Contents
Preparing for work in a cloud environment through Kaspersky Security Center Cloud Console
This section tells you how to prepare for working with Kaspersky Security Center Cloud Console in the following cloud environments:
- Amazon Web Services
- Microsoft Azure
- Google Cloud
Working in Amazon Web Services cloud environment
This section tells you how to prepare for working with Kaspersky Security Center Cloud Console in Amazon Web Services.
The addresses of web pages cited in this document are correct as of the Kaspersky Security Center Cloud Console release date.
About work in Amazon Web Services cloud environment
To work with the AWS platform and, in particular, to create instances, you need an Amazon Web Services account. You can create a free account at https://aws.amazon.com. You can also use an existing Amazon account.
To learn more about an AMI and how AWS Marketplace works, please visit the AWS Marketplace Help page. For more information about working with the AWS platform, using instances, and related concepts, please refer to the Amazon Web Services documentation.
The addresses of web pages cited in this document are correct as of the Kaspersky Security Center Cloud Console release date.
Page topCreating IAM user accounts for Amazon EC2 instances
This section describes the actions that must be performed to ensure correct operation of Kaspersky Security Center Cloud Console. These actions include work with the AWS Identity and Access Management (IAM) user accounts. Also described are the actions that must be taken on client devices to install Network Agent on them and then install Kaspersky Security for Windows Server and Kaspersky Endpoint Security for Linux.
Ensuring that Kaspersky Security Center Cloud Console has the permissions to work with AWS
To operate in the Amazon Web Services cloud environment using Kaspersky Security Center Cloud Console, you must create an IAM user account, that will be used by Kaspersky Security Center Cloud Console to work with AWS services. Before starting to work with the Administration Server, create an IAM user account with an AWS IAM access key (hereinafter also referred to as IAM access key).
Creation of an IAM user account requires the AWS Management Console. To work with the AWS Management Console, you will need a user name and password from an account in AWS.
Page topCreating an IAM user account for work with Kaspersky Security Center Cloud Console
An IAM user account is required for working with Kaspersky Security Center Cloud Console. You can create one IAM user account with all the necessary permissions, or you can create two separate user accounts.
An IAM access key that you will need to provide to Kaspersky Security Center Cloud Console during initial configuration is automatically created for the IAM user. An IAM access key consists of an access key ID and a secret key. For more details about the IAM service, please refer to the following AWS reference pages:
- https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html.
- https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html#UseCase_EC2.
To create an IAM user account with the necessary permissions:
- Open the AWS Management Console and sign in under your account.
- In the list of AWS services, select IAM.
A window opens containing a list of user names and a menu that lets you work with the tool.
- Navigate through the areas of the console dealing with user accounts, and add a new user name or names.
- For the user(s) you add, specify the following AWS properties:
- Access type: Programmatic Access.
- Permissions boundary not set.
- Permission: ReadOnlyAccess.
After you add the permission, view it for accuracy. In case of a mistaken selection, go back to the previous screen and make the selection again.
- After you create the user account, a table appears containing the IAM access key of the new IAM user. The access key ID is displayed in the Access key ID column. The secret key is displayed as asterisks in the Secret access key column. To view the secret key, click Show.
The newly created account is displayed in the list of IAM user accounts that corresponds to your account in AWS.
The addresses of web pages cited in this document are correct as of the Kaspersky Security Center Cloud Console release date.
Page topWorking in Microsoft Azure cloud environment
This section provides information about Kaspersky Security Center Cloud Console operation and maintenance in a cloud environment provided by Microsoft Azure, as well as details of protection deployment on virtual machines in this cloud environment.
About work in Microsoft Azure
To work with the Microsoft Azure platform and, in particular, to purchase apps at the Azure Marketplace and create virtual machines, you will need an Azure subscription. Before starting to work with Microsoft Azure in Kaspersky Security Center Cloud Console, create an Azure Application ID with permissions required for installation of applications on virtual machines.
Page topCreating a subscription, Application ID, and password
To work with Kaspersky Security Center Cloud Console in the Microsoft Azure environment, you need an Azure subscription, Azure Application ID, and Azure Application password. You can use an existing subscription, if you already have one.
An Azure subscription grants its owner access to the Microsoft Azure Platform Management Portal and to Microsoft Azure services. The owner can use the Microsoft Azure Platform to manage services such as Azure SQL and Azure Storage.
To create a Microsoft Azure subscription,
Go to https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription and follow the instructions there.
More information about creating a subscription is available on the Microsoft website. You will get a subscription ID, which you will later provide to Kaspersky Security Center Cloud Console together with Application ID and password.
To create and save Azure Application ID and password:
- Go to https://portal.azure.com and make sure that you are logged in.
- Following the instructions on the reference page, create your Application ID.
- Go to the Keys section of the application settings.
- In the Keys section, fill in the Description and Expires fields and leave the Value field empty.
- Click Save.
When you click Save, the system automatically fills the Value field with a long sequence of characters. This sequence is your Azure Application password (for example, yXyPOy6Tre9PYgP/j4XVyJCvepPHk2M/UYJ+QlfFvdU=). The description is displayed as you entered it.
- Copy the password and save it, so that you can later provide the Application ID and password to Kaspersky Security Center Cloud Console.
You can copy the password only when it has been created. Later, the password will no longer be displayed and you cannot restore it.
The addresses of web pages cited in this document are correct as of the Kaspersky Security Center Cloud Console release date.
Page topAssigning a role to the Azure Application ID
If you only want to detect virtual machines using device discovery, your Azure Application ID must have the Reader role. If you want not only to detect virtual machines, but also to deploy protection by means of the Azure API, your Azure Application ID must have the Virtual Machine Contributor role.
Follow the instructions on the Microsoft website to assign a role to your Azure Application ID.
Page topWorking in Google Cloud
This section provides information about work with Kaspersky Security Center Cloud Console in a cloud environment provided by Google.
You can use the Google API to work with Kaspersky Security Center Cloud Console in Google Cloud Platform. A Google account is required. Please refer to the Google documentation at https://cloud.google.com for more information.
You will need to create and provide Kaspersky Security Center Cloud Console with the following credentials:
Page top