Selecting infrastructure for SVM deployment
January 10, 2024
ID 93527
At this step, you need to select the virtual infrastructure in which you want to deploy the SVM. If SVM deployment was not previously performed in this virtual infrastructure, you need to configure the connection of the SVM Management Wizard to the virtual infrastructure. Then select the hypervisors or OpenStack projects for SVM deployment depending on the type of virtual infrastructure.
To configure the connection of SVM Management Wizard to the virtual infrastructure:
- Click the Add button.
- In the Virtual infrastructure connection settings window that opens, specify the following settings:
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, you need to select KVM as the type of virtual infrastructure object that the SVM Management Wizard will connect to.
- Protocol
The Protocol field is displayed if you configure connection to the virtual infrastructure managed by the TIONIX Cloud Platform or to the virtual infrastructure managed by the OpenStack platform.
- Addresses
- OpenStack domain
The OpenStack domain field is displayed if you configure connection to the virtual infrastructure managed by the TIONIX Cloud Platform or to the virtual infrastructure managed by the OpenStack platform.
- User name
- Password
- Type
- If you are deploying an SVM in a virtual infrastructure running on Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, ALT Virtualization Server, Astra Linux or TIONIX Cloud Platform, it is recommended to use an account with restricted permissions for virtual infrastructure operations when connecting the Integration Server to the virtual infrastructure during Kaspersky Security operation. Select the An account with read-only permissions check box and specify the settings of the user account that the Integration Server will use to connect to the virtual infrastructure during Kaspersky Security operation.
If the check box is cleared, during Kaspersky Security operation the Integration Server will connect to the virtual infrastructure using the same user account that is used for SVM deployment, removal and reconfiguration.
In a virtual infrastructure running on the Microsoft Hyper-V platform, you can connect to the virtual infrastructure during Kaspersky Security operation only by using the same user account that is used for SVM deployment, removal and reconfiguration.
- Click the Connect button.
The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.
The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.
To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If the authenticity of the received certificate(s) cannot be established, the Certificate verification window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Certificate verification window to disconnect, and replace the certificate with a new one.
If the authenticity of the open key could not be established, the Open key fingerprint verification window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Open key fingerprint verification window to terminate the connection.
If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.
The table displays information about the virtual infrastructures whose connections are configured for SVM Management Wizard. If SVMs are already deployed in the virtual infrastructure, the table also contains information about them. Each row of the table displays a hierarchical list of virtual infrastructure objects and the following information:
- Name/address
- State
- Protection
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, KVM is displayed as the type of virtual infrastructure object that the SVM Management Wizard connects to.
You can search the list of virtual infrastructure objects based on the Name/Address column. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.
You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
You can use buttons in the Name/address column to:
- Remove selected virtual infrastructure from the list.
The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.
- If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.
After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
To select infrastructure for SVM deployment:
- Depending on the type of the virtual infrastructure, select check boxes in the table to the left of the names of the hypervisors on which you want to deploy an SVM, or the OpenStack projects in which you want to deploy an SVM.
You can select hypervisors or OpenStack projects that are not subject to SVM deployment restrictions.
If an SVM is being deployed in an infrastructure managed by the TIONIX cloud platform or by the OpenStack platform, SVMs in different infrastructures cannot be deployed simultaneously. You can simultaneously deploy SVMs only in an infrastructure managed by the TIONIX Cloud Platform, or only in an infrastructure managed by the OpenStack platform, or in one or more infrastructures of other types.
The simultaneous deployment of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously deploy SVMs only in OpenStack projects that are running on the same Keystone microservice.
- If you want to enable concurrent SVM deployment on several hypervisors, or within several OpenStack projects, select the Enable parallel deployment on N hypervisors or Enable parallel deployment of N SVMs check box (depending on the type of the virtual infrastructure), and specify the number of hypervisors on which SVMs will be deployed concurrently, or the number of SVMs.
Proceed to the next step of the wizard.
