Tuesday, 15 April 2014

Off-Box AV Scanning in CDOT 8.2.1 with McAfee - Quick Install Guide: Part 2

Continuing from the previous post with install screenshots...

1) Our VM

Windows 2008R2 SP1 with 4 GB RAM, 2 CPU cores, and a standard 40GB O/S disk

Image: The VSCAN VM’s Machine Settings

2) Obtaining software

In the order required:
i. VSE 8.8 from McAfee Downloads or Free-Evals
ii. VSEfS 1.1 from McAfee Downloads or Free-Evals

3) Installing VSE 8.8

Note: My VSE 8.8 download file was called VSE880EMLRP4.zip.

Unzip the downloaded file and double-click SetupVSE.EXE

McAfee VirusScan Enterprise Setup: McAfee VirusScan Enterprise Setup
Click Next >

Image: McAfee VirusScan Enterprise Setup
McAfee Licensing: Evaluation (If this is an eval)
Click OK (to accept it will expire in 90 days)

McAfee Licensing: McAfee End User License Agreement
Click OK (to accept the terms)

McAfee VirusScan Enterprise Setup: Select Setup Type
Leave ‘Typical’ selected
Leave ‘Install To’ as the default
Click Next >

Image: McAfee VirusScan Enterprise Setup - Select Setup Type

McAfee VirusScan Enterprise Setup: Select Access Protection Level
Leave ‘Standard Protection’ selected
Click Next >

Image: McAfee VirusScan Enterprise Setup - Select Access Protection Level

McAfee VirusScan Enterprise Setup: Ready to install
Click Install

McAfee VirusScan Enterprise Setup: ... has completed successfully
Uncheck ‘Run On-Demand Scan’
Click Finish

{At this stage you might want to wait a bit for the McAfee Agent Updater update to finish. And restart the server to let the network driver load.}

Image: Network driver installed but disabled until restart
4) Installing VSEfS 1.1

Note: My VSEfS 1.1 download file was called VSESTOR_1.1.0_EML_127.4.zip

Unzip the downloaded file and double-click setup.EXE

McAfee VirusScan Enterprise for Storage: Welcome to the InstallShield Wizard...
Click Next >

Image: McAfee VSEfS InstallShield Wizard
McAfee Licensing: Evaluation
Click OK (to accept it will expire in 90 days)

McAfee Licensing: McAfee End User License Agreement
Click OK (to accept the terms)

McAfee VirusScan Enterprise for Storage: Destination Folder
Accept/change the default path {C:\Program Files (x86)\McAfee\VirusScan Enterprise for Storage\}
Click Next >

McAfee VirusScan Enterprise for Storage: Ready to Install the Program
Click Install

Image: McAfee VSEfS Ready to Install (a very simple install)
McAfee VirusScan Enterprise for Storage: InstallShield Wizard Completed
Click Finish

5) Install .NET Framework (v3.0, 3.5, or 4.0)

Note: This is a pre-requisite prior to installing CDOT AV Connector 1.0

Instructions for Windows 2008 R2 SP1:
Server Manager > Features > Add Features

Add Features Wizard: Select Features
Tick ‘.NET Framework 3.5.1’ only and then...
Click Next >

Image: MS Win. 2008 R2 add feature ‘.NET Framework 3.5.1’
Add Features Wizard: Confirm Installation Selections
Click Install

Add Features Wizard: Installation Results
Click Close

6) NetApp CDOT AV Connector 1.0

Note: My CDOT AV Connector 1.0 download file was called ONTAP_AV_Connector-1.0.exe

Double-click the downloaded ONTAP_AV_Connector-1.0.exe

ONTAP AV Connector - InstallShield Wizard
You may get prompted to install “Microsoft Visual Basic C++ 2010 Redistributable Package (x86)
Click Install (to let the wizard install MS VB C++ 2010)

Image: ONTAP AV Connector ISW & Pending MS VB C++ 2010
ONTAP AV Connector - InstallShield Wizard: Welcome...
Click Next >

Image: Welcome to the ISW for ONTAP AV Connector
ONTAP AV Connector - InstallShield Wizard: Destination Folder
Accept/change the default path {C:\Program Files (x86)\ONTAP AV Connector\}
Click Next >

ONTAP AV Connector - InstallShield Wizard: ONTAP AV Connector Web Service Credentials
Enter Account and Password for the user account to run ONTAP AV Connector
Click Next >

Image: ONTAP AV Connector ISW & Configure Web Service Credentials
Note: This must be a valid domain user and must exist in the SVMs scanner pool to configure virus scanning.

ONTAP AV Connector - InstallShield Wizard: Ready to Install the Program
Click Install

ONTAP AV Connector - InstallShield Wizard: InstallShield Wizard Completed
Leave the ‘Configure ONTAP Management LIFs’ and ‘Show the Windows Installer log’ unchecked
Click Finish

Image: ONTAP AV Connector ISW Completed
Note: If you leave ‘Configure ONTAP Managements LIFs’ ticked, it’s a shortcut to the below

Configure ONTAP Management LIFs for Polling
Start -> All Programs -> NetApp -> ONTAP AV Connector -> Configure ONTAP Management LIFs
Configure as per requirements
“creates and edits registry entries that the Data ONTAP AV Communicator uses for connecting anti-virus products to Clustered Data ONTAP”

“Enter the management LIF or IP address of the SVM that you want to add ... Create a management LIF with role set to data, data protocol set to none, and firewall policy set to mgmt.”

Image: Configure ONTAP Management LIFs for Polling
7) See here and ‘Part 3: Configuring NetApp filers scan settings’ (IMPORTANT)

8) See here and ‘Part 4: Configure the ICAP settings’ (IMPORTANT)

9) See here and ‘Part 5: Configure Clustered Data ONTAP for Anti-Virus Scanning’ (IMPORTANT)


No comments:

Post a Comment