Kaspersky Security for Virtualization 6.0 Light Agent

Solution architecture

3 July 2024

ID 254032

Protection Server component

Kaspersky Security Protection Server (hereinafter also "Protection Server") is the scanserver service installed on a special virtual machine known as an SVM (secure virtual machine). An SVM is included in the Kaspersky Security distribution kit as a virtual machine image. During installation of the solution, you need to deploy SVMs from an image on hypervisors in the virtual infrastructure.

Protection Server performs the following functions:

  • Scans the fragments of files sent by Light Agents installed on virtual machines for viruses and other malware. The SharedCache technology is used for scan. It optimizes the speed of file scan by excluding files that have been already scanned on another virtual machine. The Protection Server stores information about scanned files in a cache on the SVM in order to not scan them again.
  • This ensures that the application receives an update package from the Kaspersky Security Center Administration Server repository, which contains the database and application module updates necessary for operation of the solution.
  • Manages license keys and licensing restrictions.

Light Agent component

The Light Agent component must be installed on each virtual machine that needs to be protected using the Kaspersky Security solution. A virtual machine with the Light Agent component installed is called protected virtual machine.

Kaspersky Security for Virtualization 6.0 Light Agent protects virtual machines running Linux guest operating systems. To protect virtual machines running Windows guest operating systems, use Kaspersky Security 5.2 Light Agent.

The Kaspersky Security solution uses Kaspersky Endpoint Security for Linux as the Light Agent for Linux. Kaspersky Endpoint Security for Linux, running in Light Agent mode, protects virtual machines running Linux operating systems from various types of threats and network and phishing attacks. For more information about the functionality of Kaspersky Endpoint Security for Linux, see the Kaspersky Endpoint Security for Linux Help.

When launched, the Light Agent establishes and maintains a connection to the SVM in order to interact with the Protection Server component.

Integration Server component

The Integration Server component facilitates interaction between Kaspersky Security solution components and the virtual infrastructure.

The Integration Server is used for performing the following tasks:

  • Deploying, removing, and reconfiguring SVMs with Protection Servers.
  • Receiving information from the virtual infrastructure about the protected infrastructure, and sending this information to Protection Servers on SVMs. The Integration Server can connect to hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices to acquire this information (depending on the type of virtual infrastructure).
  • Receipt by Light Agents of a list of SVMs available for connection and information about them. This information is necessary for interaction between Light Agents and Protection Servers on the SVMs.
  • Deploying and using the Kaspersky Security solution in multi-tenancy mode.

The Integration Server is managed using the Integration Server Console.

To use the Integration Server in the operation of Light Agents and Protection Servers, you need to configure the settings for connecting SVMs and Light Agents to the Integration Server.

After configuring the settings for connecting SVM to the Integration Server, SVM transmits the following information to the Integration Server every 5 minutes:

  • IP address and number of ports for connecting to the SVM.
  • Information about the SVM path in the virtual infrastructure.
  • Information about the license used to activate the solution on the SVM.
  • Information about the average load of the Protection Server on the SVM.

A Light Agent attempts to connect to the Integration Server once every 30 seconds if the Light Agent has no information about any SVM and the last attempt to connect to the Integration Server failed. After a Light Agent receives information about SVMs from the Integration Server, the connection interval increases to 5 minutes.

During its operation, the Integration Server saves the following information:

  • Accounts for connecting the Integration Server Console, SVM, and Light Agents to the Integration Server.
  • Settings for connecting the Integration Server to the virtual infrastructure and the Kaspersky Security Center Administration Server.
  • If the solution is used in multi-tenancy mode: a list of registered tenants and information about the time that virtual machines were protected by the solution.
  • SVM service data.

All data is stored in encrypted form. Information is stored on the device on which Integration Server is installed and is not sent to Kaspersky.

Management plug-ins and Network Agent

The interface for managing Kaspersky Security solution components using Kaspersky Security Center is provided by Kaspersky Security management plug-ins.

Network Agent, a component of Kaspersky Security Center, facilitates interaction between the Kaspersky Security solution and Kaspersky Security Center, and also provides the ability to manage Kaspersky Security solution components via Kaspersky Security Center.

Network Agent must be installed on each virtual machine that needs to be protected using the Kaspersky Security solution. Network Agent does not need to be installed on SVMs because this component is included in the SVM images.

In this Help section

SVM deployment options

Connecting Light Agent to SVM

About data processing

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.