Apply a scanner policy on a single cluster
Contributors
A scanner policy determines whether a scanner pool is active. You must make a scanner pool active before the Vscan servers that are defined in the scanner pool can connect to an SVM.
-
You can apply only one scanner policy to a scanner pool.
-
If you created a scanner pool for all of the SVMs in a cluster, you must apply a scanner policy on each SVM individually.
-
For disaster recovery and MetroCluster configurations, you must apply a scanner policy to the scanner pools for the local cluster and partner cluster.
In the policy that you create for the local cluster, you must specify the local cluster in the
cluster
parameter. In the policy that you create for the partner cluster, you must specify the partner cluster in thecluster
parameter. The partner cluster can then take over virus scanning operations in case of a disaster.
-
Apply a scanner policy:
vserver vscan scanner-pool apply-policy -vserver data_SVM -scanner-pool scanner_pool -scanner-policy primary|secondary|idle -cluster cluster_to_apply_policy_on
A scanner policy can have one of the following values:
-
Primary
specifies that the scanner pool is active. -
Secondary
specifies that the scanner pool is active only if none of the Vscan servers in the primary scanner pool are connected. -
Idle
specifies that the scanner pool is inactive.
The following example shows that the scanner pool named
SP
on thevs1
SVM is active:cluster1::> vserver vscan scanner-pool apply-policy -vserver vs1 -scanner-pool SP -scanner-policy primary
-
-
Verify that the scanner pool is active:
vserver vscan scanner-pool show -vserver data_SVM|cluster_admin_SVM -scanner-pool scanner_pool
For a complete list of options, see the man page for the command.
The following command displays the details for the
SP
scanner pool:cluster1::> vserver vscan scanner-pool show -vserver vs1 -scanner-pool SP Vserver: vs1 Scanner Pool: SP Applied Policy: primary Current Status: on Cluster on Which Policy Is Applied: cluster1 Scanner Pool Config Owner: vserver List of IPs of Allowed Vscan Servers: 1.1.1.1, 10.72.204.27 List of Host Names of Allowed Vscan Servers: 1.1.1.1, vmwin204-27.fsct.nb List of Privileged Users: cifs\u1, cifs\u2
You can use the
vserver vscan scanner-pool show-active
command to view the active scanner pools on an SVM. For the complete command syntax, see the man page for the command.