Scenario: Kaspersky applications initial deployment
This scenario describes how to install Kaspersky applications on client devices in Kaspersky Security Center Cloud Console. First, you must deploy distribution points on your network. Then, by means of the distribution points, you must perform network polling and discover networked devices on your network. After that, you can deploy Kaspersky applications on networked devices.
When the scenario is complete, the Kaspersky applications are deployed on the selected client devices in your organization's network. You can manage all the devices with Kaspersky applications installed.
Prerequisites
Before you start, make sure that the following prerequisites are met:
- The quick start wizard has finished.
- Network Agent and security applications installation packages are created.
- The address https://aes.s.kaspersky-labs.com/endpoints/ is included in managed device firewall exceptions.
- You have information about internet settings for client devices in your organization, information about the gateway, and proxy server settings.
- Client devices in your organization are not encrypted.
Stages
The Kaspersky applications initial deployment proceeds in stages:
- Selecting a device to act as a distribution point
In Kaspersky Security Center Cloud Console, a distribution point is intended for:
- Network polling and device discovery
- Remote installation of Network Agent on client devices
- Connection of client devices to Administration Server (when a distribution point is acting as a connection gateway)
Select a device on your organization's network to act as a distribution point for an administration group. The selected device must meet the requirements for distribution point. Depending on the amount of client devices in your organization's network, select the correct number of devices to act as distribution points.
- Creating a stand-alone installation package for Network Agent
Create a stand-alone installation package for Network Agent to install on the distribution point.
If your client devices do not have direct internet access to connect to Administration Server, in the Network Agent installation package settings, configure the connection gateway and proxy server settings.
- Installing Network Agent on the selected device to act as a distribution point
Deliver the stand-alone installation package for Network Agent to the selected device by any method. For example, you can copy the stand-alone installation package to a removable drive (such as a flash drive), or place it in a shared folder.
In the Properties window of the stand-alone installation package file, verify that the stand-alone installation package for Network Agent is signed by Kaspersky.
Run the installation of the stand-alone installation package for Network Agent on the selected device. Network Agent is now installed according to the settings of the Network Agent installation package and is connected to Administration Server. The device with Network Agent is placed in the administration group that was specified when the stand-alone installation package for Network Agent was created.
If you install Network Agent by using a stand-alone installation package on a device running Microsoft Windows XP Professional for Embedded Systems 32-bit, the installation fails. To resolve this issue, preliminarily install the update KB2868626 for Windows XP from the Microsoft website: https://www.catalog.update.microsoft.com/Search.aspx?q=KB2868626.
- Assigning the device with Network Agent installed to act as a distribution point
Assign the device with Network Agent installed to act as a distribution point.
- Configuring and performing network polling for the distribution point
Configure network polling for the distribution point with the Network Agent installed. As an option, you can configure network polling in the Network Agent policy.
After network polling according to schedule is complete, the client devices connected to your organization's network are discovered and placed in the Unassigned devices group.
- Creating installation packages for Network Agent and managed Kaspersky applications
If you did not start the quick start wizard, or skipped the step of creating installation packages, create installation packages for Kaspersky applications. You must create installation packages both for Network Agent and for managed Kaspersky applications appropriate for the operating system installed on client devices on your organization's network.
- Removing third-party security applications
If third-party security applications are installed on client devices on your organization's network, remove them before installing the Kaspersky application.
- Installing Kaspersky applications on client devices
Create tasks to install Network Agent and managed Kaspersky applications on client devices on your organization's network. When creating the tasks, use the Install application remotely task type. For the task to install Network Agent, use the Using operating system resources through distribution points option. For the task to install managed Kaspersky applications, use the Using Network Agent option. After the tasks are created, you can configure their settings. Make sure that the schedule for each task meets your requirements. First, the task to install Network Agent must be run. Then, after Network Agent is installed on client devices, the task to install managed Kaspersky applications must be run.
As an option, you can create one remote installation task to install Network Agent and managed Kaspersky applications on client devices on your organization's network. In this case, in the Installation packages block, use the Select installation package option and the Select Network Agent option; in the Force installation package download block, use the Using operating system resources through distribution points option.
You also can create several remote installation tasks to install managed Kaspersky applications for different administration groups or different device selections.
If you have client devices that are out of the network with distribution point, for example, laptops of remote users, you must create and deliver the Network Agent stand-alone installation package to those client devices by any method. Install Network Agent stand-alone installation package locally on those client devices. Then you can install managed Kaspersky applications on those remote users' devices following the same instructions as for other devices discovered by the distribution point.
Run the remote installation tasks.
As an option, to install Kaspersky applications, you can start the Protection deployment wizard.
- Installing Kaspersky Security for Mobile
If you plan to manage corporate mobile devices, follow the instructions provided in the Kaspersky Security for Mobile Help for information about deployment of Kaspersky Endpoint Security for Android.
- Verifying initial deployment of Kaspersky applications
Generate and view the Report on Kaspersky application versions. Make sure that the managed Kaspersky applications are installed on all client devices in your organization.
For the full disk encryption, Kaspersky Security Center Cloud Console supports only BitLocker.