Scenario: Protection deployment (tenant management through virtual Administration Servers)
Oct 23, 2023
If you have never used Kaspersky Security Center and you want to manage your tenants through virtual Administration Servers, proceed as described in this section. After you complete this scenario, your customers' devices will be protected.
If you manage several tenants, then perform the scenario for each of the tenants separately.
The scenario proceeds in stages:
- Creating a virtual Administration Server
Create a virtual Administration Server for your customer. The new virtual Administration Server appears in the hierarchy of Administration Servers:
Virtual Administration Servers in the hierarchy of Administration Servers
- Selecting a device to act as a distribution point
Among the devices of the customer, decide which device will act as a distribution point.
You cannot have more than 100 distribution points within one workspace.
- Creating a stand-alone installation package for Network Agent
Switch to the created virtual Administration Server, and then create a stand-alone installation package for Network Agent. You can switch Administration Servers in the main menu by clicking the chevron icon () to the right of the current Administration Server name, and then selecting the required Administration Server. During creation of the stand-alone installation package, specify the Managed devices administration group to move the device to.
- Installing Network Agent on the selected device to act as a distribution point
You can use any method that is suitable for you:
- Manual installation
To deliver the stand-alone installation package to the device, you can, for example, copy it to a removable drive (such as a flash drive) or place it in a shared folder.
- Deployment by using Active Directory
- Deployment by using your remote monitoring and management (RMM) software solution
- Manual installation
- Assigning a distribution point
- Network polling
Configure and perform network polling through the distribution point.
Kaspersky Security Center Cloud Console provides the following methods of network polling:
- IP range polling
- Windows network polling
- Active Directory polling
After network polling according to schedule is complete, your customers' devices are discovered and placed in the Unassigned devices group.
- Moving the discovered devices to the administration groups
Set up the rules for automatically moving the discovered devices to the required administration groups; or move these devices to the required administration groups manually. If you plan to manage the customer's devices in a single administration group, you can move the devices to the Managed devices group.
- Creating installation packages for Network Agent and managed Kaspersky applications
- Removing third-party security applications
If third-party security applications are installed on your customers' devices, remove them before installing Kaspersky applications.
- Installing Kaspersky applications on client devices
Create remote installation tasks to install Network Agent and managed Kaspersky applications on your customers' devices.
If necessary, you can create several remote installation tasks to install managed Kaspersky applications for different administration groups or different device selections.
After the tasks are created, you can configure their settings. Make sure that the schedule for each task meets your requirements. First, the task to install Network Agent must be run. After Network Agent is installed on your customers' devices, the task to install managed Kaspersky applications must be run.
- Verifying initial deployment of Kaspersky applications
Generate and view the Report on Kaspersky software versions. Make sure that the managed Kaspersky applications are installed on all of the devices of your customer.
- Creating policies for Kaspersky applications
Create a policy for the required Kaspersky application. If you want to create a universal policy for all your customers, switch the current virtual Administration Server to the primary Administration Server, and then create a policy for the required Kaspersky application.