No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R005C00 File System Feature Guide 11

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Working Principle

Working Principle

This section describes the network structure, scan policy configuration principle, and scan process of InfoScanner.

Network Structure

Figure 8-1 shows the network structure of InfoScanner.
Figure 8-1  InfoScanner network structure
Table 8-3 provides details about the network structure. The front-end service network of OceanStor 9000, antivirus servers, and AD domain servers are interconnected.
Table 8-3  Network structure description

Device

Description

AD domain server

  • Scan authentication users must be AD domain users and need to be added to AntivirusGroup (default local authentication user group in OceanStor 9000).
    NOTE:
    When the antivirus function is enabled and antivirus servers are configured, scan authentication users can access storage resources in OceanStor 9000 without being authenticated. Namely, scan authentication users have full control permissions.
  • To ensure that scan authentication users can access OceanStor 9000 by using antivirus servers, antivirus servers and OceanStor 9000 need to be added to the AD domain.

Antivirus console

The antivirus console is provided by Rising to collect feedback from antivirus software. The antivirus console can be deployed on one antivirus server or another kind of server.

Client

A user accesses OceanStor 9000 through a client and writes data to OceanStor 9000.

Antivirus server

  • Antivirus servers access storage resources in scan directories in OceanStor 9000 using the CIFS protocol. You are advised to configure multiple antivirus servers to prevent antivirus function failures when the only antivirus server fails and to accelerate service processing.
  • Antivirus Agent software is downloaded using DeviceManager and installed on every antivirus server to trigger antivirus software to scan files in scan directories.
  • Antivirus software is installed on every antivirus server and used to perform antivirus scanning for files in scan directories, back up virus-infected files to an isolation directory, and kill the viruses in scan directory. It also can restore isolated files to the scan directory.
  • For details about supported antivirus software, see Huawei Storage Interoperability Navigator.

    Rising virtualization system security software mainly scans files in scan directories, backs up infected files to isolation directories, kills viruses of files in the scan directories, and if necessary restores files from isolation directories to scan directories. Symantec Protection Engine, Symantec Endpoint Protection, and Trend Micro ServerProtect scan files in scan directories for viruses and kill viruses if any. Antivirus software must be installed on each antivirus server.

Storage system

(OceanStor 9000)

  • A scan directory refers to the directory to be scanned in OceanStor 9000. A directory can be configured as a real-time or periodic scan directory. Antivirus servers access a scan directory using the CIFS protocol.
  • A scan policy specifies the non-scan period, non-scan file types, and the maximum size of files that can be scanned for a scan directory.
  • OceanStor 9000 interconnects with the antivirus software deployed on an antivirus server to scan the scan directories for viruses.

Scan Policy Configuration Guidance

OceanStor 9000 allows a scan directory and its sub-directories to be of different scan types (real-time and periodical).

OceanStor 9000 allows different scan policies for a scan directory and its sub-directories (scan policies can set different Non-scan period, excluded file types in scan, max file size for scan), as shown in Figure 8-2.
Figure 8-2  Scan policy configuration example

Directory A is the parent directory of directory B. Scan policy 1 is configured for directory A, whereas scan policy 2 is configured for directory B. Table 8-4 shows how scan policies take effect.
Table 8-4  Scan policy effective modes

Scan Policy of the Scan Directory

Effective Mode for the Scan Policy of File a

Effective Mode for Scan Policy of File b

Scan policy 1 is configured for directory A, whereas scan policy 2 is configured for directory B, as shown in Figure 8-2.

Scan is implemented based on scan policy 1.

Scan is implemented based on scan policy 2.

Scan policy 1 is deleted as shown in II of Figure 8-2.

Scan is not triggered.

Scan is implemented based on scan policy 2.

Scan policy 2 is deleted as shown in III of Figure 8-2.

Scan is implemented based on scan policy 1.

Scan is implemented based on scan policy 1.

Scan Process

Scan process overview:
  • Real-time scan process: When write files into the real-time scan directory, edit existing files in the scan directory, read a file in the real-time scan directory 48 hours after the file is accessed, or read a file for the first time after a real-time scan directory is configured, the antivirus service starts scan in real time. OceanStor 9000 triggers antivirus servers to scan the files and return the scan result. If viruses are detected in a file, the file will be backed up to an isolation directory and the viruses will be killed in the scan directory.
  • Periodical scan process: OceanStor 9000 triggers antivirus servers to scan files in periodical scan directories in the storage system based on scan policies and return the scan result. If viruses are detected in a file, the file will be backed up to an isolation directory and the viruses will be killed in the scan directory.
Figure 8-3 shows the real-time scan process.
Figure 8-3  Real-time scan process
  1. Trigger real-time scan: When write files into the real-time scan directory, edit existing files in the scan directory, read a file in the real-time scan directory 48 hours after the file is accessed, or read a file for the first time after a real-time scan directory is configured, the antivirus service starts scan in real time.
    NOTE:
    • A real-time scan will not be triggered by changing file properties.
    • If files in real-time scan directories are only read within 48 hours since the last real-time scan, a real-time scan will not be triggered. If files in real-time scan directories are both read and written within 48 hours since the last real-time scan, a real-time scan will be triggered. If files in real-time scan directories are read and no matter whether the files are written after 48 hours since the last real-time scan, a real-time scan will be triggered.
  2. Perform real-time scan: OceanStor 9000 selects available antivirus servers based on preset scan policies.
  3. The antivirus servers scan files in real-time scan directories and return the scan result to OceanStor 9000.
    • If no virus is detected, the antivirus servers report to OceanStor 9000 that no virus exists in the files.
    • If viruses are detected, the antivirus servers report to OceanStor 9000 that files are infected by viruses. The virus files can be backed up to the isolated directory and killed in scan directory by antivirus software.
Figure 8-4 shows the periodical scan process.
Figure 8-4  Periodic scan process
  1. Trigger periodic scan: Users save files to periodical scan directories in OceanStor 9000 and the background job manager triggers periodic scan based on scan policies.
  2. Perform periodical scan: OceanStor 9000 selects available antivirus servers based on preset scan policies.
  3. The antivirus servers scan files in periodical scan directories and return the scan result to OceanStor 9000.
    • If no virus is detected, the antivirus servers report to OceanStor 9000 that no virus exists in the files.
    • If viruses are detected, the antivirus servers report to OceanStor 9000 that files are infected by viruses. The virus files can be backed up to the isolated directory and killed in scan directory by antivirus software.
NOTE:
When killing viruses for files in the scan directories, the antivirus software may delete the virus-infected files directly, or edit the virus-infected files. For details on how to restore the virus-infected files that are backed up to the isolated directories during real-time scan or periodic scan, see How to Restore an Isolated File?.
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000101823

Views: 19686

Downloads: 99

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next