Skip to main content

Create scanner pools in MetroCluster configurations

Contributors netapp-powr netapp-ahibbard

You must create primary and secondary scanner pools on each cluster in a MetroCluster configuration, corresponding to the primary and secondary SVMs on the cluster.

What you'll need
  • SVMs and Vscan servers must be in the same domain or in trusted domains.

  • For scanner pools defined for an individual SVM, you must have configured ONTAP Antivirus Connector with the SVM management LIF or SVM data LIF.

  • For scanner pools defined for all the SVMs in a cluster, you must have configured ONTAP Antivirus Connector with the cluster management LIF.

  • The list of privileged users must include the domain user account the Vscan server uses to connect to the SVM.

  • Once the scanner pool is configured, check the connection status to the servers.

About this task

MetroCluster configurations protect data by implementing two physically separate mirrored clusters. Each cluster synchronously replicates the data and SVM configuration of the other. A primary SVM on the local cluster serves data when the cluster is online. A secondary SVM on the local cluster serves data when the remote cluster is offline.

This means that you must create primary and secondary scanner pools on each cluster in a MetroCluster configuration, The secondary pool becomes active when the cluster begins serving data from the secondary SVM. For Disaster Recovery (DR) the configuration is similar to MetroCluster.

This figure shows a typical MetroCluster/DR configuration.

Metrocluster/DR configuration
Steps
  1. Create a scanner pool:

    vserver vscan scanner-pool create -vserver data_SVM|cluster_admin_SVM -scanner-pool scanner_pool -hostnames Vscan_server_hostnames -privileged-users privileged_users

    • Specify a data SVM for a pool defined for an individual SVM, and specify a cluster admin SVM for a pool defined for all the SVMs in a cluster.

    • Specify an IP address or FQDN for each Vscan server host name.

    • Specify the domain and user name for each privileged user.

    Note

    You must create all scanner pools from the cluster containing the primary SVM.

    For a complete list of options, see the man page for the command.

    The following commands create primary and secondary scanner pools on each cluster in a MetroCluster configuration:

    cluster1::> vserver vscan scanner-pool create -vserver cifssvm1 -
    scanner-pool pool1_for_site1 -hostnames scan1 -privileged-users cifs
    \u1,cifs\u2
    
    cluster1::> vserver vscan scanner-pool create -vserver cifssvm1 -
    scanner-pool pool1_for_site2 -hostnames scan1 -privileged-users cifs
    \u1,cifs\u2
    
    cluster1::> vserver vscan scanner-pool create -vserver cifssvm1 -
    scanner-pool pool2_for_site1 -hostnames scan2 -privileged-users cifs
    \u1,cifs\u2
    
    cluster1::> vserver vscan scanner-pool create -vserver cifssvm1 -
    scanner-pool pool2_for_site2 -hostnames scan2 -privileged-users cifs
    \u1,cifs\u2
  2. Verify that the scanner pools were created:

    vserver vscan scanner-pool show -vserver data_SVM|cluster_admin_SVM -scanner-pool scanner_pool

    For a complete list of options, see the man page for the command.

    The following command displays the details for the scanner pool pool1:

    cluster1::> vserver vscan scanner-pool show -vserver cifssvm1 -scanner-pool pool1_for_site1
    
                                        Vserver: cifssvm1
                                   Scanner Pool: pool1_for_site1
                                 Applied Policy: idle
                                 Current Status: off
             Cluster on Which Policy Is Applied: -
                      Scanner Pool Config Owner: vserver
           List of IPs of Allowed Vscan Servers:
    List of Host Names of Allowed Vscan Servers: scan1
                       List of Privileged Users: cifs\u1,cifs\u2

    You can also use the vserver vscan scanner-pool show command to view all of the scanner pools on an SVM. For complete command syntax, see the man page for the command.