Configuring SVM discovery settings for Light Agents and general tenant protection settings
January 10, 2024
ID 212928
At this stage of deployment of the tenant protection framework, create a Light Agent policy in one of the following folders:
- In the Multitenancy KSV LA → <Tenant name> folder, to configure general operation settings for all Light Agents that will be installed on the virtual machines of one particular tenant. The policy in the Multitenancy KSV LA → <Tenant name> folder must be created for each tenant.
- In the Multitenancy KSV LA folder, to configure general operation settings for all Light Agents that will be installed on the virtual machines of all tenants.
In the Light Agent policy, configure the Light Agent operation settings as follows:
- Settings for connecting Light Agents to SVMs:
- Enable the use of the Integration Server for SVM discovery in the Light Agent policy. Light Agents installed on the virtual machines of the tenants of complete type must use the Integration Server to discover SVMs that are available for connection.
- If you want to restrict Light Agents access to SVMs using the mechanism of connection tags, you can assign connection tags to Light Agents.
If you use the application under a standard license, connection tags are not available. To restrict Light Agents access to SVMs, you can block network connections from the tenant subnet to the following TCP ports of the SVM subnet: 80, 9876, 9877, 11111, 11112.
The default values can be used for other settings for connecting Light Agents to SVMs.
It is recommended to lock all the settings for connecting Light Agents to SVMs with the "lock" in order to prohibit changing these settings in the local application settings and in policies of the nested hierarchy level.
- If required, you can configure general operation settings for the Light Agents that will be installed on the tenant virtual machines.
Using the "lock" attribute, you can allow or block changing of settings or groups of settings in the local application settings, task settings, or in policies of the nested hierarchy level (for nested administration groups and secondary Administration Servers). Tenant administrators cannot configure "locked" settings. If the "locks" are open, the tenant administrator can to independently configure the operation of Light Agent components.
If Light Agents and SVMs of Kaspersky Security for Virtualization 5.1 Light Agent are installed in the tenant virtual infrastructure, it is recommended to use the policies enabling tenant protection that were automatically created in the Multitenancy KSV LA → <Tenant name> folder to configure general operation settings for these Light Agents. For more information refer to Kaspersky Security for Virtualization 5.1 Light Agent Help.
It is not recommended to configure general operation settings of Light Agents in the policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
