Step 7. Creating an initial configuration of the protection of the cloud environment

Expand all | Collapse all

At this step, Kaspersky Security Center automatically creates policies and tasks. The Configure initial protection window displays a list of policies and tasks created by the application.

If you use an RDS database in the AWS cloud environment, you have to provide IAM access key pair to Kaspersky Security Center when the Administration Server backup task is being created. In this case, fill in the following fields:

• S3 bucket name

  The name of the S3 bucket that you created for the Backup.

• Access key ID

  You received the key ID (sequence of alphanumeric characters) when you created the IAM user account for working with S3 bucket storage instance.

  The field is available if you selected RDS database on an S3 bucket.

• Secret key

  The secret key that you received with the access key ID when you created the IAM user account.

  The characters of the secret key are displayed as asterisks. After you begin entering the secret key, the Show button is displayed. Click and hold this button for the necessary amount of time to view the characters you entered.

  The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

If you use an Azure SQL database in the Azure cloud environment, you have to provide information about your Azure SQL Server to Kaspersky Security Center when the Administration Server backup task is being created. In this case, fill in the following fields:

• Azure storage account name

  You created the name of the Azure storage account for working with Kaspersky Security Center.

• Azure Subscription ID

  You created the subscription on the Azure portal.

• Azure Application password

  You received the password of the Application ID when you created the Application ID.

  The characters of the password are displayed as asterisks. After you begin entering the password, the Show button becomes available. Click and hold this button to view the characters you entered.

• Azure Application ID

  You created this application ID on the Azure portal.

  You can provide only one Azure Application ID for polling and other purposes. If you want to poll another Azure segment, you must first delete the existing Azure connection.

• Azure SQL server name

  The name and the resource group are available in your Azure SQL Server properties.

• Azure SQL server resource group

  The name and the resource group are available in your Azure SQL Server properties.

• Azure storage access key

  Available in the properties of your storage account, in the Access Keys section. You can use any of the keys (key1 or key2).

If you are deploying the Administration Server in the Google Cloud, you have to select a folder where the backup copies will be stored. Select a folder on your local device or a folder on a virtual machine instance.

The Next button becomes available after the creation of all policies and tasks that are necessary for minimum configuration of protection.

If a device on which the tasks are supposed to run is not visible to the Administration Server, then the tasks start only when the device becomes visible. If you create a new EC2 instance or a new Azure virtual machine, it might take some time before it becomes visible to the Administration Server. If you want Network Agent and the security applications to be installed on all the newly created devices as soon as possible, make sure that the Run missed tasks option is enabled for the Install application remotely tasks. Otherwise, a newly created instance/virtual machine will not get Network Agent and the security applications until the task starts according to its schedule.