kaspersky Security Center Help.