Configuring SVM path and Protection Server settings
5 September 2024
ID 259231
At this step of the deployment of tenant security infrastructure, you can perform the following actions:
- Configure the location of SVMs that will protect tenant virtual machines in the Kaspersky Security Center administration group hierarchy.
- Configure the operation settings of the Protection Server installed on these SVMs using the Protection Server policy.
- Configure the general settings of the Light Agents that will be installed on tenant virtual machines using Light Agent policies.
You can deploy SVMs that will protect tenant virtual machines in any folder or administration group on the main Kaspersky Security Center Administration Server.
It is not recommended to deploy the SVMs and Protection Server policy in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
If you want the SVM to protect virtual machines of only particular tenants, you need to restrict Light Agents' access to the SVM in one of the following ways:
- Using the connection tags mechanism. Tags must be specified in the Protection Server policy and in the Light Agent policy. It is recommended to "lock" the configured settings in order to prevent these settings from being changed in child policies.
- By blocking network connections from the tenant subnet to the subnet with the SVM on TCP ports 80, 9876, 9877, 11111, and 11112.
It is not recommended to configure connection tags in Light Agent policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
In accordance with the procedure for inheritance of Kaspersky Security Center policies, the default Protection Server policy is applied on all SVMs in administration group hierarchy. It is created in the Managed devices folder on the main Administration Server. If you want to configure specific operating settings for the SVMs that will protect tenant virtual machines, you need to create a Protection Server policy in the folder where the SVM that protects tenant virtual machines is located.
If you want to centrally enable use of Kaspersky Security Network to protect tenants' virtual machines, make sure that tenants' personal data is being processed legally.
