Support

Support for business applications

Kaspersky XDR Expert

Working with Open Single Management Platform

Configuring Administration Server

Creating a hierarchy of Administration Servers: adding a secondary Administration Server

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Creating a hierarchy of Administration Servers: adding a secondary Administration Server

May 15, 2024

ID 178059

Get as PDF

Expand all | Collapse all

In a hierarchy, a Linux-based Administration Server can work both as a primary Server and as a secondary Server. The primary Linux-based Server can manage both Linux-based and Windows-based secondary Servers. A primary Windows-based Server can manage a secondary Linux-based Server. The root Administration Server can only act as a primary Server.

You can add an Administration Server as a secondary Administration Server, thus establishing a "primary/secondary" hierarchy.

To add a secondary Administration Server that is available for connection through OSMP Console:

  1. Make sure that port 13000 of the future primary Administration Server is available for receipt of connections from secondary Administration Servers.
  2. On the future primary Administration Server, click the settings icon ().
  3. On the properties page that opens, click the Administration Servers tab.
  4. Select the check box next to the name of the administration group to which you want to add the Administration Server.
  5. In the menu line, click Connect secondary Administration Server.

    The Add secondary Administration Server wizard starts.

  6. On the first page of the wizard, fill in the following fields:
    • Secondary Administration Server display name
    • Secondary Administration Server address (optional)
    • Administration Server SSL port
    • Administration Server API port
    • Connect primary Administration Server to secondary Administration Server in DMZ
  7. Specify the certificate of the future secondary Server.

    The wizard is complete.

  8. Send the certificate file of the future primary Administration Server to the system administrator of the office where the future secondary Administration Server is located. (You can, for example, write the file to an external device, such as a flash drive, or send it by email.)

    The certificate file is located on the future primary Administration Server, at /var/opt/kaspersky/klnagent_srv/1093/cert/.

  9. Prompt the system administrator in charge of the future secondary Administration Server to do the following:
    1. Click the settings icon ().
    2. On the properties page that opens, proceed to the Hierarchy of Administration Servers section of the General tab.
    3. Select the This Administration Server is secondary in the hierarchy option.

      The root Administration Server can only act as a primary Server.

    4. In the Primary Administration Server address field, enter the network name of the future primary Administration Server.
    5. Select the previously saved file with the certificate of the future primary Administration Server by clicking Browse.
    6. If necessary, select the Connect primary Administration Server to secondary Administration Server in DMZ check box.
    7. If the connection to the future primary Administration Server is performed through a proxy server, select the Use proxy server option and specify the connection settings.
    8. Click Save.

The "primary/secondary" hierarchy is built. The primary Administration Server starts receiving connection from the secondary Administration Server using port 13000. The tasks and policies from the primary Administration Server are received and applied. The secondary Administration Server is displayed on the primary Administration Server, in the administration group where it was added.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.