Protecting the IBM Storwize V7000Unified system with Symantec AntiVirus               for NAS   A reference guide for stor...
Table of contentsAbstract....................................................................................................
AbstractWith today’s continuing explosive growth in information data, comes the need for storing the datawithout compromis...
Executive overviewThe IBM® Storwize® V7000 Unified system includes the IBM Storwize V7000 File Module and the IBMStorwize ...
An Interface Node connects the system to an Internet Protocol (IP) network using the following protocols:        •   Commo...
IBM Storwize V7000 Unified system Antivirus Connector – anoverviewThe IBM Storwize V7000 Unified system Antivirus Connecto...
In case a virus is detected and repair of the file is not possible, the IBM Storwize V7000 Unified systemcan be configured...
Symantec AntiVirus for NAS – an overviewSymantec AntiVirus for NAS provides remote scanning of the IBM Storwize V7000 Unif...
Minimum system requirementsA combination of Windows, Linux®, and Solaris platforms are supported as scan engines which sca...
Planning for integration of IBM Storwize V7000 Unified systemwith Symantec AntiVirus for NASPlanning is one of the most im...
Not all scopes are required to be configured for scanning as certain file sets, paths, or file systems areeither static in...
Integration of IBM Storwize V7000 Unified system with Symantec   AntiVirus for NASThe scanning process requires two compon...
2. Verify that a 32-bit Java™ runtime environment (JRE) is installed on the system.    Figure 4: Checking the JRE version ...
5. Click Next to continue the installation.    Figure 8: Symantec AntiVirus for NAS InstallShield Wizard6. Accept the term...
Figure 10: Selecting an installation folder8. Enter a password which will be used to access the Symantec AntiVirus for NAS...
9. Select the URL filtering and definition downloads (if necessary), and click Next to continue.    Figure 12: Selecting U...
11. Click Finish to complete the installation and return to Windows.    Figure 14: Symantec AntiVirus for NAS Scan Engine ...
Installing Symantec AntiVirus for NAS (Linux)Perform the following steps to install Symantec AntiVirus for NAS (Linux).   ...
4. After sharutils and the JRE are available on the system, change directory to   SAV_NAS/Scan_Engine/RedHat and enter ./S...
10. Enter a password which will be used to access the Symantec AntiVirus for NAS Scan Engine       interface and confirm (...
Figure 29: Symantec AntiVirus for NAS Scan Engine administrative login screen2. Under the Tasks subsection, click Install ...
4. Click the Configuration icon in the left navigation bar and ensure that Protocol is selected under   the Views subsecti...
The Symantec AntiVirus for NAS Scan Engine is now ready for use with the IBM Storwize V7000 Unifiedsystem. For more inform...
IBM Storwize V7000 Unified system antivirus configuration using GUIPerform the following steps to configure Storwize V7000...
4. In the Configure page, select symantec as the Protocol from the list, enter the IP address of the   scan node where Sym...
6. After completing the scan node configuration, click New Antivirus Definition to add new scopes   for scanning.    Figur...
Figure 42: New Antivirus Definition configuration8. A summary page shows the saved antivirus definition. After verifying t...
All the scopes will be displayed in the Services page of the Antivirus service.Figure 44: Configured antivirus definition ...
Figure 47: Example of add-scannerDefining scopes with scan optionsFor configuring a scope with scan options:    cfgav --<s...
•   Enable file quarantine by moving for an export:            cfgav --export av00a –qmove    Verifying scan options on de...
Initiating a bulk scan using the IBM Storwize V7000 Unifiedsystem Antivirus ConnectorThe IBM Storwize V7000 Unified system...
Figure 50: Bulk scan configuration details    4. A summary page shows the saved bulk scan configuration. After verifying t...
background process, returning the control to the user. You can check the status of the current bulk scanby issuing the --s...
Figure 52: Example of ctlavbulk --status       Note: The * in the column labeled p indicates that the process has started ...
Creating a bulk scan task for a defined scope  New scheduled task for bulk scanning a defined scope can be created using t...
RecommendationsAntivirus scanning, particularly bulk scanning of large files can add significant load to several IBM Storw...
•   It is recommended to run bulk scan after a migration either by Hierarchical Storage Management    (HSM) recall or data...
SummaryThe ability to effectively protect shared file data against viruses and other malicious threats is an importantchal...
ResourcesThe following websites provide useful references to supplement the information contained in this paper:        • ...
About the authorDaniel T. Drinnon is a Network Systems Engineer in the IBM Systems and Technology ISV Enablementgroup. He ...
Trademarks and special notices© Copyright IBM Corporation 2011. All rights Reserved.References in this document to IBM pro...
presented here to communicate IBMs current investment and development activities as a good faith effortto help with our cu...
Upcoming SlideShare
Loading in …5
×

Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS: A reference guide for storage and security administrators

1,607 views

Published on

This technical paper describes the IBM Storwize V7000 Unified system integration with Symantec AntiVirus for NAS, and guidelines for using the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS to protect the overall system and prevent security threats caused by malware. To know more about the IBM Storwize V7000, visit http://ibm.co/TaLb6Q.

  • Be the first to comment

  • Be the first to like this

Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS: A reference guide for storage and security administrators

  1. 1. Protecting the IBM Storwize V7000Unified system with Symantec AntiVirus for NAS A reference guide for storage and security administrators Daniel T. Drinnon IBM Systems and Technology Group ISV Enablement November 2011 © Copyright IBM Corporation, 2011
  2. 2. Table of contentsAbstract..................................................................................................................................... 1Executive overview .................................................................................................................. 2IBM Storwize V7000 Unified system Antivirus Connector – an overview ............................. 4Symantec AntiVirus for NAS – an overview ........................................................................... 6Minimum system requirements ............................................................................................... 7 IBM Storwize V7000 Unified system ........................................................................................................ 7 Symantec AntiVirus for NAS .................................................................................................................... 7 Planning for integration of IBM Storwize V7000 Unified system with Symantec AntiVirusfor NAS ...................................................................................................................................... 8Integration of IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS ...... 10 Installing Symantec AntiVirus for NAS................................................................................................... 10 Installing Symantec AntiVirus for NAS (Windows) ................................................................................ 10 Installing Symantec AntiVirus for NAS (Linux) ...................................................................................... 16 Configuring Symantec AntiVirus for NAS .............................................................................................. 18 Configuring the IBM Storwize V7000 Unified system Antivirus Connector ........................................... 21Initiating a bulk scan using the IBM Storwize V7000 Unified system Antivirus Connector................................................................................................................................................. 29 Configuring bulk scan using GUI ........................................................................................................... 29 Initiating a manual bulk scan on a defined scope using CLI.................................................................. 30 Scheduling bulk scan on a defined scope ............................................................................................. 32Recommendations ................................................................................................................. 34Summary ................................................................................................................................. 36Resources ............................................................................................................................... 37About the author..................................................................................................................... 38Trademarks and special notices ........................................................................................... 39 Protecting the IBM Storwize V7000 Unified System with Symantec AntiVirus for NAS
  3. 3. AbstractWith today’s continuing explosive growth in information data, comes the need for storing the datawithout compromising data integrity from potential threats that might exist in an enterprise networkenvironment. The IBM Storwize V7000 Unified system has been qualified for interoperability with theleading antivirus scan engines, such as Symantec AntiVirus for Network Attached Storage (NAS) andMcAfee VirusScan Enterprise for Storage.This technical paper describes the IBM Storwize V7000 Unified system integration with SymantecAntiVirus for NAS and guidelines for using the IBM Storwize V7000 Unified system with SymantecAntiVirus for NAS to protect the overall system and prevent security threats caused by malware. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 1
  4. 4. Executive overviewThe IBM® Storwize® V7000 Unified system includes the IBM Storwize V7000 File Module and the IBMStorwize V7000 Storage system designed to support both file as well as block protocols.Figure 1 shows pictorial representation of the IBM Storwize V7000 Unified system. The File Module is aclustered system comprised of two units that provide file systems for use by network-attached storage.The File Module uses the Storwize V7000 Storage system to provide the File Module with volumes.Volumes are also provided on the SAN.The Storwize V7000 Storage system consists of a drive enclosure called the Control Enclosure. Bothregular and solid-state drives (SSDs) are supported. The Control Enclosure contains disk drives and twoNode Canisters that are managed as a single clustered system. Expansion Enclosures contain drives andare attached to the Control Enclosure. Expansion Canisters include the serial-attached SCSI (SAS)interface hardware that enables the node hardware to use the drives of the Expansion Enclosures.Figure 1 : IBM Storwize V7000 Unified systemThe IBM Storwize V7000 File Module software within the IBM Storwize V7000 Unified system contains theManagement Node, Storage Node, and Interface Node functions. A Management Node is used forconfiguring, administering, and monitoring the system. A Storage Node connects the File Modules to theStorwize V7000 Storage system Control Enclosure. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 2
  5. 5. An Interface Node connects the system to an Internet Protocol (IP) network using the following protocols: • Common Internet File System (CIFS) • Network File System (NFS) • File Transfer Protocol (FTP) • Hypertext Transfer Protocol Secure (HTTPS) • Secure Copy Protocol (SCP)The IBM Storwize V7000 Unified system also supports the following block functions for the host systemsthat attach to the Storwize V7000 Unified system. This system: • Creates a single pool of storage • Provides logical unit virtualization • Manages logical volumes • Mirrors logical volumes • Provides large scalable cache • Supports Copy Services − IBM Tivoli® Storage FlashCopy® Manager (point-in-time copy) function, including thin- provisioned FlashCopy to make multiple targets affordable − Metro Mirror (synchronous copy) − Global Mirror (asynchronous copy) − Data migration • Allows space management − IBM System Storage® Easy Tier™ to migrate the most frequently used data to higher performing storage − Metering of service quality when combined with IBM Tivoli Storage Productivity Center − Thin-provisioned logical volumesThe IBM Storwize V7000 Unified system provides an ability to manage block and file storage through onesingle management graphical user interface (GUI) or command line interface (CLI).The IBM Storwize V7000 Unified system is designed to serve a large number of users connecting to itusing a variety of file-based protocols, such as Network File System (NFS) or Common Internet FileSystem (CIFS). The data created or accessed using these protocols is vulnerable to the potential threatsof viruses, worms, Trojan horses, and other forms of malware. Computer viruses mostly target Microsoft®operating systems; however, computers running other operating systems can be directly or indirectlyaffected by viruses.The IBM Storwize V7000 Unified system, when integrated with Symantec AntiVirus for NAS provides acomprehensive solution to protect all the file data stored on the IBM Storwize V7000 Unified system. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 3
  6. 6. IBM Storwize V7000 Unified system Antivirus Connector – anoverviewThe IBM Storwize V7000 Unified system Antivirus Connector is a part of the Storwize V7000 UnifiedSystem File Module management software which communicates with enterprise antivirus vendor scanengines using Internet Content Adaptation Protocol (ICAP). There are two approaches for virus scanning:On-access scan – It scans all the specified files on IBM Storwize V7000 Unified system File Moduleswhen accessed or created. This method has the benefit of ensuring that the files are scanned with thelatest antivirus signatures before being accessed. This approach is more effective at detecting virusesbefore they are able to compromise data and this method does not generate heavy network trafficbetween the IBM Storwize V7000 Unified system File Modules and the Symantec AntiVirus for NAS ScanEngine. This approach is ideal for customers using Microsoft Windows® clients and CIFS file I/O.Bulk scan – This allows scanning of all the specified files on a file system or a part of the file system. Thisis typically performed at the schedule defined on the IBM Storwize V7000 Unified system. Thedisadvantage in using this method is that the files recently updated might not be scanned before beingused. Bulk scans can generate heavy network traffic between the IBM Storwize V7000 Unified system FileModules and Symantec AntiVirus for NAS Scan Engines and can generate heavy load on a storagesystem. Also, the bulk scan can take significant time to complete, depending on the number of files to bescanned. Storage administrators are likely to use the bulk scan for non-CIFS files (for example, NFS)protection which are less prone to virus attacks.The IBM Storwize V7000 Unified system Antivirus Connector provides enterprise antivirus vendors, suchas Symantec AntiVirus for NAS, more complete integration and overall control of antivirus implementationsby deciding strategies suitable for the customer environment. The IBM Storwize V7000 Unified systemAntivirus Connector communicates with the Symantec AntiVirus for NAS Scan Engine using ICAP. TheIBM Storwize V7000 Unified system can be configured with multiple Symantec AntiVirus for NAS ScanEngines to achieve load balancing and to distribute the workload. The IBM Storwize V7000 Unified systemFile Modules select a scan engine from the pool of scan engines at scan time. If a scan engine is notreachable from the File Modules, it is temporarily removed from the pool and the File Modules select adifferent scan engine from the pool of available scan engines. It periodically attempts to reinstate theremoved scan engine back into the pool. Figure 2 describes the workflow of an On-Access scan sessionfor a single file.When a user accesses a file from the IBM Storwize V7000 Unified system File Modules over the network,the system initiates the scan of a file in real time and opens a connection with the Symantec AntiVirus forNAS Scan Engine. The IBM Storwize V7000 Unified system then passes the file to the Symantec AntiVirusfor NAS Scan Engine for scanning. The Symantec AntiVirus for NAS Scan Engine indicates the scanningresults to the IBM Storwize V7000 Unified system after the file is scanned. If the file is infected, theSymantec AntiVirus for NAS Scan Engine tries to repair the file and sends the repaired file to the IBMStorwize V7000 Unified system. The IBM Storwize V7000 Unified system receives the scan results. If thefile is infected and can be cleaned, the infected file is replaced on the IBM Storwize V7000 Unified systemwith the repaired file received from the Symantec AntiVirus for NAS Scan Engine. Only the repaired file ispassed to the requesting user. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 4
  7. 7. In case a virus is detected and repair of the file is not possible, the IBM Storwize V7000 Unified systemcan be configured to quarantine or delete the non-repairable file and the user will be notified withpermission denied type of error message.Figure 2: Workflow of on-access scanning of a file from the IBM Storwize V7000 Unified system using SymantecAntiVirus for NASThe IBM Storwize V7000 Unified system Antivirus Connector also caches antivirus scan information foreach file as extended attributes to determine whether it must be scanned or rescanned by saving thetimestamps of the last scan in addition to the antivirus definition file. This way, a repeat scan might beavoided if another user tries to access the same file later but the antivirus definitions have not changed.When new antivirus definitions are received and updated, each file is rescanned before it is madeavailable to the user requesting access. Bulk scans might be configured to proactively rescan filesperiodically (for example every day) during off-peak hours when accesses are minimal to prevent anypotential performance impacts on the IBM Storwize V7000 Unified system or the Symantec AntiVirus forNAS Scan Engines in the pool. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 5
  8. 8. Symantec AntiVirus for NAS – an overviewSymantec AntiVirus for NAS provides remote scanning of the IBM Storwize V7000 Unified system usingICAP.The Symantec AntiVirus for NAS Scan Engine scans the files received from the IBM Storwize V7000Unified system and provides real-time protection for the massive amount of critical information that isbeing stored and accessed by the IBM Storwize V7000 Unified system File Modules users. The SymantecAntiVirus for NAS Scan Engine detects the virus infected files that are being accessed, read, or copied toand from the IBM Storwize V7000 Unified system File Modules. After detecting an infection in the file, itautomatically cleans the file and provides the repaired file to the IBM Storwize V7000 Unified system FileModules.Symantec AntiVirus for NAS provides the following features: • Advanced anti-virus technology: Symantec’s award winning antivirus technology continuously blocks a wide range of viruses and malicious code threats, including those hidden in compressed files. • Detection of unwanted programs: It finds the unwanted hidden spyware programs that open security holes. • Centralized management: Entire Symantec security system can be managed using Symantec’s central management system, reducing overall cost and providing ease of management. • Continuous protection: On-access scanning provides real time protection to the data on the IBM Storwize V7000 Unified system File Modules when the files are accessed or written to the IBM Storwize V7000 Unified system File Modules unlike traditional on-demand scans. • Cost effectiveness: It supports connection to more than one IBM Storwize V7000 Unified system File Modules. • Rapid notification: Whenever a virus is detected, notification can be sent to the configured recipients. This enables recipients to react instantly to any possible virus outbreak. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 6
  9. 9. Minimum system requirementsA combination of Windows, Linux®, and Solaris platforms are supported as scan engines which scan thefiles located on the IBM Storwize V7000 Unified system. Depending on the volume of the data beingscanned and the requirements for accessibility, multiple scan engines can be deployed as needed.IBM Storwize V7000 Unified systemSoftware: • File Modules version 1.3.0.0 or higherSymantec AntiVirus for NASSoftware: • Version 5.2 or higher and licensesSupported operating systems: • Red Hat Enterprise Linux 5.x (32-bit and 64-bit) • Red Hat Linux Advanced Server 3 and 4 (32-bit) • Red Hat Linux Enterprise Server 3 and 4 (32-bit) • Solaris (SPARC) 9 and 10 (32-bit) • SUSE Linux Enterprise Server 9 and 10 (32-bit) • Windows 2000 Server with the latest service pack • Windows Server 2003 (32-bit and 64-bit), R2 (32-bit) • Windows Server 2008 (32-bit and 64-bit), R2 (64-bit)Processor: • 2.4 GHz Intel® Pentium 4 or 1 GHz SPARCMemory: • 1 GB of RAMDisk space: • 500 MB hard disk space availableAdditional Hardware: • One network interface card (NIC) running TCP/IP with a static IP address • Internet connection to update definitions • 100 Mbps Ethernet link (1 Gbps or faster recommended) Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 7
  10. 10. Planning for integration of IBM Storwize V7000 Unified systemwith Symantec AntiVirus for NASPlanning is one of the most important areas of consideration before beginning to configure the IBMStorwize V7000 Unified system with Symantec AntiVirus for NAS. It is important that the security team andthe IBM Storwize V7000 Unified system administrator work together to anticipate the scopes and type offiles for which scanning is required, as well as number of files required to scan and number of SymantecAntiVirus for NAS Scan Engines that are required. The administrator can define policies or settings forhandling infected files when detected.The following factors need to be carefully considered during the planning.Numbers of Symantec AntiVirus for NAS Scan Engines:Antivirus scanning on the IBM Storwize V7000 Unified system File Modules requires a minimum of onescan engine configured with Symantec AntiVirus for NAS. However, in order to take full benefit of loadbalancing and high availability features of the IBM Storwize V7000 Unified system, a minimum of two scanengines are recommended. The IBM Storwize V7000 Unified system Antivirus Connector automaticallyperforms load balancing to make sure that the workload is evenly distributed across the scan engines.When a scan engine becomes unavailable, the workload is directed to the remaining operational scanengines. Additional considerations listed below affect the number of scan engines which may be required: • Total number of files stored on the IBM Storwize V7000 Unified system File Modules which requires scanning − Large numbers of files can be scanned by multiple scan engines using the IBM Storwize V7000 Unified system Antivirus Connector load balancing feature. • Host processor speed and RAM configuration − Fewer scan engines might be needed if the processor speed is faster and more RAM is present on each scan engine. • Network speed − Faster network speeds allow for reduced time in transferring larger files to the scan engine for scanning.Type of scopes to scan:In the IBM Storwize V7000 Unified system, antivirus configuration options are defined with scopes. Ascope is a subtree of file namespace, identified by the path to the root of the subtree. All file accesseswithin that subtree share a set of antivirus settings. You can configure the following four types of scope forantivirus scanning in the IBM Storwize V7000 Unified system. • File systems • File sets • Path • Exported shares Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 8
  11. 11. Not all scopes are required to be configured for scanning as certain file sets, paths, or file systems areeither static in nature, or are not shared with any users. The administrator needs to ensure that all scopesthat might be vulnerable to potential threats are included in their defined scanning strategy.Types of files to scan:In the IBM Storwize V7000 Unified system, the administrator can define the files or the file types that are tobe scanned. The administrator can control and decide whether to scan files by exclusion list or inclusionlist, or whether to scan all the files regardless of extensions. The IBM Storwize V7000 Unified systemAntivirus Connector can be set to scan all scopes to specify which extensions to be included in orexcluded from a scan. The exclusion list specifies the extension the files to be excluded because they arenot likely to contain viruses.The inclusion / exclusion list defines the following behavior: • If the include list is empty or not defined, default is that all extensions are included in the scan. − The exclusion list is created to exclude files with specific file extensions from scanning. • If an extension is in the include list, only files with that extension are scanned. • If an extension is in the include list as well as the exclude list, files with that extension are not scanned.Careful planning is required to create the include / exclude lists as this plays an important role in improvingperformance of the scan process, as not all file extensions need to be scanned due to the nature of thefiles and file types, which are unlikely to have viruses.File processing strategyIt is important to plan for the action that needs to be taken in case an unrecoverable virus file is identified.The IBM Storwize V7000 Unified system provides the option to quarantine or delete the infected,unrecoverable file. For this, an optional parameter can be set to quarantine or delete the file at the definedscope. Optionally, the path by which the file was opened for the current scan can be moved to asubdirectory created for that purpose. Only the IBM Storwize V7000 Unified system or the securityadministrator will have access to that subdirectory and can take appropriate action to manually delete theunrecoverable virus files. If no strategy is defined, the user is denied access to the file. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 9
  12. 12. Integration of IBM Storwize V7000 Unified system with Symantec AntiVirus for NASThe scanning process requires two components: The IBM Storwize V7000 Unified system AntivirusConnector and the external antivirus scan engines running Symantec AntiVirus for NAS. Depending on theworkload determined during the planning stage, multiple scan engines might need to be installed andconfigured to the IBM Storwize V7000 Unified system. The minimum software and hardware requirementsare documented in the “Minimum system requirements” section of this guide.The IBM Storwize V7000 Unified system Antivirus Connector communicates with the Symantec AntiVirusfor NAS using the industry standard ICAP protocol. Remote scanning is performed through the ICAPprotocol when a user requests access to a file residing on an IBM Storwize V7000 Unified system.Integrating the IBM Storwize V7000 Unified system with a Symantec AntiVirus for NAS Scan Enginebegins with the installation of Symantec AntiVirus for NAS on the identified servers, followed byconfiguring both the IBM Storwize V7000 Unified system Antivirus Connector and the Symantec AntiVirusfor NAS Scan Engine.Installing Symantec AntiVirus for NASThe installation package for Symantec AntiVirus for NAS is available as an ISO image which containsMicrosoft Windows and Linux versions of the scan engine client, or individual Windows and Linux ZIP filepackages. Installation of the Symantec AntiVirus for NAS Scan Engine can be performed locally at eachindividual server or remotely depending on the level of server security implemented. The followinginstructions assume that the installer has remote access to identified Symantec AntiVirus for NAS ScanEngine hardware using the individual ZIP file packages downloaded from Symantec website at:http://www.symantec.com/business/antivirus-for-network-attached-storageInstalling Symantec AntiVirus for NAS (Windows)Perform the following steps to install Symantec AntiVirus for NAS (Windows). 1. Copy SymantecAntiVirus_NAS_5.2.x_Win32_IN.zip to a Windows server which has been identified to function as a Symantec AntiVirus for NAS Scan Engine and extract the ZIP file to a temporary directory. Figure 3: Unzipping the ZIP package in a temporary directory Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 10
  13. 13. 2. Verify that a 32-bit Java™ runtime environment (JRE) is installed on the system. Figure 4: Checking the JRE version If a 32-bit JRE is not installed on the system, change directory to ToolsJavaWin32 and install a copy of the Java 6 runtime environment included with the Symantec AntiVirus for NAS ZIP package. Figure 5: Installing a copy of the JRE3. Start the Symantec AntiVirus for NAS installer by entering cdstart. Figure 6: Starting the Symantec AntiVirus for NAS CD menu4. Click Install Symantec AntiVirus(TM) 5.2 for NAS. Figure 7: Menu option to install Symantec AntiVirus for NAS Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 11
  14. 14. 5. Click Next to continue the installation. Figure 8: Symantec AntiVirus for NAS InstallShield Wizard6. Accept the terms of the license agreement and click Next to continue. Figure 9: Symantec AntiVirus for NAS software license agreement7. Select a folder to install the Symantec AntiVirus for NAS Scan Engine software, or click Next to continue and use the default folder: Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 12
  15. 15. Figure 10: Selecting an installation folder8. Enter a password which will be used to access the Symantec AntiVirus for NAS Scan Engine user interface, and click Next to continue. Figure 11: Specifying a password for the administrative interface Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 13
  16. 16. 9. Select the URL filtering and definition downloads (if necessary), and click Next to continue. Figure 12: Selecting URL filtering and URL definition downloading10. If satisfied with the previous choices of configuration options, click Install to begin installation. Figure 13: Symantec AntiVirus for NAS Scan Engine installation confirmation Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 14
  17. 17. 11. Click Finish to complete the installation and return to Windows. Figure 14: Symantec AntiVirus for NAS Scan Engine installation completed Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 15
  18. 18. Installing Symantec AntiVirus for NAS (Linux)Perform the following steps to install Symantec AntiVirus for NAS (Linux). 1. Copy SymantecAntiVirus_NAS_5.2.x_Linux_IN.zip to a Linux server that has been identified to function as a Symantec AntiVirus for NAS Scan Engine, and extract the ZIP file into a temporary directory. Figure 15: Unzipping the ZIP package in a temporary directory 2. At the command prompt, enter rpm -qa | grep sharutils-4.6.1-2.i386.rpm to verify that sharutils- 4.6.1-2.i386.rpm is installed on the system. Figure 16: Checking for installation of the sharutils package If the query does not return any output, download a copy of sharutils-4.6.1-2.i386.rpm and install it by entering rpm --ivh sharutils-4.6.1-2.i386.rpm at the prompt. Figure 17: Installing the sharutils package 3. Enter rpm -qa | grep jre at the prompt to verify that the Java runtime environment is installed on the system. Figure 18: Checking for installation of the JRE If the query does not return any output, change directory to SAV_NAS/Tools/Java/RedHat and install a copy of the Java 6 runtime environment included with the Symantec AntiVirus for NAS ZIP package by entering ./jre-6u21-linux-i586-rpm.bin at the command prompt. Figure 19: Installing a copy of the JRE Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 16
  19. 19. 4. After sharutils and the JRE are available on the system, change directory to SAV_NAS/Scan_Engine/RedHat and enter ./ScanEngine.sh to begin installing the Symantec AntiVirus for NAS Scan Engine. Figure 20: Launching the Symantec AntiVirus for NAS Scan Engine installation script5. Read and agree to the license terms by typing y when prompted and press Enter. Figure 21: Symantec AntiVirus for NAS Scan Engine license agreement6. Accept the default installation directory by pressing Enter when prompted or type in a complete path name if another location is required. Figure 22: Selecting an installation directory7. Type y and press Enter to run the Symantec AntiVirus for NAS Scan Engine as root, or type n and enter a different username. Figure 23: Selecting a user name for the Symantec AntiVirus for NAS Scan Engine8. Press Enter to select 8004 as the default port used to access the Symantec AntiVirus for NAS Scan Engine from a web browser or enter a desired port number. Figure 24: Selecting an administrator web interface port9. Press Enter to select 8005 as the default secure sockets layer (SSL) port used to access the Symantec AntiVirus for NAS Scan Engine from a web browser or enter a desired SSL port number. Figure 25: Selecting an administrator SSL port Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 17
  20. 20. 10. Enter a password which will be used to access the Symantec AntiVirus for NAS Scan Engine interface and confirm (Note: the password will not appear on the screen): Figure 26: Specifying a password for the administrative interface 11. Press Enter if do you not wish to enable URL filtering. Figure 27: Selecting URL filtering and URL definition downloading 12. The Symantec AntiVirus for NAS Scan Engine will start automatically at the end of a successful installation. If any problems are encountered during the installation, refer to the /var/log/SYMCScan-install.log log file for additional information. Figure 28: Symantec AntiVirus for NAS Scan Engine installation completedConfiguring Symantec AntiVirus for NASConfiguring the Symantec AntiVirus for NAS Scan Engine is the same across all client platforms, andtherefore, the following directions apply to both Windows and Linux: 1. Using a supported web browser, open a connection to the newly-installed Symantec AntiVirus for NAS Scan Engine and log in with the password specified during the installation process. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 18
  21. 21. Figure 29: Symantec AntiVirus for NAS Scan Engine administrative login screen2. Under the Tasks subsection, click Install License. Figure 30: Tasks subsection for license installation3. Enter the full path and file name to the license file provided by Symantec and then click Install. Figure 31: Symantec AntiVirus for NAS Scan Engine license installation Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 19
  22. 22. 4. Click the Configuration icon in the left navigation bar and ensure that Protocol is selected under the Views subsection. Figure 32: Configuration subsection for protocol configuration5. Under ICAP configuration, select the Select check box for the IP address to the Symantec AntiVirus for NAS Scan Engine. In addition, select a scan policy suitable for the environment. Figure 33: Configuring ICAP and specifying a scan policy Be sure to click Apply at the upper-left section of the action bar to ensure that all changes for this page have been saved and applied. Figure 34: Apply icon6. Click the Policies icon in the left navigation bar and ensure that Scanning is selected under the Views subsection. Figure 35: Policies subsection for configuring scanning options7. Antivirus Scanning is set to Medium by default, but if maximum detection sensitivity is needed, set this option to High. Figure 36: Selecting a virus scanning level Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 20
  23. 23. The Symantec AntiVirus for NAS Scan Engine is now ready for use with the IBM Storwize V7000 Unifiedsystem. For more information regarding additional options and behaviors that can be customized toindividual organizational requirements, refer to the Symantec AntiVirus for NAS Implementation Guide forwhich the link is provided in the “Resources” section of this guide.Configuring the IBM Storwize V7000 Unified system Antivirus ConnectorThe IBM Storwize V7000 Unified system GUI or CLI can be used for configuring and displaying the IBMStorwize V7000 Unified system antivirus parameters. It is configured using the GUI or the cfgav CLI utility,which is accessed from the management node. This utility controls the scan behavior when files areaccessed by a client as well as during bulk scan requests. The IBM Storwize V7000 Unified systemantivirus configuration can be changed dynamically and it does not require shutdown or restart of theantivirus service.Before using the IBM Storwize V7000 Unified system Antivirus Connector to control the scanningbehavior, it must be configured with a pool of Symantec AntiVirus for NAS Scan Engines. Next, you needto define scopes to the IBM Storwize V7000 Unified system Antivirus Connector along with a set of scanoptions specific to each scope. A scope can be an entire file system, specific paths on a file system, aCIFS export, or a file set. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 21
  24. 24. IBM Storwize V7000 Unified system antivirus configuration using GUIPerform the following steps to configure Storwize V7000 Unified system antivirus using GUI. 1. Login to the IBM Storwize V7000 Unified system GUI using https://<Address>:1081/gui 2. Move the curser to the File icon in the left-hand side and click Services to start the antivirus configuration. Figure 37: IBM Storwize V7000 Unified system file services administration 3. Select the Antivirus service and click Configure to start the antivirus configuration. Figure 38: Antivirus configuration selection Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 22
  25. 25. 4. In the Configure page, select symantec as the Protocol from the list, enter the IP address of the scan node where Symantec AntiVirus for NAS has been installed, and select the port for ICAP communication (Default port is 1344). Click the plus ( ) sign to add another scan node. After adding all the scan nodes, set the global timeout in seconds or leave it as default. Click OK to configure. Figure 39: Symantec scan node configuration5. The antivirus scanner configuration summary is displayed. After verifying the summary, click Close to complete the Symantec scan node configuration. Figure 40: Antivirus scan node configuration summary Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 23
  26. 26. 6. After completing the scan node configuration, click New Antivirus Definition to add new scopes for scanning. Figure 41: Configuring new antivirus definition7. In the New Antivirus Definition page, enter the path that needs to be enabled for the scan. Select the Enable Antivirus Definition check box. In case on-write scanning needs to be enabled, select the can files on close if file changed (write operation performed) check box. From the Action to take for infected files list, select one of the options (out of No action, Delete or Quarantine) to handle the behavior of infected files. Additionally, you can also specify the include / exclude options to limit the scope of scanning to the files with specified extensions. In case the files with all the extensions need to be scanned, select Scan all files. After all the required settings are configured, click OK to continue. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 24
  27. 27. Figure 42: New Antivirus Definition configuration8. A summary page shows the saved antivirus definition. After verifying the saved configuration, click Close to complete the wizard. Figure 43: New antivirus definition configuration summary Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 25
  28. 28. All the scopes will be displayed in the Services page of the Antivirus service.Figure 44: Configured antivirus definition summaryIBM Storwize V7000 Unified system antivirus configuration using CLI Log in to IBM Storwize V7000 Unified system File Modules command line interface. Defining scan engine pool At least one scan engine must be registered in order to provide virus scanning for each IBM Storwize V7000 Unified system. However, it is recommended to configure a minimum of two scan engines in a scan engine pool to avail the load-balancing facility provided by the IBM Storwize V7000 Unified system used for distributing the scan load. Also, it provides the high-availability feature in case one scan engine is not available. The IBM Storwize V7000 Unified system tries to contact the failed scan engine periodically and reinstate it for scanning after it becomes available. • For defining a scan engine to the connector, use the cfgav CLI. cfgav --set-scanner symantec:<IP Address 1>:<ICAP Port> IP Address = IP address of a scan engine ICAP Port = Port used for ICAP communication (Symantec default is 1344) Figure 45: Example of set-scanner • Additional scan engines can be specified at the same time by separating each with a comma. cfgav --set-scanner symantec:<IP Address 1>:<ICAP Port>,symantec:<IP Address 2>:<ICAP Port> Figure 46: Example of multiple set-scanner • To add another scan engine at a later time, use the following command: cfgav --add-scanner symantec:<IP Address>:<ICAP Port> Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 26
  29. 29. Figure 47: Example of add-scannerDefining scopes with scan optionsFor configuring a scope with scan options: cfgav --<scope> <scope arg> --<option 1> <option 1 arg> … --<option N> <option N arg> • scope = fsys (file system), path (file system path), export (CIFS export), or fset (file set) • scope arg = name or path to a scope • option = multiple options can be specified together separated by a space • option arg = specific arguments that apply to each option Examples: • Enable antivirus scanning on a list of scopes: cfgav --export av00a,av01a --scan • Set a list of extensions to scan on an export: cfgav --export av00a --set-include exe,dll,xlsx • Set a timeout value for accessing scan engines: cfgav --timeout 20 • Enable file system scanning when a file is written: cfgav --fsys gpfs0 --onwrite • Deny access to protected files in a file set if scanning cannot occur: cfgav --fset gpfs0:root --denyonerror • Add an extension to a path include list: cfgav --path /ibm/gpfs0 --add-include exe • Set the include list for an export: cfgav --export av00a --set-exclude txt • Enable file quarantine by deletion for an export: cfgav --export av00a --qdel Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 27
  30. 30. • Enable file quarantine by moving for an export: cfgav --export av00a –qmove Verifying scan options on defined scopes Current antivirus configuration for all scopes can be listed using the lsav command. Figure 48: An example of the lsav CLI commandFor a complete list of configurable options and their descriptions, refer to the man page for the cfgav utilityby entering man cfgav at the command prompt on the management node. Alternatively, invoking the utilityby entering cfgav --help provides a list of options with abbreviated explanations. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 28
  31. 31. Initiating a bulk scan using the IBM Storwize V7000 Unifiedsystem Antivirus ConnectorThe IBM Storwize V7000 Unified system Antivirus Connector provides a method for administrators toinitiate a full scan on all the files defined within one or more scopes on the IBM Storwize V7000 Unifiedsystem. As previously mentioned, every time a new antivirus definition file is downloaded by the scanengine(s), all files defined within all scopes must be rescanned prior to access. The bulk scan feature is amethod to proactively scan all of those files during a window when access to the IBM Storwize V7000Unified system is at a minimum, thereby reducing the load on the system and network during peak usagetimes.The ability to perform a bulk scan is also important when new shares are created but files are copied eitherthrough secure file transfer protocol (SFTP) or secure copy protocol (SCP) from other file systems and arenot scanned automatically. Initiating a bulk scan on these shares ensures that in the future, file accesseswill be faster.The IBM Storwize V7000 Unified system GUI or CLI can be used for configuring and displaying the IBMStorwize V7000 Unified system bulk scans.Configuring bulk scan using GUIPerform the following steps to configure bulk scan using GUI. 1. Log in to the IBM Storwize V7000 Unified system GUI using https://<Address>:1081/gui 2. In the Services page of Antivirus service, click Batch Scans and then click New Batch Scan to start configuring bulk scan. Figure 49: Configuration of Batch scan 3. Enter the frequency and the time of day when bulk scan needs to be run on the system in their respective fields. Specify paths to scan during the bulk scan. After configuring the paths that need to be bulk scanned, click OK to continue. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 29
  32. 32. Figure 50: Bulk scan configuration details 4. A summary page shows the saved bulk scan configuration. After verifying the saved configuration click Close to complete the wizard. Figure 51: Bulk scan configuration summaryInitiating a manual bulk scan on a defined scope using CLIManual bulk scans are initiated using the ctlavbulk command line utility, which is accessed from themanagement node. This utility follows all settings defined by the cfgav utility, and when called with a scopewill only scan those files which are defined in that scope. If no scopes are provided, all protected files willbe scanned. Only one bulk scan can be run at a time, however, multiple scan processes can be spawnedon each interface node using the --processes option. When the command is issued, it becomes a Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 30
  33. 33. background process, returning the control to the user. You can check the status of the current bulk scanby issuing the --status option of the ctlavbulk command. Starting a bulk scan on one or more defined scopes Bulk scan can be initiated on one or more defined scopes. ctlavbulk --<scope 1> <scope 1 arg 1>,<scope 1 arg N> --<scope 2> <scope 2 arg 1>,<scope 2 arg N> • scope = fsys (file system), path (file system path), export (CIFS export), or fset (file set) • scope arg = name or path to a scope Examples: • Initiate bulk scan on one scope: ctlavbulk --export av00a • Initiate bulk scan on two scopes of the same type: ctlavbulk --export av00a,av01a • Initiate bulk scan on two scopes of different types: ctlavbulk --fsys gpfs0 --export av02a Starting a bulk scan with multiple processes Bulk scan can be initiated with multiple processes: ctlavbulk --<scope 1> <scope 1 arg 1> --processes <processes arg> • scope = fsys (file system), path (file system path), export (CIFS export), or fset (file set) • scope arg = name or path to a scope • processes arg = number of processes to spawn on each interface node (default = 1) Examples: • Initiate bulk scan on one scope with five processes per interface node: ctlavbulk --export av03a --processes 5 • Initiate bulk scan on four scopes with 10 processes per interface node: ctlavbulk --export av04a,av05a --fsys gpfs1,gpfs2 --processes 10 Checking the status of a bulk scan Bulk scan status can be listed using the --status option. ctlavbulk --status Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 31
  34. 34. Figure 52: Example of ctlavbulk --status Note: The * in the column labeled p indicates that the process has started for the displayed node.Stopping a bulk scan Bulk scan can be stopped using the --stop option. ctlavbulk --stop Figure 53: Example of ctlavbulk --stop For a complete list of configurable options and their descriptions, refer to the man page for the ctlavbulk utility by entering man ctlavbulk at the command prompt on the management node. Alternatively, invoking the utility by entering ctlavbulk --help provides a list of options with abbreviated explanations.Scheduling bulk scan on a defined scopePeriodic bulk scans can be scheduled by using the mktask command line utility on the management nodeusing the CtlAvBulk task name as one of the parameters. Tasks are run on a daily basis. The mktaskcommand supports additional customizable options, which are completely explained on the man pageavailable by entering man mktask from the management node CLI. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 32
  35. 35. Creating a bulk scan task for a defined scope New scheduled task for bulk scanning a defined scope can be created using the mktask command. mktask CtlAvBulk --hour N --minute N --parameter “scope(s)” • hour N = hour of the day to start the scan (24-hour clock), that is, 10, 12, 15, 20 • minute N = minute of the hour to start the scan • scope(s) = one or more scopes to bulk scan Example: • Schedule a bulk scan for 2:30 a.m. every day on two CIFS exports: mktask CtlAvBulk --hour 2 --minute 30 --parameter "--export AV1,AV2" Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 33
  36. 36. RecommendationsAntivirus scanning, particularly bulk scanning of large files can add significant load to several IBM StorwizeV7000 Unified system resources and can cause performance bottlenecks. The following recommendationscan help you minimize performance impact to the system. • If on-access or bulk scan produces timeout errors, consider increasing timeout value of scans by using the --timeout parameter of the cfgav command. It is not recommended to increase the timeout parameter beyond CIFS client timeout value, which can cause files becoming inaccessible to the user. • Avoid scanning expensive items (such as scanning inside of archive files or other containers) to avoid timeout issues. • Depending on the scanning performance requirements, the number of interface nodes on which bulk scans are run can be configured using the --nodes option of the ctlavbulk command. If higher scanning performance is required, consider running scans on additional interface nodes. To reduce impact to other IBM Storwize V7000 Unified system resources, consider limiting the number of interface nodes on which bulk scans are run. • It is recommended to carefully decide file types for scanning. Certain classes of large files are less likely to be prone to virus attacks. By de-configuring certain types of files using the --add-include|-- rem-include|--set-include|--set-exclude options of the cfgav command, the overall antivirus scanning performance can be greatly improved. • Similar consideration has to be given to decide scopes for scanning as some scopes might contain files that will not be accessed and they are not likely prone to the virus attacks. • Ensure that the storage backend has adequate capacity for the client and scan traffic. On-access scans are less likely to add significant load to the storage backend because it is typically scanning data that has either just been written or is just about to be read by the client and therefore can take advantage of caching. Bulk scans on the other hand can add significant load to the storage backend. • After updating the antivirus signature, it is recommended to scan all protected files during off-peak hours to minimize the impact of scanning during peak usage. • Ensure that the network infrastructure, such as routers, switches, and network cards on both IBM Storwize V7000 Unified system and scan engines has adequate capacity. It is recommended to use 10 Gigabit Ethernet. • When the management network and I/O network of the File Modules are configured on different network speeds and the management network is on a 1 GbE network, then move the management interface from ethX0 to the higher network speed ethX1 (10 GbE) using the command: chnwmgt --interface ethX1. • It is recommended to use a minimum of two scan engines to avail high availability and load- balancing feature for the scanning. • Ensure that scan nodes have adequate processor and disk performance. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 34
  37. 37. • It is recommended to run bulk scan after a migration either by Hierarchical Storage Management (HSM) recall or data restoration from backup server.• While using multiple scan engines to support scanning of IBM Storwize V7000 Unified system, consider the following factors: − Configure the setting on each scan engine to be identical. − Schedule an auto update of all Symantec scan engines to occur at the same time to ensure that virus definitions are identical. − Configure virus scan functionality for each identical IBM Storwize V7000 Unified system that uses a particular scan engine to avoid inconsistency. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 35
  38. 38. SummaryThe ability to effectively protect shared file data against viruses and other malicious threats is an importantchallenge for storage and security administrators who require a trusted and reliable antivirus solution. Notonly must the integrity of the data be constantly maintained, the solution must also be scalable to matchthe continually expanding size and volume of data that is retained on a NAS system. The IBM StorwizeV7000 Unified system is designed to improve application availability and resource utilization. The systemoffers easy-to-use, efficient, and cost-effective management capabilities for both new and existing storageresources in your IT infrastructure, and thus addresses the new storage challenges posed by continuingexplosion of data. IBM has thoroughly tested the IBM Storwize V7000 Unified system with SymantecAntiVirus for NAS confirming their interoperability and compatibility, and is committed to proactivelyproviding enterprise users with one of the best solutions that can serve to reduce time and mitigate riskduring planned implementations.The technical content contained herein is intended only as a reference for those customers who wish touse Symantec AntiVirus for NAS to protect their data on the IBM Storwize V7000 Unified system. It shouldnot be treated as a definitive implementation or solution document due to the unique configurations andcase-specific scenarios inherent in every customer’s unique environment. For solution-specific designs,contact an IBM storage representative to arrange a discussion with an antivirus implementation specialist. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 36
  39. 39. ResourcesThe following websites provide useful references to supplement the information contained in this paper: • System Storage on IBM PartnerWorld® ibm.com/partnerworld/wps/pub/overview/B8S00 • IBM Publications Center www.elink.ibmlink.ibm.com/public/applications/publications/cgibin/pbi.cgi?CTY=US • IBM Redbooks® ibm.com/redbooks • IBM developerWorks® ibm.com/developerworks • IBM Storwize V7000 Unified System documentation ibm.com/partnerworld/wps/pub/overview/HW26Z • Symantec Resources − Symantec AntiVirus for NAS http://www.symantec.com/business/antivirus-for-network-attached-storage − Symantec AntiVirus for NAS Support Matrix http://www.symantec.com/business/support/index?page=content&id=TECH147442 − Symantec AntiVirus for NAS Getting Started Guide http://www.symantec.com/docs/DOC3402 − Symantec AntiVirus for NAS Integration Guide http://www.symantec.com/business/support/resources/sites/BUSINESS/content/live/TECH NICAL_SOLUTION/147000/TECH147442/en_US/SAV_for_NAS_5210.pdf − Symantec AntiVirus for NAS Implementation Guide ftp://ftp.symantec.com/public/english_us_canada/products/symantec_antivirus/network_att ached_storage/5.2/manuals/Implementation_Guide.pdf Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 37
  40. 40. About the authorDaniel T. Drinnon is a Network Systems Engineer in the IBM Systems and Technology ISV Enablementgroup. He has more than 20 years of experience working with various enterprise-level storage andsystems technologies and infrastructures. You can reach Daniel at ddrinnon@us.ibm.com Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 38
  41. 41. Trademarks and special notices© Copyright IBM Corporation 2011. All rights Reserved.References in this document to IBM products or services do not imply that IBM intends to make themavailable in every country.IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International BusinessMachines Corporation in the United States, other countries, or both. If these and other IBM trademarkedterms are marked on their first occurrence in this information with a trademark symbol (® or ™), thesesymbols indicate U.S. registered or common law trademarks owned by IBM at the time this informationwas published. Such trademarks may also be registered or common law trademarks in other countries. Acurrent list of IBM trademarks is available on the Web at "Copyright and trademark information" atwww.ibm.com/legal/copytrade.shtml.Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/orits affiliates.Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in theUnited States, other countries, or both.Intel, Intel Inside (logos), MMX, and Pentium are trademarks of Intel Corporation in the United States,other countries, or both.UNIX is a registered trademark of The Open Group in the United States and other countries.Linux is a trademark of Linus Torvalds in the United States, other countries, or both.SET and the SET Logo are trademarks owned by SET Secure Electronic Transaction LLC.Other company, product, or service names may be trademarks or service marks of others.Information is provided "AS IS" without warranty of any kind.All customer examples described are presented as illustrations of how those customers have used IBMproducts and the results they may have achieved. Actual environmental costs and performancecharacteristics may vary by customer.Information concerning non-IBM products was obtained from a supplier of these products, publishedannouncement material, or other publicly available sources and does not constitute an endorsement ofsuch products by IBM. Sources for non-IBM list prices and performance numbers are taken from publiclyavailable information, including vendor announcements and vendor worldwide homepages. IBM has nottested these products and cannot confirm the accuracy of performance, capability, or any other claimsrelated to non-IBM products. Questions on the capability of non-IBM products should be addressed to thesupplier of those products.All statements regarding IBM future direction and intent are subject to change or withdrawal without notice,and represent goals and objectives only. Contact your local IBM office or IBM authorized reseller for thefull text of the specific Statement of Direction.Some information addresses anticipated future capabilities. Such information is not intended as a definitivestatement of a commitment to specific levels of performance, function or delivery schedules with respect toany future products. Such commitments are only made in IBM product announcements. The information is Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 39
  42. 42. presented here to communicate IBMs current investment and development activities as a good faith effortto help with our customers future planning.Performance is based on measurements and projections using standard IBM benchmarks in a controlledenvironment. The actual throughput or performance that any user will experience will vary depending uponconsiderations such as the amount of multiprogramming in the users job stream, the I/O configuration, thestorage configuration, and the workload processed. Therefore, no assurance can be given that anindividual user will achieve throughput or performance improvements equivalent to the ratios stated here.Photographs shown are of engineering prototypes. Changes may be incorporated in production models.Any references in this information to non-IBM websites are provided for convenience only and do not inany manner serve as an endorsement of those websites. The materials at those websites are not part ofthe materials for this IBM product and use of those websites is at your own risk. Protecting the IBM Storwize V7000 Unified system with Symantec AntiVirus for NAS 40

×