cancel
Showing results for 
Search instead for 
Did you mean: 
lfah2000
Level 10
Report Inappropriate Content
Message 1 of 18

VirusScan Enterprise for Storage on NetApp

Hi,

I am looking for information about virusscan for storage. We are planning to use NetApp with McAfee and I have questions about the sizing for this.

I have seen this thread (https://community.mcafee.com/message/154876#154876).

What is the number of scanning servers related to NetApp devices?

I have seen the NetApp Antivirus Scanning Best Practices Guide but still have questions.

(PS. I am new to NetApp.)

17 Replies
Terje
Level 7
Report Inappropriate Content
Message 2 of 18

Re: VirusScan Enterprise for Storage on NetApp

We have one netapp device and we have two scanning servers, the netapp device uses both scannings server at the same time and if one of the scanning servers go down then your files will still be scanned so it good to have a minimum of two scanning servers.

I think the amount of scanning servers depend on how much load there are on the netapp device(s) / how many users who read/write to the netapp device at the same time.

I also didnt know how many scanning servers i needed so before we bought the license for VSE for storage to netapp

we got a test version (which actually was the full licensed version hehe) from our software vendor and we tested it on our NetApp production environment (hehe) and found out that 2 scanning servers was enough for our environment

so we added two VSE for storage licenses to our campus agreement with our software vendor.

we have used this for almost a year and we still have two scanning servers with 3000+ users connected to the netapp device

I hope this can guide you to the right decision for your environment..

moncius
Level 7
Report Inappropriate Content
Message 3 of 18

Re: VirusScan Enterprise for Storage on NetApp

Hello guys, that is usefull information for me too. I was wondering how to size scanning servers. We will go with test environment first.

One more question still. Scanning server is storing (caching) files during scan operations, how much disk space is it using? I suppose same size as actual scanned file. How you determine that for 3000+ users?

Thank you

Terje
Level 7
Report Inappropriate Content
Message 4 of 18

Re: VirusScan Enterprise for Storage on NetApp

i think it only stores a hash value of a file until its modified then it generates a new hash with the NetApp module... if you use ICAP i think it stores that information in a different way

because the c drive on each of my scanner servers is about 50GB and it has only used about 15GB for OS and VSE client

Message was edited by: Terje on 30/05/11 15:23:46 IST
Terje
Level 7
Report Inappropriate Content
Message 5 of 18

Re: VirusScan Enterprise for Storage on NetApp

my scanning server specs

Hardware platform: VMware Sphere 4

OS: windows 2008 R2

Memory: 2GB

CPU: 2

C Drive: 50GB using 15GB

McAfee installed software: VSE 8.7 - Agent 4.5p2 - VSE for Storage 1.0p1 (NetApp)  (VSE8.8 and VSE for storage 1.0p1 is not supported by mcafee)

on 30/05/11 16:04:52 IST
moncius
Level 7
Report Inappropriate Content
Message 6 of 18

Re: VirusScan Enterprise for Storage on NetApp

OK, that makes sense. I found that ICAP scanner place files in the disk, but not NetApp.

Thanks for update.

Terje
Level 7
Report Inappropriate Content
Message 7 of 18

Re: VirusScan Enterprise for Storage on NetApp

Taskmanger for both my scanning servers

taskmanager.jpg

Message was edited by: Terje on 30/05/11 16:20:40 IST
Terje
Level 7
Report Inappropriate Content
Message 8 of 18

Re: VirusScan Enterprise for Storage on NetApp

hehe sorry for making multiple replied.. i am so tired and i havent slept for 48 hours now.. so i keep forgetting to write some info about storage scan for netapp

EPO policy for VSE for storage netapp

Maximum scan time (seconds): 40

Number of anti-virus scan threads: 100

Settings on the NetApp device

vscan optionstimeout:          10 sec

vscan options abort_timeout:    60 sec

vscan optionsmandatory_scan    off   (important incase scanning server turns off then no one can write/read on the netapp device)

vscan optionsclient_msgbox     on

info on the netapp settings http://www.wafl.co.uk/vscan/

moncius
Level 7
Report Inappropriate Content
Message 9 of 18

Re: VirusScan Enterprise for Storage on NetApp

Hi Terje, I see that both of your scanning servers are not doing much. Was it business hours you've made screen shots? Having in mind that storage get's accessed by ~3000 users it's amazingly low utilization.

Were you measuring latency, throughput and other indicators before implementing McAfee and after? How they changed if you did.

And have you tired to change these settings and investigate how it affects performance?

---

EPO policy for VSE for storage netapp
Maximum scan time (seconds): 40
Number of anti-virus scan threads: 100

Settings on the NetApp device
vscan optionstimeout:          10 sec
vscan options abort_timeout:    60 sec
vscan optionsmandatory_scan    off   (important incase scanning server turns off then no one can write/read on the netapp device)
vscan optionsclient_msgbox     on

---

P.S. get some rest, working 48 hours in a row is not so healthy

humby
Level 7
Report Inappropriate Content
Message 10 of 18

Re: VirusScan Enterprise for Storage on NetApp

Hey lfah2000,

Here are some links / settings that may be helpful:

NetApp - Antivirus Scanning Best Practices Guide:
http://media.netapp.com/documents/tr-3107.pdf

VSE for Storage 1.0 Implementation Guide
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22733/en_US/...

Sizing Guide for NetApp Filer on Data ONTAP
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23123/en_US/...

Enable advanced logging by editing your registry

(I got this from VSES support You can call them and they will send you a doc on how/why to setup)
I would recommend setting these since you want to have the logs BEFORE thing break not after.

The settings below are what I use. Warning -- they generate 2 1GB logfiles (You can set that when you read the doc from support)

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VSES
"StatFilePath"="C:\\Program Files\\McAfee\\VirusScan Enterprise for Storage\\stat.txt"
"StatWriterTimerInterval"=dword:0000000a
"StatsMaxLogSizeMB"=dword:00000400
"AppLogLevel"=dword:00000003
"AppLogOutputType"=dword:00000001
"AppLogMaxFileSizeMB"=dword:00000400
"AppLogFileFormat"=dword:00000001
"AppLogFileName"="C:\\Program Files\\McAfee\\VirusScan Enterprise for Storage\\app.txt"
"AppLogLimitFileSize"=dword:00000001

My filers are set as follows:
vscan options timeout:               10 sec <- how often the filer checks with the scanner to see if it's done
vscan options abort_timeout:    50 sec <- should be less that the scan time max on your VSES setting to allow the scanner to timeout first
vscan options mandatory_scan    off   <- if set to on you risk denying all access to CIFS shares until your scanners are working
vscan options client_msgbox     off

Policy for my VSES scanners:
Maximum scan time (seconds): 40
Number of anti-virus scan threads: 150