Upgrading the application installed in an infrastructure managed by a VMware vCenter Server and VMware vShield Manager, with migration to the VMware NSX platform

An upgrade consists of the following steps:

  1. Removing the File Threat Protection and Network Threat Protection components of the previous version of the application. The component removal procedure can be found in the documentation for Kaspersky Security for Virtualization 4.0 Service Pack 1 Agentless or Kaspersky Security for Virtualization 4.0 Agentless.

    When an SVM with the File Threat Protection component is removed, the copies of files that were placed in Backup are automatically deleted.

  2. Upgrading the VMware virtual infrastructure for compliance with Kaspersky Security software requirements. In the virtual infrastructure, you must remove VMware vShield Manager and deploy VMware NSX for vSphere 6.3.7 or VMware NSX for vSphere 6.4.6. Components of Kaspersky Security for Virtualization 6.0 Agentless cannot operate in an infrastructure managed by a VMware vCenter Server and VMware vShield Manager.
  3. Preparing the virtual infrastructure for installation of Kaspersky Security components.
  4. Updating Kaspersky Security Center For proper functioning of Kaspersky Security for Virtualization 6.0 Agentless, you must upgrade Kaspersky Security Center to one of the supported versions:

    If you want to use Kaspersky Security in a multitenanсy mode, you need to upgrade Kaspersky Security Center to version 11, 12 or 13.1.

    For Kaspersky Security Center update instructions, see the Kaspersky Security Center documentation.

  5. Installing the new version of the Kaspersky Security administration plug-in, Integration Server, and Integration Server Console.

    If you want to use the application in multitenancy mode, you need to also install Kaspersky Security administration plug-in for tenants.

  6. Configuring the settings for connecting the Integration Server to one or more virtual infrastructure administration servers.
  7. Registering Kaspersky Security services in VMware NSX Manager.

    If you want to install the File Threat Protection component, you need to register the file system protection service (Kaspersky File Antimalware Protection).

    If you want to install the Network Threat Protection component, you need to register the network protection service (Kaspersky Network Protection).

    The settings required for registration and deployment of Kaspersky Security services are entered through a Wizard that is started from the Integration Server Console. When you have finished entering the settings, Integration Server registers the Kaspersky Security services in VMware NSX Manager.

    In the VMware vSphere Web Client console, you can verify that registration of Kaspersky Security services completed successfully.

  8. Deploying SVMs with the File Threat Protection component and SVMs with the Network Threat Protection component on VMware ESXi hypervisors. Deployment of SVMs is performed in the VMware vSphere Web Client console.

    After SVMs are deployed, the Integration Server sends each new SVM the configuration settings that you specified when you registered Kaspersky Security services.

    Deployed SVMs are combined into KSC clusters.

    If you upgrade Kaspersky Security for Virtualization 4.0 Service Pack 1 Maintenance Release 1 Agentless, Kaspersky Security for Virtualization 4.0 Service Pack 1 Agentless, or Kaspersky Security for Virtualization 4.0 Agentless, the Kaspersky Security Center Administration Console also displays the administration groups that were created for KSC clusters of the previous version of Kaspersky Security.

    The KSC cluster for the SVM of the previous version of the application and the administration group created for it are named VMware vCenter "<name>" (<IP address>), where:

    • <name> is the name of the VMware vCenter Server corresponding to the KSC cluster for the previous version of the application. If the name of the VMware vCenter Server is not defined or matches its IP address, the name is omitted.
    • <IP address> is the IP address of the VMware vCenter Server corresponding to the KSC cluster for the previous version of the application.
  9. Configuration of NSX Security Groups and NSX Security Policies.

    To protect virtual machines, you need to do the following in the VMware vSphere Web Client console:

    1. Include virtual machines into one or multiple NSX Security Groups.
    2. Configure one or multiple NSX Security Policies and apply the security policies to the NSX Security Groups.
  10. Converting policies and tasks from the previous version of the application. If you are upgrading Kaspersky Security for Virtualization 4.0 Service Pack 1 Maintenance Release 1 Agentless or older, you need to use the Master for conversion.

    If you are upgrading Kaspersky Security for Virtualization 5.0 Agentless, policies and tasks are automatically converted to policies and tasks of Kaspersky Security for Virtualization 6.0 Agentless after policy protection settings and task scan settings are edited and saved for the first time.

  11. Preparing the application for operation on all SVMs.

If you want to use the application in multitenancy mode, you need to configure protection of tenant organizations after the application is updated.

Page top