AV software can be a bit of a pain sometimes, then again often it is also a necessity considering the growing importance of cybersecurity.
The key concerns are typically making sure that the AV doesn't take away too much of the computing resources that the DMA needs, or blocks certain things that are vital for the proper functioning of the DataMiner System. To a large extent I guess this is mainly a matter of properly configuring the AV software in the first place, so that it can happily coexist with the DataMiner software and doesn't negatively impact it, and there are some guidelines/recommendations for that in the DataMiner System Requirements.
But I was wondering if aside from those guidelines, anybody had any further practical experiences to share on that specific topic? What kind of AV products have you seen being used on DMAs? What kind of typical issues, if any, have you seen? And what caused those issues and how were they resolved? Any further recommendations or past experiences that can help people to use AV in symbiosis with DataMiner?
Another issue with an AV was caused by a failover setup and a central McAfee-setup.
This McAfee setup used a central management platform to monitor the health of the DMA-servers based on the ip. In a failover setup the online agent will use a virtual IP for all his network communication. This caused issues in the McAfee manager as it did not expect the virtual IP and viewed the online agent as unreachable.
They worked around the issue by always setting the "SkipAsSourceFlag" when an agent came online, but this negatively impacts DataMiner functionality.
Hi Brent,
We have a customer that is looking at antivirus software, with McAfee being one of the options. Could you please advise how setting the “SkipAsSourceFlag” will negatively impact DataMiner functionality?
I see from your other ticket (https://community.dataminer.services/question/network-adaptor-not-working-after-failover/?hilite=SkipAsSource) “The skipAsSource flag is indeed added to the NIC. With this flag enabled, the Primary IP will be skipped when communicating with other devices on the network, this way the DMA will always respond using the Virtual IP”
Does this impact on logging onto the Primary IP of the server? e.g. Remote Desktop session.
Hi Brent,
Could you please advise how setting the “SkipAsSourceFlag” will negatively impact DataMiner functionality?
Thanks,
Duc
Hey Duc,
The SkipAsSourceFlag is used to force the online DMA to respond using the Virtual IP to the outside world. This effectively means that from the outside world it is impossible to say which agent is online using just the IP. It gets added to every IP on the agent except for the Virtual IP. This is important for the features where the outside world listens for data coming from the DMA based on IP.
So setting this flag to false will impact this, I do not know all the features that will break but notable examples are, trap sources and devices filtering incoming data sent by he dma using the ip.
Setting it to false with not impact the ability to send data, Remote Desktop Session,… to the Primary or Virtual IP.
Do note that the flag is managed by Dataminer, this means that the flag will be set every time the agents switches. Manually changing this is not recommended by Skyline
Thanks Brent for the response. How would we set the SkipAsSourceFlag in DataMiner?
Thanks,
Duc
Great one Brent. Very valuable intel, it’s not the first thing that would come to my mind that this failover scheme could interfere with functionality of an AV.