docu46590_VNX-Event-Enabler-Release-Notes-5.1.0.0.pdf

1

EMC VNX Event Enabler

Version 5.1.0.0

Release Notes P/N 300-013-478

REV 04 March 28, 2013

This document provides information about the latest release of EMC VNX Event Enabler software and related documentation. Topics include:

Revision history ......................................................................................... 2 Product description ................................................................................... 2 New features and changes ........................................................................ 2 Environment and system requirements.................................................. 3 Fixed problems ........................................................................................... 5 Known problems and limitations ............................................................ 5 Problem prevention ................................................................................... 7 Technical notes ........................................................................................... 8 Documentation ......................................................................................... 11 Troubleshooting and getting help ......................................................... 12

2

Revision history

EMC VNX Event Enabler Version 5.1.0.0 Release Notes

Revision history

The following table presents the revision history of this document.

Revision Date Description 04 March 28, 2013 Updated for release 5.1.0.0

03 December 19, 2012 Updated for release 5.0.8.2 02 July 16, 2012 Updated for release 5.0.6.2. Added fixed problem

495847.

01 July 16, 2012 Initial release

Product description

The EMC VNX Event Enabler (VEE) framework contains the following facilities and is used to provide a working environment for these facilities:

VEE Common AntiVirus Agent (CAVA) provides an antivirus solution to clients using a VNX server. It uses an industry-standard CIFS protocol in a Microsoft Windows Server environment. CAVA uses third-party antivirus software to identify and eliminate known viruses before they infect files on the storage system. The Using VNX Event Enabler technical module contains information about using CAVA.

VEE CEPA is a mechanism whereby applications can register to receive event notification and context from the VNX system. CEPA delivers to the consuming application event notification and associated context (file/directory metadata needed to make a business policy decision) in one message. The Using VNX Event Enabler technical module contains information about using CEPA.

VCAPS is a mechanism for delivering asynchronous "post events" in batch mode. The delivery can be triggered based on a time period or a number of events.

While the VEE framework includes CAVA, CEPA, and VCAPS, they can also run independently.

New features and changes

Version 5.1.0.0

VEE now supports two Microsoft antivirus products:

3

Environment and system requirements


Forefront Endpoint Protection 2010 System Center 2012 Endpoint Protection

CEPA API now supports xml/http or xml/https.

Version 5.0.8.2

There are no new features in this release.

Version 5.0.6.2


Version 5.0.6.1



For the latest system requirements, consult the website or documentation of the particular third-party AV engine manufacturer. The AV engine version may differ depending on the operating system.

Table 1 lists the minimum system requirements recommended by EMC for each AV server.

Table 1. Minimum requirements for AV servers Hardware A workstation with:

Intel Pentium III 700 MHz (or faster) 512 MB RAM minimum 50 MB free disk space

Software Windows Server or any Windows operating system compatible with the vendors consumer application software.

Network CAVA must be running on a machine that is part of a valid Windows environment. Note: Share-level authentication or stand-alone Windows servers are not supported when using CAVA.

Storage No specific storage requirements.

Table 2 describes the VNX for File software, hardware, network, and storage configurations.

4



Table 2. System requirements Software Microsoft Windows Server or any Windows operating system compatible

with the vendors consumer application software. Two kits are available:

EMC_VEE_Pack_Win32_xxxx for installation on Windows 32-bit operating systems

EMC_VEE_Pack_x64_xxxx for installation on Windows 64-bit operating systems

where xxxx = software version number You cannot install both a 32-bit and a 64-bit version of the software on the same machine. Note: Running VEE in the Windows on Windows (WOW) environment

on a 64-bit platform is not supported. Search the EMC E-Lab Interoperability Navigator for consumer applications supported when using VNX Event Enabler.

Hardware A workstation with: 600-megahertz Pentium III-compatible or faster 512 megabytes of RAM 80 megabytes of free disk space

Network The Windows network must contain a domain controller with Active Directory and DNS enabled. Data Movers on VNX must be configured with the CIFS protocol. You cannot use a Virtual Data Mover for the CIFS protocol. Configuring and Managing CIFS on VNX provides more information on configuring the CIFS protocol.

Storage No specific storage requirements.

Table 3 lists the minimum system requirements for the CAVA Calculator.

Table 3. Minimum requirements for CAVA Calculator Software Microsoft Windows Server

Microsoft .NET Framework 1.1 CAVA Tools

Hardware No specific hardware requirements. Network No specific network requirements. Storage No specific storage requirements.

5

Fixed problems


Fixed problems

Severity Symptom Description Fix Summary Tracking Number

2 Some AV engines remediate infections outside the scope of their scans, which could cause a file to be released too soon from the DART AV scan queue.

CAVA heartbeat now respond swith "remediationWindow" to prevent this issue.

544015

Known problems and limitations

Microsoft antivirus agent support

Forefront and System Center 2012 Endpoint Protection are supported only in environments where all Data Movers, CAVA machines, and Microsoft AV machines are in the same Active Directory Forest.

Microsoft antivirus agents on a Data Mover

If you use either Forefront or System Center 2012 Endpoint Protection on a Data Mover, the server_viruschk command lists the AV server generically as Microsoft AV.

CAVA is for CIFS clients

The CAVA feature of the VEE product is for CIFS clients only. If NFS or FTP protocols are used to modify files, the files will not be scanned for viruses. No UNIX antivirus application support is provided.

CEPA support

CEPA supports clients that run either the CIFS or NFS protocol only. If the FTP protocol is used to move or modify files, no events are processed or published for the files.

File-Level Retention

It is strongly recommended that the antivirus (AV) administrator updates the virus definition files on all resident AV engines in the CAVA pools, and periodically run a full file system scan of the file system to detect infected FLR files. The Using VNX Event Enabler technical module provides additional information about virus definition updates.

6

Known problems and limitations


Microsoft Access

Do not scan Microsoft Access database files in real time. Files inside a database are not scanned.

Restricted Group GPO

CAVA requires the antivirus domain account (AV user account) to be in the local administrators group of the VNX for File CIFS server. If the CIFS server has Restricted Group GPO enforced and the AV user account is removed from the local administrators group, after the next CAVA restart, the status will change from ONLINE to AV_NOT_FOUND.

To ensure that the CAVA status remains ONLINE, you must either include the corresponding AV user account in the Restricted Group, or remove the Restricted Group.

Using Microsoft SMB2

When using Microsoft SMB2 as the protocol between AV engines and the VNX for File, the Microsoft Redirector uses a local cache for directory metadata on the machine where the AV engine resides. By default, this cache is invalidated every 10 seconds.

As a consequence, the updates that are made to the server share during this period might not be seen in the cache. When this occurs, the AV engines cannot scan the files requested by CAVA because the contents of the Redirectors cache and the actual directory structure on the server share do not match. The Data Movers server_log contains the following SMB2 error message: file not found. Workaround To prevent this condition, disable the directory cache on the machines on which CAVA and AV engines are running by using the following procedure:

1. Open the Windows Registry Editor and navigate to HKLM\SystemCurrentControlSet\Services\LanmanWorkstation\Parameters.

2. Right-click Parameters and select New > DWORD Value.

3. For the new REG_DWORD entry, type a name of DirectoryCacheLifetime.

4. Set the value to 0 to disable DirectoryCacheLifetime.

5. Click OK.

7

Problem prevention


6. Restart the machine.

Windows 64-bit operating systems

64-bit CAVA agent cannot work with 32-bit antivirus engines

The 64-bit CAVA agent cannot work with a 32-bit antivirus (AV) engine. If you are using a 32-bit AV engine, you must use 32-bit CAVA. Similarly, if you are using a 64-bit AV engine, you must use the 64-bit CAVA.

Loading a 32-bit driver on a 64-bit Windows operating system is disallowed by Windows. When using CAVA with a 32-bit driver-based AV engine, you must load the AV engine and CAVA/VEE on a 32-bit Windows OS. This does not apply to an API-based AV engine.

A 32-bit API-based AV engine and 32-bit CAVA can be loaded on a 64-bit OS. At this time, the only API-based AV engine supported with CAVA is Symantec AV for NAS.

MS-RPC

In order to run VEE on Windows 64-bit operating systems, the VNX for File -to-CEE communications must be over Microsoft RPC (MS-RPC). The version of VEE that runs on Windows 64-bit operating systems is supported with Celerra version 5.6.45 or later and VEE version 4.5.0.4 or later.

Windows Server 2008

If you are using Windows Server 2008, you must manually compile the cava.mof file while using the EMC cavamon sizing tool.

Problem prevention

The EMC Customer Service center has reported a number of calls concerning the following issues. Take a moment to familiarize yourself with these potential issues.

VNX Common AntiVirus Agent

Number of CAVA engines

It is possible to configure your EMC VNX installation with only one CAVA engine. However, this non high-availability configuration can make your installation susceptible to data unavailability in the event that the CAVA engine goes offline for any reason. The best method for

8

Technical notes


preventing this type of outage is to increase the number of available CAVA engines.

Additional information for configuring the Common AntiVirus Agent can be found in the Using VNX Event Enabler technical module. This document describes the parameter settings that specify shutdown actions to take when no servers are available.

Performance

If a large number of files need to be checked at the same time, the CAVA file checking process may be slow depending on the number of threads configured, the number of CAVA servers, and the speed of the CAVA servers.

If the CAVA servers cannot process file checks quickly enough, then all antivirus (AV) threads become busy and the AV collector queue increases, indicating that file check requests are queuing up. Increasing the number of AV threads (10 by default) allows more files to be checked in parallel and may improve performance.

However, the number of CAVA engines may need to be increased to satisfy a heavy load.

Removing AV user from Data Mover password file

If you remove an AV user from the Data Mover password file, CAVA will not work. Depending on the setting you have on CIFS, you could either use up all of the CIFS threads because they are used for virus checking, or CAVA could shut down CIFS altogether.

Technical notes

System Requirements for Windows 8 and Windows Server 2012

Windows 8 and Windows Server 2012 install and enable by default the .NET Framework 4.5. However, the VEE Framework ,cava.exe, is a .NET Framework 3.5 service. You must enable .NET Framework 3.5. The Microsoft website contains instructions on enabling the .NET Framework 3.5 on Windows 8 and Windows 2012 at:

http://msdn.microsoft.com/en-us/library/hh506443.aspx

9

Technical notes


VNX for File virus checking solution

Third-party antivirus engines

Table 4 lists the requirements for using CAVA with third-party antivirus engines.

Table 4. Virus checking solution requirements All Vendor VNX for File version AntiVirus version

Computer Associates eTrust r8.1 All currently-supported VNX for

File versions1 Common AntiVirus Agent (CAVA) 3.4.0 and later eTrust r8

TrendMicro ServerProtect for EMC NAS 5.3.1

All currently-supported VNX for File versions1

Common AntiVirus Agent (CAVA) 3.4.0 and later

ServerProtect for EMC NAS 5.8

Sophos AntiVirus 3.x All currently supported VNX for

File versions1 Common AntiVirus Agent (CAVA) 3.4.0 and later AntiVirus 5.x

AntiVirus 6.x

AntiVirus 7.x AntiVirus 9.x AntiVirus 10.x

Kaspersky Kaspersky Anti-Virus for Windows Servers Enterprise Edition

5.6.46.4 and later VNX Event Enabler (VEE) 4.5.1 and later

McAfee VirusScan 8.0i All currently supported VNX for

File versions1 Common AntiVirus Agent (CAVA) 3.4.0 and later VirusScan 8.7i

VirusScan 8.8i Patch 1

Microsoft System Center 2012 Endpoint Protection SP1 [Antimalware Client Version: 4.1.522.0]

All currently supported VNX for File versions1,2

VNX Event Enabler (VEE) 5.1.0.0 and later

10

Technical notes


Forefront Endpoint Protection 2010 with hotfix KB2758685 [Antimalware Client Version: 4.1.522.0]

Symantec Symantec Endpoint Protection 11.06

5.6.48.x and later VNX Event Enabler (VEE) 4.5.2.2 and later

Symantec Endpoint Protection 12.1 Symantec Endpoint Protection v12.1 MU1

All currently supported VNX for File versions1


Symantec Endpoint Protection v12.1 MU2



Symantec Protection Engine 7.0



SAV for NAS 5.2.x All currently supported VNX for File versions1

Common AntiVirus Agent (CAVA) 3.6.2 and later SAV for NAS 4.3.x

F-Secure F-Secure E-mail and Server Security 9.20 with F-Secure hotfix FSESS920-900

5.6.48.x and later2 VNX Event Enabler (VEE) 5.0.8.2 and later

F-Secure Server Security 9.20 with F-Secure hotfix FSSS920-900

5.6.48.x and later2 VNX Event Enabler (VEE) 5.0.8.2 and later

1 Currently supported NAS versions include the entire 5.6.x, 6.0.x, 7.0.x, and 7.1.x families. Refer to the EMC E-LabTM Interoperability Navigator for the latest supported version information.

2 From the VNX Control Station, issue the command: server_param server_N f viruschk l. If the result has AvAgents viruschk Kaspersky:Symantec AV Kaspersky:Symantec AV:FSecure:Microsoft Antivirus, no action is required. If this is not the result, please add the following line to the /nas/server/server_(N-1)/param file: param viruschk AvAgents:Kaspersky:Symantec AV:FSecure:Microsoft Antivirus. Then, reboot the Data Mover.

Configuration guidelines

Table 5 lists the configuration guidelines for the CAVA. The values listed in this section represent the highest or lowest values tested by EMC. In some cases, actual capacities may exceed the capacities tested by EMC.

11

Documentation


Table 5. Virus checking guidelines Guideline/specification Maximum

tested value Comment

Virus checker file pending 90% of available VNODES in system

The percentage of total cached open files available in the system that can be pending on Virus Checking. An event is sent to the Control Station when the maximum is reached. To change the default value, modify param viruschk.vnodeMax(default=2000) and/or param viruschk.vnodeHWM(default=0x5a(90%). Parameter information can be found in the Parameters Guide for VNX for File.

Documentation

VNX for File version 7.1

This section lists the VEE related user documentation for File Version 7.1. These documents can be downloaded from EMC Online Support at http://Support.EMC.com.

Antivirus

Table 6 lists information for antivirus protection described in technical modules and online help.

Table 6. Antivirus

Part number Name Description Online help CAVA Calculator Describes using the CAVA

Calculator sizing tool to estimate the number of CAVAs required to provide a user-defined level of performance in a CAVA pool, based upon user information.

Online help Common AntiVirus Management Explains how to modify CAVA virus-checking configuration parameters on a Data Mover from a Microsoft Windows Server.

300-013-502 Using VNX Event Enabler Describes how to install and configure the VNX Event Enabler Framework software that provides a working environment for the CAVA and CEPA facilities.

12

Troubleshooting and getting help


Part number Name Description 300-013-443 Getting Started with EMC VNX

Event Enabler Helps you to verify the product shipment and set up an EMC Support website account.

300-013-803 VNX Event Enabler Publishing Agent API Guide

Describes how to create a CEPA configuration file, issue CEPA commands using the CLI, and assign the EMC Event Notification Bypass privilege to suppress third-party application events.


Where to get help

EMC support, product, and licensing information can be obtained as follows.

Product information

For documentation, release notes, software updates, or for information about EMC products, licensing, and service, go to EMC Online Support (registration required) at: http://Support.EMC.com

Troubleshooting

Go to EMC Online Support. After logging in, locate the appropriate Support by Product page.

Technical support

For technical support and service requests, go to EMC Customer Service on EMC Online Support. After logging in, locate the appropriate Support by Product page, and choose either Live Chat or Create a service request. To open a service request through EMC Online Support, you must have a valid support agreement. Contact your EMC Sales Representative for details about obtaining a valid support agreement or to answer any questions about your account.

Note: Do not request a specific support representative unless one has been assigned to your particular system problem.

13



Copyright 2013 EMC Corporation. All Rights Reserved. Published in the USA.

Published March 2013

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC2, EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date regulatory document for your product line, go to the technical documentation and advisories section on the EMC online support website.

Revision historyProduct descriptionNew features and changesVersion 5.1.0.0Version 5.0.8.2Version 5.0.6.2Version 5.0.6.1

Environment and system requirementsFixed problemsKnown problems and limitationsMicrosoft antivirus agent supportMicrosoft antivirus agents on a Data MoverCAVA is for CIFS clientsCEPA supportFile-Level RetentionMicrosoft AccessRestricted Group GPOUsing Microsoft SMB2Workaround

Windows 64-bit operating systems64-bit CAVA agent cannot work with 32-bit antivirus enginesMS-RPC

Windows Server 2008

Problem preventionVNX Common AntiVirus AgentNumber of CAVA enginesPerformanceRemoving AV user from Data Mover password file

Technical notesSystem Requirements for Windows 8 and Windows Server 2012VNX for File virus checking solutionThird-party antivirus engines

Configuration guidelines

DocumentationVNX for File version 7.1Antivirus

Troubleshooting and getting helpWhere to get helpProduct informationTroubleshootingTechnical support

Documents

docu46590_VNX-Event-Enabler-Release-Notes-5.1.0.0.pdf