Blog

What is EMC CAVA? – Celerra Anti Virus Agent

I have been asked about this 4 times in the past week, "How do I set up CAVA on the Celerra?” I actually thought there must have been a post somewhere in the bloggy universe about CAVA but I couldn’t find anything so I think it’s time to fix that. Also, I’m supposed to be studying for this bloody CCNA exam I failed by 3 points but that can wait :)

CAVA stands for Celerra Anti Virus Agent, which is exactly what it says, its Anti Virus for your little (or big) NAS box. It has actually changed it’s name a little, if you are looking for it on EMC Powerlink it’s now called Celerra Event Enabler (CEE) CAVA. Don’t ask me why.

Even though there isn’t much to set up with CAVA, it’s quite an important part of your NAS solution and if implemented wrong it can affect your performance (on the NAS, not the bedroom – don’t stress). It’s useful to know how it scans your files and essential to know how to troubleshoot it and check its performance.

I’m going to break this up into three posts

What is CAVA? (this post)
CAVA Considerations and basic setup
CAVA troubleshooting (which is really why I am doing this)
The official spiel is this:

The EMC® Celerra® AntiVirus Agent (CAVA) provides an antivirus solution to clients using an EMC Celerra Network Server using industry-standard CIFS (Common Internet File System) protocols, in a Microsoft Windows server. CAVA uses third-party antivirus software to identify and eliminate known viruses before they infect files on the storage system
Clear as mud? Here is a pretty picture of the main parts.

 

So, here are the main points and I’ll expand on some of it later:

CAVA is a mixture of a process that runs on the Celerra in conjunction with a Windows server running an AntiVirus(AV) engine like Symantec or Trend with a CAVA agent to handle the conversation.
CAVA is CIFS only.
A service account needs to be created in your AD domain (eg svc_cava). This user must be a local admin on the AV server, as well as VirusChecking rights on the CAVA CIFS server.
The Windows server runs a CAVA agent that allows the Celerra and AV engine to get all close and personal and chat about the weather.  The EMC CAVA service must be changed to “Run As” the service account.
A CIFS server must be created to facilitate the scans. This is the CAVA CIFS server and is in addition to your existing production CIFS servers.
Notice I used the word facilitate in the previous post. Yeah I know, awesome.
This next statement is very important; the CAVA CIFS server MUST run on the physical data mover. It cannot be in a VDM (Virtual Data Mover). This rule is only for the CAVA CIFS server, your other CIFS servers can go where you please. Except the pub cause they can’t hold their liquor, one drink and they’re CIFS faced.
You need to configure the viruschecker.conf file on the datamover. This can be done by uploading a txt file, or using the EMC Celerra MMC*.
The Windows AV engine can be a VM, but it can be network intensive. You should have at least 2 for redundancy and support. CAVA will load balance VC scans across the two.
EMC best practice is that nothing else runs on these servers EXCEPT the AV engine and CAVA service.
* Celerra AntiVirus Configuration Management snap-in: A Microsoft Management Console (MMC) snap-in to the Celerra Management Console. You can use the Celerra AntiVirus Configuration Management snap-in with CAVA and a third-party AV engine. It’s also use to configure Home Directories (homedir) and user permissions. It can be installed on any Windows machine in the domain. It’s located on the Celerra Tools CD.
As of 15/Oct/2010 CAVA supports the following AV providers

Symantec
McAfee
CA eTrust
Sophos
Kaspersky
Trend Micro
So, how does CAVA scanning work?

ŸUser performs an action that meets checking condition (a write, access time etc).
Data Mover sends a check file request to CAVA service.
CAVA opens file, queries it and sends file signature to the AV server. For compressed files, the entire file is sent to the AV server.
CAVA closes the file and sends response back to data mover.
File is released to the user like a tiny butterfly fluttering gently over the interweb searching desperately for a funny cat picture.
Some common events that will trigger a virus check event

ŸModifying & Closing an existing file.
Creating and saving a file.
Moving or Copying a file.
Restoring a file from backup.
Renaming a file with different extension.
Scan on Read if Access time is earlier than reference time for CIFS clients. This means that if a file has been scanned before, and a new virus definition has been downloaded, then that file will be scanned again when the file is read. How often your virus definitions are updated by your AV provider can be configured in your AV software.
For a more detailed description of the steps and points here, the Using Celerra AntiVirus Agent documentation is a great document, and it has guides for installing and configuring CAVA for all the AV vendors. https://community.emc.com/docs/DOC-4664

I’m working on the next two posts now…

By |September 1st, 2012|EMC|7 Comments

A week at the Compellent offices

Right now I’m writing this in the Qantas club at Dallas airport waiting for my 16 hour non-stop flight back to Brisbane. I used up my last complementary voucher but this really is a good way to fly. I’m supposed to be shopping for my wife but I’ll do it going through customs on the way home .. hopefully.

So with the sun setting and a free beer in my hand I thought I would jot down a couple of things and notes from my week at the Compellent offices in Minneapolis, Minnesota. For those who don’t know, Minnesota is above and to the left of Chicago, just below Canada. Apparently it’s pretty bloody cold there for most of the year but it was glorious weather all week, hot but not humid.The Compellent offices are in a suburb called Eden Prairie, south west of the city and we stayed right near it.

Gur and I enjoying a mighty aleI was lucky enough to get the call up to go for a three day IDM training session with a motley crew of Dell storage engineers from around Asia and Europe. The first part was core Compellent by one of the Compellent Principal Architects. The second part was presentations from product management to do with VMware and the vSphere plugin, Hyper-V, Exchange, NAS, SQL, Oracle and powershell . The whole thing was great and very educational, filled a few holes I had about Compellent and I got to meet a couple of the Compellent ‘tweople’ – Jason Boche @jasonboche, Tony Holland @TonyHolland00 and Justin Braun @JustinBraun. There were other great guys I could mention but they’re not on twitter so they aren’t the “look at me” types the rest of us are and may not appreciate it.

The offices are very nice and spacious, and they have that high roof thing that Americans seem to like (and I must admit so do I). Those who follow me on twitter may have seen my review of the bathroom facilities as well Smile. It’s all spread out over a couple of buildings with a few data centres chockers full of disks. It must must be a nice power bill, no wonder they went SAS! There is a lake just out the windows and it apparently freezes over they ice fish out of it. That is such a weird concept for me.

I guess I haven’t really written before anything about Compellent but I do like the technology, it was a small reason I made the jump from EMC to Dell. It’s a much different look at storage and I like it, especially some little things that EMC could do well to copy like replay profiles and LUN creation defaults. Just little things but you can tell the Compellent team were really focused on minimising the amount time a storage admin spent managing an array. If enough people are keen I can do a writeup about it and how it works, or if you are in Brisbane I can come show you. We were messing around in the labs and created 600 LUNs by clicking Create LUN 600 times. Not real life but still silly fun.

We spoke about a lot of things, most of which I wouldn’t be able to write about. I might do a short post later about some of the tidbits I discovered. I even squeezed a few futures out of them and the future looks real good … but I would say that right? Smile. Two great things to highlight were seeing the vSphere plugin in action and also learning about powershell and how to integrate it with SQL server.

You can download a youtube video of the Compellent vSphere plugin in action here http://www.youtube.com/watch?v=baDnDLxTn1c.

The Dell guys on the course were very friendly, about half from Asia and half from Europe. It was good to hear the stories from the other countries and how similar things can be, even if they are on the other side of the world.

One of the best parts of the trip was that I didn’t meet any dickheads. None. Everyone was super nice and up for a chat, from the airports to the pubs and of course at work, not that anyone could understand anything I was saying. The way I say the word “training” it must have a certain tone about it because I would get some funky looks whenever I said it. I even tried to put on an American accent, no luck. Even the TSA were nice to me. I was nervous thinking about all the touch up stories I had seen on twitter and forgot to take my laptop out of my bag in the scanner. They were really laid back about it, rescanned it and off I went. Phew, no cavity search for me. We spend a bit of time at a bar called Champps which has over 60 beers on tap (awesome) and one of the first times I have felt like someone earned their tips. Service was great and good unusual beers too. Another place to point out was Redstone grill where I had perhaps the best bit of fish in my life, Sea Bass something something,  and boy it sure was something.

FunkyI went to the Mall of America. It was big and it had a theme park in it, but besides that it’s like every other shopping centre in the world. I tried to find a good quality basketball, no go. I tried to find a certain makeup for my wife, no go. I tried to have a shower in the kids pool, no go. Its ridiculous. However I did get to see ‘The Change Up’ at the movies. If you are a man and have kids please go see it.

I did get to go to a sport lovers paradise called Dicks Sports, a good name but not as good as The Dick Liquor. I didn’t get to fulfil my dream of owning an NBA basketball as they didn’t have any in stock so I got a good one for a bargain. Side note, after shopping here it cements that Australia is a rip off. I bought some Aussie thongs (flip flops) for half the price I can get them at home.

Going to the states I was trying to find a cheap 3G prepaid simcard so I could have data on my phone and got told that nothing exists because the US phone system is all over the place. One the Qantas flight over they were selling a prepaid sim from a provider called truphone.com. For $20 I got $15 credit and cheap calls and 15c/MB, bargain. The only bugger is that you have to activate it online so you still have to get near the web somewhere.

One last thing, I got asked is why does my twitter profile say “I’m pretty parched!!!”. Well here is the reason http://www.youtube.com/watch?v=ZdVHZwI8pcA,

Actually, one last last thing. I got upgraded on my flight back home. Not a bad way to fly at all.

By |September 1st, 2011|Compellent, Storage|0 Comments
Load More Posts