Kaspersky Endpoint Security and Management. Scaling: KSC Installation On A Failover Cluster

KL 302.
11
Kaspersky
Endpoint Security
and Management.
Scaling
KSC installation on a failover
cluster
Lab Guide
www.kaspersky.com
Table of contents
Lab 1. How to install Kaspersky Security Center on a failover cluster ........................................................................ 2
Task A: Preparation. Create group managed service accounts ............................................................................. 2
Task B: Preparation. Install the group managed service accounts on the servers ................................................ 4
Task C: Preparation. Create a database for Kaspersky Security Center ............................................................... 6
Task D: Preparation. Create a shared folder where backup copies of the Administration Server and its database
will be stored ........................................................................................................................................................ 10
Task E: Install Kaspersky Security Center on a cluster ....................................................................................... 12
Task F: Connect to the administration server on the cluster using its virtual address ........................................ 18
Lab 2. How to install Kaspersky Security for Windows Server on failover cluster under high load .......................... 22
Task A: Create an installation package of Kaspersky Security for Windows Server ........................................... 23
Task B: Install Kaspersky Security for Windows Server on the cluster ............................................................... 27
L–2 KASPERSKY™
KL 302.11: Kaspersky Security Center. Scaling
Lab 1.
How to install Kaspersky Security Center on a
failover cluster
Scenario. You want to install Kaspersky Security Center in a fault tolerance configuration. To achieve this, you need to install
Kaspersky Security Center on a Windows server failover cluster. This installation assumes that the KSC server will connect to
an external SQL Server. In this scenario, the KSC administrator does not have complete rights on the SQL server and therefore
the database server administrator should create a database and grant the necessary permissions to the accounts beforehand.
Following best practices, you also want to configure starting KSC services under group Managed Service Accounts (gMSA)
and configure backup for the Administration Server and its database.
Contents. In this lab, we will:
A. Preparation. Create group managed service accounts
B. Preparation. Propagate group managed service accounts to the servers
C. Preparation. Create a database for Kaspersky Security Center
D. Preparation. Create a shared folder where backup copies of the Administration Server and its database will be stored
E. Install of Kaspersky Security Center on a cluster
F. Connect to the administration server on the cluster using its virtual address
Task A: Preparation. Create group managed service accounts
Create three group managed service accounts: PrdKL-AKgMSA, PrdKIScSVCgMSA, and PrdSQLgMSA. The first will be
used to start the Kaspersky Security Center Server service; the second, to start other KSC services: Kaspersky Security
Network proxy, Kaspersky Lab activation proxy server, Kaspersky Lab Web Server. The third one will be used for starting the
MSSQL Server service
The task is performed on dc

The dc, freenas, node1, node2, and mssql-server computers must be turned on.
1. Log on to the dc domain controller under

the abc\administrator account with the
password Ka5per5Ky
2. Run powershell.exe
3. To create a new KDS root key, carry out
the following command
— Add-KdsRootKey –EffectiveTime ((get-
date).addhours(-10))
If the command has been executed
successfully, the key GUID will be
displayed.
The key will be operational immediately;
we recommend that you create a key using
this method only in test networks. In a real
production network, use the following
command
— Add-KdsRootKey –
EffectiveImmediately
The key will become operable in 10 hours
L–3
Lab 1
4. Open the Active Directory Users and

Computers snap-in
5. Select the Computers node
6. Create a global security group

ProductionKSCServers
7. Add the node1 and node2 computers to the

ProductionKSCServers group
8. Create a global security group

ProductionSQLServers
9. Add the mssql-server computer to the
ProductionSQLServers group
10. Reboot node1, node2, and mssql-server
L–4 KASPERSKY™
11. Return to the PowerShell window

12. To create a group managed service account
PrdKL-AKgMSA and bind it to the
ProductionKSCServers group, carry out
— New-ADServiceAccount -name PrdKL-
AKgMSA -DNSHostName dc.abc.lab-
PrincipalsAllowedToRetrieveManaged
Password “ProductionKSCServers”

PrdKIScSVCgMSA and bind it to the
ProductionKSCServers group, carry out
the following command (on a single line)
— New-ADServiceAccount -name
PrdKIScSVCgMSA -DNSHostName
dc.abc.lab -
Password “ProductionKSCServers”

PrdSQLgMSA and bind it to the
ProductionSQLServers group, carry out
— New-ADServiceAccount -name
PrdSQLgMSA -DNSHostName
dc.abc.lab -
Password “ProductionSQLServers”
15. Open the Active Directory Users and
Computers snap-in
16. Select the Managed Service Accounts
node
17. Make sure that the group accounts PrdKL-
AKgMSA, PrdKIScSVCgMSA, and
PrdSQLgMSA have been created
successfully
Task B: Preparation. Install the group managed service accounts on the

servers
Install the group managed service accounts PrdKL-AKgMSA and PrdKIScSVCgMSA on node1 and node2, and the
PrdSQLgMSA account on mssql-server.
L–5
Lab 1
The task is performed on node1.

The dc, node1, node2, freenas, and mssql-server computers must be turned on.
18. Log on to the node1 computer under the abc\kscadmin

account with the password Ka5per5Ky
19. Run PowerShell as administrator
20. To install Active Directory for Windows PowerShell,
carry out the following commands:
— Import-Module ServerManager
— Add-WindowsFeature -Name "RSAT-AD-
PowerShell" –IncludeAllSubFeature
21. To install the PrdKL-AKgMSA account on node1,
carry out the following command
— Install-ADServiceAccount PrdKL-AKgMSA
22. To install the PrdKIScSVCgMSA account on node1

and allow it to reset the password periodically, carry out
— Install-ADServiceAccount PrdKIScSVCgMSA
23. Carry out the following commands to check the

installation results
— Test-ADServiceAccount PrdKL-AKgMSA
— Test-ADServiceAccount PrdKIScSVCgMSA
If everything has been done correctly, the command will
return True
24. Log on to the node2 computer under the abc\kscadmin account with the password Ka5per5Ky
26. To install Active Directory for Windows PowerShell, carry out the following command:
— Install-windowsfeature rsat-ad-powershell -includeallsubfeature
27. Install the PrdKL-AKgMSA account on node2 and allow it to reset the password periodically. Carry out
— Install-ADServiceAccount PrdKL-AKgMSA
28. Install the PrdKIScSVCgMSA account on node2 and allow it to reset the password periodically. Carry out
— Install-ADServiceAccount PrdKIScSVCgMSA
29. Carry out the following commands to check the installation results
— Test-ADServiceAccount PrdKL-AKgMSA
— Test-ADServiceAccount PrdKIScSVCgMSA
If everything has been done correctly, the command will return True
L–6 KASPERSKY™
The task is performed on mssql-server.
30. Log on to the mssql-server computer under the ABC\SQLAdmin account with the password Ka5per5Ky
32. To install Active Directory for Windows PowerShell, carry out the following command:
— Install-windowsfeature rsat-ad-powershell -includeallsubfeature
33. Install the PrdSQLgMSA account on MSQSQL-Server and allow it to reset the password periodically. Carry out
— Install-ADServiceAccount PrdSQLgMSA
34. Carry out the following commands to check the installation results
— Test-ADServiceAccount PrdSQLMSA
If everything has been done correctly, the command will return True
Task C: Preparation. Create a database for Kaspersky Security Center
Configure the mssql-server service start under the group managed service account; create a database for Kaspersky Security
Center. Set up access to the database for the abc\KSCAdmin user and PrdKL-AKgMSA account
The task is performed on mssql-server.

35. Log on to the mssql-server computer under

the ABC\SQLAdmin account with the
password Ka5per5Ky
36. Run SQL Server Configuration Manager
37. Select the SQL Server Services node
38. Open the properties of the SQL Server
(MSSQLSERVER) service
39. Click the Browse button, select the

PrdSQLgMSA service account, and click OK
40. Restart the SQL Server (SQLEXPRESS)

service, click Yes
41. Close the SQL Server Configuration Manager
L–7
Lab 1
42. Run Microsoft SQL Server Management

Studio
43. To connect to mssql-server, click Connect
44. On the shortcut menu of the Databases node,

click New Database
45. Type KSCdatabase for the database name and

click OK
46. Expand the Security node

47. On the shortcut menu of the Logins node, click
New Login
L–8 KASPERSKY™
48. Click Search
49. In the field From this location, specify abc.lab

50. In the field Select this object type, specify User
51. Click Advanced, and then Find Now
52. Select the abc\KSCAdmin user and click OK
twice
53. Go to the User Mapping node

L–9
Lab 1
54. Choose the KSCdatabase, select the db_owner

check box, and click OK
55. On the shortcut menu of the Logins node, click

New Login
56. In the Login name field, click Search
57. In the field From this location, specify abc.lab
58. In the field Select this object type, specify
Service Account
60. Choose the PrdKL-AKgMSA account, and
click OK twice
61. Go to the User Mapping node

L–10 KASPERSKY™
62. Choose the KSCdatabase, select the db_owner

check box, and click OK
63. Close the Microsoft SQL Server Management

Studio window
Task D: Preparation. Create a shared folder where backup copies of the

Administration Server and its database will be stored
Create a shared folder SC_Backup on the dc server, and grant write permissions for this folder to Kaspersky Security Center
Administration Server and MS SQL Server.
L–11
Lab 1
The task is performed on dc.

64. Log on to the dc domain controller under the abc\administrator account

with the password Ka5per5Ky
65. Create a folder C:\SC_Backup
66. Open the properties of the SC_Backup folder and switch to the Sharing
tab
67. Click Advanced Sharing
68. Select the check box Share this folder and click Permissions
69. Click Add
70. Click Object Types and set Select this object type to Service Accounts
71. Click Advanced and then Find Now
72. Select the PrdKL-AKgMSA and PrdSQLgMSA accounts
73. To apply the settings, click OK
L–12 KASPERSKY™
74. Grant the PrdKL-AKgMSA and PrdSQLgMSA accounts full rights for
the SC_Backup shared folder
75. Apply the settings
Task E: Install Kaspersky Security Center on a cluster
Install the Kaspersky Security Center on a failover cluster; use the group managed service accounts to start services.
The task is performed on node1 and dc

76. Log on to the node1 computer under

the abc\kscadmin account with the password
Ka5per5Ky
77. Copy the Kaspersky Security Center 11 distribution
to the desktop (ask the instructor where the
distribution is located)
78. Start the installation of Kaspersky Security Center
11
79. On the welcome page, click Next

80. On the following page, make sure that the required
version of .NET Framework is installed and click
Next
81. Accept the license agreement and click Next
82. Select Cluster (install on all cluster nodes) and

click Next
L–13
Lab 1
83. Enter the name of the virtual administration server:

ksc-server-cluster. This name will be displayed in
the administration console, and Network Agents will
be able to use it when connecting to the server
84. Click Next
85. Select the network or networks where the

administration server installed on the cluster will be
accessible
86. Specify the IP address of the virtual administration
server: 10.28.1.95 and click Add
For the IP address of the virtual administration
server, you can specify any free IP address within the
subnet
87. Click Next
88. On the subsequent page, click Next
89. Select the storage where KSC is to be installed and

click Next
If storages are not displayed. Start Failover Cluster
Manager, run CluAdmin.msc, go to Storage |
Disks, select Cluster Shared Volume, and click
Move Available Storage | Select Node. Select
node1 and click OK. Go one step back in the
installation wizard and proceed with the installation.
L–14 KASPERSKY™
90. Specify the account that possesses remote installation

rights for the cluster: ABC\KSCAdmin with the
password Ka5per5Ky
91. In the next three windows, click Next
92. Select Microsoft SQL Server and click Next
93. Type the IP address of mssql-server: 10.28.1.60

94. Type KSCdatabase for the database name and click
Next
95. On the SQL Server Authentication mode page,

click Next The KSC installer has been started under
the abc/KSCAdmin account, which has permissions
for the KSCdatabase
96. Specify the PrdKL-AKgMSA account under which

the Kaspersky Security Center Administration
Server service will run Click Browse
L–15
Lab 1
97. In the field Select this object type, specify Service

Account
99. Choose the PrdKL-AKgMSA service account, and
click OK twice
100.You don’t need to specify a password for the service

accounts; the system generates it automatically.
Click Next
101.Select the PrdKIScSVCgMSA account under which

the following services will be running Kaspersky
Security Network proxy server, Kaspersky Lab
activation proxy server, Kaspersky Lab Web
Server. Click Browse
102.In the field Select this object type, specify Service
Account
103.Click Advanced, and then Find Now
104.Choose the PrdKL-AKgMSA account, and click
OK twice
105.Click Next
106.Pay attention to the location of the KLSHARE folder

and click Next
Creating the shared folder may take 2-3 minutes
L–16 KASPERSKY™
107.Select the key length of 2048 bits and click Next
108.Select the IP address of the virtual administration

server and click Next
109.On the page with the list of plugins, click Next

110.Click Install to install KSC
111.Wait for the installation to complete
112.Clear the check box Start as Kaspersky Security

Center 11 Web Console
113.Clear the check box Start as MMC-based
Administration Console and click Finish
L–17
Lab 1
114.Click Start | Windows Administrative Tools |

Failover Cluster Manager
115.Go to the Roles node
116.Make sure that the KSCGroup role was created on
the cluster, but its start failed
The task is performed on dc
117.Log on to the dc domain controller under

the abc\administrator account with the password
Ka5per5Ky
118.Open the Active Directory Users and Computers
snap-in Click Start | Run and enter dsa.msc
119.Switch to the Users node and select the KLAdmins
group
120.Open the properties of the KLAdmins group and

switch to the Members tab
121.Add user accounts PrdKIScSVCgMSA and PrdKL-

AKgMSA to the KLAdmins group and click OK
122.Close the Active Directory Users and Computers
window
L–18 KASPERSKY™
123.On node1, return to Failover Cluster Manager
124.Select the KSCGroup role and click Start

125.Make sure that the KSCGroup role has started
successfully on node2
126.Select the role KSCGroup

127.To move the KSCGroup role from node2 to node1,
click Move | Select Node
128.Select node 1 and click OK
129.Make sure that the KSCGroup role has successfully
migrated to node1
130.Close the Failover Cluster Manager window
Task F: Connect to the administration server on the cluster using its virtual
address
Connect to the Administration Server on the cluster using the virtual cluster address and proceed through the Quick Start
Wizard. Add an activation code. Configure notifications to [email protected] via server 10.28.1.10. Accept the KSN
L–19
Lab 1
agreement. Download signature updates. Do not start the Remote Installation Wizard. Enable automatic distribution for the
license.
The task is performed on admin-desktop.

131.Log on to Admin-Desktop under the

ABC\KSCAdmin account with the password
Ka5per5Ky
132.Run Kaspersky Security Center Administration
Console
133.In the message informing that the Administration
Server is inaccessible click No
134.Select the Kaspersky Security Center 11 node

135.Click Action | New | Administration Server
136.Select the Administration Server node
137.Type the IP address of the cluster’s virtual

Administration Server: 10.28.1.95 and click OK
138.Connect to the Administration Server and download

its certificate; click OK
139.Consult the certificate data and click Yes
L–20 KASPERSKY™
140.On the welcome page of the Quick Start Wizard, click

Next
141.Do not enable support for mobile devices, click Next
142.Click Activate application by using an activation

code
143.Ask the instructor for an activation code.
144.Enter the activation code, select the Automatically
deploy key to managed devices check box and click
Next
145.On the subsequent page, click Next

146.Select Skip check and click Next
147.Accept the Kaspersky Security Network Statement
and click Next
L–21
Lab 1
148.Specify the addressee for email notifications: In the

Recipients box, enter [email protected], and for the
SMTP server, type 10.28.1.10
149.Click the button Send test message to check whether
the settings are correct
150.Make sure that the server has sent the message and
click Close
151.On the Update management settings page, click

Next
152.Wait for the wizard to configure the default settings in

policies and tasks
153.Specify the path to the \\dc/SC_Backup shared folder
and click OK
L–22 KASPERSKY™
154.Do not wait for the wizard to download updates, click

Next
155.If the Network poll page appears, click Next
156.Clear the Run Protection Deployment Wizard check
box and click Finish
Conclusion
You have installed Kaspersky Security Center on a failover cluster. Following best practices, you configured starting KSC
services under group managed service accounts. With this approach, Active Directory will automatically change the password
for these accounts according to the security policy without disrupting the services.
Also, you completed the Quick Start Wizard: Created the default tasks and policies, accepted the KSN agreement, configured
backup for the Administration Server and notifications for the administrator, and enabled autodistribution for the activation
code.
The next lab will teach you how to install Kaspersky Endpoint Security for Windows Server.
Lab 2.
How to install Kaspersky Security for Windows
Server on failover cluster under high load
Scenario. You need to protect a failover cluster. Kaspersky Security for Windows Server is the best choice. Kaspersky
Security Center Administration Server is already deployed on the cluster. You need to create an installation package for KSWS
and install it on all cluster nodes in a way that any conflicts that may arise during the installation do not affect the cluster.
Following best practices for a cluster under load, prior to installing Kaspersky Security on a node, move the load to other
nodes.
Contents. In this lab, we will:
A. Create an installation package of Kaspersky Security for Windows Server
B. Install Kaspersky Security for Windows Server on the cluster
L–23
Lab 2
Task A: Create an installation package of Kaspersky Security for Windows

Server
Add the installation package of Kaspersky Security for Windows Server to the KSC Administration Server. Install the
management plugin of Kaspersky Security for Windows Server on the Administration Server. Study the installation package
settings to install all the necessary components and skip unnecessary ones.

1. Log on to Admin-Desktop under

the ABC\KSCAdmin account
with the password Ka5per5Ky
2. Run Kaspersky Security Center
Administration Console
3. Connect to the administration
server installed on a cluster
10.28.1.95 under
abc.lab\kscadmin with the
password Ka5per5Ky
4. Go to the node Advanced |
Remote installation | Installation
packages
5. Add the KSWS installation

package. Click Additional actions
| View current versions of
Kaspersky Lab applications
6. To filter the list of Kaspersky Lab

applications, click Filter
If the list is empty or incomplete,
make sure that the “Download
updates to repository” task has
completed successfully
L–24 KASPERSKY™
7. In the Components area, leave

only the File Servers and Storage
check box selected
8. In the Type of downloaded
software area, clear all
checkboxes and click Apply
9. Select Kaspersky 10 for windows

Server and click Download and
create installation package
10. In the Download status area, click

Accept
L–25
Lab 2
11. Read the license agreements and

accept their terms
12. Select the installation package of

the Kaspersky Security for
Windows Server management
plug-in and click Download
distribution package
13. Click Run to install the

management plugin
14. Click Install to start the

installation
15. Click Finish to close the
installation wizard window
L–26 KASPERSKY™
16. Close all windows and return to

the KSC Administration Console
17. Make sure that an installation
package of Kaspersky Security
10 for Windows Server has been
added to the storage
18. Open the properties of the

Kaspersky Security 10 for
Windows Server installation
package
19. Choose Settings. Note that two
components are not installed by
default, but exclusions are created,
and real-time protection starts
before the policy is enforced
20. Close the installation package
properties
21. Reconnect to Administration

Server 10.28.1.95 without closing
the Administration Console
window
22. On the welcome page of the
Kaspersky Security for
Windows Server Quick Start
Wizard, click Next
23. Wait for the wizard to create tasks
and policies for Kaspersky
Security for Windows Server
24. Click Finish to complete the
wizard
L–27
Lab 2
25. Open the Managed computers

node and create a group named
Cluster
26. Move node1 and node2 from

Unassigned devices to the
Cluster group
Task B: Install Kaspersky Security for Windows Server on the cluster
The KSC remote installation wizard allows you to remotely install KSWS on all cluster nodes concurrently, but our cluster is
under heavy load and its resources must be available at any time. Considering this, install KSWS on each cluster node one by
one, moving the load to other nodes beforehand. This approach is recommended for a cluster under load.

The dc, node1, node2, freenas, mssql-server, and admin-desktop machines must be powered on.
27. Log on to the node1 computer under

the abc\KSCAdmin account with the
password Ka5per5Ky
28. To start Failover Cluster Manager, run
CluAdmin.msc
29. Go to the Roles node
30. Make sure that the KSCGroup role is
running on node1 (consult the Owner
Node field)
31. Go to the Nodes node
L–28 KASPERSKY™
32. Stop the cluster service on node2 Select

node2 and click More Actions | Stop
Cluster Service
33. Log on to admin-desktop under the

abc\KSCAdmin account with the
password Ka5per5Ky
34. In the KSC Administration Console, go to
the Tasks node
35. Click New task to create a task
36. Select the Install application remotely

task type and click Next
L–29
Lab 2
37. Select the installation package of

Kaspersky Security 10 for Windows
Server and click Next
38. On the Advanced page, click Next. The

Network Agent was installed on the
cluster during the KSC deployment
39. On the subsequent two pages, click Next
without changing any settings
L–30 KASPERSKY™
40. Click the top button
41. Expand the Managed devices | Cluster

node
42. Select node2 where you have stopped the
cluster service and click Next
L–31
Lab 2
43. Without specifying an account, click

Next. The Network Agent is installed on
node2 already, and it has permissions
sufficient to install KSWS
44. On the following page, click Next
45. Enter Install KSWS for the task name

and click Next
L–32 KASPERSKY™
46. Select the Run task after the Wizard

finishes check box and click Finish
47. Wait for the task to complete successfully

The dc, node1, node2, freenas, mssql-server, and admin-desktop machines must be powered on.
48. Log on to the abc\KSCAdmin account,

password Ka5per5Ky
49. Open the Nodes node and start the cluster
service on node2. Click More Actions |
Start Cluster services
50. Stop the cluster service on node1
51. Go to the Roles node
L–33
Lab 2
52. Make sure that the KSCGroup role has

restarted on node2
53. In the Kaspersky Security Center window

that informs of lost connection to the
Administration Server, click OK
54. Reconnect the Console to the
Administration Server
55. Go to the Tasks node
56. Open the properties of the Install KSWS

task and switch to the Devices section
L–34 KASPERSKY™
57. Delete the server node2, add node1, and

click OK
58. Run the Install KSWS remotely task and

wait for it to complete successfully
59. Log on to the abc\KSCAdmin account,

password Ka5per5Ky
60. Open the Nodes node and start the cluster
service on node1. Click More Actions |
Start Cluster services
L–35
Lab 2
61. Wait for the first synchronization of

Network Agents with the Administration
Server
62. To avoid waiting for 15-20 minutes. Open
the properties of the Network Agent
policy, change the synchronization period
from 15 minutes to 3 minutes, and apply
the policy.
The synchronization period is not

recommended to be reduced in real-world
conditions, because it results in increased
load on the Administration Server
63. Expand the Managed devices | Cluster

node.
Note that new nodes have appeared,
Cluster and server arrays
64. Go to the Managed devices | Cluster |
Cluster and server arrays node
65. Open the properties of the KSC_Cluster

device and switch to the Nodes section
66. Check the cluster nodes and close the
window
Conclusion
You have installed Kaspersky Security for Windows Server using the step-by-step installation scenario. This is the
recommended method to install protection on a failover cluster under load, which allows you to minimize the risk of
downtime.

Kaspersky Endpoint Security and Management. Scaling: KSC Installation On A Failover Cluster

Uploaded by

Copyright:

Available Formats

Kaspersky Endpoint Security and Management. Scaling: KSC Installation On A Failover Cluster

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Kaspersky Endpoint Security and Management. Scaling: KSC Installation On A Failover Cluster

Uploaded by

Copyright:

Available Formats

KL 302.

Task A: Preparation. Create group managed service accounts

The task is performed on dc

1. Log on to the dc domain controller under

4. Open the Active Directory Users and

6. Create a global security group

7. Add the node1 and node2 computers to the

8. Create a global security group

11. Return to the PowerShell window

13. To create a group managed service account

14. To create a group managed service account

Task B: Preparation. Install the group managed service accounts on the

The task is performed on node1.

18. Log on to the node1 computer under the abc\kscadmin

22. To install the PrdKIScSVCgMSA account on node1

23. Carry out the following commands to check the

The task is performed on node2.

The task is performed on mssql-server.

Task C: Preparation. Create a database for Kaspersky Security Center

The task is performed on mssql-server.

35. Log on to the mssql-server computer under

39. Click the Browse button, select the

40. Restart the SQL Server (SQLEXPRESS)

42. Run Microsoft SQL Server Management

44. On the shortcut menu of the Databases node,

45. Type KSCdatabase for the database name and

46. Expand the Security node

48. Click Search

49. In the field From this location, specify abc.lab

53. Go to the User Mapping node

54. Choose the KSCdatabase, select the db_owner

55. On the shortcut menu of the Logins node, click

61. Go to the User Mapping node

62. Choose the KSCdatabase, select the db_owner

63. Close the Microsoft SQL Server Management

Task D: Preparation. Create a shared folder where backup copies of the

The task is performed on dc.

64. Log on to the dc domain controller under the abc\administrator account

69. Click Add

Task E: Install Kaspersky Security Center on a cluster

The task is performed on node1 and dc

76. Log on to the node1 computer under

79. On the welcome page, click Next

82. Select Cluster (install on all cluster nodes) and

83. Enter the name of the virtual administration server:

85. Select the network or networks where the

87. Click Next

88. On the subsequent page, click Next

89. Select the storage where KSC is to be installed and

90. Specify the account that possesses remote installation

92. Select Microsoft SQL Server and click Next

93. Type the IP address of mssql-server: 10.28.1.60

95. On the SQL Server Authentication mode page,

96. Specify the PrdKL-AKgMSA account under which

97. In the field Select this object type, specify Service

100.You don’t need to specify a password for the service

101.Select the PrdKIScSVCgMSA account under which

106.Pay attention to the location of the KLSHARE folder

107.Select the key length of 2048 bits and click Next