No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess V100R006C20 on FusionCloud V100R006C10 Software Installation Guide 11 (Microsoft AD)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Installing the Antivirus/Patch

Installing the Antivirus/Patch

The AntiVirus and patch components are antivirus and patch services. The antivirus server software and patch service software are installed based on the Windows Server 2012 R2 OS. Generally, the two components are deployed together.
  • Antivirus software can ensure the security of the Windows infrastructure ECS and user desktop and is not affected by viruses. You can determine whether to deploy antivirus software as required.
    • The antivirus server software is deployed on an independent Windows infrastructure ECS.
    • Antivirus client software is deployed on other Windows infrastructure ECSs and user desktop ECSs that need to be protected.
  • The patch service software can be used to update the Windows OS patches in a timely and convenient manner. You can determine whether to install the patches based on actual requirements.

    Generally, the patch service software and antivirus server software are deployed on the Windows infrastructure ECS that interworks with the Internet or upper-layer patch server. The patch service software can also be deployed independently.

NOTE:

Applying for an Antivirus/Patch ECS

Scenarios

This section describes how to apply for an Antivirus/Patch ECS.

Prerequisites

You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.

Procedure
  1. On the ServiceCenter tenant portal, choose Computing > Elastic Cloud Server and click Create ECS.
  2. Set the parameters according to Table 5-17. Retain the default values for the parameters that are not involved or set the parameters according to the actual requirements. Click Apply Now.

    Table 5-17 FA-AD-01 parameter configuration

    Parameter

    Description

    ECS Name

    FA-AntiVirus

    CPU

    2 (or more)

    Memory

    4 GB (or more)

    Image Type

    Public image

    Image

    Configure this parameter based on resource requirements.

    Disk

    60 GB

    Data Disk

    50 GB (or more)

    VPC

    vpc-VDI

    Security Group

    sg-Desktop

    NIC

    Configure a static IP address for the Desktop subnet (subnet-Desktop), for example, 172.16.0.17.

    EIP

    Select Automatically Assign or Specify.

    Login Mode

    Click Password and enter the password of Administrator.

  3. On the specifications confirmation page, confirm the specifications. Then, click Submit.
  4. After ECS is created, check and record its elastic IP address.

Installing the Antivirus Server

Scenarios

This task instructs software installation engineers to install antivirus server software, load controls, and set antivirus policies.

After antivirus software is deployed, you need to install the antivirus client software on other Windows infrastructure ECSs and FusionAccess ECSs.

NOTE:

Update virus library after the antivirus server installation and daily use.

Prerequisites
  • You have obtained the antivirus software OSCE_11.0PLUS_GM_with_patch1_SC.exe.
  • You have planned or acquired the data shown in Table 5-18.
    Table 5-18 Data required for installing the antivirus server

    Parameter

    Description

    Example Value

    Activation code

    • Antivirus
    • Damage Cleanup Services
    • Web Reputation and Anti-spyware

    -

    Web console password

    Specifies the password used to uninstall the antivirus server and log in to the web console.

    It is recommended that the web console password be different from the client uninstall password.

    The password must conform to the following rules:

    • Contain at least one uppercase letter (A-Z), one lowercase letter (a-z), one digit (0-9), and one space character or special character (~!@#$%^&*()-_=+\|{};:'",<.>/?).
    • Contain 8 to 32 characters.
    • Cannot be same as the recent three passwords.
    • Cannot contain the username or the username in reversed order.

    Huawei12#$

    Client uninstall password

    Specifies the password used to uninstall the antivirus client.

    It is recommended that the client uninstall password be different from the web console password.

    The password must meet the same requirements as that of the web console password.

    Huawei@123

    Client port number

    Specifies the port used for the OfficeScan client to access the OfficeScan web console. The port can also be used to update services to the OfficeScan client.

    29001: Defined when the OfficeScan server is installed.

Procedure

Adding the VM to a domain

  1. Log in to the VM for deploying the FA-AntiVirus component as Administrator.
  2. On the VM, click , enter sysdm.cpl and press Enter.

    The System Properties window is displayed.

  3. Click Change.

    The Computer Name/Domain Changes dialog box is displayed.

  4. Set the following parameters and click OK.

    • Computer name: Enter the planned computer name, for example, RD-licensing.
    • Domain: Enter the fully qualified domain name (FQDN) of the domain, for example, vdesktop.huawei.com.

  5. Enter the username and password of the domain administrator to be added to the domain and click OK.
  6. Complete the configuration as prompted, restart the VM.

Closing the Server Manager window

  1. Log in to the VM for deploying the FA-AntiVirus component using a domain account.
  2. Close the Server Manager window.

    NOTE:
    • Stop the Server Manager program, which starts by default on the operating system (OS). Otherwise, the antivirus server cannot be successfully installed.
    • Stop the mmc.exe process if it exists in Task Manager.

Installing the antivirus server software

  1. Copy the software package to the antivirus server.
  2. Double-click OSCE_11.0PLUS_GM_with_patch1_SC.exe.

    NOTE:

    It takes about 1 minute for the system to extract files. If the installation fails, reinstall the antivirus server.

    The Trend Micro OfficeScan window is displayed.

  3. Click Start.
  4. Click Next.

    The License Agreement window is displayed.

  5. Select I accept the terms of the license agreement and click Next.

    The Installation Destination window is displayed.

  6. Select On this endpoint and click Next.

    The Endpoint Prescan window is displayed.

  7. Select Do not scan the target endpoint and click Next.

    The Installation path window is displayed.

  8. Click Browse and select the installation path.

    NOTE:

    To ensure sufficient space for the virus library, the disk where the installation program is located must have more than 5 GB free space.

  9. Click OK.

    The Choose Folder dialog box closed.

  10. Click Next.

    The Proxy Server window is displayed.

  11. Deselect Use proxy server and click Next.

    The Web Server window is displayed.

  12. Select Apache Web server 2.2 and enter 8080 in HTTP port.
  13. Set SSL port to 4343, and click Next, as shown in Figure 5-26.

    Figure 5-26 Web Server

    The Server Identification window is displayed.

  14. Select IP address, choose the VM service plane IP address in the group box, and click Next.

    The Product Activation window is displayed.

  15. Click Next.

    Skipped the Register online page, and the Type the Activation Code window is displayed, as shown in Figure 5-27.

    Figure 5-27 Type the Activation Code

  16. Enter the activation code obtained before installation in Antivirus and click Next.

    NOTE:

    You can enable the Damage Cleanup Services and Web Reputation and Anti-spyware functions as required.

  17. Click Next.

    A dialog box is displayed.

  18. Click Yes.

    The Online License Verification window is displayed.

  19. Click Next.

    The OfficeScan Agent Deployment window is displayed.

  20. Click Next.

    The Install Integrated Smart Protection Server window is displayed.

  21. Select Yes, install the integrated Smart Protection Server and click Next.

    The Enable Web Reputation Services window is displayed.

  22. Keep the default value and click Next.

    The Install officeScan agent window is displayed.

  23. Click Next.

    The Smart Protection Network window is displayed.

  24. Deselect Enable Trend Micro Smart Feedback and click Next.

    The Administrator Account Password window is displayed.

  25. Set the following parameters:

    • Web console password: Enter the password used for logging in to the web console.
    • Client unload and uninstall password: Enter the password used for uninstalling the client.
    NOTE:

    You are advised to set different passwords for Web console password and Client unload and uninstall password.

  26. Click Next.

    The OfficeScan Agent Installation window is displayed.

  27. Keep the default value and click Next.

    The OfficeScan Firewall window is displayed.

  28. Deselect Enable firewall and click Next.

    The Anti-spyware Feature window is displayed.

  29. Select No, do not enable assessment mode and click Next.

    The Web Reputation Feature window is displayed.

  30. Deselect Enable web reputation policy and click Next.

    The Server Authentication Certificate window is displayed.

  31. Select Generate a new authentication certificate and input the Backup password and Confirm password and click Next.

    The OfficeScan Program Shortcuts window is displayed.

  32. Click Next.

    The Installation Information window is displayed.

  33. Confirm the installation information and click Install.

    After about 10 minutes, software installation is complete.

  34. Click Finish.

    Close the Trend Micro OfficeScan window.

Checking the antivirus services

  1. Choose Start > Run.

    The Run dialog box is displayed.

  2. In Run text box, enter services.msc, and press Enter.

    The Services window is displayed.

  3. Check whether the services shown in Figure 5-28 exist.

    • If yes, go to Step 46.
    • If no, contact technical support.
    Figure 5-28 Antivirus services

  4. Close the Services window.

Logging in to the OfficeScan Web Console

  1. Choose Start > All Program > Trend Micro OfficeScan Server –Server name > OfficeScan Web Console (HTML).

    A certificate error is reported on Internet Explorer.

  2. Click Continue to this website (not recommended).

    The Security Alert dialog box is displayed.

  3. Select In the future, do not show this warning and click OK.

    The Internet Explorer dialog box is displayed.

  4. Click Add.

    The Trusted sites dialog box is displayed, as shown in Figure 5-29.

    NOTE:

    The IP address shown in Figure 5-29 is an example only.

    Figure 5-29 Adding sites

  5. Click Add.

    The IP address of the antivirus server is set as a trusted address.

  6. Click Close.

    The OfficeScan Web Console login page is displayed.

  1. Choose Start > All Program > Trend Micro OfficeScan Server –Server name > OfficeScan Web Console (HTML).

    A certificate error is reported on Internet Explorer.

  2. Click Continue to this website (not recommended).

    The Security Alert dialog box is displayed.

  3. Select In the future, do not show this warning and click OK.

    The Internet Explorer dialog box is displayed.

  4. Click Add.

    The Trusted sites dialog box is displayed, as shown in Figure 5-30.

    NOTE:

    The IP address shown in Figure 5-30 is an example only.

    Figure 5-30 Adding sites

  5. Click Add.

    The IP address of the antivirus server is set as a trusted address.

  6. Click Close.

    The OfficeScan Web Console login page is displayed.

Loading AtxEnc.cab

  1. Click the message displayed in the upper part of the page, and select Install This Add-on for All Users on This Computer.

    The Internet Explorer - Security Warning dialog box is displayed asking you to install AtxEnc.cab.

  2. Click Install.

    The Internet Explorer - Security Warning dialog box is closed.

Loading AtxPie.cab

  1. Enter root in User Name and the password for logging in to the web console in Password, and click Log On.

    The OfficeScan Web Console home page is displayed, and a message is displayed at the top of the page.

  2. Repeat Step 59 and Step 60 to load AtxPie.cab.

Checking the settings of software installation parameters

  1. In the navigation tree of the OfficeScan Web Console, choose Administration > Settings > Product License.

    The Product License pane is displayed.

  2. In the Additional Services area, check that the value of Firewall for endpoints is Disabled.

Setting antivirus policies

  1. In the navigation tree of the OfficeScan Web Console, choose Updates > Server > Manual Update.

    The Server Manual Update pane is displayed on the right.

  2. Select all options and click Update.

    The OfficeScan server starts to download antivirus definition files from the web upgrade source and update the scan engine.

  3. Choose Updates > Server > Scheduled Update.
  4. Select Enable scheduled update of the OfficeScan server.
  5. Set the Update Schedule.

    NOTE:

    Set the scan cycle based on actual requirements.

  6. In the navigation tree, choose Administration > Settings > Product License.

    The Product License pane is displayed on the right.

  7. In the License Information area, check whether the value of Antivirus for desktops is Activated.

  8. Click Antivirus for desktops.

    The Product License Details page is displayed.

  9. Click New Activation Code.

    The Product License New Activation Code page is displayed.

  10. Enter the antivirus activation code in New Activation Code and click Save.

    The Product License pane is displayed.

  11. In the navigation tree, choose Administration > Product License.
  12. In the License Information area, check whether the value of Antivirus for desktops is Activated.

    • If yes, no further action is required.
    • If no, go to Step 77.

  13. Click Antivirus for servers.

    The Product License Details page is displayed.

  14. Click New Activation Code.

    The Product License New Activation Code page is displayed.

  15. Enter the antivirus activation code in New Activation Code and click Save.

    The Product License pane is displayed.

Installing the Antivirus Client

Scenarios

After the antivirus server is deployed in the FusionAccess environment, install antivirus software on all other Windows infrastructure ECSs and FusionAccess servers. This prevents ECS on the Windows OS from being intruded by viruses.

This task instructs software installation engineers to install antivirus client software and verify installation results.

Procedure

Installing the antivirus client

  1. Log in to the Windows infrastructure ECS as Administrator.
  1. Open Internet Explorer, enter https://Antivirus server IP address:4343/officescan in the address box, and press Enter.

    The Security Alert dialog box is displayed, showing "You are about to view pages over a secure connection."

  2. Click OK.

    The system displays "There is a problem with this website's security certificate."

  3. Click Continue to this website (not recommended).

    The Security Alert dialog box is displayed, showing "You are about to view pages over a secure connection."

  4. Click OK.

    The Internet Explorer dialog box is displayed, prompting you to add the website to trusted websites.

  5. Click Add.

    The Trusted sites dialog box is displayed.

  6. Click Add.

    The antivirus server IP address is added to Websites.

  7. Click Close.

    The login page of the OfficeScan Web Console is displayed.

  8. Click the message displayed in the upper part of the page, and select Install This Add-on for All Users on This Computer.

    The Internet Explorer - Security Warning dialog box is displayed asking you to install AtxEnc.cab.

    NOTE:

    If the installation fails, reinstall the antivirus client.

  9. Click , select Always install software from Trend Micro,Inc., and click Install.

    The Internet Explorer - Security Warning dialog box is closed.

  10. In the lower part on the login page of the OfficeScan Web Console, click the hyperlink for installing the client, for example, https://https://Antivirus server IP address:4343/officescan/console/html/cgi/cgiWebUpdate.exe, as shown in Figure 5-31.

    Figure 5-31 OfficeScan

  11. Select Download 32–bit Package Now or Download 32–bit Package Now based on the client OS.
  12. Install software as prompted.
  13. Close Internet Explorer.

Verifying the installation of the antivirus agent client

  1. Choose Start > OfficeScan Client > OfficeScan.

    The Trend Micro OfficeScan window is displayed.

  2. Click in the upper right corner of the window, and select About.

    The About Trend Micro OfficeScan dialog box is displayed.

  3. Check whether Agent version is 11.0.XXXX.

    NOTE:

    The antivirus client software is provided by the antivirus server. If the antivirus client software version is incorrect, reinstall the correct antivirus server.

  4. Close the About Trend Micro OfficeScan dialog box.
  5. Close the Trend Micro OfficeScan window.
  6. Choose Start > Run.

    The Run dialog box is displayed.

  7. Enter services.msc in the Open text box and press Enter.

    The Services window is displayed.

  8. Check whether services shown in Figure 5-32 are displayed in the right pane.

    • If yes, the antivirus client is successfully installed.
    • If no, uninstall the antivirus client, and reinstall it.
    Figure 5-32 Antivirus client services

  9. Close the Services window.

Scaning the Windows ECS

  1. Choose Start > OfficeScan Client.

    The Trend Micro OfficeScan window is displayed.

  2. Click the Manual Scan tab, select computer, and click Scan.

    The Scanning dialog box displays the scanning progress.

  3. Perform related operations based on the scanning results.

Installing the Patch Service Software

Scenarios

The task instructs software installation engineers to install the Windows Server update service patch service software. The patch service software is usually deployed on ECS where the antivirus server software resides.

Prerequisites
  • The antivirus server has joined the domain.
  • The connection between the infrastructure VM and the Internet or upper-layer patch server is normal. Otherwise, the patch service software cannot be installed.
    NOTE:

    If the system does not support deployment of the patch server software, visit the Microsoft website to download and manually install operating system patches periodically according to the security patch bulletin published by Microsoft.

    To view the patch release bulletin, visit http://support.huawei.com/enterprise and choose Support > Bulletins > Service Bulletins > Software Bulletin.

    To download patches, visit http://www.microsoft.com/en-us and choose Downloads > Download Center.

  • You have planned or obtained the data shown in Table 5-19.
    Table 5-19 Data required for installing the patch server

    Parameter

    Description

    Example Value

    Server name and port number

    • If an upper-layer patch server is used to update patches for the site, enter the IP address and port number of the upper-layer patch server. The patch server communicates with the upper-layer patch server to download patches.
    • If no upper-layer patch server is used, leave this parameter unspecified.

    192.168.10.13:80

    Proxy server name and port number

    • If a proxy server is used to access the Internet or upper-layer patch server, enter the IP address and port number of the proxy server. The patch server communicates with the Internet or upper-layer patch server to download patches through the proxy server.
    • If no proxy server is used, leave this parameter unspecified.

    192.168.10.100:80

    Username and password

    Specifies the username and password for accessing the proxy server.

    -

    Domain

    Specifies the domain to which the proxy server user belongs.

    vdesktop.huawei.com

    Domain account and password of each server of FusionAccess

    Specifies the domain account and password for logging in to each server of FusionAccess.

    -

Procedure

Installing Windows Server update services

  1. Log in to the antivirus server using the domain account.
  2. Click on the taskbar.

    The Server Manager window is displayed, as shown in Figure 5-33.

    Figure 5-33 Server Manager

  3. In the middle of the page, click Add roles and features.

    The Add Roles and Features Wizard dialog box is displayed.

  4. Click Next three times.
  5. In the Roles dialog box, select Windows Server Update Services. In the displayed dialog box, click Add Features, and click Next, as shown in Figure 5-34 and Figure 5-35.

    Figure 5-34 Select server roles
    Figure 5-35 Add Roles and Features Wizard

  6. In the Features dialog box, use the default settings, and click Next.
  7. On the Web Server Roles (IIS) page, click Next.
  8. On the Select role services page, use the default settings, and click Next, as shown in Figure 5-36.

    Figure 5-36 Select role services

  9. On the Windows Server Update Services page, click Next, as shown in Figure 5-37.

    Figure 5-37 Windows Server Update Services

  10. On the Select role services page, use the default settings and click Next, as shown in Figure 5-38.

    Figure 5-38 Select role services

  11. On the Content location selection page, select Store updates in the following location, enter the path to the update source, and click Next, as shown in Figure 5-39.

    NOTE:

    The disk space of the update source must be at least 6 GB.

    Figure 5-39 Select content location

  12. On the Confirm installation selections page, click Install, as shown in Figure 5-40.

    Figure 5-40 Confirm installation selections

  13. The installation progress is displayed. When Installation succeeded is displayed, click Close.

Configuring network connections

  1. In the navigation tree of the Server Manager window, choose WSUS.
  2. In the SERVERS area in the middle of the page, right-click server name, and choose Windows Server Update Services from the shortcut menu.

    The Complete WSUS Installation dialog box is displayed, as shown in Figure 5-41.

    Figure 5-41 Complete WSUS Installation

  3. Click Run.

    The system configures tasks after installation.

  4. After the installation is complete, click Close.

    The Windows Server Update Services Configuration Wizard window is displayed.

  5. Click Next.

    The Join the Microsoft Update Improvement Program window is displayed.

  6. Click Next.

    The Choose Upstream Server window is displayed.

  7. Select the upper-layer server.

    • To update patches from the Internet, select Synchronize from Microsoft Update.
    • To update patches from an upper-layer patch server, select Synchronize from another Windows Server Update Services server and set parameters as shown in Figure 5-42.

      Set the following parameters:

    • Server name: Enter the IP address of the upper-layer patch server.
    • Port number: Retain the default value 8530.
    • Deselect other parameters.
    Figure 5-42 Choose Upstream Server

  8. Click Next.

    The Specify Proxy Server window is displayed.

  9. Check whether a proxy server is used to access the Internet.

  10. Select Use a proxy server when synchronizing and set the following parameters:

    • Proxy server name: Enter the proxy server IP address.
    • Port number: Retain the default value 80.

  11. Select Use user credentials to connect to the proxy server and set the following parameters:

    • User name: Enter the username for logging in to the proxy server.
    • Domain: Enter the domain to which the user belongs.
    • Password: Enter the password for logging in to the proxy server.

  12. Click Next.

    The Connect to Upstream Server window is displayed.

  13. Click Start Connecting.

    It takes about 3 minutes to connect to the proxy server.

  14. Click Next.

    The Choose Languages window is displayed.

  15. Select English and click Next.

    The Choose Products window is displayed.

  16. Select Windows server 2012 R2 and click Next.

    The Choose classifications window is displayed.

  17. Click Next.

    The Configure Sync schedule window is displayed.

  18. Select Synchronize automatically and set the following parameters:

    • First synchronization: Set the first update time.
    • Synchronizations per day: Set the number of update times each day.

  19. Click Next.

    The Finished window is displayed.

  20. Click Finished.

    The configuration is complete.

    NOTE:

    The modification cannot be saved during the patch updating process.

Setting Windows components patch update policies

  1. Log in to the standby AD server using the domain administrator account.
  2. On the taskbar in the lower left corner, right-click , and enter gpedit.msc in the Run text box, and press Enter.

    The Local Group Policy Editor page is displayed.

  3. In the navigation tree, choose Computer Configuration > Administrative Templates > Windows components > Windows Update.

    The Window Update pane is displayed on the right.

  4. In the right pane, double-click Configure Automatic Updates.

    The Configure Automatic Updates dialog box is displayed, as shown in Figure 5-43.

    Figure 5-43 Configure Automatic Updates

  5. Select Enabled in Configure Automatic Updates, and set the following parameters:

    • Configure automatic updating
    • Scheduled install day
    • Scheduled install time
    NOTE:

    Do not set the same update time for the components. A one-day interval is recommended for one patch update.

  6. Click OK.

    The Configure Automatic Updates dialog box is closed.

  7. In the right pane, double-click Specify intranet Microsoft updates service location.

    The Specify intranet Microsoft updates service location dialog box is displayed.

  8. Select Enabled in the Specify intranet Microsoft updates service location area and set the following parameters:

    • Set the intranet update service for detecting updates: Enter the service IP address of the patch server.
    • Set the intranet statistics server: Enter the service IP address of the patch server.

  9. Click OK.

    The Specify intranet Microsoft updates service location dialog box is closed.

  10. Close the Group Policy Management Editor window.
  11. Repeat Step 35 to Step 43 to set patch update policies for the following servers.

    • Active AD\DNS\DHCP server
    • TCM server

Approving patches

  1. Log in to the patch server using the domain account.
  2. Choose > Administrative Tools > Windows Server Update Services.

    The Update Services window is displayed.

  3. Choose Patch server name > Updates > All Updates, as shown in Figure 5-44.

    Figure 5-44 All Updates

  4. In the middle pane, select Unapproved from the Approval drop-down list, select Any from the Status drop-down list, and click Refresh.

    Information about the required and unapproved patches is displayed.

  5. Right-click a patch and choose approve from the shortcut menu.

    The Approve Updates dialog box is displayed.

  6. Right-click All Computers and choose Approved for Install from the shortcut menu.
  7. Repeat Step 49 to Step 50 to approve all patches.

Checking whether patches can be automatically updated from the patch server

  1. Log in to the standby AD server using the domain administrator account.
  2. On the taskbar in the lower left corner, right-click , and enter cmd in the Run text box, and press Enter.

    The CLI is displayed.

  3. Run the following command to update the system:

    wuauclt.exe /detectnow
    NOTE:

    After the command is executed, a message is displayed in the lower right corner of the desktop, reminding you of updating patches.

Checking the patch update status

  1. In the Update Services window, choose Reports in the navigation tree.

    The Reports window is displayed.

  2. Click Update Status Summary in the middle pane.

    The Updates Report window is displayed.

  3. Specify the filter criteria, for example, select Include updates in these classifications, and click Run Report on the toolbar.
  4. Check the status of each patch in the Patch server name Update Report pane.

    The update status information is displayed.

Translation
Download
Updated: 2019-07-01

Document ID: EDOC1100021785

Views: 49524

Downloads: 108

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next