Preparing virtual infrastructure managed by VMware NSX-T Manager

Before installing Kaspersky Security in the infrastructure managed by VMware NSX-T Manager, do the following:

• Combine VMware ESXi hypervisors into one or several VMware clusters.
• If you want to use an N-VDS switch, reserve one physical network interface for configuring N-VDS on each VMware ESXi hypervisor.
• Configure the Agent VM Settings in the properties of each hypervisor: select a network and storage for service virtual machines and SVMs. For details on configuring Agent VM Settings, please refer to the VMware product documentation.
• Install the Guest Introspection Thin Agent component on each virtual machine that you want to protect using Kaspersky Security.

  On the virtual machines running Windows, the NSX File Introspection Driver, which is included in VMware Tools version 11.2.5 package acts as the Guest Introspection Thin Agent component. By default, NSX File Introspection Driver is not installed, so when installing the VMware Tools package, select NSX File Introspection Driver to install.

  Special packages are provided for installation of the Guest Introspection Thin Agent component on the virtual machines running Linux operating system. For more details please refer to documentation attached to VMware products.

• Perform the following actions in the VMware NSX Manager Web Console:
  1. Register VMware vCenter Server to which VMware NSX-T Manager is connected as NSX Compute Manager.
  2. Create an NSX Transport Node Profile for the NSX Transport Zone of the Overlay type, to which the protected virtual machines are connected. You can use the default NSX transport zone.
  3. Prepare hypervisors for protection deployment. To do this, apply the created NSX Transport Node Profile on each VMware cluster where the SVMs with Kaspersky Security components will be deployed. As a result, NSX Transport Nodes will be configured and VMware NSX components will be installed on VMware ESXi hypervisors.
  4. If you want to install the Network Threat Protection component, perform the following additional actions:
     • Make sure that the correct license type is used for VMware NSX-T Data Center.
     • In the NSX Transport Zone for which you created the NSX Transport Node Profile, create an NSX Segment and connect the protected virtual machines to it.