The Dr.Web for UNIX File Servers anti-virus solution can operate both in a standalone mode and as a part of a corporate or private anti-virus network managed by a centralized protection server. Such operation mode is called centralized protection mode. Operation in this mode does not require installation of additional software or Dr.Web for UNIX File Servers re-installation or uninstallation.
•In a standalone mode, the protected computer is not connected to the anti-virus network and its operation is managed locally. In this mode, configuration and license key files are located on local disks and Dr.Web for UNIX File Servers is fully controlled from the protected computer. Updates of virus databases are received from Doctor Web update servers.
•In the centralized protection mode, protection of the computer is managed by the centralized protection server. In this mode, some functions and settings of Dr.Web for UNIX File Servers can be adjusted or locked in accordance with the general (corporate) anti-virus protection policy implemented on the anti-virus network. A custom license key file received from a selected centralized protection server to which Dr.Web for UNIX File Servers is connected is used on the computer in this mode. A license or demo key file stored on the local computer, if any, is not used. The information about Dr.Web for UNIX File Servers operation, including statistics on virus events, is sent to the centralized protection server. Updates of virus databases are also received from the centralized protection server.
•In the mobile mode, Dr.Web for UNIX File Servers receives updates from Doctor Web update servers, but uses settings stored locally and a custom license key file that were received from the centralized protection server. You can switch to this mode only if it is allowed in the centralized protection server settings.
Centralized Protection Concept
Doctor Web solutions for managing centralized protection use a client-server model (see the figure below).
Corporate computers or computers of users of an IT service provider are protected by local anti-virus components (in this case, of Dr.Web for UNIX File Servers), which ensure anti-virus protection and maintain connection to the centralized protection server.
|
Figure 2. The logical structure of the anti-virus network
Local computers are updated and configured from the centralized protection server. The entire stream of instructions, data and statistics in the anti-virus network passes the centralized protection server. The volume of traffic between protected computers and the centralized protection server can be significant, therefore an option for traffic compression is provided. Using encryption while transmitting data prevents leak of sensitive data or substitution of software downloaded to protected computers.
All necessary updates are downloaded to the centralized protection server from Doctor Web update servers.
Changes in the configuration of local anti-virus components and command transfer are performed by anti-virus network administrators using the centralized protection server. The administrators manage configuration of the centralized protection server and topology of the anti-virus network (for example, they validate connection of a local station to the network) and configure operation of individual local anti-virus components when necessary.
|
Local anti-virus components are not compatible with anti-virus products of other companies or Dr.Web anti-virus solutions if the latter do not support operation in the centralized protection mode (for example, Dr.Web for UNIX File Servers version 5.0). Installation of two anti-virus programs on the same computer can cause a system crash and loss of important data. |
|
Dr.Web for UNIX File Servers 11.1 operating in the centralized protection mode is compatible with Dr.Web Enterprise Security Suite 11, 12, 13 and 13.01. |
The centralized protection mode allows exporting and saving operation reports using the centralized protection center. Reports can be exported and saved in the following formats: HTML, CSV, PDF, and XML.
Connection to the centralized protection server
Dr.Web for UNIX File Servers can be connected to the centralized protection server of an anti-virus network using the esconnect command of the Dr.Web Ctrl command-line management tool.
|
To verify the centralized protection server, the certificate corresponding to the unique public key of the server is used. By default, Dr.Web ES Agent, a centralized protection agent, will not allow you to connect to the server unless you specify a file of the certificate of the server to which the connection is being established. The certificate file must first be obtained from the administrator of the anti-virus network served by the server to which you want to connect Dr.Web for UNIX File Servers. |
If Dr.Web for UNIX File Servers is connected to the centralized protection server, you can switch the product to the mobile mode or switch it back to the centralized protection mode. Switching the mobile mode on or off is accomplished using the MobileMode configuration parameter of the Dr.Web ES Agent component.
|
Dr.Web for UNIX File Servers can switch to the mobile mode only if it is allowed in the settings on the centralized protection server in use. |
Disconnecting from Centralized Protection Server
Dr.Web for UNIX File Servers can be disconnected from the centralized protection server of the anti-virus network using the esdisconnect command of the Dr.Web Ctl command-line management tool.