I want to confirm the configuration for TrendMicro ServerProtect 6.0 running on ONTAP 9.1. I had been told by NetApp support that I need a LIF in each protected SVM for EVERY node in the cluster. This would mean that my 8-node cluster running two (2) SVMs would require 16 LIFs - each with its own IP address. I tend to think that the TSE may have misspoken here. According to documentation, it appears I can provide only the cluster Mgmt LIF to the AV connector LIF config applet and that would cover ALL SVMs in the cluster. Otherwise, I'll end up with something like this... 16 IPs used for AV Scanning (??)
Isn't this why we have failover-groups to begin with?
Logical Status Network Current Current Is
Vserver Interface Admin/Oper Address/Mask Node Port Home
TR-4312 is the Antivirus Solution Guide for ONTAP and Trend Micro. On page 19, section 5.2, it says:
You can also enter the cluster management LIF. If you specify the cluster management LIF, all SVMs that are serving CIFS within that cluster can use the Vscan server.
This is the way that we have ServerProtect configured in our environment and it has been happily working for some time. Feel free to reach out if you have any other deployment questions, we use it pretty extensively.
So to clarify.... Provisioning a data LIF for each and every node in every SVM (as in my initial post) is not necessary? One cluster mgmt LIF per cluster for each scanner server (via the scanner's "Configure ONTAP Management LIFs" utility) is sufficient?
I'm reaching out to close this loop... The manual is quite clear. So if I remove all but my cluster mgmt LIF from the configuration, any SVM with vscan enabled and scanner pools in place, etc. will be able to communicate with my scanners? I'm not sure why the NetApp TSE insisted I need a CIFS LIF/IP address for every node and for every SVM in my cluster.
Looking at case notes, it appears that you are looking to address issues with many of your nodes indicating a lack of a connection for your configured vscan servers for the SVM CBIFS07EUS.
This actually stands to reason, as only the node CBINTAPP04eUS has a data LIF allowing CIFS. If you wish to avoid a status of disconnected for a node, it is necessary to have a data LIF allowing CIFS on that node for that SVM.
Best practices dictate there should be one data LIF per node per SVM, which would prevent conditions such as the lack of connection on nodes where there isn't a data LIF for the SVM. Do you prefer to define the additional LIFs to suppress these messages?
Please let me know if you have additional questions or information for the case. Thanks.