Kaspersky Security Center standard configuration
Dec 4, 2023
One or several Administration Servers are deployed on the MSPs' servers. The number of Administration Servers can be selected either based on available hardware, or on the total number of MSP clients served or total number of managed devices.
One Administration Server can support up to 100,000 devices. You must consider the possibility of increasing the number of managed devices in the near future: it may be useful to connect a slightly smaller number of devices to a single Administration Server.
Up to 500 virtual servers can be created on a single Administration Server, so an individual Administration Server is required for each 500 MSP clients.
If multiple Servers are used, it is recommended that you combine them into a hierarchy. Using a hierarchy of Administration Servers allows you to avoid dubbed policies and tasks, handle the whole set of managed devices, as if they are managed by a single Administration Server: i.e., search for devices, build selections of devices, and create reports.
On each virtual server that corresponds to an MSP client, you must assign one or several distribution point(s). If MSP clients and the Administration Server are linked through the internet, it may be useful to create a Download updates to the repositories of distribution points task for the distribution points, so that they will download updates directly from Kaspersky servers, not from the Administration Server.
If some devices in the MSP client network have no direct internet access, you have to switch the distribution points to the connection gateway mode. In this case, Network Agents on devices on the MSP client network will be connected, for further synchronization, to the Administration Server—but through the gateway, not directly.
As the Administration Server, most probably, will not be able to poll the on the MSP client network, it may be useful to turn this function over to a distribution point.
The Administration Server will not be able to send notifications to port 15000 UDP to managed devices located behind the NAT on the MSP client network. To resolve this issue, it may be useful to enable the mode of continuous connection to the Administration Server in the properties of devices acting as distribution points and running in connection gateway mode (Do not disconnect from the Administration Server check box). The continuous connection mode is available if the total number of distribution points does not exceed 300.