As we make an increasing push to use CIFS I am interested to know what peoples thoughts and opinions are on scanning data on CIFS shares for viruses etc. Does anyone use the Anti-Virus connector for Clustered Data ONTAP? does it work or have experience with it, and what are the alternatives other than to let the clients use their own AV to deal with potential nasties!
Holy war. Begin.
We discussed a few years back. We used av on 7-mode and it adds a load (varies but I saw 5-10%). I know not cdot but same concerns. Folks said no as the end point should be protected and let the filers serve file. I vote for layers and defense in depth or layers. It's the outfield in baseball. I did catch viruses.
Sent from my iPhone
On Apr 25, 2017, at 7:09 AM, TAYLOR DANIEL <dantaylor@ntlworld.commailto:dantaylor@ntlworld.com> wrote:
As we make an increasing push to use CIFS I am interested to know what peoples thoughts and opinions are on scanning data on CIFS shares for viruses etc. Does anyone use the Anti-Virus connector for Clustered Data ONTAP? does it work or have experience with it, and what are the alternatives other than to let the clients use their own AV to deal with potential nasties!
_______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
We're interested in using the Anti-Virus connector for Clustered Data ONTAP as well. We have zero control over a lot of the end point devices (student laptops, etc), so that's not option for us. However it doesn't seem like a lot of NetApp customers use it. We haven't found anyone local using it, and our VAR hasn't sold it.
We're considering the Trend Micro solution, only because we already use their product elsewhere (but we're open to other solutions).
----- Original Message ----- From: "Michael Bergman" michael.bergman@ericsson.com To: "Toasters" toasters@teaparty.net Sent: Tuesday, April 25, 2017 7:33:28 AM Subject: Re: CIFS and AV
On 2017-04-25 16:26, Steve Klise wrote:
Holy war. Begin.
:-)
I did catch viruses.
Or false positives. Guess which side I'm on in this war :-)
/M _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
For which I can remember from opinions by other customers Trend Micro and Symantec solutions were the ones requiring, in a certain way, more external resources in term of scan engines. And Symantec over all quite expensive because is based on the number of users!
I've used several time the McAfee solution, cheaper for is based on number of FAS controllers and overall less expensive at all. No particular request about scan engines, normal Windows file servers with a lot of RAM (minimum suggested 64 GB) for caching purposes. I suggest to put two different scan engines in balanced mode as from documentation and to avoid the av checking on writes. After all I expect that desktop are covered by some av protection, maybe the "simple" and free, but working fine, Windows Defender that comes with os.
Regards
-----Messaggio originale----- Da: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] Per conto di Jeff Bryer Inviato: martedì 25 aprile 2017 17:15 A: Michael Bergman michael.bergman@ericsson.com Cc: Toasters toasters@teaparty.net Oggetto: Re: CIFS and AV
We're interested in using the Anti-Virus connector for Clustered Data ONTAP as well. We have zero control over a lot of the end point devices (student laptops, etc), so that's not option for us. However it doesn't seem like a lot of NetApp customers use it. We haven't found anyone local using it, and our VAR hasn't sold it.
We're considering the Trend Micro solution, only because we already use their product elsewhere (but we're open to other solutions).
----- Original Message ----- From: "Michael Bergman" michael.bergman@ericsson.com To: "Toasters" toasters@teaparty.net Sent: Tuesday, April 25, 2017 7:33:28 AM Subject: Re: CIFS and AV
On 2017-04-25 16:26, Steve Klise wrote:
Holy war. Begin.
:-)
I did catch viruses.
Or false positives. Guess which side I'm on in this war :-)
/M _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
I've had mostly bad experiences with AV interacting with storage. Not just on NetApp.
I find it's really quite common to underestimate the workload involved in traversing a billion files across a few hundred tera, and how much knock on impact that cascaded down. (It's passable on a quiescent system, but can _really_ hurt when it's under load, and push your latency up quite significantly).
Particularly - a lot of the performance of storage arrays in general is down to efficient caching, and deep file traversal doesn't. So you've got a heavy 'fast as you can' read workload, that _has_ to go to back end disks, and because it's read-heavy it's a real-time time constraint.
On access or on-write scanning similarly - average figures look ok, but _peak_ latency figures start to really hurt. I mean, the way latency works - when 'congestion' is happening, load increases amplify into quite substantial latency increases, and performance _really_ starts to hurt.
Offloading 'on access' to client is about the only way to distribute this load wide enough.
Of course, in an ideal world, you'll have ample storage performance in reserve, and this will never be an issue. Maybe when we're all SSD everywhere, then I'll revise my opinion. I think that day is still a way off though....
(reply to the whole list this time :))
On 25 April 2017 at 15:07, TAYLOR DANIEL dantaylor@ntlworld.com wrote:
As we make an increasing push to use CIFS I am interested to know what peoples thoughts and opinions are on scanning data on CIFS shares for viruses etc. Does anyone use the Anti-Virus connector for Clustered Data ONTAP? does it work or have experience with it, and what are the alternatives other than to let the clients use their own AV to deal with potential nasties!
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
-
Edward Rolison -
Jeff Bryer -
Klise, Steve -
Michael Bergman -
Milazzo Giacomo -
TAYLOR DANIEL