Jump to content

KSC Distribution Points auto-assignment and selection [KSC for Windows]


Recommended Posts

Antipova Anna
Posted

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Sometimes it's not clear how KSC assigns Distribution Point (DP) for Managed groups or NLA subnets, and how clients choose DP. 

Automatic assignment of distribution points is enabled in Kaspersky Security Center by default. The Administration Server automatically selects the scopes for distribution points, and assigns one or multiple distribution points to each scope depending on how many client computers it includes.

The Administration Server first considers how many managed computers it has in total. If there are fewer than 300, the Administration Server does not assign distribution points automatically. If there were more than 300 but later they decreased to fewer than 300, the server does not stop automatic assignment. Automatic assignment stops only if the total number of managed computers becomes fewer than 200. Then all (remaining) automatically assigned distribution points become ordinary managed computers.

If automatic assignment is active (not just enabled but the number of endpoints is also above the threshold), the KSC Server selects which scopes to assign to distribution points, and then selects one or multiple distribution points for each scope depending on the number of managed computers in the scope.

Kaspersky Security Center can assign distribution points to three types of scopes:

  • Administration groups 
  • Broadcast domains 
  • Network locations

Administration groups and network locations are structures defined in the Kaspersky Security Center Console. A broadcast domain is a logical division of a computer network in which all endpoints can exchange data by broadcasting at the data link layer of the OSI network model.

Kaspersky Security Center can automatically assign distribution points either to groups or to broadcast domains. An administrator can manually assign a distribution point to a group or network location.

The Administration Server attempts to define broadcast domains for all endpoints of the network. This is an automatic process that is performed in the background and takes multiple hours depending on the network’s specifics. Until the KSC Server defines a broadcast domain for 70% of endpoints in the network, it assigns distribution points to groups. As soon as the percentage of endpoints whose broadcast domain is known exceeds 70%, the KSC Server begins to assign distribution points to broadcast domains. The type of scope changes only once and is irreversible.

Regardless of the currently used scope type, the Administration Server looks at the number of endpoints in each scope (in a group without taking its subgroups into account, or in a broadcast domain), and assigns distribution points depending on the number of endpoints in the scope:

  • If there are fewer than 10 endpoints in a scope, a distribution point is not assigned.
  • If there are more than 10 but fewer than 20 endpoints, one distribution point is assigned.
  • If there are more than 20 but fewer than 300 endpoints, two distribution points are assigned.
  • If there are more than 300 but fewer than 600 endpoints, 3 distribution points are assigned.
  • For larger numbers, if there are more than 300 * N endpoints but fewer than 300×(N+1), then N+2 distribution points are assigned.

If there are already distribution points in a scope but the number of endpoints has decreased, the KSC Server reduces the number of distribution points in the scope. However, it uses other threshold values:

  • The last distribution point disappears only after fewer than 6 endpoints remain in the scope.
  • One distribution point remains when the number of endpoints in a scope drops below 15.
  • Two distribution points remain when the number of endpoints in a scope drops below 200. 
  • Three distribution points remain when the number of endpoints in a scope drops below 400.
  • For larger numbers, N-1 distribution points remain when the number of endpoints in a scope drops below 200×(N-2).

This mechanism in which a second distribution point is added after reaching 20 endpoints in a scope but is removed when the number of endpoints drops below 15 is designed to protect against over-frequent reassignment of distribution points.

The KSC Server reviews scopes and could potentially assign or unassign a distribution point every hour.

How to monitor auto-assignment of Distribution Points:

  • You can create Report on activity of Distribution Points.
  • You can use Search: in Network activity tab select YES for the "This device is a distribution point" condition.
  • The title was changed to KSC Distribution Points auto-assignment and selection [KSC for Windows]

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...