Dell PowerStore 5200T Using the Common Event Enabler 8.x on Windows Platforms - Page 61

●

Scanning after definition file update (manual process)

Load balancing and fault tolerance

You can use the CAVA Calculator and the CAVA sizing tool to determine the number of AV machines that the system requires.

The CAVA Calculator can help you prior to installation, and you can use it to run what-if scenarios after installation. The CAVA

sizing tool collects information from a running environment to give you a recommendation on the number of AV machines

needed. If fault tolerance is a concern, you should configure a minimum of two AV machines in the network. If one of the

AV machines goes offline or cannot be reached by the VNX or Unity, having two AV machines ensures that the file scanning

capability is maintained.

If you have more than one AV machine on the network, the NAS Server balances workloads among the AV machines by

distributing the scanning jobs in a round-robin fashion. For example, if one AV machine goes offline, the NAS Server distributes

the scanning load among the other available AV machines.

NOTE:

Each file is scanned by one AV machine. You cannot configure CAVA so that a file is simultaneously scanned by

multiple AV machines by running different AV software.

Updating virus definition files

To be notified of updated virus definition files, you must have scan-on-first-read enabled.

Based on the pattern update schedule set up in an AV partner product, CAVA receives a signal from the product after an

update operation has occurred. This operation may involve software and virus definition updates. The signal to CAVA does

not distinguish whether a virus definition update has occurred. It only distinguishes that an update check was performed. The

notification is relayed from CAVA and causes a

scan on first read

reset of the

access time

parameter on the source

platform.

The latest versions of all supported third-party anti-virus engines support automatic pattern updates. It is recommended that

you check with the third-party AV partner to ensure that the pattern update schedule is set appropriately. The Dell E-Lab

Interoperability Navigator provides the latest information about anti-virus products.

Scan-on-first-read

Dell NAS Servers which use CEE/CAVA functionality contain mechanisms to determine if a file should be scanned. The access

time is compared with a time reference stored in the EMC CAVA service. If the file’s access time is earlier than the reference

time, the file is scanned on read before it is opened by the SMB/CIFS client.

CEE/CAVA updates the scan-on-first-read access time when it detects a virus definition file update on the AV engine.

Scan on write

CAVA initiates a scan after a file is modified and closed. If a file is opened, but no modifications made to it, it is not scanned

upon closing it.

Scanning after definition file update (manual process)

To verify files after the third-party antivirus definition file is updated, you must run the

server_viruschk -set

accesstime

command (VNX systems) or

svc_cava -set accesstime

<time>

command (Unity systems). CAVA also

supports scanning for compressed files (for example, files with the

.zip

extension), if the third-party antivirus software (AV

engine) supports the scanning of compressed files.

Virus-checking continuation

This feature stores the paths of all unscanned files whenever virus scanning is interrupted, such as in the following

circumstances:

Unity and VNX CAVA Information

61

Section	Page
Dell CEE Using the Common Event Enabler on Windows Platforms	1
Contents	3
Preface	7
Introduction	8
About CEE	8
System requirements	9
AntiVirus partners	9
Support for third-party applications	10
Restrictions	10
Related information	11
Installing Third-Party Application Antivirus Engines	12
Installation overview	12
Computer Associates eTrust	13
F-Secure AntiVirus	14
Kaspersky Anti-Virus	15
McAfee VirusScan	18
McAfee Endpoint Security Threat Prevention	19
Microsoft Forefront Endpoint Protection 2010	19
Microsoft System Center 2012 Endpoint Protection	20
Sophos Anti-Virus	20
Symantec Endpoint Protection	22
Set Symantec Endpoint Protection options	22
Set Windows Service Control Manager options	23
Symantec Protection Engine	23
Setting exclusions	23
Setting container handling policies	24
Modifying LimitChoiceStop settings	24
Trend Micro ServerProtect	24
Install Trend Micro ServerProtect	25
Installing the Common Event Enabler Framework	27
Install CEE	27
Verifying the CEE installation package	28
Complete the CEE installation for Windows Server	28
Uninstall CEE	29
Configuring the Domain User Account	30
Domain user account overview	30
Determine the interface name on the Data Mover	31
Create a domain user account	32
Create with Active Directory on a Windows Server	32
Create from User Manager for Domains	32
Create a local group on each Data Mover or NAS server	33
Assign the EMC virus-checking right to the group	33
Assign local administrative rights to the AV user	34
Managing CAVA	36
(Optional) Install EMC Unity/VNX/VNXe NAS Management snap-in	36
Display virus-checking information	36
Audit virus-checking information	37
Start, stop, and restart CAVA	38
Perform a full file system scan	38
Verify the status of a file system scan	39
Stop a file system scan	39
Enable scan-on-first-read	39
Update virus definition files	40
Turn off the AV engine	40
Turn on the AV engine	40
Manage CAVA thread usage	41
Adjust the maxVCThreads parameter	41
View the application log file from a Windows Server	42
Enable automatic virus detection notification	42
Customize virus-checking notification	42
Customize notification messages	43
Managing the Registry and AV Drivers	45
EMC CAVA configuration Registry entries	45
EMC AV driver Registry entry	45
Manage the EMC AV driver	45
Managing VCAPS	47
Set up access	47
Managing CEE for RabbitMQ	48
Set up CEE for RabbitMQ	48
Managing Indexing	49
Set up access for Splunk	49
Monitoring and Sizing the Antivirus Agent	51
Install the CAVA Calculator	51
Start the CAVA Calculator	52
Uninstall the CAVA Calculator	52
Configure the sizing tool	52
Enable the sizing tool	53
Manually compile the cava.mof file	53
Create the cavamon.dat file	53
Start the sizing tool	54
Size the antivirus agent	54
(Optional) Gather AV statistics with cavamon.vbs	54
Third-Party Consumer Applications	55
Overview	55
Set up consumer application access	55
Troubleshooting	57
Dell E-Lab Interoperability Navigator	57
Error messages	57
Known problems	57
Training and Professional Services	58
Unity and VNX CAVA Information	59
CAVA concepts	59
CAVA restrictions and limitations	59
CAVA and Data Mover or NAS server	60
User interface choices	60
CAVA features	60
Load balancing and fault tolerance	61
Updating virus definition files	61
Scan-on-first-read	61
Scan on write	61
Scanning after definition file update (manual process)	61
Virus-checking continuation	61
CAVA sizing tool	62
CAVA Calculator	63
Virus-checking client	63
Configuring viruschecker.conf	64
Create and edit viruschecker.conf	64
Define AV machine IP addresses in viruschecker.conf	65
Send viruschecker.conf to the Data Mover	65
(Optional) Define VC scanning criteria	66
viruschecker.conf parameters	66
Managing the VC Client	70
Start the VC client	70
Stop the VC client	71
Update the viruschecker.conf file	71
Verify the installation	72
Unity and VNX CEPA Information	73
CEPA concepts	73
CEPA restrictions and limitations	73
Overview of the cepp.conf file	74
Create the cepp.conf file	75
Edit the cepp.conf file	78
Assign rights in Windows Server	78
Assign rights for third-party applications	79
Start the CEPA facility	79
Verify the CEPA status	79
Stop the CEPA facility	80
Display the CEPA facility properties	80
Display the CEPA facility statistics	81
Display detailed information for a CEPA pool	81
Index	82
A	82
B	82
C	82
D	82
E	82
F	82
H	83
I	83
K	83
L	83
M	83
N	83
P	83
R	83
S	83
T	84
U	84
V	84

Dell PowerStore 5200T Using the Common Event Enabler 8.x on Windows Platforms - Page 61

Load balancing and fault tolerance, Updating virus definition files, Scan-on-first-read, Scan on write

Page 61 highlights