Enabling and disabling tenant protection

Tenants registered in the Integration Server database may have the Active or Inactive status. By default, the tenant status is Inactive.

For the complete tenant type, the status determines the protection status of the tenant virtual machines:

• If the tenant’s status is "active", the Integration Server sends the list of SVMs available for connection to the Light Agents installed on the tenant virtual machines. The Light Agents select the best SVM for connection in accordance with the configured SVM connection settings and connect to it. Protection of the tenant virtual machines is enabled.
• If the tenant’s status is "inactive", the Integration Server sends the address of the non-existent SVM to the Light Agents installed on the tenant virtual machines. This means that Light Agents are not able to connect to any SVM. Protection of the tenant virtual machines is disabled.

To enable protection of the virtual machines for a complete tenant type, you must activate the tenant. To disable protection of the virtual machines for a complete tenant type (suspend provision of protection services to the tenant), you can deactivate the tenant.

After the tenant is deactivated, events from the Light Agents installed on the tenant virtual machines are logged to the Kaspersky Security Center Administration Server. An event that there are no SVMs available for connection is logged once, and the events that it is not impossible to complete the update task on the protected virtual machine are logged every 2 hours.

To avoid unauthorized application usage, after the tenant deactivation it is recommended to block network connections from the deactivated tenant’s subnet to the following TCP ports of the SVM subnet: 80, 9876, 9877, 11111, 11112.

For a simple tenant type, the tenant status does not affect the virtual machine protection status.

The tenant activation and deactivation procedures are automated by means of the Integration Server REST API.