Application architecture

Protection Server component

A Protection Server is delivered in the form of a SVM image that is to be deployed on hypervisors in a virtual infrastructure. A secure virtual machine (SVM) is a virtual machine on which the Protection Server component is installed.

Protection Server performs the following functions:

• Scans the fragments of files sent by Light Agents installed on virtual machines for viruses and other malware. The SharedCache technology is used for scan. It optimizes the speed of file scan by excluding files that have been already scanned on another virtual machine. During its operation, Kaspersky Security caches in the SVM information about scanned files in order to exclude them from future scans.
• This ensures that the application receives an update package from the Kaspersky Security Center Administration Server repository containing database and application module updates necessary for operation of the application.
• Manages license keys and licensing restrictions.

Light Agent component

The Light Agent component can be installed on virtual machines running Windows operating systems, including on virtual machine templates and virtual machines that use Citrix Provisioning Services, and on virtual machines running Linux operating systems. A virtual machine with the Light Agent component installed is called protected virtual machine.

The Light Agent component must be installed on each virtual machine that you want to protect using Kaspersky Security. The Light Agent for Windows component is installed locally on the virtual machine or remotely through Kaspersky Security Center, or using Active Directory Group Policies. The Light Agent for Linux component is installed locally from the command line or remotely through Kaspersky Security Center.

The Light Agent component performs the following functions:

• Protects the virtual machine on which it is installed from viruses and other threats in accordance with the configured functional protection components settings.
• Controls operation of applications and devices on the protected virtual machine, and monitors changes in the virtual machine's operating system in accordance with the configured functional control components settings.

At startup, Light Agent installs and maintains connection with SVM.

Integration Server component

Integration Server component facilitates interaction between Kaspersky Security components and the virtual infrastructure.

The Integration Server is used for performing the following tasks:

• Deploys, removes, and reconfigures SVMs. The Wizard used for performing these procedures is started from the Integration Server Console.
• Receiving information from the virtual infrastructure about the protected infrastructure and transmission of this information to Protection Server component that is installed on SVM. The Integration Server can connect to hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices to acquire this information (depending on the type of virtual infrastructure).
• Light Agents' retrieval of information about SVMs. SVMs relay to the Integration Server the information required for connecting Light Agents to SVMs. Light Agents receive the list of SVMs available to connect to and information about them from the Integration Server. Based on this information, Light Agents select the SVM to connect to.
• Application deployment and usage in the multitenancy mode.

To use the Integration Server, you must configure the settings for connecting SVMs and Light Agents to the Integration Server.

After configuring the settings for connecting SVM to the Integration Server, SVM transmits the following information to the Integration Server every 5 minutes:

• IP address and number of ports for connecting to the SVM
• Information about the SVM location in the virtual infrastructure
• License information
• Information about the average load on the SVM

Light Agents that have Integration Server connection settings configured attempt to connect to the Integration Server once every 30 seconds if the Light Agent has no information about any SVM and the last attempt to connect the Light Agent to the Integration Server failed. After Light Agents receive information about SVMs from the Integration Server, the interval between Light Agent connections to the Integration Server increases to 5 minutes.

During its operation, the Integration Server saves the following information:

• Accounts for connecting the Integration Server Console, SVM, and Light Agents to the Integration Server.
• Settings for connecting the Integration Server to the virtual infrastructure and the Kaspersky Security Center Administration Server.
• If the application is used in multitenancy mode: the list of registered tenants and information about the time during which the virtual machines were protected by the application.
• SVM service data.

All data is stored in encrypted form. Information is stored on the device on which Integration Server is installed and is not sent to Kaspersky.

Management plug-ins and Network Agent

The interface for managing Kaspersky Security using Kaspersky Security Center is provided by Kaspersky Security management plug-ins.

The Kaspersky Security Center component named Network Agent facilitates the interaction between Kaspersky Security and Kaspersky Security Center and provides the capability to manage Kaspersky Security components through Kaspersky Security Center.