What are some best practices for implementing Symantec AntiVirus for Network Attached Storage with a NetApp Filer?
Below is a list of best practices to use while installing and configuring Symantec AntiVirus for Network Attached Storage (Symantec Scan Engine) with the NetApp Filer,
1. Make sure that the Server Scan Engine is installed on is a Windows 2000, 2003, or 2008 Server.
NOTE: Scan Engine runs as a 32-bit process on a 64-bit operating system.
2. Make sure that no other networking or OS-related services and software (other than the strictly necessary ones) are installed and running on the Scan Engine server.
3. The Scan Engine server should have at least 2GB of RAM, and at least 10GB of free disk space. It is recommended to have 20+GB of free disk space.
4. Scan Engine Service account.
The Scan Engine Windows service should be configured with a Windows account. The Windows account should have the following permissions:
Member of the Backup Operators group on the NetApp Filer Local admin on the Scan Engine computer
Use the following steps to make this change:
a. Open the Windows Services Control Panel. b. Right click on Symantec Scan Engine and select the Log On tab. c. Enter the Windows account name and password. Click the OK button to close the properties. d. Restart the Symantec Scan Engine service.
5. Configure Scan Engine to register with the NetApp Filer.
a. Open the Scan Engine console (
https://localhost:8004). b. Click the Configuration tab. Then click Views|Protocol. c. Click the RPC radio option for Select Communication Protocol. d. Enter the IP address of the NetApp filer in the RPC client list textbox. e. Click the Apply icon to save the changes.
NOTE: The NetApp filter does not use Scan Engine until the vscan is turned on (see below).
6. Tune performance settings for Scan Engine.
a. Open the Scan Engine console (https://localhost:8004). b. Click the Configuration tab. Then click Views|Resources. c. Set the value for Maximum RAM used for in-memory file system to 512 MB. d. Set the value for Maximum file size stored within the in-memory file system to between 16-30 MB depending on the average file sizes on the NetApp filer. e. By default Scan Engine 5.2.4 and higher copies files locally for scanning and are larger than the value set for the in memory file system. This can create a lot more network traffic depending on the files that are being scanned. See the following article for having Scan Engine scan files in place: Improving network performance: Scan Engine 5.2.x for NAS and RPC Filers.
7. Configure NetApp filer timeouts.
Use the vscan options command on the NetApp filer to view the timeouts. The following are the defaults:
Use recommended settings from NetApp. If no recommendations are given, for abort_timeout use a time between 60-120 seconds. For the timeout setting use a time between 5-10 seconds.
Note:abort_timeout is how long the NetApp Filer gives Scan Engine to read the file, scan the file, and send a verdict back to the Filer. timeout setting is how long the NetApp Filer gives Scan Engine to acknowledge a scan request.
8. Configure Scan Engine timeouts.
a. Open the Scan Engine console (
https://localhost:8004). b. Click the Policies tab. Then click Views|Filtering|Container Handling. c. The value of Time to extract file meets or exceeds should be set to approximately 2/3 of the NetApp Filer abort_timeout setting. For example if the abort_timeout is set to 90 seconds, the Scan Engine container timeout should be set to about 60 seconds. d. Review the remainder of the settings on the page. e. Click the Apply icon to save the changes.
9. The Scan Engine should now be ready for vscan to be set to 'on':