Configuring SVM location and Protection Server settings
January 10, 2024
At this step of tenant security infrastructure deployment, you can perform the following actions:
- Configure the location of the SVMs that will protect tenant virtual machines in Kaspersky Security Center administration group hierarchy.
- Configure the operation settings of the Protection Server installed on these SVMs using the Protection Server policy.
- Configure the general settings of the Light Agents that will be installed on the tenant virtual machines using the Light Agent policies.
You can deploy SVMs that will protect tenant virtual machines in any folder or administration group on the main Kaspersky Security Center Administration Server.
It is not recommended to deploy SVMs and Protection Server policy in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
If you want the SVM to protect virtual machines of only particular tenants, restrict the Light Agent access to SVM in one of the following ways:
- Using the connection tags mechanism. Tags must be specified in the Protection Server policy and in the Light Agent policy. It is recommended to close the configured settings with the "lock" in order to prohibit changing these settings in the local application settings and in policies of the nested hierarchy level.
- By blocking network connections from the tenant subnet to the following TCP ports of the SVM subnet: 80, 9876, 9877, 11111, 11112.
It is not recommended to configure connection tags in Light Agent policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
Per the order of Kaspersky Security Center policy inheritance on all SVMs in the hierarchy of administration groups, the default Protection Server policy is applied. It is created in the Managed devices folder on the main Administration Server as a result Kaspersky Security MMC plug-ins installation. If you want to configure specific operation settings for the SVMs that will protect tenant virtual machines, create a Protection Server policy in the folder where the SVM that protects tenant virtual machines is located.
If you want to centrally enable Kaspersky Security Network usage to protect tenant virtual machines, make sure that the personal data of tenants is legally processed.