This section describes the sequence of steps that must be performed to configure Kaspersky Thin Client and Kaspersky Security Center, and to establish a connection between them. These steps must be performed by the administrator or another qualified expert from your organization who can verify the authenticity of the accepted certificate used to connect to Kaspersky Security Center.
Instructions on installing Kaspersky Thin Client to a thin client are provided in a separate article.
Before installation of Kaspersky Thin Client or prior to the first startup of a thin client on which a Kaspersky Thin Client system is pre-installed, you are advised to update the BIOS on the thin client to the latest version, set a password for BIOS configuration changes, and configure the option to boot only from a local SSD device. These recommended measures will help prevent potential security risks, such as operating system substitution, replacement or deletion of remote server connection certificates, and unauthorized access to operating system settings.
Kaspersky Thin Client supports Secure Boot technology, which allows UEFI to verify the authenticity of loaded components. If you want to configure Secure Boot, you can get the necessary keys from Kaspersky experts and use the instructions from the Knowledge Base.
The scenario for initial configuration of Kaspersky Thin Client and Kaspersky Security Center, and for establishing a connection between them consists of the following steps:
Download the Kaspersky Security Center distribution package and install the full version of Kaspersky Security Center on the server. The distribution package for the full version of Kaspersky Security Center includes the Kaspersky Security Center Web Console. We recommend selecting the standard installation. For details on installing Kaspersky Security Center, please refer to the Kaspersky Security Center Online Help.
If you plan to use the default port to connect the thin client to Kaspersky Security Center, set the rules allowing TCP connections through port 13292 for the operating system firewall of the server on which Kaspersky Security Center is installed. If you plan to use a port other than 13292, set the permissions accordingly. For detailed information on configuring firewall rules, please refer to the relevant documentation on the operating system you are using.
In the Kaspersky Security Center Web Console, install the Kaspersky Security Management Suite web plug-in.
Kaspersky Thin Client uses a mobile protocol to connect to Kaspersky Security Center. On the Kaspersky Security Center Administration Server, enable use of the TCP port that you set up access to in step 2. For more information about enabling a TCP port on the Kaspersky Security Center Administration Server, please refer to the Kaspersky Security Center Online Help.
Turn on Kaspersky Thin Client and wait for the system to load. Select the system language. Please read the terms and conditions of the End User License Agreement and accept the agreement.
After turning on Kaspersky Thin Client and accepting the End User License Agreement, configure general settings and network connection settings.
In the Kaspersky Thin Client interface, configure the connection to Kaspersky Security Center.
In the Web Console, add the thin client to the administration group manually, or set up automated transfer of devices.
In the Web Console interface, create an active policy for the administration group.
Assign certificates to connect an administration group to a remote environment and to a log server. We also recommend adding a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center.
When these actions are completed, the Kaspersky Thin Client system will be ready for operation. You will be able to control Kaspersky Thin Client via the Kaspersky Thin Client interface or via the Kaspersky Security Center Web Console, and monitor events of Kaspersky Thin Client.
Page top