Support

Support for business applications

Kaspersky Security for Virtualization 6.x Agentless

Managing the application via Kaspersky Security Center

About Kaspersky Security policies

Kaspersky Security for Virtualization 6.x Agentless
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ System requirements Download Forum Contact support Recovery tools Product videos

About Kaspersky Security policies

December 13, 2023

ID 60176

When configuring virtual infrastructure protection, it is recommended to account for the specific features of Kaspersky Security policies.

The policy scope, which is a set of virtual machines for which a policy can be used for protection, depends on the type of policy and the protected infrastructure that was selected during configuration of the policy and policy scope (set of SVMs on which the policy is applied).

Kaspersky Security policy types

The following types of policies are provided for Kaspersky Security:

  • Main policy. This policy lets you configure the settings for virtual machine file threat protection using protection profiles, network threat protection settings, and the following application settings:

    If the application operates in multitenancy mode, the main policy determines the Network Threat Protection settings for all virtual machines and the File Threat Protection settings for the virtual machines that are not part of Cloud Director organizations.

    It is recommended to create main policies on the main Administration Server of Kaspersky Security Center. Main policies are created using the Kaspersky Security main administration plug-in.

  • Tenant policy (used only if the application is operating in multitenancy mode). This policy lets you configure protection settings for virtual machines that are part of Cloud Director organizations. You can use this policy to define the following settings:
    • Settings of notifications about events that occur when protecting and scanning virtual machines of a tenant (only in a policy that was created on the main Administration Server of Kaspersky Security Center).
    • Individual file protection settings for virtual machines of the tenant.
    • KSN usage settings for the tenant organization.

    You can create tenant policies on the main Administration Server or on virtual Administration Servers of Kaspersky Security Center by using the Kaspersky Security administration plug-in for tenants.

Protected infrastructure of a policy

Depending on the protected infrastructure that you select when configuring a policy, the following policies are distinguished as follows:

  • Policy for one VMware vCenter Server – lets you configure the settings for protecting a virtual infrastructure managed by one VMware vCenter Server.
  • Policy for the entire protected infrastructure – lets you configure the settings for protecting a virtual infrastructure managed by all VMware vCenter Servers to which the Integration Server connects.

Policy application scope

In Kaspersky Security, a policy is applied on SVMs. Each SVM can protect only the virtual machines running on the same hypervisor where the SVM is deployed. Therefore, the policy protection scope (set of virtual machines for which a policy can be used for protection) depends on the policy application scope (set of SVMs on which the policy is applied).

The policy application scope is determined by the location of the policy within the hierarchy of Kaspersky Security Center administration groups. A policy is applied on SVMs as follows:

  • The main policy in an administration group containing a KSC cluster is applied on all SVMs of this KSC cluster.
  • The main policy in an administration group or folder that is the parent in relation to the groups containing KSC clusters is applied on all SVMs of child KSC clusters.
  • The tenant policy on a virtual Administration Server created in the group of the "VMware Cloud Director Agentless" cluster corresponding to VMware Cloud Director is applied on all SVMs of this KSC cluster.

Inheriting policy settings

According to the order of inheritance of Kaspersky Security Center policies, by default the settings of policies are transferred to policies of nested administration groups and subordinate Administration Servers (for more details, please refer to the Kaspersky Security Center documentation). The settings and settings groups of policies have a "lock" attribute, that shows whether or not you are allowed to change these settings in nested policies. If a setting or a group of settings in a policy is "locked" (Lock), the values of these settings are defined in nested policies and cannot be redefined.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.