Off-box
Anti-Virus is available for Clustered Data ONTAP in 8.2.1. There are a few
providers who support this solution (McAfee, Trend, Symantec ...) - here I’m going
to focus on McAfee. This intention of this post is a quick install guide -
enough to get it up and running in a lab so we can configure it with CDOT.
The 5 Components of the Solution*
1) Microsoft Windows Server 2008 SP2 /
2008 R2 SP1 / 2012 / 2012 R2
2) Clustered Data ONTAP 8.2.1
3) McAfee VirusScan Enterprise for
Storage 1.1.0** (VSEfS)
4) Clustered Data ONTAP Antivirus
Connector 1.0.0.10
5) SMB 1.0*** / 2.0 / 2.1 / 3.0
**And
for completeness - Symantec Antivirus for Network Attached Storage 7.5.0,
Symantec Protection Engine for Cloud Service 7.5.0, Trend Micro Server Protect
for NetApp Filers 5.8 SP1
***CDOT
AV Connector uses an SMB 2.0 connection to CDOT, hence why Windows 2003 (SMB
1.0 only) is ruled out as an O/S for the VSCAN server.
Image:
NetApp IMT -> Storage Solution -> Protocol -> Off-Box AV for CDOT
Installing the Solution
Part 1: McAfee VirusScan Enterprise for Storage 1.1.0
“You
can use McAfee VirusScan Enterprise for Storage in two ways:
1)
As a standalone product
2)
As a managed production, using McAfee ePolicy Orchestrator (McAfee ePO) to
install, manage, and enforce policies ...” Source [1]
Installation
Requirements:
Minimum System Requirements: 2 CPU
cores, 4 GB RAM, 70 MB to install the software + 5GB for ICAP scanner files and
temp files
+McAfee VirusScan Enterprise 8.8
+McAfee ePolicy Orchestrator 4.5.7-5.0.x (not required for standalone install)
+McAfee Agent 4.6 path 3 and later (not required for standalone install)
Install VSEfS 1.1.0 - Source [1]
Download the software package from McAfee
This will contain:
VSESTOR_version_LML_build_number.zip (Contains standalone installer and ePO deployment package files)
VSESTOMD_version_extension_build_number.zip (Contains these policies: VSEfS 1.1.0 NetApp Filer Policy &
VSEfS 1.1.0 ICAP Policy)
Installing the software on a standalone system
IMPORTANT:
VSE 8.8 must already be installed
Double-click the setup.exe file and
follow the prompts to install the software.
Note:
VSEfS can also be installed from the command line, or deployed using ePO.
IMPORTANT:
The rest of this document only considers a standalone install of VSEfS with the
purpose of testing this out in a lab. Read this for configuration information with ePO.
Part 2: Installing Clustered Data ONTAP Antivirus Connector Software
Download the Clustered Data
ONTAP Antivirus Connector 1.0RC1 from here:
Simple Installation
Instructions (from the download page):
i. Run the .exe file.
ii. Follow the onscreen prompts to
complete your installation.
Part 3: Configuring NetApp filers scan settings - Source [1]
IMPORTANT:
CDOT AV Connector must already be installed
1) Log on to the VSCAN server as an
administrator
2) Windows taskbar - right-click the McAfee menulet
> Select VirusScan Console
3) VirusScan
Console - double-click Network
Appliance Filer AV Scanner
4) Network
Appliance Filers tab, define these options:
- Specify which filers this server protects
> Click Add, type the loop-back IP (127.0.0.1), then click OK
- Settings Apply to all filers
- Administrative Accounts
5) Scan
Items tab, define types of files, options, and heuristics for a scan
6) Exclusions
tab, define files to be excluded from scanning
7) Performance
tab, define the scan time, AV Scan threads for a scan
8) Actions
tab, define primary and second actions to take for threat detections
9) Reports
tab, define these options:
- Enable activity login and accept the
default location for the log file or specify a new location
- Limit the size of log file
- Log file format
10) OK to save the configuration
Part 4: Configure the ICAP settings - Source [1]
1) Log on to the VSCAN server as an
administrator
2) Windows taskbar - right-click the McAfee menulet
> Select VirusScan Console
3) VirusScan
Console - right-click the ICAP AV
Scanner, then select Properties
4) Connections
and Server tab, define:
- Connection
list > Specify the ICAP server configuration and the list of IP
addresses for which connections can be accepted
- Bind
address > Type the IP address of the computer where VSEfS is installed
- Port number > Type the default port
number as 1344
5) Scan
Items tab, define:
- File
types to scan
- Options
- Heuristics
6) Performance
tab, define:
- Scan
time
- AV
Scan threads (Default = 100 threads)
7) Actions
tab, define the primary and secondary actions:
- When
the threat is found
- When
an unwanted program is found
8) Reports
tab, define:
- Enable
activity login and accept the default location for the log file or specify a
new location
- Limit
the size of log file
- Log
file format drop-down list, select as appropriate
- What
to log, in addition to scanning activity
9) Click OK to save the configuration.
The
McAfee VirusScan Enterprise for Storage
1.1.0 Product Guide continues
from this point with assigning “Static IP address for scanners” and “Configure
the service dependency”...
Part 5: Configure Clustered Data ONTAP for Anti-Virus Scanning
We should now have the entire
infrastructure in place to test CDOT Off-Box AV. To configure CDOT for Off-Box
AV see:
Further Reading
Additional Links
*There
is a free trial of VSE 8.8 and VSEfS 1.1 here. To test this solution in a lab
you’ll need a CDOT 8.2.1 SIM, the AV Connector for CDOT, VSEfS 1.1, VSE 8.8,
and Windows 2008 SP2 or better.
Is there a difference in implementing on 8.3?
ReplyDeleteHello Chris. I'm pretty sure not much has changed. Cheers, VC
Delete