This chapter describes several basic system management functions. These functions are primarily used only during initial system setup. However, they are available if you ever need to reset them.
This chapter includes the following sections:
Setting the Administrator Password
By default, there is no password for the system administrator. Follow the steps below to set this password, as desired. In a cluster configuration, changes made to the administrator password on one server are propagated immediately to the other server.
1. From the navigation panel, choose System Operations > Set Administrator Password.
2. Type the old password (if any) in the Old Password field.
If there is no password, leave this field blank.
3. Type the new password in the New Password field.
The password must be at least 1 and no more than 20 characters long. There are no limitations on character type.
4. Type the new password again in the Confirm Password field.
To disable a password, leave the New Password and Confirm Password fields blank.
5. Click Apply to save your changes.
Controlling the Time and Date
This section provides information about controlling the time and date on the NAS device. The following subsections are included:
About Controlling the Time and Date
Controlling the time and date on is essential for controlling file management. This section describes the functions available to maintain the correct time and date.
You can use time synchronization or you can set the time manually.
Note: The first time you set the time and date you will also initialize the system's secure clock. This clock is used by the license management software and the Compliance Archiving Software to control time-sensitive operations.
Caution: After the secure clock has been initialized, it cannot be reset. Therefore it is important that you set the time and date accurately when you are configuring the system.
About Time Synchronization
The system supports two types of time synchronization: Network Time Protocol (NTP) or RDATE Time Protocol. You can configure the system to synchronize its time with either NTP or an RDATE server.
- NTP is an Internet Protocol used to synchronize the clocks of computers to a reference time source, such as a radio, satellite receiver, or modem. Typical NTP configurations use multiple redundant servers and diverse network paths to achieve high accuracy and reliability.
- The RDATE time protocol provides a site-independent date and time. RDATE can retrieve the time from another machine on your network. RDATE servers are commonly present on Unix systems, and enable you to synchronize system time with RDATE server time.
A third method, called "manual synchronization," disables time synchronization. In this method, the system administrator sets the system time and it tracks time independently from the other nodes on the network.
Setting Up Time Synchronization
You can set up either method of time synchronization in the Set Up Time Synchronization panel.
To set up time synchronization:
1. From the navigation panel, choose System Operations > Set Up Time Synchronization.
2. Select one of the following three options:
- Manual Synchronization - Select this option if you do not want to use either NTP or RDATE time synchronization.
- NTP Synchronization - Select this option if you want to use NTP synchronization and have at least one NTP server on the network.
For detailed information about the NTP Synchronization options, see Set Up Time Synchronization Panel.
- RDATE Synchronization - Select this option if you want to set up the RDATE server and tolerance window.
For detailed information about the RDATE Synchronization options, see Set Up Time Synchronization Panel.
3. Click Apply to save your changes.
Setting the Time and Date Manually
If you do not use time synchronization, you can set the time and date manually.
To set the time and date manually:
1. From the navigation panel, choose System Operations > Set Time and Date.
2. Select the correct year from the drop-down menu above the calendar and to the left.
3. Select the correct month from the drop-down menu above the calendar and to the right.
4. Click the correct date in the calendar.
5. Select the correct hour from the drop-down list box above the clock and to the left. The values range from 0 (midnight) to 23 (11:00 p.m.).
6. Select the correct minute (0 to 59) from the drop-down menu above the clock and to the right.
7. Select the correct time zone from the drop-down menu at the bottom of the screen.
Selecting the correct time zone enables the system to adjust the setting for Daylight Saving Time.
8. Click Apply to save your time and date settings.
Note: If this is the first time you have set the time and date on the system, this procedure will set the secure clock for managing compliance files to the same time and date. Make sure that you set the time and date accurately, because you can only set the secure clock once.
This section provides information about using antivirus software. The following subsections are included:
About Virus Scanning
Data can be protected by real-time virus scanning using off-system scan engines. If a connection to a scan engine fails, the file is sent to another available scan engine. If another scan engine is not available, the scan fails and access to the file might be denied. You can exempt some data from virus scanning.
Note: Only CIFS file systems can be scanned. NFS and FTP files are not scanned by any scan engine.
TABLE 4-1 shows the antivirus software that is supported.
TABLE 4-1 Supported Antivirus Scan Engine Software
NAS OS Version
Symantec antivirus Scan Engine 4
4.12, 4.20, 4.21
Symantec antivirus Scan Engine 5
Computer Associates eTrust AntiVirus 7.1
Trend Micro Interscan Web Security Suite (IWSS) 2.5
A file is scanned during Common Internet File System (CIFS) open and close file operations if the file has not been scanned with the current virus definitions or if it has been modified since last scanned.
If a virus is detected, the system log records the name of the infected file, the name of the virus, and the action taken for the file. In most cases, the action is to deny access to the file. The only allowed action is to delete the file. In addition to the system log, details of the infections are recorded in a virus log file that resides in the .quarantine directory, located at the root of the volume in which the infected file resides. For example, if you scan the infected file /vol1/dir1/file1.txt, the virus is logged in /vol1/.quarantine/virus.log.
Enabling Antivirus Protection
Follow these steps to enable antivirus protection, referring to Configure Antivirus Panel for detailed field information.
1. From the navigation panel, choose Antivirus Configuration Configure Antivirus.
The Configure Antivirus panel is displayed.
2. Select the Enable Antivirus checkbox.
3. Specify the IP address of the system that is running the scan engine software you want to use. You can specify up to four scan-engine systems.
4. Specify the port on the scan-engine system that the scan engine uses to detects scan requests. This is typically port 1344.
5. Specify the maximum number of file scan operations (connections) that the scan engine can perform simultaneously. The default number is to two connections, but is typically set higher.
6. Specify the maximum size of a file that can be sent to the scan engine. Then select the units for the size, either MB or GB.
Note: The maximum size must not exceed the processing potential of the scan engine. Most scan engines have a maximum of 2 GB.
7. Select the action to take when a file exceeds the size limit, either Allow or Deny.
8. Specify the types of files to include and exclude from virus scanning.
9. Click Apply to save your settings.
If you use the Trend Micro's scan engine, see Enabling Trend Micro Antivirus Protection to complete the setup procedure.
Excluding Files From Scans
When you enable antivirus protection, you can define that all files of a specific file type are excluded from the virus scan.
You can also specify a volume, a share, or a host to be excluded. To exempt a volume or share, define whether to include it in the virus scan when you create it. To exempt a host's share, edit the approve file, /dvol/etc/approve, using the following format:
vscan sharename host|hostgroup access=noscan
For information on exempting an existing volume, see Editing File Volume Properties.
For information on exempting an existing share, see Editing an Existing SMB Share
Enabling Trend Micro Antivirus Protection
To use the Trend Micro scan engine, Interscan Web Security Suite (IWSS), with the Sun StorageTek NAS OS software's ICAP connections, you must use the most recent patch and adjust the IWSS configuration.
If you have not yet installed the IWSS 2.5 software, follow the procedure in To Install IWSS 2.5
If you have already installed the IWSS 2.5 software, follow the procedure in To Install IWSS 2.5 for Windows Patch 2
If you have already installed the IWSS 2.5 software with the latest patch and are running in ICAP mode, following the procedure in To Configure the IWSS Scan Engine for Sun StorageTek NAS OS
To Install IWSS 2.5
1. Go to Trend Micro's download site: http://www.trendmicro.com/download.
2. Navigate to Internet Gateway InterScan Web Security Suite.
3. Click on iwss-v25-win-b1334.zip to download the software.
4. Extract the zip file to a temporary folder.
5. Double-click on Setup.exe to start the InstallShield Wizard and configure the software. In addition to setting the attributes for the software's operation, you will be prompted to enter:
- A password for the system administration account
- A password for the IWSS web console
- If this software will use a proxy server, the IP address and port number of your site's proxy server
6. At the Welcome screen, click Next.
7. Select Install IWSS on this machine and click Next.
8. Click Yes to accept the terms of the license agreement.
9. Verify that the system meets the minimum requirements and click Next.
10. Accept the default installation folder and click Next.
11. Clear the checkboxes for the following attributes and then click Next:
- FTP Scanning
- SNMP Notifications
- Control Manager for IWSS
- Register With Control Manager
12. In the HTTP Handler panel, select ICAP Server and click Next.
13. In the Database Settings panel, verify that Default (MSDE) is selected and click Next.
14. In the Password field, enter a password for the system administration account, sa, and click Next.
15. In the Notification Handling panel, click Next.
16. In the IWSS Administration Account panel, enter a password for the IWSS web console and click Next.
17. In the Connection Settings panel, set up the proxy server if the system uses one to connect to the Internet. Enter the IP address and port number for the proxy server. Click Next.
18. In the Product Activation panel, enter the activation code of IWSS if it is available. You can enter this code at a later time, using the IWSS web console.
19. In the World Virus Tracking panel, click Next.
20. In the Settings Review panel, review your selections and click Next to continue.
21. Wait while the software is installed. When the process is complete, click Next to reboot the system.
After the system reboots, complete the procedure described in To Configure the IWSS Scan Engine for Sun StorageTek NAS OS
To Install IWSS 2.5 for Windows Patch 2
1. Go to Trend Micro's download site: http://www.trendmicro.com/download.
2. Navigate to Internet Gateway InterScan Web Security Suite Patches.
3. Click on iwss_25_win_en_patch2.zip to download the patch.
4. Extract the zip file to a temporary folder.
5. Double-click on TrendIWSSPatch.exe to extract the patch.
6. Click on Install to start the installation process.
7. At each message that the installation process cannot stop or start the IWSS-FTP service or the Trend Micro Management Infrastructure service, click Retry to ignore the message.
When the installation is complete, complete the procedure described in To Configure the IWSS Scan Engine for Sun StorageTek NAS OS.
To Configure the IWSS Scan Engine for Sun StorageTek NAS OS
1. Openthe IWSS web console. Navigate to Programs Trend Micro IWSS IWSS Web UI Administration Interface. Type the pasword for the web console and click Enter.
2. Navigate to HTTP ICAP Settings.
a. Select Enable X-Virus-ID ICAP header
b. Select Enable X-Infection-Found ICAP header
c. Click Save.
3. Open Windows Explorer and navigate to C:\Program Files\Trend Micro\IWSS\directory.
4. Open the intscan.ini file in a text editor.
a. Change the value of "disable_infected_url_block" to "yes."
b. Save and close the file.
5. Restart Trend Micro's Windows service:
a. Choose Settings > Control Panel > Administrative Tools > Services
b. In the list of services, right-click Trend Micro InterScan Web Security Suite for HTTP and click Restart.