The Figure below describes a general scheme of an anti-virus network built with Dr.Web ESS.
The scheme illustrates an anti-virus network built with only one Server. In large companies it is worthwhile installing several Enterprise Servers to distribute the load between them.
In this example the anti-virus network is implemented within a local network, but for the installation and operation of ESS and anti-virus packages the computers need not be connected within any local network, Internet connection is enough.
When a Dr.Web Enterprise Server is launched, the following sequence of commands is performed:
1.Enterprise Server files are loaded from the bin catalog,
2.the Server Scheduler is loaded,
3.the content of the centralized installation catalog and update catalog is loaded, notification system is initialized,
4.Server database integrity is checked,
5.Server Scheduler tasks are performed,
6.the Server is waiting for information from Enterprise Agents and commands from Dr.Web Control Center.
|
The physical structure of the anti-virus network
The whole stream of instructions, data and statistics in the anti-virus network always goes through the Enterprise Server. Dr.Web Control Center exchange information only with Servers. Based on Dr.Web Control Center commands, Servers transfer instructions to Enterprise Agents and change the configuration of workstations.
Thus, the logical structure of the fragment of the anti-virus network looks as in the Figure below.
|
The logical structure of the anti-virus network
Between the Server and workstations (a thin continuous line in the Figure above) transferring the following information through one of the supported network protocols (TCP, IPX or NetBIOS):
◆Agents requests for the centralized schedule and the centralized schedule of workstations,
◆settings of the Agent and the anti-virus package,
◆requests for scheduled tasks to be performed (scanning, updating of virus databases, etc.),
◆files of anti-virus packages — when the Agent receives a task to install them,
◆software and virus databases updates — when an updating task is performed,
◆Agent messages on the configuration of the workstation,
◆statistics (to be added to the centralized log) on the operation of Agents and anti-virus packages,
◆messages on virus events and other events which should be logged.
The volume of traffic between the workstations and the Server can be quite sizeable subject to the settings and the number of the workstations. Therefore the Dr.Web ESS provides for the possibility to compress traffic. See the description of this optional mode in p. Traffic Encryption and Compression below.
Traffic between the Enterprise Server and Enterprise Agent can be encrypted. This allows to avoid disclosure of data transferred via the described channel as well as to avoid substitution of software downloaded onto workstations. By default traffic encryption is enabled (for more, please read p. Traffic Encryption and Compression).
From the update web server to Enterprise Server (a thick continuous line in the Figure above) files necessary for replication of centralized catalogs of installation and updates as well as overhead information on this process are sent via HTTP. The integrity of the information (Dr.Web ESS files and anti-virus packages) is provided through the checksums: a file corrupted at sending or replaced will not be received by the Server.
Between the Server and the Dr.Web Control Center (a dashed line in Figure above) data about the configuration of the Server (including information about the network layout) and workstations settings are passed. This information is visualized on the Dr.Web Control Center, and in case a user (an anti-virus network administrator) changes any settings, the information about the changes is transferred to the Server.
Connection between a Dr.Web Control Center and a certain Server is established only after an anti-virus network administrator is authenticated by his login name and password on the given Server.