Custom installation

Custom installation is an Administration Server installation during which you are prompted to select components to install and specify the folder in which the application must be installed.

Using this type of installation, you can configure the database and Administration Server, as well as install components that are not included in standard installation or management plug-ins for various Kaspersky security applications. You can also enable Mobile Device Management.

To install Kaspersky Security Center Administration Server on a local device:

Run the ksc_<version number>.<build number>_full_<localization language>.exe executable file.

A window opens prompting you to select Kaspersky applications to install. In the application selection window, click the Install Kaspersky Security Center 13.1 Administration Server link to start the Administration Server Setup Wizard. Follow the instructions of the Wizard.

Step 1. Reviewing the License Agreement and Privacy Policy

At this step of the Setup Wizard, you must read the License Agreement, which is to be concluded between you and Kaspersky, as well as the Privacy Policy.

You may also be prompted to view the License Agreements and Privacy Policies for application management plug-ins that are available in the Kaspersky Security Center distribution kit.

Please carefully read the License Agreement and Privacy Policy. If you agree with all the terms of the License Agreement and the Privacy Policy, select the following check boxes in the I confirm I have fully read, understood, and accept the following section:

• The terms and conditions of this EULA
• Privacy Policy describing the handling of data

Installation of the application on your device will continue after you select both check boxes.

If you do not accept the License Agreement or the Privacy Policy, cancel installation by clicking the Cancel button.

Step 2. Selecting an installation method

In the installation type selection window, specify Custom.

Custom installation allows you to modify the Kaspersky Security Center settings, such as the path to the shared folder, accounts and ports for connection to the Administration Server, and database settings. Custom installation allows you to specify which Kaspersky management plug-ins to install. During custom installation, you can create installation packages for mobile devices by enabling the corresponding option.

Step 3. Selecting the components to be installed

Select the components of Kaspersky Security Center Administration Server that you want to install:

• Mobile Device Management. Select this check box if you must create installation packages for mobile devices when the Kaspersky Security Center Setup Wizard is running. You can also create installation packages for mobile devices manually, after Administration Server installation, by using Administration Console tools.
• SNMP agent. This component receives statistical information for the Administration Server over the SNMP protocol. The component is available if the application is installed on a device with SNMP installed.

  After Kaspersky Security Center is installed, the .mib files required for receiving statistics are located in the SNMP subfolder of the application installation folder.

Network Agent and Administration Console are not displayed in the component list. These components are installed automatically and you cannot cancel their installation.

At this step you must specify a folder for installation of Administration Server components. By default, the components are installed to <Disk>:\Program Files\Kaspersky Lab\Kaspersky Security Center. If no such folder exists, this folder is created automatically during installation. You can change the destination folder by using the Browse button.

Page top

Step 4. Installing Kaspersky Security Center 13.1 Web Console

This step is displayed only if you are using a 64-bit operating system. Otherwise, this step is not displayed, because Kaspersky Security Center 13.1 Web Console does not work with 32-bit operating systems.

By default, both Kaspersky Security Center 13.1 Web Console and MMC-based Administration Console will be installed.

If you want to install only Kaspersky Security Center 13.1 Web Console:

1. Select Install only this one.
2. Choose Web-based console in the drop-down list.

Installation of Kaspersky Security Center 13.1 Web Console starts automatically after completion of Administration Server installation.

If you want to install only the MMC-based console:

1. Select Install only this one.
2. Choose MMC-based console in the drop-down list.

Step 5. Selecting network size

Specify the size of the network on which Kaspersky Security Center is to be installed. Depending on the number of devices on the network, the Wizard configures the installation and appearance of the application interface so that they match.

The following table lists the application installation settings and interface appearance settings, which are adjusted based on various network sizes.

Dependence of installation settings on the network scale selected

If you connect Administration Server to a MySQL or SQL Express database server, it is not recommended to use the application to manage more than 10,000 devices. For the MariaDB database management system, the maximum recommended number of managed devices is 20,000.

Page top

Step 6. Selecting a database

At this step of the Wizard, you must select the mechanism—Microsoft SQL Server (SQL Express) or MySQL—that will be used to store the Administration Server database. The MySQL option is relevant to both MySQL and MariaDB.

It is recommended to install the Administration Server on a dedicated server instead of a domain controller. However, if you install Kaspersky Security Center on a server that acts as a read-only domain controller (RODC), Microsoft SQL Server (SQL Express) must not be installed locally (on the same device). In this case, we recommend that you install Microsoft SQL Server (SQL Express) remotely (on a different device), or that you use MySQL or MariaDB, if you need to install the DBMS locally.

The Administration Server database structure is provided in the klakdb.chm file, which is located in the Kaspersky Security Center installation folder (this file is also available in an archive on the Kaspersky portal: klakdb.zip).

Page top

Step 7. Configuring the SQL Server

At this step of the Wizard, you configure SQL Server.

Depending on the database that you have selected, specify the following settings:

• If you selected Microsoft SQL Server (SQL Server Express) in the previous step:
  • In the SQL Server instance name field, specify the name of the SQL Server on the network. To view a list of all SQL Servers that are on the network, click the Browse button. This field is blank by default.

    If you connect to the SQL Server through a custom port, then together with the SQL Server host name specify the port number separated with a comma, for example:

    SQL_Server_host_name,1433

    If you secure communication between the Administration Server and SQL Server by means of a certificate, specify in the SQL Server instance name field the same host name that was used at the certificate generating. If you use a named instance of SQL Server, then together with the SQL Server host name specify the port number separated with a comma, for example:

    SQL_Server_name,1433

    If you use several instances of SQL Server on the same host, then additionally specify the instance name separated with a backslash, for example:

    SQL_Server_name\SQL_Server_instance_name,1433

    If a SQL Server on the enterprise network has the Always On feature enabled, specify the name of the availability group listener in the SQL Server instance name field. Note that Administration Server supports only the synchronous-commit availability mode when the Always On feature is enabled.

  • In the Database name field, specify the name of the database that has been created to store Administration Server data. The default value is KAV.

  If at this stage you want to install SQL Server on the device from which you are installing Kaspersky Security Center, you must stop installation and restart it after SQL Server is installed. The supported SQL Server versions are listed in the system requirements.

  If you want to install SQL Server on a remote device, you do not have to interrupt the Kaspersky Security Center Setup Wizard. Install SQL Server and resume installation of Kaspersky Security Center.

• If you selected MySQL in the previous step:
  • In the SQL Server instance name field, specify the name of the SQL Server instance. By default, the name is the IP address of the device on which Kaspersky Security Center is to be installed.
  • In the Port field, specify the port for Administration Server connection to the SQL Server database. The default port number is 3306.
  • In the Database name field, specify the name of the database that has been created to store Administration Server data. The default value is KAV.

Step 8. Selecting an authentication mode

Determine the authentication mode that will be used when Administration Server connects to the SQL Server.

Depending on the database that is selected, you can choose from the following authentication modes:

• For SQL Express or Microsoft SQL Server select one of the following options:
  • Microsoft Windows Authentication mode. Verification of rights uses the account used for starting Administration Server.
  • SQL Server Authentication mode. If you select this option, the account specified in the window is used to verify access rights. Fill in the Account and Password fields.

    To see the entered password, click and hold the Show button.

  For both authentication modes, the application checks if the database is available. If the database is not available, an error message is displayed, and you have to provide correct credentials.

  If the Administration Server database is stored on another device and the Administration Server account does not have access to the database server, you must use SQL Server authentication mode when installing or upgrading Administration Server. This may occur when the device that stores the database is outside the domain or when Administration Server is installed under a LocalSystem account.

• For the MySQL server or MariaDB server, specify the account and password.

Step 9. Selecting the account to start Administration Server

Select the account that will be used to start Administration Server as a service.

• Generate the account automatically. The application creates an account named KL-AK-*, under which the kladminserver service will run.

  You can select this option if you plan to locate the shared folder and the DBMS on the same device as Administration Server.

• Select an account. The Administration Server service (kladminserver) will run under the account that you selected.

  You will have to select a domain account if, for example, you plan to use as the DBMS a SQL Server instance of any version, including SQL Express, that is located on another device, and/or you plan to locate the shared folder on another device.

  Starting from version 10 Service Pack 3, Kaspersky Security Center supports managed service accounts (MSA) and group managed service accounts (gMSA). If these types of accounts are used in your domain, you can select one of them as the account for the Administration Server service.

  Before specifying MSA or gMSA, you must install the account on the same device on which you want to install Administration Server. If the account is not installed yet, then cancel the Administration Server installation, install the account, and then restart the Administration Server installation. For details about installation of managed service accounts on a local device, refer to the official Microsoft documentation.

  To specify MSA or gMSA:

  1. Click the Browse button.
  2. In the window that opens, click the Object type button.
  3. Select the Account for services type and click OK.
  4. Select the relevant account and click OK.

The account that you selected must have different permissions, depending on the DBMS that you plan for use.

For security reasons, please do not assign the privileged status to the account under which you run Administration Server.

If later you decide to change the Administration Server account, you can use the utility for Administration Server account switching (klsrvswch).

Step 10. Selecting the account for running the Kaspersky Security Center services

Select the account under which the services of Kaspersky Security Center will run on this device:

• Generate the account automatically. Kaspersky Security Center creates a local account named KlScSvc on this device in the kladmins group. The services of Kaspersky Security Center will be run under the account that has been created.
• Select an account. The Kaspersky Security Center services will be run under the account that you selected.

  You will have to select a domain account if, for example, you intend to save reports to a folder located on a different device or if this is required by your organization's security policy. You may also have to select a domain account if you install Administration Server on a failover cluster.

For security reasons, do not grant privileged status to the account under which the services are run.

The KSN proxy service (ksnproxy), Kaspersky activation proxy service (klactprx), and Kaspersky authentication portal service (klwebsrv) will be run under the selected account.

Step 11. Selecting a shared folder

Define the location and name of the shared folder that will be used to do the following:

• Store the files necessary for remote installation of applications (these files are copied to Administration Server during creation of installation packages).
• Store updates that have been downloaded from an update source to Administration Server.

File sharing (read-only) will be enabled for all users.

You can select either of the following options:

• Create a shared folder. Create a new folder. In the text box, specify the path to the folder.
• Select an existing shared folder. Select a shared folder that already exists.

The shared folder can be a local folder on the device that is used for installation or a remote directory on any client device on the corporate network. You can click the Browse button to select the shared folder, or specify the shared folder manually by entering its UNC path (for example, \\server\Share) in the corresponding field.

By default, the installer creates a local Share subfolder in the application folder that contains the components of Kaspersky Security Center.

You can define a shared folder later if needed.

Page top

Step 12. Configuring the connection to Administration Server

Expand all | Collapse all

Configure the connection to Administration Server:

• Port

  The number of the port used to connect to the Administration Server.

  The default port number is 14000.

• SSL port

  Secure Sockets Layer (SSL) port number used to securely connect to the Administration Server via SSL.

  The default port number is 13000.

• Encryption key length

  Select the length of the encryption key: 1024 bit or 2048 bit.

  A 1024-bit encryption key places a smaller load on the CPU, but it is considered obsolete because it cannot provide reliable encryption due to its technical specifications. Also, the existing hardware probably will turn out to be incompatible with SSL certificates featuring 1024-bit keys.

  A 2048-bit encryption key meets all state-of-the-art encryption standards. However, use of a 2048-bit encryption key may add to the load on a CPU.

  By default, 2048 bit (best security) is selected.

If Administration Server is installed on a device running Microsoft Windows XP Service Pack 2, the built-in system Firewall blocks TCP ports 13000 and 14000. Therefore, to allow access to Administration Server on the device after installation, these ports must be opened manually.

Step 13. Defining the Administration Server address

Specify the Administration Server address. You can select one of the following options:

• DNS domain name. You can use this method if the network includes a DNS server and client devices can use it to receive the Administration Server address.
• NetBIOS name. You can use this method if client devices receive the Administration Server address using the NetBIOS protocol or if a WINS server is available on the network.
• IP address. You can use this method if Administration Server has a static IP address that will not be subsequently changed.

Page top

Step 14. Administration Server address for connection of mobile devices

This Setup Wizard step is available if you have selected Mobile Device Management for installation.

In the Address for connection of mobile devices window, specify the external address of the Administration Server for connection of mobile devices that are outside of the local network. You can specify the IP address or Domain Name System (DNS) of the Administration Server.

Page top

Step 15. Selecting application management plug-ins

Select the application management plug-ins that need to be installed with Kaspersky Security Center.

For ease of search, plug-ins are divided into groups depending on the type of secured objects.

Step 16. Unpacking and installing files on the hard drive

After the installation of Kaspersky Security Center components is configured, you can start installing files on the hard drive.

If installation requires additional programs, the Setup Wizard will notify you, on the Installing Prerequisites page, before installation of Kaspersky Security Center begins. The required programs are installed automatically after you click the Next button.

On the last page, you can select which console to start for work with Kaspersky Security Center:

• Start MMC-based Administration Console
• Start Kaspersky Security Center Web Console

  This option is available only if you opted to install Kaspersky Security Center 13.1 Web Console in one of the previous steps.

You can also click Finish to close the Wizard without starting work with Kaspersky Security Center. You can start the work later at any time.

At the first startup of Administration Console or Kaspersky Security Center 13.1 Web Console, you can perform the initial setup of the application.

Page top