What are some best practices for implementing Symantec Protection for SharePoint Servers (SPSS) 5.1?
SPSS Console Best Practice Settings:
Make sure there is an SPSS console installed on every Web Front End Server. It can also be installed on a backend Server as well, and this install can be used for scheduled scans to reduce load on the front end server(s).
The SPSS console needs to run as a Domain User that has full access rights to the SharePoint Data farms, the easiest way to obtain this is to make this user a local admin on the SharePoint Server. If local admin rights on the SharePoint Server is not an option, the account that SPSS is running as will have to be added the SharePoint Farm Administrators. This can be done in Central Administration, under Operations > Update farm administrator’s group. This user also has to have read/write access to all of the SharePoint content within the SQL Database. Again the easiest way to obtain this is to make this user a local admin on the SQL Server (Note this is not the case for SQL 2008). For SQL 2008 you will have to manually give the SPSS account read/write access to the proper SQL database.
Make sure that each SPSS console has at least two scanners (Scan Engine) registered with it. Just to clarify, this does not mean each console needs two individual scanners dedicated to it. The consoles can share scanners. We recommend this for redundancy purposes, just in case one scanner go down. Though your total number of scanners should be close to your total number SPSS consoles running, if not greater then.
For real-time scan settings, we recommend scanning both uploads and downloads. This is technically set under Operations > Antivirus. For real-time scanning if the scanners become busy or offline, and are not accessible the SPSS console can be configured to fail open, or fail close. We suggest configuring the SPSS console to fail open, with the option “Bypass scanning when all scan engines are busy or offline”, and “Scan all content was bypassed when all scan engines were offline or busy.”. (Operations > Symantec Protection 5.1 for SharePoint Servers > Manual scan and scheduled scan settings)
If manual or scheduled scans will be regularly performed, we suggest running the manual/scheduled scan during off hours to help with the extra load. Also might want to consider installing a SPSS console on one of the backend SharePoint Servers, and bringing up a dedicated off-box scanner to configure with that backend SPSS console. This would reduce the load to the front end SharePoint Servers. As far as the number of threads to use for a scheduled/manual scan, if it is going to occur around a busy time use a smaller number like 3-6 threads. If the manual/scheduled scan is going to occur during a non busy time go ahead and use 10+ threads. It is optional but we would also suggest not scanning all file versions in a document library. By default it is disabled. (Operations > SPSS 5.1 > Manual scan and scheduled scan settings)
Do not enable real-time scanning for uploads or downloads until each console on each front-end server has at least one registered scanner.
For additional information, including questions regarding supported hardware, Operating Systems, installation questions, and 64-bit support, please see the Symantec Protection for SharePoint Servers 5.1 Implementation Guide as well as the readme text files that the product.
Scan Engine Best Practice Settings for SPSS:
In the Scan Engine UI, https://<hostname-IP-Address>:8004, under Configuration > Resources, set Maximum RAM used for in-memory file system to 512MB (Default is 16MB). Also set Maximum file size stored within the in-memory file system to 10MB (Default is 3MB). These two settings should help a little with performance.
For situations where there will be a high load on the front-end SharePoint Servers, install Scan Engine on their own dedicated Servers. Instead of running them on the same server as the SPSS console. This is not necessary, but in high load situations it can help since it will get the extra scanning load added by Scan Engine off of the already heavily utilized SharePoint box.
To ensure high availability of Antivirus services, it is also recommended to add more than one Scan Engine (on dedicated servers) to the SPSS configuration.
Take a look at the Scan Engine Filter settings, Policies > Filtering > Container Handling/Files. There is no specific recommendation here, just make sure you are aware of them, and how Scan Engine will react to such things as encrypted files, or malformed files, etc.
For additional information, including questions regarding supported hardware, Operating Systems, installation questions, and 64-bit support, please see the Symantec Scan Engine 5.x Implementation Guide as well as the readme text files that the product.