Adding connections for cloud segment polling

Expand all | Collapse all

To add a connection for cloud segment polling to the list of available connections:

1. In the console tree, select the Device discovery → Cloud node.
2. In the workspace of the window, click Configure polling.

   A properties window opens containing a list of connections available for cloud segment polling.

3. Click the Add button.

   The Connection window opens.

4. Specify the name of the cloud environment for the connection that will be used for further polling of the cloud segment:

   Cloud environment

   The environment in which the EC2 instances (or virtual machines) are located can be Amazon Web Services (AWS), Microsoft Azure, or Google Cloud.

   If you selected AWS, specify the following settings:

   • Connection name

     Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

     This name will also be used as the name for the administration group for the cloud devices.

     If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

   • Use AWS IAM role

     Select this option if you have already created an IAM role for the Administration Server to use AWS services.

   • Use AWS IAM user account

     Select this option if you have an IAM user account with the necessary permissions and you can enter a key ID and secret key.

     • Access key ID

       The IAM access key ID is a sequence of alphanumeric characters. You received the key ID when you created the IAM user account.

       The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

     • Secret key

       The secret key that you received with the access key ID when you created the IAM user account.

       The characters of the secret key are displayed as asterisks. After you begin entering the secret key, the Show button is displayed. Click and hold this button for the necessary amount of time to view the characters you entered.

       The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

   The Cloud Environment Configuration Wizard allows you to specify only a single AWS IAM access key. Subsequently, you can specify more connections to manage other cloud segments.

   If you selected Azure, specify the following settings:

   • Connection name

     Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

     This name will also be used as the name for the administration group for the cloud devices.

     If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

   • Azure Application ID

     You created this application ID on the Azure portal.

     You can provide only one Azure Application ID for polling and other purposes. If you want to poll another Azure segment, you must first delete the existing Azure connection.

   • Azure Subscription ID

     You created the subscription on the Azure portal.

   • Azure Application password

     You received the password of the Application ID when you created the Application ID.

     The characters of the password are displayed as asterisks. After you begin entering the password, the Show button becomes available. Click and hold this button to view the characters you entered.

   • Azure storage account name

     You created the name of the Azure storage account for working with Kaspersky Security Center.

   • Azure storage access key

     You received a password (key) when you created Azure storage account for working with Kaspersky Security Center.

     The key is available in section "Overview of the Azure storage account," in subsection "Keys."

   If you selected Google Cloud, specify the following settings:

   • Connection name

     Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

     This name will also be used as the name for the administration group for the cloud devices.

     If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

   • Client email

     Client email is the email address that you used for registering your project at Google Cloud.

   • Project ID

     Project ID is the ID that you received when you registered your project at Google Cloud.

   • Private key

     Private key is the sequence of characters that you received as your private key when you registered your project at Google Cloud. You might want to copy and paste this sequence to avoid mistakes.

5. If you want, select Set polling schedule and change the default settings.

The connection is saved in the application settings.

After the new cloud segment is polled for the first time, the subgroup corresponding to that segment appears in the Managed devices\Cloud administration group.

If you specify incorrect credentials, no instances will be found during cloud segment polling and a new subgroup will not appear in the Managed devices\Cloud administration group.