Assigning protection profile using NSX Vendor Templates / NSX Profile Configurations

In a virtual infrastructure managed by one VMware vCenter Server, you can assign protection settings to the virtual machines depending on the type of VMware NSX Manager you use (VMware NSX-T Manager or VMware NSX-V Manager) as follows:

• If Kaspersky Security is deployed in the infrastructure managed by VMware NSX-T Manager, you can use NSX Vendor Templates). To do so, perform the following actions:
  1. Create an NSX Service Profile for the Kaspersky File Antimalware Protection service based on the NSX Vendor Template.

     By default, one NSX Vendor Template is available – Default Configuration. It is created automatically as a result of registering the Kaspersky File Antimalware Protection service. To create other NSX Vendor Templates, use the NSX REST API. For more information refer to VMware documentation.

  2. Create an NSX policy for File Threat Protection and configure the Endpoint Protection Rule in the policy. In the rule settings, specify the NSX group that includes the protected virtual machines, and the NSX Service Profile created before.

     NSX Service Profiles and NSX Policies are created using VMware NSX-T Manager. For more information refer to VMware documentation.

  3. Map the protection profile to the NSX Vendor Template in Kaspersky Security Center Administration Console in Kaspersky Security policy properties. The protection profile settings are used to protect virtual machines managed by the NSX Policy that uses the NSX Service Profile based on the NSX Vendor Template.
• If Kaspersky Security is deployed in the infrastructure managed by VMware NSX-V Manager, you can use NSX Profile Configurations. To do so, perform the following actions:
  1. Create NSX Profile Configuration.

     In the infrastructure based on VMware vSphere 6.5, you can create NSX Profile Configurations in VMware vSphere Client console in the properties of Kaspersky File Antimalware Protection service (in the Networking & Security → Service Definitions section, on the Services tab, the Edit Settings action) on the Manage → Profile Configurations tab. In the infrastructure based on VMware vSphere 6.7 and later, the NSX REST API is used to create NSX Profile Configurations. For more information refer to VMware documentation.

  2. Create an NSX Policy that uses this NSX Profile Configuration or the NSX Service Profile based on this NSX Profile Configuration, and apply this policy to the virtual machine group.
  3. Map the protection profile to the NSX Profile Configuration in Kaspersky Security Center Administration Console in Kaspersky Security policy properties. The protection profile settings are used to protect virtual machines managed by the NSX Policy that uses this NSX Profile Configuration or NSX Service Profile based on it.

To map a protection profile to NSX Vendor Template or NSX Profile Configuration:

1. In the policy properties for one VMware vCenter Server, select the Protected infrastructure subsection.
2. In the drop-down list located in the upper part of the window, select the Use NSX Vendor Templates / NSX Profile Configurations option.
3. In the table, select the NSX Vendor Template / NSX Profile Configuration for which you want to set mapping and double-click it to open the Selecting protection profile window.
4. In the window that opens, select the Use protection profile option. In the drop-down list, select the name of the protection profile to be mapped to the NSX Vendor Template / NSX Profile Configuration. The list contains the main protection profile and all additional protection profiles that you configured in this policy.
5. Click OK.

   The Selecting protection profile window will close, and the assigned mapping will be displayed in the table in the Protected infrastructure subsection.

6. In the Properties: <Policy name> window, click OK.

You can configure to use the default protection profile. This protection profile can be assigned by default to the NSX Vendor Templates / NSX Profile Configurations, for which the mapping to protection profile has not been set yet, or has been canceled as a result of deleting a protection profile.

To set the usage of the default protection profile:

1. In the policy properties for one VMware vCenter Server, select the Protected infrastructure subsection.
2. In the drop-down list located in the upper part of the window, select the Use NSX Vendor Templates / NSX Profile Configurations option.
3. Click the Change button located on the right of the default protection profile name.

   The Selecting protection profile window opens.

4. If you want to change the default protection profile, select the Use protection profile option and indicate the name of the protection profile in the drop-down list. The list contains the main protection profile and all additional protection profiles that you configured in this policy.
5. If you want to cancel use of the default protection profile, select the Do not use protection profile option.
6. Click OK.

   The Selecting protection profile window will close, and the name of the selected protection profile will be displayed in the Protected infrastructure subsection in the upper part of the window.

7. In the Properties: <Policy name> window, click OK.