ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver vscan scanner-pool create

    Create a scanner pool

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver vscan scanner-pool create command creates a Vscan scanner pool. Scanner pool is a set of attributes which are used to validate and manage connection between clustered Data ONTAP and external virus-scanning server, or "Vscan server". It also specifies other parameters which are used for connection management. After creating a scanner pool, a scanner-policy must be applied to it using the command vserver vscan scanner-pool apply-policy . The default applied policy is idle , which means the scanner pool is inactive.

    Parameters

    -vserver <vserver name> - Vserver

    This parameter specifies the name of the Vserver on which you want to create a scanner pool.

    -scanner-pool <Scanner pool> - Scanner Pool

    This parameter specifies the name of the scanner pool. Scanner pool name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters (a-z, A-Z, 0-9), "_", "-" and ".".

    -hostnames <text>,…​ - List of Host Names of Allowed Vscan Servers

    This parameter specifies a list of host names or IP addresses of the Vscan servers which are allowed to connect to clustered Data ONTAP.

    -privileged-users <Privileged user>,…​ - List of Privileged Users

    This parameter specifies a list of privileged users. A valid form of privileged user-name is "domain-name\user-name" and can be up to 256 characters long. Privileged user-names are stored and treated as case-insensitive strings. Virus scanners must use one of the registered privileged users for connecting to clustered Data ONTAP for exchanging virus-scanning protocol messages and to access file for scanning, remedying and quarantining operations.

    [-request-timeout <[<integer>h][<integer>m][<integer>s]>] - Request Service Timeout

    This parameter specifies the timeout value for a scan request. It specifies the time interval in which the node waits for a response from the Vscan server. If the timeout is reached, the node allows the file-operation if the applicable On-Access policy has scan-mandatory set to 'off'. If the policy has scan-mandatory set to 'on', then the node will retry the scan or disallow the file-operation depending on the remaining lifetime of the CIFS request. Valid values for this field are from 10s to 40s. However, if scan-mandatory is set to 'off', the effective value is limited to a maximum of 35s. The default value is 30s.

    [-scan-queue-timeout <[<integer>h][<integer>m][<integer>s]>] - Scan Queue Timeout

    This parameter specifies the timeout value for a scan request in scan-engine’s queue. The value for this field must be between 10s and 30s. By default, it is 20s.

    [-session-setup-timeout <[<integer>h][<integer>m][<integer>s]>] - Session Setup Timeout

    This parameter specifies the timeout value for a response for session-setup-message. The value for this field must be between 5s and 10s. By default, it is 10s.

    [-session-teardown-timeout <[<integer>h][<integer>m][<integer>s]>] - Session Teardown Timeout

    This parameter specifies the timeout value for a response for session-teardown-message, or for any message to be received for a session-id, after the underlying connection has been disconnected. The value for this field must be between 5s and 10s. By default, it is 10s.

    [-max-session-setup-retries <integer>] - Max Number of Consecutive Session Setup Attempts

    This parameter specifies the maximum number of consecutive session-setup attempts. The value for this field must be between 1 and 10. By default, it is 5.

    Examples

    The following example creates a scanner pool.

    Cluster1::> vserver vscan scanner-pool create -vserver vs1 -scanner-pool SP
                -hostnames 1.1.1.1,vmwin204-27.fsct.nb -privileged-users cifs\u1,cifs\u2
    
    Cluster1::> vserver vscan scanner-pool show -vserver vs1 -scanner-pool SP
    Vserver: vs1
                                   Scanner Pool: SP
                                 Applied Policy: idle
                                 Current Status: off
             Cluster on Which Policy Is Applied: -
                      Scanner Pool Config Owner: vserver
           List of IPs of Allowed Vscan Servers: 1.1.1.1, 10.72.204.27
    List of Host Names of Allowed Vscan Servers: 1.1.1.1, vmwin204-27.fsct.nb
                       List of Privileged Users: cifs\u1, cifs\u2
    Top of Page