Support

Support for business applications

Kaspersky Security Center 15 Linux

Deployment best practices

Hardening Guide

Administration Server deployment

Kaspersky Security Center
Нет результатов
Нет результатов
Online Help
FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Administration Server deployment

May 3, 2024

ID 245772

Get as PDF

Administration Server architecture

In general, the choice of a centralized management architecture depends on the location of protected devices, access from adjacent networks, delivery schemes of database updates, and so on.

At the initial stage of architecture development, we recommend getting acquainted with the Kaspersky Security Center Linux components and their interaction with each other, as well as with schemas for data traffic and port usage.

Based on this information, you can form an architecture that specifies:

  • The Administration Server location and network connections
  • Organization of the administrator's workspaces, and methods of connecting to Administration Server
  • Deployment methods for Network Agent and protection software
  • Using distribution points
  • Using virtual Administration Servers
  • Using a hierarchy of Administration Servers
  • Anti-virus database update scheme
  • Other information flows

Selecting a device for the Administration Server installation

We recommend that you install Administration Server on a dedicated server in the organization infrastructure. If there is no other third-party software installed on the server, you can configure the security settings based on the requirements of Kaspersky Security Center Linux, without depending on the requirements of third-party software.

You can deploy Administration Server on a physical server or on a virtual server. Please make sure that the selected device meets the hardware and software requirements.

Restriction of deploying Administration Server on a domain controller, a terminal server, or a user device

We strongly do not recommend installing Administration Server on a domain controller, a terminal server, or a user device.

We recommend that you provide functional separation of the network key nodes. This approach allows you to maintain the operability of different systems when a node fails or is compromised. At the same time, you can create different security policies for each node.

Accounts for installing and running Administration Server

During the deployment of Administration Server, it is necessary to create two unprivileged accounts. The services that are included in Administration Server will work under these unprivileged accounts. Follow the principle of least privilege when you grant rights and permissions to the accounts. Avoid including unnecessary accounts in the 'kladmins' group.

You also need to create an internal DBMS account. Administration Server uses this internal DBMS account to access the selected DBMS.

The set of required accounts and their rights depends on the selected DBMS type and the method of the Administration Server database creation.

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.