Prerequisites for client devices in a cloud environment necessary for work with Kaspersky Security Center

The devices on which you intend to install Administration Server, Network Agent, and Kaspersky security applications must meet the following conditions:

• The configuration of security groups makes available the following ports on the Administration Server (minimum set of ports required for deployment):
  • 8060 HTTP—For transfer of Network Agent installation packages and security application installation packages from the Administration Server to protected instances
  • 8061 HTTPS—For transfer of Network Agent installation packages and security application installation packages from the Administration Server to protected instances
  • 13000 TCP—For transfers from protected instances and secondary Administration Servers to the primary Administration Server using SSL
  • 13000 UDP—For transfer of information about shutdown of instances to the Administration Server
  • 14000 TCP—For transfers from protected instances and secondary Administration Servers to the primary Administration Server without using SSL
  • 13291—For connecting Administration Console to the Administration Server
  • 40080—For the operation of deployment scripts

  You can configure security groups in AWS Management Console or at the Azure portal. If you intend to use Kaspersky Security Center in a non-default configuration, please refer to the Knowledge Base. Examples of non-default configurations include not installing Administration Console on the Administration Server device but installing it on your workstation instead, or using a KSN proxy server.

• Port 15000 UDP is available on the client devices (for receipt of requests for communication with the Administration Server).
• In the AWS cloud environment:
  • If you plan to use AWS API, the IAM role is set under which the applications will be installed on the instances.
  • On each Amazon EC2 instance, Systems Manager Agent (SSM Agent) is installed and running.
  • SSM Agent enables Kaspersky Security Center to automatically install applications on devices and groups of devices without requesting confirmation by an administrator each time.
  • On instances that are running a Windows operating system and were deployed from AMIs later than November 2016, SSM Agent is installed and running. You will have to manually install SSM Agent on all other devices. For details about installing SSM Agent on devices running Windows and Linux operating systems, please refer to the AWS Help page.
• In the Microsoft Azure cloud environment:
  • On each Azure virtual machine, Azure VM Agent is installed and running.

    By default, a new virtual machine is created with Azure VM Agent, and you do not have to install or enable it manually. Please refer to Microsoft Help pages for details about Azure VM Agent on Windows devices and on Linux devices.

  • Your Azure Application ID has the following roles:
    • Reader (to discover virtual machines by using polling)
    • Virtual Machine Contributor (to deploy protection on the virtual machines)
    • SQL Server Contributor (to use an SQL database in the Microsoft Azure environment)

    If you want to perform all these operations, assign all the three roles to your Azure Application ID.