Installing NetApp ONTAP Antivirus Connector

If you're looking for instructions to install the ONTAP Antivirus connector, you (probably) won't find them on the NetApp Documentation website. You have to download and unpack the software, and then read the README.txt.

For convenience, below is the extract:

|===========================|
| ONTAP Antivirus Connector |
|===========================|

Audience
++++++++

This README is for Antivirus administrators who want to configure virus scanning solution to cater to ONTAP.

About the tool
++++++++++++++

The Antivirus Connector is installed on the Vscan server to provide communication between the system running ONTAP and the Vscan server.

System Requirements
+++++++++++++++++++

* View the NetApp Interoperability Matrix https://mysupport.netapp.com/matrix/#welcome for information about the supported protocols, antivirus vendor software versions, ONTAP versions and Windows servers.
* .NET 4.5.1 or later.
* ONTAP Antivirus Connector can run in a virtual machine. However, for best performance, NetApp recommends using a dedicated machine for antivirus scanning.

Note: SMB 2.0 must be enabled on the Windows server on which you are installing and running the Antivirus Connector.

Installing Antivirus Connector
++++++++++++++++++++++++++++++

You must install the Antivirus Connector to enable the antivirus software to communicate with one or more Storage Virtual Machines (SVMs).

* Before you begin:
** You must have downloaded the Antivirus Connector setup file from the Support Site and saved it to a directory on your hard drive.
** You must have ensured that the requirements to install the Antivirus Connector are met.
** You must have administrator privileges to install the Antivirus Connector.

* Steps:
1. Start the Antivirus Connector installation wizard by running the appropriate setup file.
2. Click Next. The Destination Folder dialog box opens.
3. Click Next to install the Antivirus Connector to the folder that is listed or click Change to install to a different folder. The ONTAP AV Connector Windows Service Credentials dialog box opens.
4. Enter your Windows service credentials or click Add to select a user. This user must be a valid domain user and must exist in the SVMs scanner pool to configure virus scanning.
5. Click Next. The Ready to Install the Program dialog box opens.
6. Click Install to begin the installation or click Back if you want to make any changes to the settings.  A status box opens and charts the progress of the installation. Then, the InstallShield Wizard Completed dialog box opens.
7. Select Configure ONTAP Management LIFs check box if you want to continue with the configuration of the Data ONTAP management LIFs.  You must configure at least one ONTAP management LIF before this Vscan server can be used.
8. Select Show the Windows Installer log check box if you want to view the installation logs.
9. Click Finish to end the installation and to close the InstallShield wizard. The "Configure ONTAP Management LIFs for Polling" icon is saved on the desktop to configure the ONTAP management LIFs.

Configuring Antivirus Connector
+++++++++++++++++++++++++++++++

You must configure the Antivirus Connector to specify one or more Storage Virtual Machines (SVMs) that you want to connect to by entering the Data ONTAP Management LIF, poll information, and the account credentials. You can also modify the details of an SVM connection or remove an SVM connection. By default Antivirus Connector uses https for retrieving the list of data LIFs. Contact support personnel for the steps if you want to uses http instead.

Adding an SVM to Antivirus Connector
------------------------------------

You can add a Storage Virtual Machine (SVM) to Antivirus Connector by adding a Data ONTAP management LIF, which is polled to retrieve the list of data LIFs. You must also provide the poll information and the account credentials. You must add the SVM to Antivirus Connector to send files for virus scanning.

* Before you begin
** You must have ensured that the management LIF or the IP address of the SVM is enabled for ontapi.
** You must have created a user with at least read-only access to the network interface command directory for ontapi. For more information about creating a user, see the "security login role create" and "security login create" ONTAP man pages.

Note: You can also use the domain user as an account by adding an authentication tunnel SVM for an administrative SVM. For more information, see the "security login domaintunnel create" ONTAP man page.

Steps:
1. Right-click the "Configure ONTAP Management LIFs for Polling" icon, which was saved on your desktop when you completed the Antivirus Connector  installation, and then select run as administrator.
2. In the "Configure ONTAP Management LIFs for Polling" dialog box, perform one of the following actions:
- If you have an existing management LIF or IP address, enter the management LIF or IP address of the SVM that you want to add.
- If you want to create a management LIF, create a management LIF with role set to data, data protocol set to none, and firewall policy set to mgmt.

For more information about creating a LIF, see the "ONTAP Network Management Guide". Once you create a management LIF, enter the management LIF or IP address of the SVM that you want to add.

You can also enter the cluster management LIF. If you specify the cluster management LIF, all SVMs within that cluster that are serving CIFS can use the Vscan server.

Note: If Kerberos authentication is required for Vscan servers, then each SVM data LIF must have a unique Domain Name Service (DNS) name, and that name must be registered as a Server Principal Name (SPN) with the Windows Active Directory. If a unique DNS name is not available for each data LIF, or if a unique DNS name is not registered as an SPN, then the Vscan server uses the NTLM mechanism for authentication. In addition, if you add or modify the DNS names and SPNs after the Vscan server is connected, then you must restart the Antivirus Connector service on the Vscan server for the changes to take effect.

3. Enter the poll duration, in seconds. The poll duration is the frequency at which Antivirus Connector checks for changes to the SVMs or to the cluster's LIF configuration. The default poll interval is 60 seconds.
4. Enter the account name and password.
5. Click Test to verify the connectivity and authenticate the connection.
6. Click Update to add the management LIF to the list of management LIFs to poll.
7. Click Save to save the connection to the registry.
8. Click Export if you want to export the list of connections to a registry import/export file. This is useful if multiple Vscan servers use the same set of management LIFs.

Modifying the details of an SVM connection
------------------------------------------

You can update the details of a Storage Virtual Machine (SVM) connection, which has been added to the Antivirus Connector, by modifying the Data ONTAP management LIF and the poll information.

* Before you begin
** You must have created a user with at least read-only access to the network interface command directory for ontapi. For more information about creating a user, see the "security login role create" and "security login create" ONTAP man pages.
NOTE: You can also use the domain user as an account by adding an authentication tunnel SVM for an administrative SVM. For more information, see the security login domain-tunnel create man page.

Steps:
1. Right-click the "Configure ONTAP Management LIFs for Polling" icon, which was saved on your desktop when you completed the Antivirus Connector installation, and then select run as administrator. The "Configure ONTAP Management LIFs for Polling" dialog box opens.
2. Select the IP address of the SVM, and then click Update.
3. Update the information, as required.
4. Click Save to update the connection details in the registry.
5. Click Export if you want to export the list of connections to a registry import/export file. This is useful if multiple Vscan servers use the same set of management LIFs.

Removing an SVM connection from Antivirus Connector
---------------------------------------------------

If you no longer require a Storage Virtual Machine (SVM) connection, you can remove it.

Steps:
1. Right-click the "Configure ONTAP Management LIFs for Polling" icon, which was saved on your desktop when you completed the Antivirus Connector installation, and then select run as administrator. The "Configure ONTAP Management LIFs for Polling" dialog box opens.
2. Select one or more IP addresses of the SVM, and then click Remove.
3. Click Save to update the connection details in the registry.
4. Click Export if you want to export the list of connections to a registry import/export file. This is useful if multiple Vscan servers use the same set of management LIFs.



Comments