Scenario: quick start for administrators
This section describes the sequence of steps that must be performed by the administrator to configure Kaspersky Thin Client and Kaspersky Security Center, and to establish a connection between them.
Instructions on installing Kaspersky Thin Client to a thin client are provided in a separate article.
Before installation of Kaspersky Thin Client or prior to the first startup of a thin client on which a Kaspersky Thin Client system is pre-installed, you are advised to update the BIOS on the thin client to the latest version, set a password for BIOS configuration changes, and configure the option to boot only from a local SSD device. These recommended measures will help prevent potential security risks, such as operating system substitution, replacement or deletion of remote server connection certificates, and unauthorized access to operating system settings.
The scenario for initial configuration of Kaspersky Thin Client and Kaspersky Security Center, and for establishing a connection between them consists of the following steps:
- Installing Kaspersky Security Center
Download the Kaspersky Security Center distribution package and install the full version of Kaspersky Security Center on the server. The distribution package for the full version of Kaspersky Security Center includes the Kaspersky Security Center Web Console. We recommend selecting the standard installation. For details on installing Kaspersky Security Center, please refer to the Installation of Kaspersky Security Center section of the Kaspersky Security Center Online Help Guide.
- Configuring firewall rules
If you plan to use the default port to connect the thin client to Kaspersky Security Center, set the rules allowing TCP connections through port 13292 for the operating system firewall of the server on which Kaspersky Security Center is installed. If you plan to use a port other than 13292, set the permissions accordingly. For detailed information on configuring firewall rules, please refer to the relevant documentation on the operating system you are using.
- Installing the Kaspersky Security Management Suite web plug-in
In the Kaspersky Security Center Web Console, install the Kaspersky Security Management Suite web plug-in. An archive containing the web plug-in distribution package is included in the distribution kit.
- Preparing ports
Kaspersky Thin Client uses a mobile protocol to connect to Kaspersky Security Center. On the Kaspersky Security Center Administration Server, enable use of the TCP port that you set up access to in step 2. For details on TCP port enabling on the Kaspersky Security Center Administration Server, see the Modifying the Mobile Device Management settings section of the Kaspersky Security Center Online Help Guide.
- Turning on Kaspersky Thin Client
Turn on Kaspersky Thin Client and wait for the system to load. Please read the terms and conditions of the End User License Agreement and accept the agreement.
- Configuring Kaspersky Thin Client settings
After turning on Kaspersky Thin Client and accepting the End User License Agreement, configure general settings and network connection settings.
- Configuring a connection between Kaspersky Thin Client and Kaspersky Security Center
In the Kaspersky Thin Client interface, configure the connection to Kaspersky Security Center.
- Adding Kaspersky Thin Client to the list of managed devices
Connect to the Kaspersky Security Center Web Console and add Kaspersky Thin Client to the list of managed devices in Kaspersky Security Center. Policies in the Kaspersky Security Center Web Console are applied only for managed devices.
- Creating an active Kaspersky Security Center policy for Kaspersky Thin Client
If you need to manage a group of devices, create an active policy for Kaspersky Thin Client.
- Assigning certificates for a group of devices
Assign certificates to connect a group of devices to a remote environment and to a log server. We also recommend adding a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center.
When these actions are completed, the Kaspersky Thin Client system will be ready for operation. You will be able to control Kaspersky Thin Client through the Kaspersky Thin Client interface or through the Kaspersky Security Center Web Console, and monitor events of Kaspersky Thin Client.
