Application architecture
Kaspersky Security is supplied as two SVM images:
- SVM image with the File Threat Protection component
- SVM image with the Network Threat Protection component
An SVM (secure virtual machine) is a virtual machine on which a component of Kaspersky Security is installed. SVMs are deployed on VMware ESXi hypervisors. For protection and scanning, the application does not need to be installed on each virtual machine.
Kaspersky Security components are registered as services in VMware NSX Manager:
- The File Threat Protection component is registered as a file system protection service (Kaspersky File Antimalware Protection).
- The Network Threat Protection component is registered as a network protection service (Kaspersky Network Protection).
Kaspersky Security services are deployed on the VMware cluster during installation of the application. When Kaspersky Security services are deployed, SVMs with Kaspersky Security components are deployed on the hypervisors in the cluster (see the figure below).
Application architecture
SVMs with the File Threat Protection component provide the following:
- Protection against viruses and other malware for all virtual machines that meet the conditions for protection of virtual machines.
- Anti-virus scanning of files of all virtual machines that meet the conditions for scanning virtual machines.
SVMs with the Network Threat Protection component provide protection against network threats for all virtual machines that meet the conditions for protection of virtual machines against network threats.
The Integration Server component enables interaction between the VMware virtual infrastructure and Kaspersky Security components.
The application is managed through Kaspersky Security Center, which is the remote centralized system for managing Kaspersky applications. Kaspersky Security interacts with Kaspersky Security Center via Network Agent, which is a component of Kaspersky Security Center. Network Agent is included in the SVM image.
The Kaspersky Security main administration plug-in provides the interface for managing the Kaspersky Security application through Kaspersky Security Center. If the application is operating in multitenancy mode, the Kaspersky Security administration plug-in for tenants is also required for application management.
Kaspersky Security administration plug-ins are included in the Kaspersky Security distribution kit.
Kaspersky Security administration plug-ins must be installed on the computer hosting the Kaspersky Security Center Administration Console.