Preparing for application installation

Support

Support for business applications

Kaspersky Security for Virtualization 5.x Light Agent

January 10, 2024

ID 67424

Before installing the Kaspersky Security, you need to do the following.

General preparations

Check the composition of Kaspersky Security Center components and verify that the Kaspersky Security Center components and virtual infrastructure components meet the hardware and software requirements of Kaspersky Security.
Make sure that no anti-virus software is installed on the virtual machines that you want to protect using Kaspersky Security.
Prepare the files required for installing the application:
1. From Kaspersky website, download the file necessary for running the Kaspersky Security Components Installation Wizard.
2. Using the Kaspersky Security Components Installation Wizard, download SVM images and SVM image description files from Kaspersky website.
3. If you are not planning to use automatically created installation packages to install Light Agent, unpack the files, required for installation of Light Agent for Windows and Light Agent for Linux using the Kaspersky Security Components Installation Wizard.
4. If you want to use the web interface to interact with Kaspersky Security Center, you can download the archives required for installing web plug-ins from Kaspersky website. The files required to install web plug-ins are also available in the Web Console.
Make sure that the settings of the network equipment or software controlling traffic between virtual machines allows network traffic to pass through the ports used during installation and operation of the application.
Make sure that you have configured the settings of the accounts that are required for installation and operation of the application.
If the network uses dynamic IP addressing, ensure the capability to route network traffic from the SVM to the device on which the Kaspersky Security Center Administration Server is installed.
Install the latest Windows updates prior to installing Light Agent for Windows, Integration Server, Integration Server Console, and Kaspersky Security MMC plug-ins.
If you want virtual machines on which the Kaspersky Security components are installed to be automatically moved into administration groups after installation of the application, create the administration groups in the Kaspersky Security Center Administration Console and configure rules for automatically moving the virtual machines to administration groups.

To ensure a secure connection between the application and the hypervisor, you are advised to use the AES256 encryption algorithm to encrypt incoming connections on the hypervisor over TLS, SSH, and other similar protocols.

Additional steps for Microsoft Hyper-V platform

In the virtual infrastructure on the Microsoft Hyper-V platform, perform the following steps before installing Kaspersky Security:

Ensure that the Integration Services package is installed on virtual machines that you want to protect.
Ensure that the ADMIN$ shared network resource is enabled on the hypervisor. To enable the ADMIN$ shared network resource on Microsoft Windows Server 2012 R2 Hyper-V hypervisors, a File Server role must be assigned in advance using the server configuration wizard.
Ensure that the drive where the ADMIN$ shared network resource is located has enough space for the SVM image. During installation of the Protection Server component, the SVM image is copied to the ADMIN$ shared network resource and then moved to the folder specified during SVM deployment.
Ensure that hypervisors that are not included in Active Directory domain have Windows Remote Management (WinRM) Ver. 3.0 installed. Windows Remote Management (WinRM) version 3.0 is included in the Windows Management Framework 3.0 installation package that can be downloaded from the Microsoft website.
If you want to use a domain account to connect the Integration Server to the hypervisor, make sure that the following conditions are met:
- Integration Server is able to determine the hypervisor address using the domain name service (DNS) of the domain of the hypervisor on which the SVM is deployed.
- The DNS server has forward and reverse records for the Integration Server.
- Zones containing records about the Integration Server and the hypervisor on which the SVM is deployed are integrated with Active Directory.
- The device from which SVM deployment is performed is able to resolve the names of hypervisors on which the SVM is deployed.
If you want the hypervisor user name and password, which were specified during installation of the SVM, to be encrypted when transmitted, you can use an SSL certificate to configure a secure connection between the hypervisor on which the SVM will be deployed and the device where the Kaspersky Security Center Administration Console is installed.

Additional Steps for VMware vSphere platform

In the virtual infrastructure on the VMware vSphere platform, perform the following steps before installing Kaspersky Security:

Make sure that the VMware Tools kit is installed on the virtual machines that you want to protect.
If a proxy server is used to connect the device hosting the Kaspersky Security Center Administration Console to the VMware vCenter Server, make sure that the virtual machines are available via the proxy server.

Additional Steps for Citrix Hypervisor platform

In the virtual infrastructure on the Citrix Hypervisor platform, make sure that XenTools is installed on the virtual machines that you want to protect before installing Kaspersky Security.

Additional actions for Proxmox VE platform

in the virtual infrastructure on the Proxmox VE platform, make sure that there is at least 30 GB of free space in the /var/tmp directory before installing Kaspersky Security.

Additional actions for HUAWEI FusionSphere platform

In the virtual infrastructure on the HUAWEI FusionSphere platform, make sure that HUAWEI Tools package is installed on the virtual machines that you want to protect before installing Kaspersky Security.

While deploying an SVM in a virtual infrastructure based on the HUAWEI FusionSphere platform, the SVM Management Wizard installs the HUAWEI Tools package on the SVM. To receive this package, the Wizard queries the HUAWEI FusionCompute hypervisor. The HUAWEI Tools package is not included in the Kaspersky Security application distribution kit. It is recommended to make sure that the HUAWEI Tools package is available on the HUAWEI FusionCompute hypervisor.

Additional actions for Astra Linux Platform

Prior to starting installation of the application in a virtual infrastructure running on the Astra Linux Platform, you need to configure the user account that will be used for SVM deployment, removal and reconfiguration as follows:

Run the following command:
$ sudo usermod -a -G kvm,libvirt,libvirt-qemu,libvirt-admin <user_name>
Open the sudoers configuration file by running the following command:
sudo visudo
Specify the following in the file:
<user name> ALL = (ALL) NOPASSWD: ALL

<user name> refers to the name of the user account that will be used to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration.
Save the sudoers file and then close it.

In this Help section

Files required for installing the application

Downloading SVM images

Unpacking the Light Agent distribution packages

Configuring ports used by the application

Accounts for installing and using the application

Configuring rules for moving virtual machines to administration groups

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.