Prerequisites PTCL

Kaspersky Hybrid Cloud
Prerequisites
Kaspersky Cloud Security – Pre-requisites
Contents
Environment Pre-requisites .......................................................................................................... 3
Kaspersky Update URLs ................................................................................................................ 4
Kaspersky KSN URLs ..................................................................................................................... 5
Systems Specification ................................................................................................................... 6
Administration Server......................................................................................................................... 6
Endpoint Requirement ....................................................................................................................... 7
Kaspersky Security for Virtualization 5.0 Agentless ....................................................................... 9
Hardware requirements for version 5.0.0.76 ..................................................................................... 9
Software requirements for version 5.0.0.76 ...................................................................................... 9
Requirements for Kaspersky Security Center components ........................................................... 9
Software requirements for the Integration Server component .................................................... 9
Software requirements for the File Anti-Virus component ......................................................... 10
Software requirements for the Network Threat Detection component ..................................... 11
Page 2 of 11
This document contains Intellectual Property of Trillium Information Security Systems (Pvt) Ltd. protected by Copyright. The information
contained herein is CONFIDENTIAL and PRIVILEGED solely for use by PTCL.
Environment Pre-requisites
The following ports are needed for successful implementation of the solution:
Connection Port Direction Destination Comments

originator component
Computer hosting the Administration server
Kaspersky 13000,
Security 14000 inbound
Center 10 TCP
Kaspersky
13291
Security inbound Administration Console
TCP
Center 10
Kaspersky
15000 File Anti-Virus, Network
Security outbound
TCP Threat Detection
Center 10
When installing
Administratio
22 TCP outbound File Anti-Virus and configuring
n Console
File Anti-Vir
For installation
Administratio and removal of
443 TCP outbound vShield Manager
n Console secure virtual
machines
for configuring
Administratio
443 TCP outbound vCenter Server group tasks and
n Console
protection profiles
For work of the
service network
File Anti- 48651
inbound vShield Endpoint through
Virus TCP
vmservice-vshield-
pg network
File Anti-
443 TCP outbound vCenter Server
Virus
Ports Protocols Descriptions

Computer hosting the Administration server
14000 TCP Required for:
 gathering the data from client hosts;
 connecting Update agents;
 Connecting slave Administration servers.
Does not use secure SSL connection.
13000 UDP Required for reporting hosts being switched off.
8060 HTTP Required for connecting to the web server to
manage Kaspersky Security Center Web-Console and to
organize inner corporate portal.
Page 3 of 11
8061 HTTPS Required for connecting to the web server to

manage Kaspersky Security Center Web-Console and to
organize inner corporate portal. Encryption is used upon
connection.
13111 TCP Required for connecting to a KSN proxy server.
13292 TCP Required for connecting mobile devices.
17000 TCP Required for connecting to an activation proxy server. Uses
secure SSL connection.
17100 TCP Required for connecting to an activation proxy server to
activate mobile hosts.
18000 HTTP Administration server uses it for receiving data from Cisco®
NAC authentication server.
Host serving as Update agent

13000 TCP Client hosts use it for connecting to an Update agent.
13001 TCP Client hosts use it for connecting to an Update agent, if
the Administration server is the Update agent at the same
time.
14000 TCP Client hosts use it for connecting to an Update agent.
14001 TCP Client hosts use it for connecting to an Update agent, if
the Administration server is the Update agent at the same
time.
Client hosts with Network agent installed (Endpoint)

15000 UDP Used for receiving connection requests from
the Administration server. This allows receiving real-time
information about hosts.
15001 UDP Used for interacting with an Update agent.
Server with Web Console installed

13291 SSL Used for a secure SSL connection between Web
Console and Administration Server.
9000 TCP Used for connecting the host to Apache server.
Kaspersky Update URLs

Below is the list of Kaspersky Lab servers used for downloading antivirus database updates,
new application modules, and patches:
http://dnl-01.geo.kaspersky.com
Page 4 of 11
http://bincdn.kaspersky-labs.com/
*.kaspersky-labs.com
*.kaspersky.com
Kaspersky KSN URLs

ksn1-12-part1.kaspersky-labs.com
ksn1-12-part2.kaspersky-labs.com
ksn2-12.kaspersky-labs.com
ksn3-12.part1.kaspersky-labs.com
ksn3-12.part2.kaspersky-labs.com
Page 5 of 11
ksn-file-geo.kaspersky-labs.com
ksn-stat-geo.kaspersky-labs.com
ksn-url-geo.kaspersky-labs.com
ksn-verdict-geo.kaspersky-labs.com
ksn-kas-geo.kaspersky-labs.com
ksn-info-geo.kaspersky-labs.com
ksn-pbs-geo.kaspersky-labs.com
ksn-kddi.kaspersky-labs.com
ksn-ipm-1.kaspersky-labs.com
ksn-tcert-geo.kaspersky-labs.com
ksn-tpcert-1.kaspersky-labs.com
ksn-tboot-1.kaspersky-labs.com
ksn-crypto-file-geo.kaspersky-labs.com
ksn-crypto-stat-geo.kaspersky-labs.com
ksn-crypto-url-geo.kaspersky-labs.com
ksn-crypto-verdict-geo.kaspersky-labs.com
ksn-crypto-kas-geo.kaspersky-labs.com
ksn-crypto-a-stat-geo.kaspersky-labs.com
sget35.kaspersky-labs.com
sget27.kaspersky-labs.com
Systems Specification
Administration Server
The system requirements for Administration Servers are as follows:
Page 6 of 11
Component Minimum Requirement

Processor Quad Core Server Processor
RAM 16 GB of free Memory
Hard drive 500 GB of free space
Operating System
 Microsoft Windows Server 2008 R2

 Microsoft Windows Server 2012 R2 (Recommended)
 Microsoft Windows Server 2016
Database server (provided by customer):
 Microsoft SQL Server 2016 ( Standard Recommended, install on separate machine)

 Microsoft SQL Server 2012
 MySQL Enterprise 5.0.60(SP1), 5.0.70, 5.0.82(SP1), 5.0.90
The software pre-requisites for Administration Server are as follows:
 Microsoft Data Access Components (MDAC) version 2.8 or higher.

 Windows DAC 6.0.
 Microsoft Windows® Installer 4.5
 .Net Framework 3.5
Endpoint Requirement
The system requirements for the Endpoints are as follows:
Component Minimum Requirement

Processor 2.2 GHz Intel or AMD Processor (Single Core)
RAM  1 GB (for 32-bit operating systems)
 2 GB (for 64-bit operating systems)
(04 GB of free memory for encryption)
Hard drive 2 GB of free space
Operating systems:
Microsoft Windows 10 Pro x86 / х64

Microsoft Windows 10 Enterprise x86 / х64
For details about support for Microsoft Windows 10, please refer to this article.
Microsoft Windows 8.1 Pro x86 / х64
Microsoft Windows 8.1 Enterprise x86 / х64
Microsoft Windows 8 Pro x86 / х64
Microsoft Windows 8 Enterprise x86 / х64
Microsoft Windows 7 Professional x86 / х64 SP1 and later
Microsoft Windows 7 Enterprise x86 / х64 SP1 and later
Page 7 of 11
Microsoft Windows 7 Ultimate x86 / х64 SP1 and later
Microsoft Windows Server 2012 R2 Standard х64

Microsoft Windows Server 2012 Foundation / Standard х64
Microsoft Small Business Server 2011 Standard х64
Microsoft Windows Server 2008 R2 Standard / Enterprise х64 SP1
Microsoft Windows Server 2008 Standard / Enterprise х64 SP2
Supported virtual platforms:

VMWare Workstation 12
VMWare ESXi 6.5
Microsoft Hyper-V 2016
Citrix XenServer 7.2
Citrix XenDesktop 7.14
Citrix Provisioning Services 7.14
Page 8 of 11
Kaspersky Security for Virtualization 5.0 Agentless

Hardware requirements for version 5.0.0.76
The distribution kit contains several SVM (Secure Virtual Machine) images with the File Anti-
Virus component installed and several SVM images with the Network Threat Detection
component installed. Using these images you can deploy an SVM with the configuration you
require.
A configuration for an SVM with the File Anti-Virus component installed requires the
following system resources at a minimum:
 Configuration with 2 CPU 8 GB RAM:

o Number of processors: 2
o Allocated RAM size: 8 GB
o Available disk space: 38 GB
A configuration for an SVM with the Network Threat Detection component installed
requires the following system resources at a minimum:
 Configuration with 2 CPU 1 GB RAM:

o Number of processors: 2
o Allocated RAM size: 1 GB
o Allocated free disk space: 9 GB
Software requirements for version 5.0.0.76

Requirements for Kaspersky Security Center components
One of the following versions:
 Kaspersky Security Center 10 Service Pack 3

 Kaspersky Security Center 10 Service Pack 2 Maintenance Release 1
The following Kaspersky Security Center components must be installed:
 Administration Server
 Administration Console
 Network Agent. This component is included in the SVM images.
For information on installing Kaspersky Security Center 10, see the Knowledge Base.
The operating system on the computer on which Kaspersky Security Center is installed must
meet the requirements of the Integration Server component.
Software requirements for the Integration Server component

To install and run the Integration Server component, one of the following operating systems
must be installed on the computer:
 Windows Server 2016 (64-bit)

 Windows Server 2012 R2 Datacenter / Standard / Essentials (64-bit)
 Windows Server 2012 Datacenter / Standard / Essentials (64-bit)
 Windows Server 2008 R2 Datacenter / Enterprise / Standard Service Pack 1 (64-bit)
Page 9 of 11
Microsoft .NET Framework 4.6.1 is required for the installation of the Integration Server,
Integration Server Management Console, and Kaspersky Security administration plug-in.
Software requirements for the File Anti-Virus component

For the File Anti-Virus component to work properly, the virtual infrastructure must meet the
following software requirements:
Option 1:
o VMware ESXi 6.7 hypervisor, VMware ESXi 6.5 hypervisor Update 2 or
VMware ESXi 6.0 hypervisor Update 3a
o VMware vCenter Server 6.7.0b, VMware vCenter Server 6.5 Update 2b, or
VMware vCenter Server 6.0 Update 3f
o VMware NSX for vSphere 6.4.1
 Option 2:
o VMware ESXi 6.5 hypervisor Update 2 or VMware ESXi 6.0 hypervisor Update
3a
o VMware vCenter Server 6.5 Update 2b or VMware vCenter Server 6.0 Update
3f
VMware Tools kit version 10.2.5 is required for the File Anti-Virus component to function
correctly.
When installing the VMware Tools suite, the Guest Introspection Thin Agent component
must be installed. When installing the VMware Tools suite with the default settings, the
Guest Introspection Thin Agent component will not be installed. For information about
installing and updating VMware Tools, see the VMware product documentation.
The File Anti-Virus component protects virtual machines that have the following guest
operating systems installed:
 Windows desktop operating systems:

o Windows 10 Pro / Enterprise RS1 / RS2 / RS3 / RS4 / RS5 (32 / 64-bit)
o Windows 10 Pro for Workstations (32 / 64-bit)
o Windows 8.1 (32 / 64-bit)
o Windows 8 (32 / 64-bit)
o Windows 7 Service Pack 1 (32 / 64-bit)
 Windows server operating systems:
o Windows Server 2016 (LTSC) (64-bit)
o Windows Server 2012 R2 without ReFS (Resilient File System) support (64-bit)
o Windows Server 2012 without ReFS (Resilient File System) support (64-bit)
o Windows Server 2008 R2 Service Pack 1 (64-bit)
List of supported versions of guest operating systems depends on VMware Tools system
requirements.
One of the following file systems must be used on protected virtual machines running
Windows operating systems: FAT, FAT32, NTFS, ISO9660, UDF and CIFS.
 Linux server operating systems:

o Ubuntu Server 14.04 LTS (64-bit)
Page 10 of 11
o Red Hat Enterprise Linux Server 7 GA (64-bit)

o SUSE Linux Enterpise Server 12 GA (64-bit)
One of the following file systems must be used protected virtual machines running Linux
operating systems:

Local file systems: EXT2, EXT3, EXT4, XFS, BTRFS, VFAT, ISO9660

Network file systems: NFS, CIFS
Software requirements for the Network Threat Detection component
For the Network Threat Detection component to work, the VMware virtual infrastructure
must meet the following software requirements:
Option 1:
o VMware ESXi 6.7 hypervisor, VMware ESXi 6.5 hypervisor Update 2 or
VMware ESXi 6.0 hypervisor Update 3a
o VMware vCenter Server 6.7.0b, VMware vCenter Server 6.5 Update 2b, or
VMware vCenter Server 6.0 Update 3f
 Option 2:
o VMware ESXi 6.5 hypervisor Update 2 or VMware ESXi 6.0 hypervisor Update
3a
o VMware vCenter Server 6.5 Update 2b or VMware vCenter Server 6.0 Update
3f
A guest operating system of a protected virtual machine has the same requirements as
those for the File Anti-Virus component.
A current license for NSX for vSphere Advanced or NSX for vSphere Enterprise is required in
order for the Network Threat Detection component to work.
The Network Threat Detection component only protects virtual machines that use the
E1000 or VMXNET3 network adapter.
Note: Access of VCenter is required to deploy SVM’s.
Page 11 of 11

Prerequisites PTCL

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Prerequisites PTCL

Uploaded by

Copyright:

Available Formats

Kaspersky Hybrid Cloud

Connection Port Direction Destination Comments

Ports Protocols Descriptions

8061 HTTPS Required for connecting to the web server to

Host serving as Update agent

Client hosts with Network agent installed (Endpoint)

Server with Web Console installed

Kaspersky Update URLs

Kaspersky KSN URLs

The system requirements for Administration Servers are as follows:

Component Minimum Requirement

 Microsoft Windows Server 2008 R2

Database server (provided by customer):

 Microsoft SQL Server 2016 ( Standard Recommended, install on separate machine)

The software pre-requisites for Administration Server are as follows:

 Microsoft Data Access Components (MDAC) version 2.8 or higher.

Component Minimum Requirement

Microsoft Windows 10 Pro x86 / х64

Microsoft Windows 7 Ultimate x86 / х64 SP1 and later

Microsoft Windows Server 2012 R2 Standard х64

Supported virtual platforms:

Kaspersky Security for Virtualization 5.0 Agentless

 Configuration with 2 CPU 8 GB RAM:

 Configuration with 2 CPU 1 GB RAM:

Software requirements for version 5.0.0.76

 Kaspersky Security Center 10 Service Pack 3

Software requirements for the Integration Server component

 Windows Server 2016 (64-bit)

Software requirements for the File Anti-Virus component

 Windows desktop operating systems:

 Linux server operating systems:

o Red Hat Enterprise Linux Server 7 GA (64-bit)

Note: Access of VCenter is required to deploy SVM’s.

You might also like