Jump to content
conslider

What would be the best protection structure? [Solved]

Recommended Posts

Hi ,

 

I have a client who is currently using about 5000 license of kaspersky business space. The have 80 branches nationwide with about 30-50 computers at each branch. Current protection structure used is , 1 Master AK server and 80 AK Branch Slave server. The computers and servers are running kav6 latest and AK 8 latest version. The connection of a branch to HQ is running on a dedicated 1mb speed.

 

Im currently working on a proposal to upgrade all to KSC 10 and KES 10. The features inside KSC10 would be very beneficial for my client. .......but 80 Management server? Im thinking that's too much.. too much to maintain. With the current ksc10 architecture with Update Agents and all, im sure i can change the current protection structure to just use 1 KSC server with grouping of branch computers and each branch has own network agent policy with connection intervals and longer synchronization time.

 

My question, would be is it wise to change the architecture to just one KSC server?

 

How about in future the client wants to have the systems management, NAC, patch management , etc implemented. Would have just 1 KSC sufficient?

 

Security patches and OS images are big in size, what would be recommended structure? use update agents or having KSC at each branch?

 

Looking forward for advice.. thank you.

Share this post


Link to post

Hi,

 

Amin server can support more than 5000 hosts.

But in order to derease traffic it`s better to use more than one administartion server.

 

Security patches and OS images are big in size, what would be recommended structure? use update agents or having KSC at each branch?

From that point of view it`s reasonable to have one slave srever for several branches, but it could be managed by single admin server as well.

Share this post


Link to post

Hi Nikolay, thanks for your reply.

 

My client network architecture is Hq to Branch and Branch to HQ. There is no connection between branch to branch. If i have several KSC running at HQ, it would only help decrease process load , not traffic right?

 

If update agents are used at the branch and managed with one KSC , would i still be able to do os deployment, patch management, nac and etc? I know with just malware protection i am able to manage with just one KSC, but what about other features?

 

thank you.

Share this post


Link to post
Hi Nikolay, thanks for your reply.

 

My client network architecture is Hq to Branch and Branch to HQ. There is no connection between branch to branch. If i have several KSC running at HQ, it would only help decrease process load , not traffic right?

 

If update agents are used at the branch and managed with one KSC , would i still be able to do os deployment, patch management, nac and etc? I know with just malware protection i am able to manage with just one KSC, but what about other features?

 

thank you.

 

Hi,

 

As stated here:

 

"An Update agent is a PC within the Administration server network dedicated to store and distribute database updates, installation packages, group tasks and policies. It is a center for provisional storage of databases, installation packages, tasks and policies. You can assign an Update agent into any administration group.

 

Main function of an Update agent is distribution (update) of databases and installation packages on all client PCs within its group, as well as execution of Administration server group tasks and policies.

 

It is useful to have an Update agent for a company which has a lot of remote offices and not many PCs. It saves VPN traffic and does not require an individual computer with slave Administration server."

Share this post


Link to post
Hi Nikolay, thanks for your reply.

 

My client network architecture is Hq to Branch and Branch to HQ. There is no connection between branch to branch. If i have several KSC running at HQ, it would only help decrease process load , not traffic right?

 

If update agents are used at the branch and managed with one KSC , would i still be able to do os deployment, patch management, nac and etc? I know with just malware protection i am able to manage with just one KSC, but what about other features?

 

thank you.

 

At HQ if you have multiple Administration Servers then yes and plus performance optimization of Administration Servers.

 

All the other features can be performed through a single Administration Server.

 

For System Provisioning, you can perform this subnet to subnet basis. All you need is a PXE Server and Storage Location.

 

For Patch Management, you would need to adjust timings when there isn't much load on the network if KSC is being used as WSUS.

 

For NAC, you need to specify NAC Enforcers, this can be done from subnet to subnet basis as well.

 

--

 

On a side note, if the customer has multiple Datacenters, then I would recommend at-least two Administration Servers for effective management.

 

For example, one Administration Server can look after North Region. While, the second Administration Server can look after South Region.

 

Does this answer your question?

Share this post


Link to post

hi Glibby,

 

thank you for your reply. yes. you answered my question. thank you for your assistance. :D

 

will look at having a few ksc server.

Share this post


Link to post

Hello!

 

Thank You for provided information!

Do not hesitate to contact us if you are having any issues with Kaspersky products.

 

Best Regards,

Vitaly Kravtsov.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.