At this stage of deployment of the tenant protection framework, create a Light Agent policy in one of the following folders:
In the Light Agent policy, configure the Light Agent operation settings as follows:
If you use the application under a standard license, connection tags are not available. To restrict Light Agents access to SVMs, you can block network connections from the tenant subnet to the following TCP ports of the SVM subnet: 80, 9876, 9877, 11111, 11112.
The default values can be used for other settings for connecting Light Agents to SVMs.
It is recommended to lock all the settings for connecting Light Agents to SVMs with the "lock" in order to prohibit changing these settings in the local application settings and in policies of the nested hierarchy level.
Using the "lock" attribute, you can allow or block changing of settings or groups of settings in the local application settings, task settings, or in policies of the nested hierarchy level (for nested administration groups and secondary Administration Servers). Tenant administrators cannot configure "locked" settings. If the "locks" are open, the tenant administrator can to independently configure the operation of Light Agent components.
If Light Agents and SVMs of Kaspersky Security for Virtualization 5.1 Light Agent are installed in the tenant virtual infrastructure, it is recommended to use the policies enabling tenant protection that were automatically created in the Multitenancy KSV LA → <Tenant name> folder to configure general operation settings for these Light Agents. For more information refer to Kaspersky Security for Virtualization 5.1 Light Agent Help.
It is not recommended to configure general operation settings of Light Agents in the policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.Page top