Apply a scanner policy on a single cluster

Contributors

A scanner policy determines whether a scanner pool is active. You must make a scanner pool active before the Vscan servers that are defined in the scanner pool can connect to an SVM.

About this task
  • You can apply only one scanner policy to a scanner pool.

  • If you created a scanner pool for all of the SVMs in a cluster, you must apply a scanner policy on each SVM individually.

  • For disaster recovery and MetroCluster configurations, you must apply a scanner policy to the scanner pools for the local cluster and partner cluster.

    In the policy that you create for the local cluster, you must specify the local cluster in the cluster parameter. In the policy that you create for the partner cluster, you must specify the partner cluster in the cluster parameter. The partner cluster can then take over virus scanning operations in case of a disaster.

Steps
  1. Apply a scanner policy:

    vserver vscan scanner-pool apply-policy -vserver data_SVM -scanner-pool scanner_pool -scanner-policy primary|secondary|idle -cluster cluster_to_apply_policy_on

    A scanner policy can have one of the following values:

    • Primary specifies that the scanner pool is active.

    • Secondary specifies that the scanner pool is active only if none of the Vscan servers in the primary scanner pool are connected.

    • Idle specifies that the scanner pool is inactive.

    The following example shows that the scanner pool named SP on the vs1 SVM is active:

    cluster1::> vserver vscan scanner-pool apply-policy -vserver vs1 -scanner-pool SP  -scanner-policy primary
  2. Verify that the scanner pool is active:

    vserver vscan scanner-pool show -vserver data_SVM|cluster_admin_SVM -scanner-pool scanner_pool

    For a complete list of options, see the man page for the command.

    The following command displays the details for the SP scanner pool:

    cluster1::> vserver vscan scanner-pool show -vserver vs1 -scanner-pool SP
    
                                        Vserver: vs1
                                   Scanner Pool: SP
                                 Applied Policy: primary
                                 Current Status: on
             Cluster on Which Policy Is Applied: cluster1
                      Scanner Pool Config Owner: vserver
           List of IPs of Allowed Vscan Servers: 1.1.1.1, 10.72.204.27
    List of Host Names of Allowed Vscan Servers: 1.1.1.1, vmwin204-27.fsct.nb
                       List of Privileged Users: cifs\u1, cifs\u2

    You can use the vserver vscan scanner-pool show-active command to view the active scanner pools on an SVM. For the complete command syntax, see the man page for the command.