The Interaction Scheme of an Anti-Virus Network Components

The Figure below describes a general scheme of an anti-virus network built with Dr.Web Enterprise Security Suite.

The scheme illustrates an anti-virus network built with only one Dr.Web Server. In large companies it is worthwhile installing several Dr.Web Servers to distribute the load between them.

In this example the anti-virus network is implemented within a local network, but for the installation and operation of Dr.Web Enterprise Security Suite and anti-virus packages the computers need not be connected within any local network, internet connection is enough.

scheme-structure-ess

scheme-icon-server

Dr.Web Server

scheme-icon-proto-http

HTTP/HTTPS

scheme-icon-scc

Dr.Web Security Control Center

scheme-icon-proto-tcp

TCP/IP network

scheme-icon-station-protected

Protected local computer

scheme-icon-station

Unprotected local computer

The physical structure of the anti-virus network

When Dr.Web Server is launched, the following sequence of commands is performed:

1.Dr.Web Server files are loaded from the bin folder.

2.Dr.Web Server Task Scheduler is loaded.

3.The content of the update catalog is loaded, notification system is initialized. The Dr.Web Server database integrity is checked.

4.Dr.Web Server Task Scheduler tasks are performed.

5.Dr.Web Server is waiting for information from Dr.Web Agents and commands from Dr.Web Security Control Center.

6.The whole stream of instructions, data and statistics in the anti-virus network always goes through Dr.Web Server.

Dr.Web Security Control Center exchange information only with Dr.Web Servers. Based on Dr.Web Security Control Center commands, Dr.Web Servers transfer instructions to Dr.Web Agents and change the configuration of workstations.

Thus, the logical structure of the fragment of the anti-virus network looks as in the Figure below.

scheme-structure-logical

scheme-icon-server

Dr.Web Server

scheme-icon-proto-http

HTTP/HTTPS

scheme-icon-scc

Dr.Web Security Control Center

scheme-icon-proto-tcp

TCP/IP network

scheme-icon-station-protected

Protected computer

scheme-icon-proto-updates

Transfer of updates via HTTP

scheme-icon-gus

Dr.Web GUS

 

 

The logical structure of the anti-virus network

Between Dr.Web Server and workstations (a thin continuous line in the Figure above) transferring the following information:

Dr.Web Agents requests for the centralized schedule and the centralized schedule of workstations,

settings of the Dr.Web Agent and the anti-virus package,

requests for scheduled tasks to be performed (scanning, updating of virus databases, etc.),

files of anti-virus packages—when the Dr.Web Agent receives a task to install them,

software and virus databases updates—when an updating task is performed,

Dr.Web Agent messages on the configuration of the workstation,

statistics on the operation of Dr.Web Agents and anti-virus packages for adding to the centralized log,

messages on virus events and other events which should be logged.

The volume of traffic between the workstations and Dr.Web Server can be quite sizeable subject to the settings and the number of the workstations. Therefore Dr.Web Enterprise Security Suite provides for the possibility to compress traffic. See the description of this optional mode in p. Traffic Encryption and Compression below.

Traffic between Dr.Web Server and Dr.Web Agent can be encrypted. This allows to avoid disclosure of data transferred via the described channel as well as to avoid substitution of software downloaded on workstations. By default traffic encryption is enabled. For more detailes, please read p. Traffic Encryption and Compression.

From the update web server to Dr.Web Server (a thick continuous line in the Figure above) files necessary for replication of centralized catalogs of installation and updates as well as overhead information on this process are sent via HTTP. The integrity of the information (Dr.Web Enterprise Security Suite files and anti-virus packages) is provided through the checksums: a file corrupted at sending or replaced will not be received by Dr.Web Server.

Between Dr.Web Server and Dr.Web Security Control Center (a dashed line in Figure above) data about the configuration of Dr.Web Server (including information about the network layout) and workstations settings are passed. This information is visualized on Dr.Web Security Control Center, and in case a user (an anti-virus network administrator) changes any settings, the information about the changes is transferred to Dr.Web Server.

Connection between Dr.Web Security Control Center and a certain Dr.Web Server is established only after an anti-virus network administrator is authenticated by his login name and password on the given Dr.Web Server.