Support

Support for business applications

Kaspersky Security for Virtualization 5.x Light Agent

Using Kaspersky Security for Virtualization 5.2 Light Agent in multitenancy mode

Using Integration Server REST API in multi-tenancy scenarios

Methods for working with tenants

Creating a new tenant

Kaspersky Security for Virtualization 5.x Light Agent
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ System requirements Download Forum Contact support Recovery tools Product videos

Creating a new tenant

January 10, 2024

ID 199650

Depending on the tenant type that you specify when calling the REST API method, the following actions can be performed:

  • For a complete tenant type:
    • Add tenant data to the Integration Server database.
    • Create the tenant protection infrastructure in Kaspersky Security Center (virtual Administration Server, account for connecting to it, structure of folders and administration groups).
    • Create the policies for enabling and disabling protection of the virtual machines with Kaspersky Security for Virtualization 5.1 Light Agent installed in the Multitenancy KSV LA<Tenant name> folder.

      Policies for enabling and disabling protection are applied only if Kaspersky Security for Virtualization 5.1 Light Agent is installed in the tenant virtual infrastructure. For more information refer to Kaspersky Security for Virtualization 5.1 Light Agent Help.

    • Add information about the tenant virtual Administration Server to the Integration Server database.
  • For a simple tenant type: add the tenant data to the Integration Server database.

Method:

POST /api/2.0/virtualization/tenants

The following parameters must be specified in the request body:

<tenant>

<name>{name}</name>

<description>{description}</description>

<userData><![CDATA[{additional information}]]></userData>

<preferredViisAddress>{IP address}</preferredViisAddress>

<type>{tenant type}</type>

<!-- Data in the vKsc section can be specified only for a complete tenant type -->

<vKsc>

<user>

<name>{administrator name}</name>

<password>{administrator password}</password>

</user>

</vKsc>

</tenant>

where:

  • {name} – tenant name (required parameter).
  • {description} – tenant description (optional parameter).
  • {additional information} – additional information about the tenant (optional parameter).
  • {IP address} – IP address of the Integration Server to which the Light Agents installed on the tenant virtual machines will connect (optional parameter). The specified address is used by default when creating the Light Agent policy. If the parameter is not specified, the policy uses the Integration Server IP address from the request to REST API.
  • {tenant type} – type of tenant: Complete or Simple (optional parameter).
  • {administrator name} – name of the administrator account used to connect to the tenant virtual Administration Server (required when creating a complete tenant type). The account will be created automatically during the procedure.
  • {administrator password} – password for the administrator account encoded by the Base64 method (required when creating a complete tenant type).

The request is executed asynchronously, REST API returns identifier of the CreateTenant task. Using the task, you can monitor the progress of the tenant creation procedure. When the task execution completes, the result field displays information about the tenant including the created tenant identifier, or an error message. In case of an error at any step of the procedure, all the changes are rolled back.

Return codes:

  • 202 (Accepted) – the request is accepted for execution. The response returns the identifier of the CreateTenant task.
  • 400 (Bad request) VIRMT_MandatoryParameterIsNotSpecified – one of the required parameters is not specified in the request body, for example, the tenant name.
  • 400 (Bad request) VIRMT_InvalidTenantType – invalid tenant type is specified in the request body, the specified tenant type does not exist.
  • 400 (Bad request) VIRMT_VKscCredentialsNotSpecified – name or password of the administrator account of Kaspersky Security Center virtual Administration Server is not specified (when creating a complete tenant type).
  • 400 (Bad request) VIRMT_InvalidViisAddressFormat – invalid format of the Integration Server IP address.
  • 403 (Forbidden) – access to the resource is denied.

Possible error codes in the task:

  • KSC_ServiceNotConfigured – Kaspersky Security Center connection settings are not specified.
  • VIRMT_TenantGroupAlreadyExists – the folder with the name corresponding to the specified tenant name already exists in Kaspersky Security Center.
  • VIRMT_TenantWithSpecifiedNameAlreadyExists – the tenant with the specified name already exists in the Integration Server database.
  • VIRMT_PasswordNotComplyPolicy – failed to create an administrator account for Kaspersky Security Center virtual Administration Server: the specified password does not meet Kaspersky Security Center password requirements.
  • VIRMT_UserWithSpecifiedNameAlreadyExists – failed to create an administrator account for Kaspersky Security Center virtual Administration Server: a user with the specified name already exists in Kaspersky Security Center.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.