This guide covers a configuration on the NetApp cluster
for Offbox Anti-Virus, with a view to a non-multi-tenancy/non-service-provider environment where we’ll
configure just one scanner-pool and an on-access-policy on the cluster/admin
SVM, and use these for any Data SVM requiring Vscan.
Part 1) Cluster
Build
1.1) Create a security login for the Anti-Virus
user::>
security
login create -username LAB\AVUSER -application ontapi -authmethod domain -role
readonly -vserver CLUSTERNAME
1.2) Create a scanner pool::>
vserver
vscan scanner-pool create -vserver CLUSTERNAME -scanner-pool POOLNAME -servers VSCAN_SERVER_IPADDRESSES
-privileged-users LAB\AVUSER
1.3) Create an on-access-policy (or use the default
default_CIFS on-access-policy)::>
vserver
vscan on-access-policy create -vserver CLUSTERNAME -policy-name POLICYNAME
-filters FILTERS
{Configure your
on-access-policy as per requirements}
Table: Vscan
on-access-policy settings and defaults
Part 2) SVM
Build
2.1) Apply the scanner-pool to the Data SVM::>
vserver
vscan scanner-pool apply-policy -vserver DATASVM -scanner-pool POOLNAME
-scanner-policy primary
2.2) Disable the default_CIFS on-access-policy (if not
using), and enable the desired on-access-policy::>
vserver vscan
on-access-policy disable -vserver DATASVM -policy-name default_CIFS
vserver vscan
on-access-policy enable -vserver DATASVM -policy-name POLICYNAME
2.3) Enable Vscan on the SVM::>
vserver
vscan enable -vserver DATASVM
2.4) Configure shares with the -vscan-fileop-profile to
enable scanning::>
::>
cifs share modify -vscan-fileop-profile ?
no-scan = Virus scans are never triggered for
accesses to this share.
standard = Virus scans can be triggered by open,
close, and rename operations.
Strict = Virus scans can be triggered by open,
read, close, and rename operations.
writes-only
= Virus scans can be triggered only when a file that has been modified is
closed.
Part 3) Vscan Infrastructure Build
See the NetApp
Interoperability Matrix for infrastructure components and Anti-Virus vendors
documentation.
As an example with
McAfee:
- A very rough rule
of thumb is that you’ll need one AV server for every 6000 CIFS IO/s (please
check but 2 CPUs and 8GB RAM is a reasonable server spec)
- Vscan Server’s
O/S = Windows Server 2008 or better (not Server 2016 yet)
- McAfee VirusScan
Enterprise for Storage 1.2.0
- Clustered Data
ONTAP 8.3.2
- Clustered Data
ONTAP Antivirus Connector 1.0.3
- McAfee Vscan timeout needs to be set to 25s (want McAfee to timeout before ONTAP)
- McAfee Vscan timeout needs to be set to 25s (want McAfee to timeout before ONTAP)
Comments
Post a Comment