Creating Protection Server policy in the Administration Console

To create a Protection Server policy in the Administration Console:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose SVMs you want to create a policy.

    On the Devices tab of the folder with the name of the administration group, you can view a list of SVMs that belong to this administration group.

  3. In the workspace, select the Policies tab.
  4. Click the New policy button to start the New Policy Wizard.

    You can also start the wizard using the NewPolicy option in the context menu of the policy list.

  5. At the first step of the wizard, select Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server from the list.

    Proceed to the next step of the wizard.

  6. Enter a name for the new policy.
  7. If you want to migrate the settings from a Protection Server policy of a previous version of Kaspersky Security into the policy being created, select the Use settings from policy for previous application version check box.

    You can migrate the settings from a policy that was created in Kaspersky Security for Virtualization 4.0 Light Agent or a later version of the application.

    Proceed to the next step of the wizard.

  8. Decide on whether or not to participate in Kaspersky Security Network (KSN). To do so, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
    • If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
    • If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option and confirm your decision in the window that opens.

    All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.

    If necessary, you can change your decision regarding KSN participation later.

    If you want Kaspersky Security to use the KSN, please make sure the required KSN type is configured in Kaspersky Security Center. To use Global KSN, the KSN proxy server service must be enabled in Kaspersky Security Center. To use the Private KSN, it must be enabled and configured in Kaspersky Security Center. The KSN Proxy service and Private KSN can be configured in the properties of the Kaspersky Security Center Administration Server in the KSN proxy server section. See Kaspersky Security Center help for more information.

    Proceed to the next step of the wizard.

  9. If you want to receive application module updates together with the application database update package, select the Update application modules check box.

    Proceed to the next step of the wizard.

  10. If you want to receive SVM status information using a network management system that utilizes the SNMP protocol, enable SNMP monitoring of the status of SVMs.

    Proceed to the next step of the wizard.

  11. If you have enabled the display of advanced settings for the Protection Server policy, configure the SVM advanced settings.

    Proceed to the next step of the wizard.

  12. Verify the address and port used for connecting SVMs to the Integration Server. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.

    If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.

    Proceed to the next step of the wizard.

    If the device hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the local or domain KLAdmins group or to the group of local administrators, in the Connection to the Integration Server window that opens, specify the Integration Server administrator password (password of the admin account).

    The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.

  13. If you want to encrypt the connection between Light Agents and SVMs, configure the encryption settings for connections between Light Agents and SVMs.

    Proceed to the next step of the wizard.

  14. If you are using the application under an enterprise license, you can configure connection tags usage settings to connect Light Agents to SVMs.

    Proceed to the next step of the wizard.

  15. Exit the Policy Wizard.

The created policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.

The policy will be applied to SVMs after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security at the next SVM connection. Kaspersky Security starts protecting virtual machines according to the policy settings.

If Network Agent is not running on the SVM, the created policy is not applied on it.

If you selected the Inactive policy option during the previous step of the New Policy Wizard, the newly created policy is not applied on the SVM.

Page top