Network and Storage Protocols

TrendMicro ServerProtect 6 and ONTAP 9.1


I want to confirm the configuration for TrendMicro ServerProtect 6.0 running on ONTAP 9.1.  I had been told by NetApp support that I need a LIF in each protected SVM for EVERY node in the cluster.  This would mean that my 8-node cluster running two (2) SVMs would require 16 LIFs - each with its own IP address.  I tend to think that the TSE may have misspoken here.  According to documentation, it appears I can provide only the cluster Mgmt LIF to the AV connector LIF config applet and that would cover ALL SVMs in the cluster.  Otherwise, I'll end up with something like this...  16 IPs used for AV Scanning (??)


Isn't this why we have failover-groups to begin with?


            Logical             Status     Network            Current       Current Is

Vserver     Interface           Admin/Oper Address/Mask       Node          Port    Home

----------- ------------------- ---------- ------------------ ------------- ------- ----


            CIFS07EUS_cifs_lif1 up/up     CINTAPP01eUS a0a-82  true

            CIFS07EUS_cifs_lif2 up/up     CINTAPP02eUS a0a-82  true

            CIFS07EUS_cifs_lif3 up/up     CINTAPP03eUS a0a-82  true

            CIFS07EUS_cifs_lif4 up/up     CINTAPP04eUS a0a-82  true

            CIFS07EUS_cifs_lif5 up/up     CINTAPP05eUS a0a-82  true

            CIFS07EUS_cifs_lif6 up/up     CINTAPP06eUS a0a-82  true

            CIFS07EUS_cifs_lif7 up/up     CINTAPP07eUS a0a-82  true

            CIFS07EUS_cifs_lif8 up/up     CINTAPP08eUS a0a-82  true


            CIFS08EUS_cifs_lif1 up/up     CINTAPP01eUS a0a-82  true

            CIFS08EUS_cifs_lif2 up/up     CINTAPP02eUS a0a-82  true

            CIFS08EUS_cifs_lif3 up/up     CINTAPP03eUS a0a-82  true

            CIFS08EUS_cifs_lif4 up/up     CINTAPP04eUS a0a-82  true

            CIFS08EUS_cifs_lif5 up/up     CINTAPP05eUS a0a-82  true

            CIFS08EUS_cifs_lif6 up/up     CINTAPP06eUS a0a-82  true

            CIFS08EUS_cifs_lif7 up/up     CINTAPP07eUS a0a-82  true




TR-4312 is the Antivirus Solution Guide for ONTAP and Trend Micro. On page 19, section 5.2, it says: 


You can also enter the cluster management LIF. If you specify the cluster management LIF,
all SVMs that are serving CIFS within that cluster can use the Vscan server.


This is the way that we have ServerProtect configured in our environment and it has been happily working for some time. Feel free to reach out if you have any other deployment questions, we use it pretty extensively. 


So to clarify.... Provisioning a data LIF for each and every node in every SVM (as in my initial post) is not necessary?  One cluster mgmt LIF per cluster for each scanner server (via the scanner's "Configure ONTAP Management LIFs" utility) is sufficient?


That is the way that I interpret the documentation as written, and what you've described is also the way that we have it configured in our environment. 


I'm reaching out to close this loop...  The manual is quite clear.  So if I remove all but my cluster mgmt LIF from the configuration, any SVM with vscan enabled and scanner pools in place, etc. will be able to communicate with my scanners?  I'm not sure why the NetApp TSE insisted I need a CIFS LIF/IP address for every node and for every SVM in my cluster.




I have received ownership of this case.


Looking at case notes, it appears that you are looking to address issues with many of your nodes indicating a lack of a connection for your configured vscan servers for the SVM CBIFS07EUS.


This actually stands to reason, as only the node CBINTAPP04eUS has a data LIF allowing CIFS. If you wish to avoid a status of disconnected for a node, it is necessary to have a data LIF allowing CIFS on that node for that SVM.


Best practices dictate there should be one data LIF per node per SVM, which would prevent conditions such as the lack of connection on nodes where there isn't a data LIF for the SVM. Do you prefer to define the additional LIFs to suppress these messages?


Please let me know if you have additional questions or information for the case. Thanks.



Best Regards,

Rob Halberg

Technical Support Engineer III