Subscribe

Vscan configuration

We are in the process of migrating from a Celerra to a FAS3270 for our CIFS shares. On the Celerra we were using CAVA with decent results and using four servers to do the scanning. We are also moving from McAfee to Sophos so we will be implementing Sophos for NetApp and using this for the new CIFS environment. We are also deploying each CIFS share as a vfiler so we will have 20 vfilers doing all of the CIFS shares with around 24TB of data. Due to the way Sophos is tied to one filer I have configured vscan on each vfiler to use the host filer scanning and each filer has two servers pointing to it for the AV scanning.. A couple of things I have seen and have questions about in this scenario.

1. When we first turned up the Sophos servers and the first one registered  with no issues it was when the second one came on line there was contention between the two and they took turns knocking each other off. Once I defined one of them as the secondary everything stabilized and they both stay online and connected. The question I have is in TR3107 it states that the NetApp appliance will automatically do load balancing and I'm not seeing that in the scan results at all. The only time the secondary gets hit is when I take the primary away. How do I determine that load balacing is actually occuring?

2. With around 3500 users and 24TB of data being accessed is a single primary scanning server for each controller enough?

3. I was told that I could setup multiple primary scanning servers. Is that the case? If so how? All I have found in the documentation is for defining secondary scanning servers not primary.

4. Is the load balancing aspect truly automatic? If it is how does it work?

The reason I'm doing this on the community boards is I'm getting nothing from NetApp reseller support on this. 

Re: Vscan configuration

As I’m running McAfee and not Sophos I’ll see what I can do to answer your questions.

With McAfee we successfully run two or more primary AV scanners against the same Filer.

I was wondering do your Sophos scanners have unique IP addresses and host names?

ONTAP will load balance between primary scanners.

ONTAP will load balance between secondary scanners.

Due to the way primary and secondary scanners are architected within ONTAP there is no load balancing between primary and secondary scanners.

I would suggest opening a support case if you have not done so already to determine why to are unable to have only one concurrent Sophos scanner.

By default all scanners registered to a filer will be primary unless configured to be a secondary scanner using the ‘vscan scanners secondary_scanners’ command (answers question 3).

ONTAP implements a basic round robin approach to load balancing that is built into its v-policy api (answers question 4).

For each file request that requires an AV scan ONTAP will send the next file to the subsequent scanner in the scanning pool.

Use the vscan command with a running workload and you will see the scan requests equally divided between the number of primary AV scanners registered with the Filer.

The following example shows that with two primary scanners that the requests are evenly balanced (answers question 1)

Toaster> vscan

Virus scanning is enabled.

Virus scanners(IP and Name) P/S Connect time (dd:hh:mm) Reqs Fails Curr. Reqs.