At this step of the deployment of tenant security infrastructure, you can perform the following actions:
You can deploy SVMs that will protect tenant virtual machines in any folder or administration group on the main Kaspersky Security Center Administration Server.
It is not recommended to deploy the SVMs and Protection Server policy in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
If you want the SVM to protect virtual machines of only particular tenants, you need to restrict Light Agents' access to the SVM in one of the following ways:
It is not recommended to configure connection tags in Light Agent policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
In accordance with the procedure for inheritance of Kaspersky Security Center policies, the default Protection Server policy is applied on all SVMs in administration group hierarchy. It is created in the Managed devices folder on the main Administration Server. If you want to configure specific operating settings for the SVMs that will protect tenant virtual machines, you need to create a Protection Server policy in the folder where the SVM that protects tenant virtual machines is located.
If you want to centrally enable use of Kaspersky Security Network to protect tenants' virtual machines, make sure that tenants' personal data is being processed legally.
Page top