Install ONTAP Antivirus Connector
Install the ONTAP Antivirus Connector on the Vscan server to enable communication between the system running ONTAP and the Vscan server. When the ONTAP Antivirus Connector is installed, the antivirus software is able to communicate with one or more storage virtual machines (SVMs).
-
See the Vscan partner solutions page for information about the supported protocols, antivirus vendor software versions, ONTAP versions, interoperability requirements and Windows servers.
-
.NET 4.5.1 or later must be installed.
-
The ONTAP Antivirus Connector can run on a virtual machine. However, for best performance, NetApp recommends using a dedicated physical machine for antivirus scanning.
-
SMB 2.0 must be enabled on the Windows server on which you are installing and running the ONTAP Antivirus Connector.
-
Download the ONTAP Antivirus Connector setup file from the Support Site and save it to a directory on your hard drive.
-
Verify that you meet the requirements to install the ONTAP Antivirus Connector.
-
Verify that you have administrator privileges to install the Antivirus Connector.
-
Start the Antivirus Connector installation wizard by running the appropriate setup file.
-
Select Next. The Destination Folder dialog box opens.
-
Select Next to install the Antivirus Connector to the folder that is listed or select Change to install to a different folder.
-
The ONTAP AV Connector Windows Service Credentials dialog box opens.
-
Enter your Windows service credentials or select Add to select a user. For an ONTAP system, this user must be a valid domain user and must exist in the scanner pool configuration for the SVM.
-
Select Next. The Ready to Install the Program dialog box opens.
-
Select Install to begin the installation or select Back if you want to make any changes to the settings. A status box opens and charts the progress of the installation, followed by the InstallShield Wizard Completed dialog box.
-
Select the Configure ONTAP LIFs check box if you want to continue with the configuration of ONTAP management or data LIFs. You must configure at least one ONTAP management or data LIF before this Vscan server can be used.
-
Select the Show the Windows Installer log check box if you want to view the installation logs.
-
Select Finish to end the installation and to close the InstallShield wizard. The Configure ONTAP LIFs icon is saved on the desktop to configure the ONTAP LIFs.
-
Add an SVM to the Antivirus Connector. You can add an SVM to the Antivirus Connector by adding either an ONTAP management LIF, which is polled to retrieve the list of data LIFs, or by directly configuring the data LIF or LIFs. You must also provide the poll information and the ONTAP admin account credentials if the ONTAP management LIF is configured.
-
Verify that the management LIF or the IP address of the SVM is enabled for
management-https
. This is not required when you are only configuring data LIFs. -
Verify that you have created a user account for the HTTP application and assigned a role which has (at least read-only) access to the
/api/network/ip/interfaces
REST API. For more information about creating a user, see the security login role create and security login create ONTAP man pages.
-
You can also use the domain user as an account by adding an authentication tunnel SVM for an administrative SVM. For more information, see the security login domain-tunnel create ONTAP man page or use the /api/security/acccounts and /api/security/roles REST APIs to configure the admin account and role.
|
-
Right-click on the Configure ONTAP LIFs icon, which was saved on your desktop when you completed the Antivirus Connector installation, and then select Run as Administrator.
-
In the Configure ONTAP LIFs dialog box, select the preferred configuration type, then perform the following actions:
To create this type of LIF…
Perform these steps…
Data LIF
-
Set "role" to "data"
-
Set "data protocol" to "cifs"
-
Set "firewall policy" to "data"
-
Set "service policy" to "default-data-files"
Management LIF
-
Set "role* to "data"
-
Set "data protocol" to "none"
-
Set "firewall policy" to "mgmt"
-
Set "service policy" to "default-management"
Read more about creating a LIF.
After you create a LIF, enter the data or management LIF or IP address of the SVM that you want to add. You can also enter the cluster management LIF. If you specify the cluster management LIF, all SVMs within that cluster that are serving SMB can use the Vscan server.
When Kerberos authentication is required for Vscan servers, each SVM data LIF must have a unique DNS name, and you must register that name as a server principal name (SPN) with the Windows Active Directory. When a unique DNS name is not available for each data LIF or registered as an SPN, the Vscan server uses the NT LAN Manager mechanism for authentication. If you add or modify the DNS names and SPNs after the Vscan server is connected, you must restart the Antivirus Connector service on the Vscan server to apply the changes.
-
-
To configure a management LIF, enter the poll duration in seconds. The poll duration is the frequency at which the Antivirus Connector checks for changes to the SVMs or the cluster's LIF configuration. The default poll interval is 60 seconds.
-
Enter the ONTAP admin account name and password to configure a management LIF.
-
Click Test to check the connectivity and verify the authentication. Authentication is verified only for a management LIF configuration.
-
Click Update to add the LIF to the list of LIFs to poll or to connect to.
-
Click Save to save the connection to the registry.
-
Click Export if you want to export the list of connections to a registry import or registry export file. This is useful if multiple Vscan servers use the same set of management or data LIFs.
See the Configure the ONTAP Antivirus Connector page for configuration options.