Network segment polling

Information about the structure of the network and devices in this network is received by the Administration Server through regular polling of cloud segments by using AWS API, Azure API, or Google API tools. Kaspersky Security Center uses this information to update the contents of the Unassigned devices and Managed devices folders. If you have configured devices to be moved to administration groups automatically, the detected devices are included in administration groups.

To allow the Administration Server to poll cloud segments, you must have the rights provided with an IAM role or IAM user account (in AWS), or with Application ID and password (in Azure), or with a Google client email, Google project ID, and private key.

You can add and delete connections, as well as set the polling schedule for each cloud segment.

Adding connections for cloud segment polling

Expand all | Collapse all

To add a connection for cloud segment polling to the list of available connections:

1. In the console tree, select the Device discovery → Cloud node.
2. In the workspace of the window, click Configure polling.

   A properties window opens containing a list of connections available for cloud segment polling.

3. Click the Add button.

   The Connection window opens.

4. Specify the name of the cloud environment for the connection that will be used for further polling of the cloud segment:

   Cloud environment

   The environment in which the EC2 instances (or virtual machines) are located can be Amazon Web Services (AWS), Microsoft Azure, or Google Cloud.

   If you selected AWS, specify the following settings:

   • Connection name

     Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

     This name will also be used as the name for the administration group for the cloud devices.

     If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

   • Use AWS IAM role

     Select this option if you have already created an IAM role for the Administration Server to use AWS services.

   • Use AWS IAM user account

     Select this option if you have an IAM user account with the necessary permissions and you can enter a key ID and secret key.

     • Access key ID

       The IAM access key ID is a sequence of alphanumeric characters. You received the key ID when you created the IAM user account.

       The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

     • Secret key

       The secret key that you received with the access key ID when you created the IAM user account.

       The characters of the secret key are displayed as asterisks. After you begin entering the secret key, the Show button is displayed. Click and hold this button for the necessary amount of time to view the characters you entered.

       The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

   The Cloud Environment Configuration Wizard allows you to specify only a single AWS IAM access key. Subsequently, you can specify more connections to manage other cloud segments.

   If you selected Azure, specify the following settings:

   • Connection name

     Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

     This name will also be used as the name for the administration group for the cloud devices.

     If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

   • Azure Application ID

     You created this application ID on the Azure portal.

     You can provide only one Azure Application ID for polling and other purposes. If you want to poll another Azure segment, you must first delete the existing Azure connection.

   • Azure Subscription ID

     You created the subscription on the Azure portal.

   • Azure Application password

     You received the password of the Application ID when you created the Application ID.

     The characters of the password are displayed as asterisks. After you begin entering the password, the Show button becomes available. Click and hold this button to view the characters you entered.

   • Azure storage account name

     You created the name of the Azure storage account for working with Kaspersky Security Center.

   • Azure storage access key

     You received a password (key) when you created Azure storage account for working with Kaspersky Security Center.

     The key is available in section "Overview of the Azure storage account," in subsection "Keys."

   If you selected Google Cloud, specify the following settings:

   • Connection name

     Enter a name for the connection. The name cannot contain more than 256 characters. Only Unicode characters are permitted.

     This name will also be used as the name for the administration group for the cloud devices.

     If you plan to work with more than one cloud environment, you might want to include the name of the environment in the connection name, for example, "Azure Segment", "AWS Segment", or "Google Segment".

   • Client email

     Client email is the email address that you used for registering your project at Google Cloud.

   • Project ID

     Project ID is the ID that you received when you registered your project at Google Cloud.

   • Private key

     Private key is the sequence of characters that you received as your private key when you registered your project at Google Cloud. You might want to copy and paste this sequence to avoid mistakes.

5. If you want, select Set polling schedule and change the default settings.

The connection is saved in the application settings.

After the new cloud segment is polled for the first time, the subgroup corresponding to that segment appears in the Managed devices\Cloud administration group.

If you specify incorrect credentials, no instances will be found during cloud segment polling and a new subgroup will not appear in the Managed devices\Cloud administration group.

Deleting connections for cloud segment polling

If you no longer have to poll a specific cloud segment, you can delete the connection corresponding to that segment from the list of available connections. You can also delete a connection if, for example, permissions to poll a cloud segment have been transferred to another AWS IAM user with a different key.

To delete a connection:

1. In the console tree, select the Device discovery → Cloud node.
2. In the workspace of the window, select Configure polling.

   A window opens containing a list of connections available for cloud segment polling.

3. Select the connection that you want to delete and click the Delete button in the right part of the window.
4. In the window that opens, click the OK button to confirm your selection.

If you are deleting connections from the list of available connections, the devices that are in the corresponding segments are automatically deleted from the corresponding administration groups.

Configuring the polling schedule

Expand all | Collapse all

Cloud segment polling is performed according to schedule. You can set the polling frequency.

The polling frequency is automatically set at 5 minutes by the Cloud Environment Configuration Wizard. You can change this value at any time and set a different schedule. However, it is not recommended to configure polling to run more frequently than every 5 minutes, because this could lead to errors in the API operation.

To configure a cloud segment polling schedule:

1. In the console tree, select the Device discovery → Cloud node.
2. In the workspace, click Configure polling.

   The cloud properties window opens.

3. In the list, select the connection you want and click the Properties button.

   The connection properties window opens.

4. In the properties window, click the Set polling schedule link.

   The Schedule window opens.

5. Define the following settings:
   • Scheduled start

     Polling schedule options:

     • Every N days

       The polling runs regularly, with the specified interval in days, starting from the specified date and time.

       By default, the polling runs every day, starting from the current system date and time.

     • Every N minutes

       The polling runs regularly, with the specified interval in minutes, starting from the specified time.

       By default, the polling runs every five minutes, starting from the current system time.

     • By days of week

       The polling runs regularly, on the specified days of week, and at the specified time.

       By default, the polling runs every Friday at 6:00:00 PM.

     • Every month on specified days of selected weeks

       The polling runs regularly, on the specified days of each month, and at the specified time.

       By default, no days of month are selected; the default start time is 6:00:00 PM.

   • Run missed tasks

     If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

     If this option is enabled, the Administration Server starts polling immediately after it is switched on.

     If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

     By default, this option is enabled.

6. Click OK to save the changes.

The polling schedule is configured and saved.