Emre Kurnaz`s IT Diary

Cava Antivirus on Powerscale

Posted on Mar 21, 2022

CAVA Antivirus on Powerscale Introduction

One of the most struggling parts of administrating a huge NAS system like Isilon/Powerscale is Antivirus management. ICAP is the most used protocol for Antivirus scanning, which is basically, NAS is sending the file to the Antivirus server and wait for the file analysis and quarantine/truncate etc if needed. Here we will get into configuring CAVA Antivirus on Powerscale and try to understand how it is performed.

Most of the NAS admins can complain how this approach is not that much effective with the aspect of resource utilization and performance of antivirus scanning.

CAVA is currently available on Powerscale OneFS versions 9.1 and later, and supports SMB protocol only.

What it does is sharing the IFS filesystem only to CAVA servers over a restricted zone and IP Pool and relies on the filesystem auditing.

Whenever a file access is requested, the audit is sent to the CAVA/CEE Agent on the Antivirus server for him to identify what filepath needs to be scanned, and access the file path over CHECK$ share and performs the scan.

CAVA Antivirus on Powerscale Introduction Prerequisites

To have a successful implementation of CAVA, please make sure

  1. Your Antivirus server version is compatible
  2. SMB protocol is enabled on Powerscale cluster.
  3. You have a Active Directory provider already running.
  4. Create a service user on the Active Directory for Antivirus Server to access the CHECK$ share. It is also needed to run CEE service on the Antivirus server.
  5. Dell EMC CEE (Common Event Enabler) software is installed on the Antivirus Servers.
  6. Antivirus Servers’ CEE port 12228 is accessible from the Powerscale
  7. You have enough number of Antivirus Servers
  8. The CAVA service is not enabled until you have successfully created IP Pool for CAVA and configured.

CAVA Antivirus on Powerscale Introduction Implementation

After all the above are satisfied, you may proceed to implementation of CAVA on Powerscale cluster.

  1. You need to create the CAVA servers on the Powerscale cluster.
  2. Create a dedicated IP Pool for Antivirus servers to have SMB access to Powerscale cluster. Please note that, this pool will be only accessible by the CAVA servers created at the 1st item. When creating the IP Pool, dont forget to configure SmartConnect Zone Name, and its necessary delegations to the SmartConnect IP Address. This will help load balance the network traffic and connections from CAVA servers to Isilon nodes. After creating the IP Pool, you will need to configure CAVA settings to use this IP Pool.
  3. At this point, you can enable CAVA service, which will disable ICAP if it is in use. This action is automatically creating the AvVendor Access Zone with the ID of -2. You also need to configure this Access Zone to add the Active Directory provider mentioned above. You may also check the SMB Shares listed under AvVendor access zone, here you will see the CHECK$ share and its path is /ifs, which is the whole distributed filesystem. To restrict access to the share, you need to assign ISI_PRIV_AV_VENDOR privilegde to a service user you will be creating next.
  4. Finally you need to modify the AvVendor role to add the Active Directory service user. This will grant ISI_PRIV_AV_VENDOR priviledge to the user.

For details and more, you may check the official CAVA Solution documentation here. Configuring CAVA Antivirus Solution on Powerscale will not be a burden for the storage administrators after reading this article.