Connecting client devices to the Administration Server
Nov 27, 2023
The connection of the client device to Administration Server is established by the Network Agent installed on the client device.
When a client device connects to Administration Server, the following operations are performed:
- Automatic data synchronization:
- Synchronization of the list of applications installed on the client device.
- Synchronization of policies, application settings, tasks, and task settings.
- Retrieval of up-to-date information about the condition of applications, execution of tasks, and applications' operation statistics by Administration Server.
- Delivery of the event information to Administration Server that is for processing.
Automatic data synchronization is performed regularly in accordance with the Network Agent settings (for example, every 15 minutes). You can specify the connection interval manually.
Information about an event is delivered to Administration Server as soon as it occurs.
If an Administration Server is remotely located outside a corporate network, client devices can connect to it over the internet.
For devices to connect to an Administration Server over the internet, the following conditions must be met:
- The remote Administration Server must have an external IP address and the incoming port 13000 must remain open (for connection of Network Agents). We recommend that you also open UDP port 13000 (for receiving notifications of device shut down).
- Network Agents must be installed on the devices.
- When installing Network Agent on devices, you must specify the external IP address of the remote Administration Server. If an installation package is used for installation, specify the external IP address manually in the properties of the installation package, in the Settings section.
- To use the remote Administration Server to manage applications and tasks for a device, in the properties window of the device, in the General section select the Do not disconnect from the Administration Server check box. After the check box is selected, wait until the Administration Server is synchronized with the remote device. The number of client devices maintaining a continuous connection with an Administration Server cannot exceed 300.
To speed up the performance of tasks initiated by a remote Administration Server, you can open port 15000 on a device. In this case, to run a task, the Administration Server sends a special packet to Network Agent over port 15000 without waiting until completion of synchronization with the device.
Kaspersky Security Center allows you to configure connection between a client device and Administration Server so that the connection remains active after all operations are completed. Uninterrupted connection is necessary in cases when real-time monitoring of application status is required and Administration Server is unable to establish a connection to the client for some reason (for example, connection is protected by a firewall, opening of ports on the client device is not allowed, or the client device IP address is unknown). You can establish an uninterrupted connection between a client device and Administration Server in the device properties window in the General section.
We recommend that you establish an uninterrupted connection with the most important devices. The total number of connections simultaneously maintained by the Administration Server is limited to 300.
When synchronized manually, the system uses an auxiliary connection method that allows connection initiated by Administration Server. Before establishing the connection on a client device, you must open the UDP port. Administration Server sends a connection request to the UDP port of the client device. In response, the Administration Server's certificate is verified. If the Administration Server certificate matches the certificate copy stored on the client device, the connection is established.
The manual launch of synchronization is also used for obtaining up-to-date information about the condition of applications, execution of tasks, and operation statistics of applications.