Deploying SVMs with the Network Threat Protection component in the infrastructure managed by VMware NSX-T Manager
To deploy SVMs with the Network Threat Protection component:
In the VMware NSX Manager Web Console in the System → Service Deployments section, on the Deployment tab, in the Partner Service field, select the Kaspersky Network Protection service.
Click the Deploy Service button and specify the deployment settings as follows:
Service Deployment Name – an arbitrary name for the deployment.
Compute Manager – VMware vCenter Server to which VMware NSX-T Manager is connected.
Deployment Type – how SVMs with the Network Threat Protection component will be deployed:
Host Based – SVMs will be deployed on each hypervisor within the selected VMware cluster. When a new hypervisor is added to the cluster, the SVM will also be deployed on it.
Clustered – the number of SVMs specified in the Clustered Deployment Count field will be deployed within the selected VMware cluster. In the Host field, you can specify the hypervisor on which these SVMs will be deployed. If the Host field is set to Any, the hypervisors where the SVM will be deployed are selected automatically.
Cluster – VMware cluster where SVMs will be deployed.
Data Store – storage for SVM deployment.
Networks – network settings for all SVMs that will be deployed on hypervisors. For SVMs with the Network Threat Protection component, you need to use both network interfaces. For this purpose in the window that opens by clicking the Set link, do the following:
Specify the following settings for the eth0 network interface:
Network – network to be used by SVMs.
Network Type – method of assigning IP addresses. By default, SVMs receive network settings via the DHCP protocol. You can configure a static pool of IP addresses that will be used for assigning IP addresses to the SVMs.
Select the check box next to the eth1 network interface. Leave the default valuesfor all settings.
Deployment Specification – configuration of the SVMs with the Network Threat Protection component that will be deployed on hypervisors (Small, Medium or Large).
Deployment template – KSVNS_DeploymentTemplate.
Service Segment – NSX Service Segment. If the NSX Service Segment was not created before, you can create it by clicking the Action button. Specify an arbitrary NSX Service Segment name and NSX Transport Zone. The Not Set value must be specified in the Connected To field.
Click Save and wait until deployment of Kaspersky Network Protection service finishes.
If deployment of Kaspersky Network Protection service completes successfully, the Up value is displayed in the Status column. The hypervisors of the selected VMware cluster have SVMs with the Network Threat Protection component deployed.
After the deployment finishes, you can change the SVM configuration at any time by deploying an SVM of a different configuration from the set of SVM images registered with Kaspersky Network Protection service. To do this, open the available actions menu by clicking the button to the left of the deployment name, select the Change Appliance action, in the window that opens select the SVM configuration and click Update. Previously deployed SVMs will be removed from the hypervisors and new SVMs of the selected configuration will be deployed. After completing the procedure, activate the application on all new SVMs and make sure that the application databases are updated.