Deployment of the on-premises solution
January 19, 2023
ID 181954
This guide contains information about features of the Select and Advanced editions of Kaspersky Endpoint Security for Business managed via the on-premises console and features of the Advanced edition of Kaspersky Endpoint Security for Business managed via the cloud console. For information about other editions, please refer to Online Help for the Kaspersky applications included in the solution.
This section provides instructions on how to deploy Kaspersky Endpoint Security for Business in an organization's network on Windows operating system. For the deployment procedure in pure Linux environment, see the Kaspersky Security Center 14.2 Linux installation scenario.
After you follow the instructions, centralized management of the policies and tasks is established through the Kaspersky Security Center and Kaspersky security applications, such as Kaspersky Endpoint Security for Windows or Kaspersky Endpoint Security for Mac. Configuration of administration groups, Kaspersky application updates, Kaspersky database updates, and policies is described in the Kaspersky Security Center documentation.
Prerequisites
To effectively deploy an on-premises solution, you must take into account a network's size, topology, and other factors. The network described in this document has a number of features and limitations listed below.
To deploy Kaspersky Endpoint Security for Business in a network that differs from the one described below, perform the scenario described in the Kaspersky Security Center documentation.
The instructions below are applicable to a network that has the following features and limitations:
- Network consists of less than 10,000 client devices.
- A single Kaspersky Security Center Administration Server is created to manage the client devices.
- The Kaspersky Security Center Administration Server and the client devices are located on the internal network of an organization.
- Distribution points are not used in the network, or they are assigned automatically.
- You install Kaspersky Security Center in the default folder.
- Kaspersky Security Center works within the basic feature set that is provided without entering an activation code or specifying a key file. The features provided by a Kaspersky Security Center license, for example, Vulnerability and Patch Management, is not considered. For details please refer to Kaspersky Security Center Online Help.
- A free-of-charge DBMS is used—SQL Server Express, MySQL, or MariaDB.
- You install the DBMS and the Administration Server on the same device.
- You install Administration Console and Kaspersky Security Center 14.2 Web Console on the same device where the Administration Server is installed.
- The default ports are used.
- Accounts are created by Kaspersky Security Center. Existing accounts on network devices are not used.
Deployment of Kaspersky security application for mobile devices is not described in this document and must be performed separately.
Stages
The scenario to deploy the on-premises solution proceeds in stages:
- Preparation for the deployment
You must check the system requirements for each Kaspersky application that you want to install, prepare a license key for Kaspersky Endpoint Security for Business, install a DBMS, and prepare the Administration Server and client devices.
- Installation of Kaspersky Security Center and a Kaspersky security application on the Administration Server device
You must download Kaspersky Security Center from the Kaspersky website and install Kaspersky Security Center (Administration Server, Administration Console, and other components) and a Kaspersky security application on the Administration Server device. As an option, Administration Console can be installed on the administrator's device.
- Centralized deployment of Kaspersky security applications on client devices
You must perform the initial configuration of the Administration Server by using the Quick Start Wizard, discover all network devices, create an installation package for each Kaspersky security application that you want to install, and perform remote installation of Network Agent and the Kaspersky security applications on the client devices. You also have to install Network Agent and the Kaspersky security applications locally if the remote installation has failed or is not feasible on some devices (for example, because of an unstable network connection or a low throughput rate of the channel).
What to do next
After the deployment is complete, the policies and tasks are configured with the default parameters, which may turn out to be suboptimal for your organization. Complete the following scenarios to fine-tune the protection and monitoring of your network:
- Creating policies and tasks
- Configure updating of Kaspersky databases and applications
- Configuring notifications and other monitoring tools
- Updating third-party software and fixing third-party software vulnerabilities (optional)