Scenario: Protection deployment (tenant management through administration groups)
If you have never used Kaspersky Security Center and you want to manage your tenants through administration groups, proceed as described in this section. After you complete this scenario, your customers' devices will be protected.
The scenario proceeds in stages:
- Creating administration groups
Create an administration group for each of your customers.
- Planning the distribution points structure
Among the devices of each customer, decide which device will act as a distribution point.
You cannot have more than 100 distribution points within one workspace.
- Creating a stand-alone installation package for Network Agent
Create a stand-alone installation package for Network Agent.
- Installation of Network Agent on the selected devices to act as distribution points
Install Network Agent on the selected devices that will act as distribution points.
You can use any method that is suitable for you:
- Manual installation
To deliver the stand-alone installation package to the devices, you can, for example, copy it to a removable drive (such as a flash drive) or place it in a shared folder.
- Deployment by using Active Directory
- Deployment by using your remote monitoring and management (RMM) software solution
- Manual installation
- Assigning distribution points
Assign the devices with Network Agent installed to act as distribution points.
- Network polling
Configure and perform network polling through the distribution point.
Kaspersky Security Center Cloud Console provides the following methods of network polling:
- IP range polling
- Windows network polling
- Active Directory polling
After network polling according to schedule is complete, your customers' devices are discovered and placed in the Unassigned devices group.
- Moving the discovered devices to the administration groups
Set up the rules for automatically moving the discovered devices to the required administration groups; or move these devices to the required administration groups manually.
- Creating installation packages for Network Agent and managed Kaspersky applications
If you did not start the quick start wizard, or skipped the step of creating installation packages, create installation packages for Kaspersky applications.
- Removing third-party security applications
If third-party security applications are installed on your customers' devices, remove them before installing Kaspersky applications.
- Installing Kaspersky applications on your customers' devices
Create remote installation tasks to install Network Agent and managed Kaspersky applications on your customers' devices.
If necessary, you can create several remote installation tasks to install managed Kaspersky applications for different administration groups or different device selections.
After the tasks are created, you can configure their settings. Make sure that the schedule for each task meets your requirements. First, the task to install Network Agent must be run. After Network Agent is installed on your customers' devices, the task to install managed Kaspersky applications must be run.
- Verifying initial deployment of Kaspersky applications
Generate and view the Report on Kaspersky software versions. Make sure that the managed Kaspersky applications are installed on all of the devices of your customers.
- Creating policies for Kaspersky applications
Go to the Assets (Devices) → Groups menu; if you want to create a universal policy for all your customers, select Administration Server. If you want to create a specific policy for an individual customer, select the administration group corresponding to that customer. Create a policy for the required Kaspersky application.
