Kaspersky Security Center

About distribution points

July 8, 2024

ID 92244

A device with Network Agent installed can be used as a distribution point. In this mode, Network Agent can perform the following functions:

  • Distribute updates (these can be retrieved either from the Administration Server or from Kaspersky servers). In the latter case, the Download updates to the repositories of distribution points task must be created for the device that serves as the distribution point:
    • Install software (including initial deployment of Network Agents) on other devices.
    • Poll the network to detect new devices and update information about existing ones. A distribution point can apply the same device discovery methods as the Administration Server.

Deployment of distribution points on an organization's network has the following objectives:

  • Reducing the load on the Administration Server.
  • Optimizing traffic.
  • Providing the Administration Server with access to devices in hard-to-reach spots of the organization's network. The availability of a distribution point on the network behind a NAT (in relation to the Administration Server) allows the Administration Server to perform the following actions:
    • Send notifications to devices over UDP on the IPv4 or IPv6 network
    • Poll the IPv4 or IPv6 network
    • Perform initial deployment
    • Act as a push server

A distribution point is assigned for an administration group. In this case, the scope of the distribution point includes all devices within the administration group and all of its subgroups. However, the device that acts as the distribution point may not be included in the administration group to which it has been assigned.

You can make a distribution point function as a connection gateway. In this case, devices in the scope of the distribution point will be connected to the Administration Server through the gateway, not directly. This mode can be useful in scenarios that do not allow the establishment of a direct connection between the Administration Server and managed devices.

If you use a Linux-based device as a distribution point, we strongly recommend increasing the limit of file descriptors for the klnagent service, because if the scope of the distribution point includes many devices, the default maximum number of files that can be opened may not be enough.

See also:

Adjustment of distribution points and connection gateways

Main installation scenario

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.