Changing the settings for connecting to the virtual infrastructure in the Integration Server Console
To open the list of virtual infrastructures to which the Integration Server connects:
- Start the Integration Server Console.
- In the list on the left, select the Infrastructure connection settings section.
A table of virtual infrastructures to which the Integration Server connects will open.
Each row of the table contains the following information:
- Infrastructure
Virtual infrastructure type and IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server connects for interaction with the virtual infrastructure.
For an infrastructure running on VMware vCenter Server with VMware NSX Manager by Kaspersky Security enabled, the column displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of VMware NSX Manager.
- State
Status of the connection between the Integration Server and the virtual infrastructure.
For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure to which the SVM Management Wizard connects.
If the Integration Server is not connected to the virtual infrastructure object, the table displays an error message.
The Integration Server verifies the authenticity of all virtual infrastructure objects with which a connection is being established, except a Microsoft Windows Server (Hyper-V) hypervisor.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
Authentication for microservices of the OpenStack platform, VK Cloud platform, and TIONIX Cloud Platform is performed only if you are using HTTPS for connecting the Integration Server to the virtual infrastructure.
To verify authenticity, the Integration Server receives an SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If it fails to ascertain the authenticity of the certificate or public key received from the virtual infrastructure object, the Integration Server breaks the connection with the virtual infrastructure. An error message is displayed in the table. You can resolve this error.
To resolve an SSL certificate validation error or public key validation error received from a virtual infrastructure object, do one of the following:
- Confirm the authenticity of the certificate or public key received from the virtual infrastructure object. To do this, you need to launch the SVM Management Wizard (in the SVM Management section of the Integration Server Console) and open the list of virtual infrastructures to which the SVM Management Wizard is configured to connect (for example, see the "Selecting infrastructure for SVM deployment" step in the procedure for installing the Protection Server). The wizard prompts you to verify the authenticity of the certificate or public key in the Verify certificate or Verify public key fingerprint window (depending on the type of virtual infrastructure object).
- Replace the certificate with a new one if you do not believe that the existing certificate is authentic.
If the use of VMware NSX Manager in Kaspersky Security is enabled, the Integration Server also checks the VMware NSX Manager certificate. If the certificate is not trusted by the Integration Server or does not match a previously installed certificate, an error message is displayed in the table. You can resolve this error.
To resolve a VMware NSX Manager SSL certificate validation error, do one of the following:
- Verify the authenticity of the certificate. To view information about the received certificate, you need to click the Confirm VMware NSX Manager certificate authenticity link that is displayed in the error message. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to VMware NSX Manager. To do so, click the Trust the certificate button in the Verify certificate window. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- If you do not consider the certificate to be trusted, you can disconnect by clicking the Cancel button, and replace the certificate with a new one.
Expand all | Collapse all
How to change the settings for connecting to the virtual infrastructure
- Start the Integration Server Console.
- In the list on the left, select the Infrastructure connection settings section.
The list of all virtual infrastructures to which the Integration Server connects opens:
- In the table, select a virtual infrastructure whose connection settings you want to modify, and click the Edit link above the table.
The Change virtual infrastructure connection settings window opens.
The Address field displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object, to which the Integration Server is connected for interaction with protected virtual infrastructure. The Address field cannot be changed.
- Make the necessary changes. You can change the following settings for connection of the Integration Server to the virtual infrastructure:
- Protocol
Protocol used to connect the Integration Server to the virtual infrastructure. By default, HTTPS protocol is used.
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- OpenStack domain
Name of the OpenStack domain that contains an account used to connect the Integration Server to the virtual infrastructure.
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
Name of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.
To connect to a virtual infrastructure running on Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Basis (Skala-R), HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, ALT Virtualization Server, Astra Linux, Numa vServer, VK Cloud platform, or TIONIX Cloud Platform, we recommend using an account with restricted permissions for virtual infrastructure operations.
To connect to a virtual infrastructure running on the Microsoft Hyper-V platform during Kaspersky Security operation, you must use the same user account that is used for SVM deployment, removal and reconfiguration.
- Password
Password of the user account that the Integration Server uses to connect to the virtual infrastructure during Kaspersky Security operation.
- Click the OK button in the Change virtual infrastructure connection settings window.
How to configure the use of VMware NSX Manager in the Kaspersky Security solution
- Start the Integration Server Console.
- In the list on the left, select the Infrastructure connection settings section.
The list of all virtual infrastructures to which the Integration Server connects opens:
- In the table, select the virtual infrastructure managed by VMware vCenter Server, and click the Edit link located above the table.
The Change virtual infrastructure connection settings window opens.
- Configure the settings for connecting the Integration Server to VMware NSX Manager:
- Use VMware NSX Manager
Enables or disables the use of VMware NSX Manager in the Kaspersky Security solution
If VMware NSX Manager is used in the operation of the solution, Kaspersky Security can assign security tags to the protected virtual machine.
- Address
New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.
If VMware NSX-T Manager is clustered in your virtual infrastructure, specify the virtual IP address of the cluster. First assign a virtual IP address and certificate to the cluster (for more information on configuring the VMware NSX-T Manager cluster, refer to VMware documentation).
- User name
Name of the account that the Integration Server uses to connect to VMware NSX Manager. A VMware NSX Manager account that has been assigned the Enterprise Administrator role is required.
- Password
Password of the account that the Integration Server uses to connect to VMware NSX Manager.
If you change the account password for connecting to VMware NSX-T Manager, the Integration Server can connect to VMware NSX Manager no earlier than 15 minutes after saving the new connection settings.
- Click the OK button in the Change virtual infrastructure connection settings window.
Page top