Contents
- Viewing the protected infrastructure in a policy
- Information about the assignment of file protection settings using the virtual infrastructure tree
- Information about assigning the file protection settings using NSX Vendor Template (in infrastructure managed by VMware NSX-T Manager)
- Information about assigning the file protection settings using NSX Profile Configuration (in infrastructure managed by VMware NSX-V Manager)
Viewing the protected infrastructure in a policy
In policy properties, you can view the protected infrastructure selected for the policy, and information about the use of protection profiles.
To view information about the protected infrastructure in a policy:
- In the Kaspersky Security Center Administration Console, open the policy properties:
- In the console tree, select the folder or administration group in which the policy was created.
- In the workspace, select the Policies tab.
- Select a policy in the list of policies and double-click the policy to open the Properties: <Policy name> window.
- In the policy properties window, in the File threat protection section, select the Protected infrastructure subsection.
- The Kaspersky Security administration plug-in attempts to automatically connect to the Integration Server. If the connection fails, the Connection to Integration Server window opens.
It is recommended to specify the Integration Server address in the <address:port> format.
If the computer hosting the Administration Console of Kaspersky Security Center belongs to a domain or your domain user account belongs to the KLAdmins group or to the group of local administrators on the computer hosting the Integration Server, your domain user account is used by default to connect to the Integration Server. The Use domain account check box is selected by default. You can also use the Integration Server administrator account (admin). To do so, clear the Use domain account check box and enter the administrator password in the Password field.
If the computer hosting the Kaspersky Security Center Administration Console does not belong to a domain, or the computer belongs to a domain but your domain account does not belong to the KLAdmins group or to the group of local administrators on the computer hosting the Integration Server, you can use only the account of the Integration Server administrator (admin) to connect to the Integration Server. Enter the administrator password in the Password field.
If the connection to the Integration Server is established using the Integration Server administrator account (admin), you can save the administrator password. To do so, select the Save password check box. The saved administrator password will be used the next time a connection is established with this Integration Server. If you clear the check box selected during the previous connection to the Integration Server, Kaspersky Security removes the previously saved password of the Integration Server administrator.
The Save password check box may be unavailable if Windows updates KB 2992611 and/or KB 3000850 have been installed on the computer hosting the Kaspersky Security Center Administration Console. To restore the capability to save the administrator password, you can uninstall these Windows updates or modify the operating system registry as described in the Knowledge Base.
In the Connection to Integration Server window, specify the connection settings and click OK.
- The Kaspersky Security administration plug-in verifies the SSL certificate received from the Integration Server. If the received certificate contains an error, the Certificate verification window containing the error message opens. The SSL certificate is used to establish a secure connection to the Integration Server. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To view information on the received certificate, click the View the received certificate button in the window containing the error message. You can install the certificate you received as a trusted certificate to avoid receiving a certificate error message at the next connection to the Integration Server. To do so, select the Install received certificate and stop showing warnings for <Integration Server address> check box.
To continue connecting, click the Continue button in the Certificate verification window. If you selected the Install received certificate and stop showing warnings for <Integration Server address> check box, the received certificate is saved in the operating system registry on the computer where the Kaspersky Security Center Administration Console is installed. The application also checks the previously installed trusted certificate for the Integration Server. If the received certificate does not match the previously installed certificate, a window opens to confirm replacement of the previously installed certificate. To replace the previously installed certificate with the certificate received from the Integration Server and continue connecting, click the Yes button in this window.
After connecting to the Integration Server, the right part of the window displays information about the protected infrastructure and the use of protection profiles.
In the properties of the main policy, which determines the protection settings for a virtual infrastructure managed by one VMware vCenter Server, you can select the method for assigning file protection settings in the drop-down list located in the upper part of the window:
- Use virtual infrastructure tree. If this option is selected, the table displays a tree of VMware virtual infrastructure objects and protection profiles assigned to the virtual infrastructure objects.
- Use NSX Vendor Templates / NSX Profile Configurations. If this option is selected, the data displayed in the table depends on the virtual infrastructure where Kaspersky Security is deployed:
- If the application is deployed in the infrastructure managed by VMware NSX-T Manager, the table displays the NSX Vendor Templates configured in the protected infrastructure and the protection profiles mapped to them.
- If the application is deployed in the infrastructure managed by VMware NSX-V Manager, the table displays the NSX Profile Configurations configured in the protected infrastructure and the protection profiles mapped to them.
If the entire protected infrastructure is selected as the protected infrastructure in the main policy properties, you cannot use NSX Vendor Templates or NSX Profile Configurations to assign the file protection settings. Use virtual infrastructure tree option is selected in the drop-down list.
Page topInformation about the assignment of file protection settings using the virtual infrastructure tree
If the Use virtual infrastructure tree option is selected in the drop-down list located in the upper part of the window, the Protected infrastructure section displays a tree of objects of the VMware virtual infrastructure and the protection profiles assigned to objects of the virtual infrastructure.
The protected infrastructure is displayed as a tree of items:
- In the properties of a policy for one VMware vCenter Server, you will see the protected infrastructure of the "VMware vCenter Agentless" cluster: the root element is the VMware vCenter Server, and under it you will see Datacenter objects, VMware clusters, resource pools, vApp objects, and virtual machines.
- In the properties of a policy for the entire protected infrastructure, the root element is the Integration Server, and under it you will see all VMware vCenter Servers, each containing the protected infrastructure of the "VMware vCenter Agentless" cluster corresponding to this VMware vCenter Server.
- In the properties of the tenant policy located in the Managed devices folder of the virtual Administration Server, the root element is the "Cloud Director organization" object that combines all virtual Datacenters of the tenant. Under this object there are all virtual machines within the Cloud Director organization that corresponds to this virtual Administration Server.
If the virtual infrastructure contains two or more virtual machines with the same ID (vmID), only one virtual machine appears in the object tree. If this virtual machine has been assigned a protection profile, the settings of this protection profile are applied to all virtual machines that have the same ID (vmID).
The Protection profile column displays information about the assignment of protection profiles to objects of the protected infrastructure. Kaspersky Security uses the settings of assigned protection profiles when protecting virtual machines.
The Protection profile field may contain the following values:
- Name of the protection profile that is assigned to a virtual machine or to a VMware virtual infrastructure object.
- Protection profile name, inherited from the parent object and displayed as "
inherited: <N>
", where <N> – is the name of the inherited protection profile. (Not assigned)
orinherited: (Not assigned)
– if the protection profile was not assigned or its assignment has been canceled (the Do not use protection profile value was selected). Virtual machines or virtual infrastructure objects that have no assigned protection profile are excluded from protection.
Information about assigning the file protection settings using NSX Vendor Template (in infrastructure managed by VMware NSX-T Manager)
If the Use NSX Vendor Templates / NSX Profile Configurations option is selected in the drop-down list at the top of the window and the application is deployed in the infrastructure managed by VMware NSX-T Manager, the following information is displayed in the Protected infrastructure section:
- Name of the default protection profile. This protection profile is automatically assigned to NSX Vendor Templates for which the mapping to protection profile has not been set yet or has been canceled as a result of deleting that protection profile. As a result, the default protection profile settings are used to protect virtual machines managed by the NSX Policy that uses the NSX Service Profile based on this NSX Vendor Template.
Main protection profile is set as the default protection profile. If you canceled the use of default protection profile, the
Do not use protection profile
value is displayed. - The table of correspondence between the protection profiles and NSX Vendor Templates configured in the protected infrastructure.
The correspondence table displays the following information:
- The NSX Vendor Template / NSX Profile Configuration column displays the name of the NSX Vendor Template. If several NSX Vendor Templates with the same identifier (vendor_template_id) are created in the virtual infrastructure, their names are separated by comma. Kaspersky Security processes NSX Vendor Templates with the same ID as one NSX Vendor Template.
- If a mapping is set between the protection profile and the NSX Vendor Template displayed in the NSX Vendor Template / NSX Profile Configuration column, the Protection profile column displays the name of the protection profile. Kaspersky Security uses the settings of the specified protection profile to protect virtual machines managed by the NSX Policy that uses the NSX Service Profile based on this NSX Vendor Template.
- If mapping between the protection profile and the NSX Vendor Template displayed in the NSX Vendor Template / NSX Profile Configuration column is canceled, the Protection profile column displays the
(Not assigned)
value. If no security profile is mapped to an NSX Vendor Template, the virtual machines that are managed by the NSX policy which uses the NSX Service Profile based on this NSX Vendor Template are excluded from protection.
Information about assigning the file protection settings using NSX Profile Configuration (in infrastructure managed by VMware NSX-V Manager)
If the Use NSX Vendor Templates / NSX Profile Configurations option is selected in the drop-down list at the top of the window and the application is deployed in the infrastructure managed by VMware NSX-V Manager, the following information is displayed in the Protected infrastructure section:
- Name of the default protection profile. This protection profile is automatically assigned to those NSX Profile Configurations, for which mapping to the protection profile has not been set yet, or has been canceled as a result of deleting a protection profile. As a result, the default protection profile settings are used to protect virtual machines managed by the NSX Policy that uses this NSX Profile Configuration or NSX Service Profile based on it.
Main protection profile is set as the default protection profile. If you canceled the use of default protection profile, the
Do not use protection profile
value is displayed. - The table of correspondence between the protection profiles and NSX Profile Configurations configured in the protected infrastructure.
The correspondence table displays the following information:
- The NSX Vendor Template / NSX Profile Configuration column displays the name of the NSX Profile Configuration. If several NSX Profile Configurations with the same Configuration ID are created in the virtual infrastructure, their names are separated by comma. Kaspersky Security processes the NSX Profile Configurations with the same ID as one NSX Configuration Profile.
- If a mapping is set between the protection profile and the NSX Profile Configuration displayed in the NSX Vendor Template / NSX Profile Configuration column, the Protection profile column displays the name of the protection profile. Kaspersky Security uses the settings of the specified protection profile to protect virtual machines managed by the NSX Policy that uses this NSX Profile Configuration or NSX Service Profile based on it.
- If mapping between the protection profile and the NSX Profile Configuration displayed in the NSX Vendor Template / NSX Profile Configuration column is canceled, the Protection profile column displays the
(Not assigned)
value. If no protection profile is mapped to an NSX Profile Configuration, the virtual machines managed by the NSX Policy that uses this NSX Profile Configuration or NSX Service Profile based on it are excluded from protection.