How to deploy Kaspersky Hybrid Cloud Security in GCP


Kaspersky Security Center 10


How to deploy Kaspersky Hybrid Cloud Security in GCP

Back to "Hybrid Cloud Security"
Latest update: October 30, 2020 ID: 15636
Kaspersky Hybrid Cloud Security (KHCS) in the Google Cloud Marketplace is a solution intended to protect VM Instances. It includes the following applications:

  • Kaspersky Security Center (Administration Server)
  • Kaspersky Security for Windows Sever (Windows Security Agent)
  • Kaspersky Endpoint Security for Linux (Linux Security Agent)

After having deployed the Kaspersky Hybrid Cloud Security, you will get a virtual machine with Kaspersky Security Center installed and configured for the Google Cloud infrastructure. The machine must be connected to Administration Server through RDP in order to have access to the Administration Console for deployment and security management for Google Cloud VM instances.
The Bring Your Own License (BYOL) version requires a valid software license. You can find a reseller in your region here.

I. Deploying Kaspersky Hybrid Cloud Security

  1. Navigate to Kaspersky Hybrid Cloud Security (BYOL) listing in Google Cloud marketplace and press Launch.
  2. Fill in all the mandatory fields on the next screen:
    • Deployment name – deployment and management server VM name
    • Zone – select the deployment zone
    • Machine type – select the instance type, the default is 2 vCPU with 8 GB of memory. 
    • Boot Disk - select the size and the type of the boot disk
    • Network interfaces – chose the network for Kaspersky Hybrid Cloud Security to connect to
    • Firewall. Source IP ranges for TCP port 3389 traffic – by default, RDP access is provided for everyone. To limit the access to the management server to your organization only, please specify your organization’s public IP address range. 
    Open 8080 port to have access to Kaspersky Hybrid Cloud Security web-console. You can also restrict the public addresses that will have access to the web-console on this port.
  3. Press Deploy. A Deployment Manager will start with the status of the solution deployment.

II. Connecting to the management server.

  1. Once the deployment is successfully complete, you can generate a connection password by pressing a triangle next to RDP button in the Deployment Manager.
  2. You can download the connection config by pressing the RDP button. Alternatively, you can manage the connection preferences and download the configuration file in Compute Engine -> VM instances, where all the VMs are listed.
  3. You are able to connect to the KHCS Management Sever through a browser using the https protocol. Please use public IP-address of the management server with KHCS and port 8080. Create firewall rule if required using the following instructions - (in the “Protocols and ports” choose “tcp” and enter 8080).

III. Configure Administration Server to protect Google Cloud environment

  1. You will see Administration Console of the Kaspersky Security Center and Cloud Environment Configuration Wizard. If Administration Console is not running, start the application: Start → Programs → Kaspersky Security Center. For instructions on how to run the Cloud Environment Configuration Wizard, see Online Help. If the application is missing from the Start menu or if Cloud Environment Configuration Wizard cannot start due to an error, please contact technical support (see step V for details).  
  2. Complete all the steps in the Cloud Environment Configuration Wizard following this instruction.
  3. Check if the data backup task was created and is active. For more information on how to use Data backup and recovery see Online Help.
  4. Download and install web-plugins for the security agents.
  5. a. Web-plugins for Windows and Linux security agents are available at:
  6. b. Unpack the downloaded archives.
    c. Open Management Server Web-Console in the browser.
    d. Open “Console settings” and choose Web plugins in the drop-down list.
    e. Click Add from file, and choose unpacked files from and signature.txt for each security agent. 
    f. Web-plugins for Security agents will be installed.

IV. Configure users on Administration Server

After completing all the steps in the Cloud Environment Configuration Wizard, perform the initial configuration of users and roles.

For Web Console:
  • Open the Web Console and click User&Roles -> User.
  • Find the user you want to appoint as the main administrator of the KSC Management Sever and click on him.
  • Go to the Roles tab and click Add.
  • Select the Main Administrator role and click Next.
  • In the Define scope menu, select the KSC server and click Assign role.
  • Go to User&Roles -> User and click BUILTIN\Administrators.
  • On the Roles tab, select the Main Administrator role and click Delete.
  • The configuration is now complete.
For MMC:
  • Run Microsoft Management Console for Kaspersky Security Center 12.
  • In the upper panel, open the View drop-down list and select Configure interface.
  • Select the Display security settings sections checkbox and click OK.
  • After the warning, restart Microsoft Management Console for Kaspersky Security Center 12.
  • In the left frame, right-click Administration Server <Your Server Name> and select Properties.
  • In the Security menu, click Windows user and find the user you want to appoint as the KSC administrator. In the Roles window, click Add and select Main Administrator. Click OK in the User roles window.
  • Click Apply to save the changes.
  • Click BUILTIN\Administrators. On the Roles tab, select Main Administrator and click on the red cross. Click Yes to confirm that you want to delete the role.
  • Click OK or Apply to save the changes.
  • The configuration is now complete.

V. Deploy protection to VM instances using Deployments Scrips 

Deploy protection using Deployment Scripts when launching a new instance with Startup script in Linux or Metadata in Windows (refer to Google Cloud guide).
  1. Connect to the instance with Kaspersky Security Center and copy the correspondent Deployment Script from the folder < C:\ProgramData\KasperskyLab\adminkit\1093\.working\share\Public\DeploymentScripts >
  2. During the launch of the new instance, in the Startup script for Linux and Metadata-key windows-startup-script-ps1 section, paste the deployment script as a text.
  3. Launch the instance.

VI. Support

Kaspersky Lab provides technical support to customers with a valid commercial or trial license.
To receive technical support for your Kaspersky Lab product, you can:
To read Support Service Terms and Conditions, follow this link.
If you still have any questions, please call us.
Was this information helpful?
Yes No
Thank you


How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.