User's Manual
20 Kaspersky Administration Kit
2.3.2. Administration Server authentication
(when the Administration Console
connects to the server)
When the Administration Console connects to the Administration Server for the
first time, it requests the certificate from the server and saves it locally, on the
administrator workstation. Upon subsequent connections of the Console to the
server with this name, the server will be authenticated using this certificate.
If the server does not pass authentication (i.e., the current certificate differs from
that stored on the administrator workstation), the Console informs the user about
this and requests the Server for a new certificate. If the connection is successful
and another certificate is received, the Administration Console will save the new
certificate to the hard disk so that it can be used to authenticate the server in
future sessions.
2.3.3. Administration Server authentication
when establishing connection with
a client
When a client connects to the Administration Server for the first time, it requests
the certificate from the server and saves it locally.
If the Network Agent has been installed on a client locally, the administrator can
manually select an Administration Server certificate.
When the client connects to the server next time, the Network Agent will request
the certificate from the Administration Server and compare it with the local
certificate. If the certificates differ, access to the Administration Server is denied.
If the Administration Server initiates connection, the Network Agent verifies the
server’s request for a UDP-enabled connection in a similar manner.
2.4. Identification of computers on
the logical network
Client computers on the logical network are identified by their host names. A
host name must be unique among other names connected to this Administration
Server.
The name of the client computer is transferred to the Administration Server when
a new computer is detected on the Windows network or when the Network Agent