CIFS and AV

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

CIFS and AV

TAYLOR DANIEL

As we make an increasing push to use CIFS I am interested to know what peoples thoughts and opinions are on scanning data on CIFS shares for viruses etc.  Does anyone use the Anti-Virus connector for Clustered Data ONTAP? does it work or have experience with it, and what are the alternatives other than to let the clients use their own AV to deal with potential nasties!


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: CIFS and AV

Klise, Steve-2
Holy war. Begin. 

We discussed a few years back. We used av on 7-mode and it adds a load (varies but I saw 5-10%). I know not cdot but same concerns. Folks said no as the end point should be protected and let the filers serve file. I vote for layers and defense in depth or layers. It's the outfield in baseball. I did catch viruses. 

Sent from my iPhone

On Apr 25, 2017, at 7:09 AM, TAYLOR DANIEL <[hidden email]> wrote:

As we make an increasing push to use CIFS I am interested to know what peoples thoughts and opinions are on scanning data on CIFS shares for viruses etc.  Does anyone use the Anti-Virus connector for Clustered Data ONTAP? does it work or have experience with it, and what are the alternatives other than to let the clients use their own AV to deal with potential nasties!

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: CIFS and AV

Michael Bergman
On 2017-04-25 16:26, Steve Klise wrote:
> Holy war. Begin.

:-)

> I did catch viruses.

Or false positives.  Guess which side I'm on in this war :-)

/M
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: CIFS and AV

Jeff Bryer
We're interested in using the Anti-Virus connector for Clustered Data ONTAP as well.  We have zero control over a lot of the end point devices (student laptops, etc), so that's not option for us.
However it doesn't seem like a lot of NetApp customers use it.  We haven't found anyone local using it, and our VAR hasn't sold it.

We're considering the Trend Micro solution, only because we already use their product elsewhere (but we're open to other solutions).

----- Original Message -----
From: "Michael Bergman" <[hidden email]>
To: "Toasters" <[hidden email]>
Sent: Tuesday, April 25, 2017 7:33:28 AM
Subject: Re: CIFS and AV

On 2017-04-25 16:26, Steve Klise wrote:
> Holy war. Begin.

:-)

> I did catch viruses.

Or false positives.  Guess which side I'm on in this war :-)

/M
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

R: CIFS and AV

Milazzo Giacomo
For which I can remember from opinions by other customers Trend Micro and Symantec solutions were the ones requiring, in a certain way, more external resources in term of scan engines. And Symantec over all quite expensive because is based on the number of users!

I've used several time the McAfee solution, cheaper for is based on number of FAS controllers and overall less expensive at all. No particular request about scan engines, normal Windows file servers with a lot of RAM (minimum suggested 64 GB) for caching purposes. I suggest to put two different scan engines in balanced mode as from documentation and to avoid the av checking on writes. After all I expect that desktop are covered by some av protection, maybe the "simple" and free, but working fine, Windows Defender that comes with os.

Regards




-----Messaggio originale-----
Da: [hidden email] [mailto:[hidden email]] Per conto di Jeff Bryer
Inviato: martedì 25 aprile 2017 17:15
A: Michael Bergman <[hidden email]>
Cc: Toasters <[hidden email]>
Oggetto: Re: CIFS and AV

We're interested in using the Anti-Virus connector for Clustered Data ONTAP as well.  We have zero control over a lot of the end point devices (student laptops, etc), so that's not option for us.
However it doesn't seem like a lot of NetApp customers use it.  We haven't found anyone local using it, and our VAR hasn't sold it.

We're considering the Trend Micro solution, only because we already use their product elsewhere (but we're open to other solutions).

----- Original Message -----
From: "Michael Bergman" <[hidden email]>
To: "Toasters" <[hidden email]>
Sent: Tuesday, April 25, 2017 7:33:28 AM
Subject: Re: CIFS and AV

On 2017-04-25 16:26, Steve Klise wrote:
> Holy war. Begin.

:-)

> I did catch viruses.

Or false positives.  Guess which side I'm on in this war :-)

/M
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: CIFS and AV

Edward Rolison
In reply to this post by TAYLOR DANIEL
I've had mostly bad experiences with AV interacting with storage. Not just on NetApp. 

I find it's really quite common to underestimate the workload involved in traversing a billion files across a few hundred tera, and how much knock on impact that cascaded down. (It's passable on a quiescent system, but can _really_ hurt when it's under load, and push your latency up quite significantly). 

Particularly - a lot of the performance of storage arrays in general is down to efficient caching, and deep file traversal doesn't. So you've got a heavy 'fast as you can' read workload, that _has_ to go to back end disks, and because it's read-heavy it's a real-time time constraint. 

On access or on-write scanning similarly - average figures look ok, but _peak_ latency figures start to really hurt.  I mean, the way latency works - when 'congestion' is happening, load increases amplify into quite substantial latency increases, and performance _really_ starts to hurt. 

Offloading 'on access' to client is about the only way to distribute this load wide enough. 

Of course, in an ideal world, you'll have ample storage performance in reserve, and this will never be an issue. Maybe when we're all SSD everywhere, then I'll revise my opinion. I think that day is still a way off though.... 

(reply to the whole list this time :))



On 25 April 2017 at 15:07, TAYLOR DANIEL <[hidden email]> wrote:

As we make an increasing push to use CIFS I am interested to know what peoples thoughts and opinions are on scanning data on CIFS shares for viruses etc.  Does anyone use the Anti-Virus connector for Clustered Data ONTAP? does it work or have experience with it, and what are the alternatives other than to let the clients use their own AV to deal with potential nasties!


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters



_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters