Hitachi NAS Products with Symantec AntiVirus Scan Engine Implementation

Quick Start Sizing and Planning Guide

Introduction
This performance brief provides a technical overview explaining the features and benefits of the integration solution for the Hitachi NAS Blade for TagmaStore® Universal Storage Platform and Network Storage Controller and for Hitachi TagmaStore Adaptable Modular Storage and Workgroup Modular Storage with NAS Option (all Hitachi network attached storage (NAS) products/“Hitachi NAS products”) with Symantec AntiVirus Scan Engine software.
Hitachi NAS Products and Symantec AntiVirus Scan Engine—the Solution Concept
Hitachi, Ltd., has developed an interface to the Symantec AntiVirus Scan Engine using the Scan Engine's software development kit (SDK) and the Internet Content Adaptation Protocol (ICAP). This allows files to be scanned for viruses as they are accessed from the Hitachi NAS Blade or file system/filer. Symantec has officially certified interoperability through the Symantec Technology Partner Program.
Hitachi Storage NAS Scan Server
1. Receive write request.
2. Transfer data to scan servers.
3. Scan data and attempt repair on infected files. Reject write request if the repair fails.
4. Send back the scanned file and report results.
5. Allow the request if the scan worked successfully.

The Symantec AntiVirus Scan Engine scans files for viruses as they are accessed from Hitachi NAS products. Integrating Hitachi NAS Products with Symantec AntiVirus Scan Engine
Precautions
: : Make sure that the license for Symantec AntiVirus Scan Engine and the Hitachi NAS AntiVirus Agent software do not expire, and that your virus definitions are up to date.
: : A timeout error may occur on the Common Internet File System (CIFS) client while a large file is being scanned for viruses. In this case, processing will continue on the Hitachi NAS product until the virus scan finishes.
: : You can register a maximum of 32 scan servers for each cluster. You should register at least two scan servers per cluster in case the server experiences an error or multiple access requests within a short time period.
: : If you set the scan timing to either “read and write” or “write only” in the Scan Conditions window, a temporary file is created in the same folder as the file being scanned. If a system error occurs, the temporary file can remain, which could cause disk space to become insufficient. If this occurs, verify
whether the file being scanned has been infected by a virus or data has been damaged, and then either delete or restore the file.
Note: The format of the temporary file name is: ava process-id unique-string_name-of-scan-target-file_bak
The variable process-id has five characters, and the unique-string has six characters.
The name of the temporary file is 19 characters longer than the name of the file to be scanned.
Therefore, if the length of the file path to the temporary file is longer than the allowable maximum for Windows (255 characters), the temporary file may not be accessed. Adjust the name of the parent folder so the length of the file path becomes 255 characters or less, and then delete or restore the
temporary file.
Setup Procedure
To install the Symantec AntiVirus Scan Engine software:
1. Log on to your computer as an administrator.
2. Copy the ScanEngine.exe file from the CD onto your computer and run the .exe file.
3. Click Next to agree to the terms of the Symantec licensing agreement.
4. Select the installation folder, and then click Next. The default location is C:\Program Files\Symantec\Scan Engine.
5. Select ICAP for the communication protocol.
6. Select the port number for the listening interface. The default port number is 8004.
7. Enter and confirm the administrator password for managing the Symantec AntiVirus Scan Engine, then click Next.
8. Follow the on-screen prompts to complete the installation.
To complete the online licensing form:
1. Launch your Web browser and navigate to http://:/. Note: indicates the host name or IP address and indicates the port number you selected during installation.
2. In the Log on dialog box, type the password for the administrative account. Click Log on.
3. On the Symantec AntiVirus Scan Engine administrative interface, Click Licensing.
4. On the Install tab, click the link to access Symantec’s licensing and Registration Web page. Follow the instructions to complete the online licensing form. The license file is returned via e-mail as an attachment.
Note: You must have the appropriate serial number to complete the form.
5. Save the license file to the computer from which you will access the Symantec AntiVirus Scan Engine administrative interface.
6. On the Symantec AntiVirus Scan Engine administrative interface, click Licensing.
7. On the Install tab, click Browse and select the location of the license file. Click Confirm Changes and Continue.
Note: If the license did not install, you will be returned to the Install tab.
To configure Symantec AntiVirus Scan Engine:
1. To configure certain ICAP-specific options, click Configuration in the left panel.
2. In the Port number box, type the Transmission Control Protocol/Internet Protocol (TCP/IP) port number client applications will use to pass files to the Symantec AntiVirus Scan Engine for scanning. The default setting for ICAP is port 1344.
3. Log on to the NAS Management graphical user interface (GUI) and Click Virus Scan on the Main Menu. Click Add Server. Add a server via the Main Menu on the NAS Management GUI.
4. Specify the host name or IP address of the server that is running the Symantec AntiVirus Scan Engine. Click Add. Enter host name or IP address on Add Scanner Server screen.
5. Press Scan Conditions. Configure the scan conditions and press OK.
Note: To avoid potential dispersion in the scan results, ensure a consistent scan condition within a cluster. Repair results for infected files before and after failovers.
The Scan Conditions Screen allows configuration of the scan conditions, including enabling or disabling notifications regarding infected files.
Specify range from 1 to 9,999. Enable/disable SNMP trap notification and log messages if an infected file is detected.
CAUTION: This option applies regardless of scan conditions. If Deny access is selected, write access to the NAS device will be denied in case the
Symantec AntiVirus Scan Engine license has expired.
6. Select the server just registered and click Start. If the server starts successfully, the server status displays as Running. From the List of Scanner Servers screen you can click Start to check whether the server starts successfully.
If the server starts successfully, the real-time scanning status shows “Running.”
Note: You can register a maximum of 32 scan servers for each cluster. You should register at least two scan servers per cluster, in case the server experiences an error or multiple access requests are received within a short time period.
System Requirements
Hitachi NAS Requirement
When the CIFS client updates files during a virus scan, the amount of free space on the file system must be at least the same size as the files to be scanned. Note: Files cannot be updated if free space is not sufficient.
The recommended Symantec AntiVirus server system requirements are shown in Table 1 (as of August 2006).
Platform Requirement
Microsoft Windows 2000
Server/Server 2003 : :
Windows Server 2003 or Windows 2000 Server or Advance Server with
Service Pack 2 or later
: : 2.4GHz Pentium 4
: : 1GB random access memory (RAM)
: : 500MB hard disk space available
: : One network interface card (NIC) running TCP/IP with a static IP address
: : Web-based administration requires Microsoft Internet Explorer 6.0 or later
: : Symantec LiveUpdate of virus definitions requires an Internet connection Red Hat Linux : : Red Hat Linux 9.0; or Enterprise 2.1 or 3.0 AS/ES
: : 2.4GHz Pentium 4
: : 1GB RAM
: : 500MB hard disk space available
: : One NIC running TCP/IP with a static IP address
: : Web-based administration requires
: : Microsoft Internet Explorer 6.0 or later
: : LiveUpdate of virus definitions
: : Requires an Internet connection
Sun™ Solaris™ : : Sun Solaris 8, 9, or 10 (SPARC only)
: : 1GHz Sun SPARC central processing unit (CPU)
: : 1GB RAM
: : 500MB hard disk space available
: : One NIC running TCP/IP with a static IP address
: : Web-based administration requires Microsoft Internet Explorer 6.0 or later
: : LiveUpdate of virus definitions requires an Internet connection
Estimating the Number of Scan Servers
Hitachi NAS products distribute scan requests according to the number of files each Symantec AntiVirus server is handling at that moment. The number of files a scan server with each platform can process per second is based on performance testing with typical file server traffic file sets. Estimating the number of files NAS will handle per second via CIFS access is essential. You can obtain the minimal number of scan servers by considering the performance criteria as described in the following section.
Performance Criteria for Each Platform
In the following performance test, an isolated network was used for sending files to the Symantec Scan Engine. In most cases, it is not necessary to send files using an isolated network; however, it is an easy way to cut down on network traffic.
The file set Symantec used in the file server testing represents files typically found on a network file server. The set consisted of 1027 files totaling 143MB and ranging from1KB to 12.2MB. The majority of the files were doc, ppt, xls, and pdf and averaged 143KB per file. There were also 50 files with one or more viruses.
Sizing Examples
As described in the preceding section, the most important factor is the number of files NAS will process per second via CIFS access. This section presents a rough estimate of the number of scan servers for a Hitachi NAS cluster with a hypothetical environment based on the above Symantec performance data.
Note: The following calculation and estimation is only one example and there are many different approaches.
To determine the best method for your environment, answer the following questions:
: : What percentage of your total volume will be accessed per day?
This number is about files to be accessed from Windows Clients, which are more likely to be in danger of various computer viruses. Generally, you will access 15 percent to 20 percent per day.
: : What is the average file size?
: : How many Ethernet ports per cluster do you have for data service?
If one node has n data ports up and running, you have 2*n ports for the cluster.

The hypothetical environment presents a rough estimate of the number of scan servers for a Hitachi NAS cluster.
Assumptions
: : 20 percent of total capacity will be accessed per day
: : Four Gigabit Ethernet ports per cluster and LAN has Gigabit network backbone
: : Average size is 0.14MB (same as Symantec file sets) Solution
Assuming we have x terabytes total, every second NAS has to handle
0.2 * (x TB) * 1024 *1024 / (24 * 60 * 60) = 2.43 * x MB
For NAS file service, there are several potential bottlenecks, depending on the customer’s environment, applications, or access patterns. Each Gigabit Ethernet port has a speed of 1000Mbit/sec and a theoretical throughput of 125MB/sec. In practice, Gigabit Ethernet throughput is 80 percent utilization or less.
Therefore, the best delivered data rate is about 100MB/sec to scan servers. The throughput is lower and tends to decrease with an increase in the amount of data service for various reasons such as increase of TCP/IP packets collisions, CPU utilizations, or opportunities of random access.
According to the assumption above, now that we have four ports, we can assume 400MB/sec to 240MB/sec for overall expected maximum throughput of the system.
The amount of data NAS will handle per second relates to the total capacity (xTB) allocated to the NAS cluster. A Linux Dual Processor scan server with 2GB RAM can process approximately 100 files/sec on average. In the following example, 100MB/sec is equivalent to 716files/sec. Figure 12 shows the appropriate numbers of scan servers in relation to the total capacity ( xTB) when this platform is used.
Appropriate numbers of scan servers are shown in relation to the total capacity when the Linux platform is used.
Performance Facts
The following sections summarize the performance benchmarks performed on the Symantec AntiVirus Scan Engine version 4.3 with Adaptable Modular Storage model AMS500 with NAS Option. This benchmark is aimed at examining the relationship between server resources such as CPU or RAM size
and scan performances.