Recommendations for the installation of Network Agent and Kaspersky Light Agent 5.x on a golden image used by Virtual Desktop Infrastructure
- Kaspersky Security for Virtualization 5.2 Light Agent (version 22.214.171.1249)
- Kaspersky Security for Virtualization 5.1 Light Agent (version 126.96.36.1995)
- One of the following versions of Kaspersky Security Center:
- Kaspersky Security Center 13.2 (version 188.8.131.521)
- Kaspersky Security Center 13.1 (version 184.108.40.20624)
- Kaspersky Security Center 13.0 (version 220.127.116.1147)
- Kaspersky Security Center 12 (version 18.104.22.16834)
- Kaspersky Security Center 11 (version 22.214.171.1241)
- Kaspersky Security Center 10 (version 10.5.1781.0)
- The Kaspersky Security for Virtualization 5.x Light Agent components are installed on the Administration Server.
- XenApp and XenDesktop 7.15 or Citrix Virtual Apps and Desktops 7 1903.
- Kaspersky Secure Virtual Machines are installed on all Hyper-Visors that will have VDI machines running and are located in a separate group of managed computers.
- Create a new group of managed computers. All created Virtual Desktops will be moved into it.
- Exclude this group from all inherited tasks: Find Vulnerabilities and Window Updates task and Fix Vulnerabilities and required Updates task.
Network Agent Policy
- Create a new Network Agent policy.
- Go to the Repositories tab. Clear all selected options and lock them.
- Information about installed applications
- Information about Microsoft Windows updates
- Software vulnerabilities information
- Hardware registry details
- Go to Updates and software vulnerabilities.
- Select Disabled for the Windows Update search mode setting and lock it.
- Clear the checkbox Scan executable files for vulnerabilities when running them and lock the setting,
Secure Virtual Machine Policy
- Create a Secure Virtual Machine policy in the group of managed computers where SVMs are located.
- Go to Update settings and clear the Update application modules checkbox. Close the lock.
- Go to Settings for connecting SVMs to the Integration Server and specify the IP address (or FQND) of the machine with the Integration Server (the IP address of the Administration Server). Close the lock.
- Verify that the policy is applied on the Secure Virtual Machines.
Windows Light Agent Policy
- Create a policy for the Light Agent for Windows.
- Open the policy properties and go to Anti-Virus protection → General Protection settings.
- In the Exclusions and trusted applications section, click Settings.
- If the VDI infrastructure is used in a Citrix environment, enable exclusions and trusted applications for Citrix XenDesktop, Citrix Provisioning Services, Citrix XenApp, Citrix EdgeSight, and Citrix Profile Manager. If they're not in the list, create a new policy and add them at the Exclusions step.
- If the VDI infrastructure is used in a VMware environment, enable exclusions and trusted applications for VMware Tools and VMware Horizon View. If they're not in the list, create a new policy and add them at the Exclusions step.
- If roaming user profiles are used, specify the path of the network folder where the profiles are located to avoid scanning on both a network and local level.
- Go to the SVM discovery settings section. Make sure that Use Integration Server is selected and that the lock is closed.
- Go to Settings for connecting to the Integration Server.
- Specify the IP address (or FQDN) of the machine where Integration Server is installed (the IP address of the Administration Server).
Installation of Kaspersky Network Agent and Kaspersky Security for Virtualization Light Agent 5.x on a golden image
- Launch a local installation of Kaspersky Network Agent on the golden image.
- At the Advanced settings step, clear the checkbox Automatically install applicable updates and patches for Kaspersky Security Center 10 components with Undefined status.
- Select the checkboxes Enable Dynamic Mode for VDI and Optimize Kaspersky Security Center 10 Network Agent settings for the virtual infrastructure. Disable vulnerability scan and inventory of applications and equipment. You can edit the current settings by using Network Agent policies.
- After Network Agent has installed, open services.msc and launch it manually.
- Launch the local installation of Kaspersky Security For Virtualization 5.x Light Agent on the golden image.
- If you are using Citrix XenDesktop, select the checkboxes Ensure compatibility with Citrix Provisioning Services and Installation on the template for temporary VDI pools.
- If you are using VMware Horizon View, select the checkbox Installation on the template for temporary VDI pools.
If the checkbox is selected, updates that require a protected virtual machine to restart will not be installed on the virtual machines deployed using this template. At the same time, Kaspersky Security Center 10 will send messages that database and application modules updates are required on the template.
We do not recommend selecting the Installation on the template for temporary VDI pools checkbox if the template will be used for creating a VDI infrastructure of one of the following types:
- Citrix XenDesktop static dedicated catalog with local drives
- VMware Horizon View automated pool of the full clone type
What to do after the installation
- Verify that the Windows Light Agent policy has been applied. The golden image should have been handled by relocation rule created in Kaspersky Security Center. If the golden image does not meet the conditions of the relocation rule, move it manually into the managed group created for virtual machines.
- Verify that the Light Agent is connected to the SVM: open thewindow locally in the interface of the Light Agent for Windows.
- Restart the golden image.
- Sign in to the system once it has restarted.
- Shut down the golden image.
You can now deploy VDI machines from this golden image.