Appendix. Brief instructions on installing the application

Before you start the application installation, do the following:

1. Make sure that all Kaspersky Security software and hardware requirements are met.
2. Prepare VMware virtual infrastructure for Kaspersky Security installation. The preparatory steps depend on the type of VMware NSX Manager you use: VMware NSX-T Manager or VMware NSX-V Manager.

   In the infrastructure managed by VMware NSX-T Manager:

   1. Combine VMware ESXi hypervisors into one or several VMware clusters.
   2. If you want to use an N-VDS switch, reserve one physical network interface on each VMware ESXi hypervisor.
   3. Select a network and a storage for service virtual machines and SVMs on each hypervisor (Agent VM Settings, for details refer to the VMware product documentation).
   4. Install Guest Introspection Thin Agent on each virtual machine that you want to protect using Kaspersky Security. For more details please refer to documentation attached to VMware products.
   5. Register VMware vCenter Server to which VMware NSX-T Manager is connected as NSX Compute Manager.
   6. Create NSX Transport Node Profile.
   7. Apply the created NSX Transport Node Profile on each VMware cluster where SVMs will be deployed.
   8. If you want to install the Network Threat Protection component:
      • Create an NSX Segment and connect network interfaces of the protected virtual machines to it.
      • Make sure that you are using one of the following license types for VMware NSX-T Data Center:
        • NSX Data Center Advanced.
        • NSX Data Center Enterprise Plus.
        • NSX Data Center for Remote Office Branch Office.
        • NSX for vSphere Advanced.
        • NSX for vSphere Enterprise.

   In the infrastructure managed by VMware NSX-V Manager:

   1. Combine VMware ESXi hypervisors into one or several VMware clusters.
   2. Select a network and a storage for service virtual machines and SVMs on each hypervisor (Agent VM Settings, for details refer to the VMware product documentation).
   3. Deploy the Guest Introspection service virtual machines on each VMware cluster where the SVMs with the File Threat Protection component will be deployed.
   4. Install Guest Introspection Thin Agent on each virtual machine that you want to protect using Kaspersky Security. For more details please refer to documentation attached to VMware products.
   5. If you want to install the Network Threat Protection component:
      • Install VMware NSX components on each VMware cluster where SVMs with the Network Threat Protection component will be deployed. Refer to the Knowledge Base for more details.
      • Make sure that you are using one of the following license types for VMware NSX for vSphere:
        • NSX for vSphere Advanced.
        • NSX for vSphere Enterprise.
3. Download all SVM image files from Kaspersky website and place them in the same folder on a network resource accessible via HTTP or HTTPS. For example, published them on Kaspersky Security Center Web Server.
4. Make sure that the ports required for the application operation are opened and the accounts required for installation and operation of the application are created.

Prior to beginning installation of Kaspersky Security, it is recommended to close the Kaspersky Security Center Administration Console.

To install the application:

1. Install the Kaspersky Security main administration plug-in and Integration Server.
2. If you want to use the application in multitenancy mode, install the Kaspersky Security administration plug-in for tenants.

   When the Kaspersky Security Center Administration Console starts for the first time after the Kaspersky Security administration plug-ins are installed, the Quick Start Wizard for the managed application is automatically started. The Wizard lets you create default policies and tasks. If the Quick Start Wizard for the managed application was not started automatically, it is recommended to start it manually.

3. Start the Integration Server Console and configure the settings for connecting the Integration Server to one or more virtual infrastructure administration servers.
4. In the Integration Server Console, use the Wizard to register Kaspersky Security services in VMware NSX Manager.
5. Deploy SVMs with Kaspersky Security components and configure protection settings in the virtual infrastructure. Actions to be performed depend on the type of VMware NSX Manager you use: VMware NSX-T Manager or VMware NSX-V Manager.

   In the infrastructure managed by VMware NSX-T Manager, perform the following actions in the VMware NSX Manager Web Console:

   1. Include virtual machines that you want to protect into one or several NSX Groups.
   2. To protect virtual machines from file threats:
      1. Deploy Kaspersky File Antimalware Protection service.
      2. Create an NSX Service Profile for the Kaspersky File Antimalware Protection service.
      3. Create an NSX policy for File Threat Protection and an Endpoint Protection Rule. In the rule settings, specify the NSX group that includes the protected virtual machines, and the previously created profile of the Kaspersky File Antimalware Protection service.
   3. To protect virtual machines from network threats:
      1. Deploy Kaspersky Network Protection service.
      2. Create an NSX Service Profile for the Kaspersky Network Protection service.
      3. Create an NSX Service Chain that uses the Kaspersky Network Protection service profile created before.
      4. Create an NSX policy that redirects traffic to the NSX Service Chain that contains Kaspersky Network Protection service profile. Configure rules for inbound traffic and outbound traffic; specify the NSX group, which includes the protected virtual machines, in the rule settings.

   In the infrastructure managed by VMware NSX-V Manager, perform the following actions in the VMware vSphere Client console:

   1. Include virtual machines that you want to protect into one or several NSX Groups.
   2. Deploy Kaspersky File Antimalware Protection service to protect virtual machines from file threats and Kaspersky Network Protection service to protect virtual machines from network threats.
   3. Create an NSX Policy that uses Kaspersky Security services, and apply the policy to NSX groups that include protected virtual machines.

If you want to use the application in multitenancy mode, configure protection of tenant organizations:

1. In the Kaspersky Security Center Administration Console, for each tenant whose virtual machines need to be protected, create a virtual Administration Server and account that will be used by the tenant administrator to connect to the virtual Administration Server.
2. In the Kaspersky Security Center Administration Console, create the account that the Integration Server will use to connect to the Kaspersky Security Center Administration Server. This connection is required for obtaining information about virtual Administration Servers created in Kaspersky Security Center, and for configuring mappings between virtual Administration Servers and Cloud Director organizations that contain tenant virtual machines.
3. In the Integration Server Console, connect the Integration Server to Kaspersky Security Center Administration Server and configure the list of mappings between Cloud Director organizations and Kaspersky Security Center virtual Administration Servers.
4. Provide the following information to the tenant administrator: address of the Integration Server, address of the virtual Administration Server configured for this tenant, name and password of the account used to connect to the virtual Administration Server.

After the application is installed, prepare the application for operation and perform initial configuration:

1. Activate the application on all deployed SVMs.
2. Make sure that the application databases are updated on all deployed SVMs.
3. Enable protection of virtual machines against file threats and network threats. By default, Kaspersky Security does not protect virtual machines.