Apply a scanner policy on a single cluster
A scanner policy determines whether a scanner pool is active. You must make a scanner pool active before the Vscan servers that are defined in the scanner pool can connect to an SVM.
You can apply only one scanner policy to a scanner pool.
If you created a scanner pool for all of the SVMs in a cluster, you must apply a scanner policy on each SVM individually.
For disaster recovery and MetroCluster configurations, you must apply a scanner policy to the scanner pools for the local cluster and partner cluster.
In the policy that you create for the local cluster, you must specify the local cluster in the
clusterparameter. In the policy that you create for the partner cluster, you must specify the partner cluster in the
clusterparameter. The partner cluster can then take over virus scanning operations in case of a disaster.
Apply a scanner policy:
vserver vscan scanner-pool apply-policy -vserver data_SVM -scanner-pool scanner_pool -scanner-policy primary|secondary|idle -cluster cluster_to_apply_policy_on
A scanner policy can have one of the following values:
Primaryspecifies that the scanner pool is active.
Secondaryspecifies that the scanner pool is active only if none of the Vscan servers in the primary scanner pool are connected.
Idlespecifies that the scanner pool is inactive.
The following example shows that the scanner pool named
vs1SVM is active:
cluster1::> vserver vscan scanner-pool apply-policy -vserver vs1 -scanner-pool SP -scanner-policy primary
Verify that the scanner pool is active:
vserver vscan scanner-pool show -vserver data_SVM|cluster_admin_SVM -scanner-pool scanner_pool
For a complete list of options, see the man page for the command.
The following command displays the details for the
cluster1::> vserver vscan scanner-pool show -vserver vs1 -scanner-pool SP Vserver: vs1 Scanner Pool: SP Applied Policy: primary Current Status: on Cluster on Which Policy Is Applied: cluster1 Scanner Pool Config Owner: vserver List of IPs of Allowed Vscan Servers: 126.96.36.199, 10.72.204.27 List of Host Names of Allowed Vscan Servers: 188.8.131.52, vmwin204-27.fsct.nb List of Privileged Users: cifs\u1, cifs\u2
You can use the
vserver vscan scanner-pool show-activecommand to view the active scanner pools on an SVM. For the complete command syntax, see the man page for the command.