KSC Open API
13.1
Kaspersky Security Center API description
|
Gateway connection is a way to communicate between nodes which don't have possibility to create direct connection. Gateway connection is created with help of gateway nodes, each of those has two connections and redirect all data between them. For example it is possible to create gateway connection from OpenAPI client to Network Agent through KSC Server as a gateway node; in such case OpenAPI client may make OpenAPI calls to Network Agent. With help of gateway connections OpenAPI client may connect to the secondary Administration Servers, Network Agents and components on them. Multi-node gateway connections are also supported, so gateway connections such as "OpenAPIClient -> the primary Administration Server -> the secondary Administration Server -> Network Agent" are possible.
Gateway connections may be created using GatewayConnection interface. The general scheme to create a gateway connection is following:
If 'login' method was used for authentication, then after successful authentication current connection may be used to make OpenAPI calls to target.
If Session.StartSession was called for authentication, then all calls within created session will be routed to target host.
Example1: if you want to connect to Network Agent 1, which is managed by the primary Administration Server 1:
After successful authentication this connection may be used to communicate with Network Agent 1, for example, by calling methods of NagHstCtl, NagRdu, NagGuiCalls, NagRemoteScreen (or NagCgwHelper to recursively create a deeper gateway connection).
Example2: if you want to connect to Network Agent 2, which is managed by the secondary Administration Server 1, and you connected to the primary Administration Server 1, where the primary Administration Server 1 is a direct primary Server for the secondary Administration Server 1:
After successful authentication this connection may be used to communicate with Network Agent 2, for example, by calling methods of NagHstCtl, NagRdu, NagGuiCalls, NagRemoteScreen (or NagCgwHelper to recursively create a deeper gateway connection).
With KlAkOAPI Python package the secondary Administration Server can be connected as follows:
# connect to main server with basic authentication to get gateway token server_main = KlAkOAPI.AdmServer.KlAkAdmServer.Create('https://ksc-main.example.com', 'username', 'password', verify = False) # step 1: get the secondary Administration Server location cgwHelper = KlAkOAPI.CgwHelper.KlAkCgwHelper(server_main) slaveServerLocation = cgwHelper.GetSlaveServerLocation(nChildServerId).RetVal() # step 2: build locations list arrLocation = [KlAkOAPI.Params.paramParams(slaveServerLocation)] # step 3: prepare gateway connection to main server with locations array built on previous step gatewayConnection = KlAkOAPI.GatewayConnection.KlAkGatewayConnection(server_main) token_on_slave = gatewayConnection.PrepareGatewayConnection(arrLocation).OutPar('wstrAuthKey') server_main.Disconnect() # connect the secondary Administration Server server = KlAkOAPI.AdmServer.KlAkAdmServer.CreateGateway('https://ksc-main.example.com', token_on_slave, verify = False)
Network Agent can be connected as follows:
# connect to main server with basic authentication to get gateway token server_main = KlAkOAPI.AdmServer.KlAkAdmServer.Create('https://ksc-main.example.com', 'username', 'password', verify = False) # step 1: get the Network Agent location cgwHelper = KlAkOAPI.CgwHelper.KlAkCgwHelper(server_main) nagentLocation = cgwHelper.GetNagentLocation(wsHostName).RetVal() # step 2: build locations list arrLocation = [KlAkOAPI.Params.paramParams(nagentLocation)] # step 3: prepare gateway connection to main server with locations array built on previous step gatewayConnection = KlAkOAPI.GatewayConnection.KlAkGatewayConnection(server_main) token_on_nagent = gatewayConnection.PrepareGatewayConnection(arrLocation).OutPar('wstrAuthKey') server_main.Disconnect() # connect Network Agent server = KlAkOAPI.AdmServer.KlAkAdmServer.CreateGateway('https://ksc-main.example.com', token_on_slave, verify = False)