In this section
Dr.Web MeshD is a mediator that ensures interaction of a host with Dr.Web Mail Security Suite installed and other cloud hosts.
Dr.Web MeshD uses the following connection types:
•Client (service)—used by Dr.Web MeshD to connect to other cloud hosts that are clients of services provided by the given host.
|
Dr.Web Mail Security Suite components operating on the host and using services provided by the cloud connect to Dr.Web MeshD, which operates on the same host, through a local UNIX socket. At that, a client connection is not used. |
•Partner (peer to peer)—used by Dr.Web MeshD for interaction with peer (within a service) partner cloud hosts. Usually such horizontal connections are used for scaling and distributing the load when interacting with the cloud, as well as for synchronization of cloud hosts.
•Uplink—used by Dr.Web MeshD for connecting this host as a client to cloud hosts that provide services (for example, distribution of virus database updates, sending files for scanning and so on).
The use of all three types of connections is configured for different cloud services independently from each other. At that, the same host can be configured as a server for processing client requests within one service (for example, for distributing latest updates) and as a client within another service (for example, remote file scanning).
Within cloud, hosts perform authorized interaction via SSH, that is, all sides of interhost communication are always mutually authenticated. For the authentication, host keys are used in compliance with RFC 4251. A client connection from a local component is always considered as trusted.
Dr.Web MeshD can either operate in daemon mode or run at the request of other Dr.Web Mail Security Suite components installed on the local host. If Dr.Web MeshD is configured to serve client connections (the ListenAddress parameter is not empty) and at least one of the services is activated, Dr.Web MeshD starts as a daemon and awaits client connections.
If Dr.Web MeshD is not set to process client connections (the ListenAddress parameter is empty) and there are no requests to this component during a time interval specified by the IdleTimeLimit parameter, the component shuts down automatically.
Exchanging updates (Update)
This service allows the host to subscribe to updates of virus and other databases, send notifications of the latest updates, upload and distribute the update files among cloud hosts. The service settings can be configured using the Update* parameters.
A common service use case assumes that Dr.Web MeshD is installed on a number of machines (clients of the service) in the local network of a company with the feature of obtaining updates enabled. The typical client settings are as follows:
[MeshD] |
The following settings are specified on the host acting as a local server for distributing updates:
ListenAddress = <address>:<port> |
Here, <server address> in the uplink connection of the client must refer to the <address> and <port> that are used by the server host for managing client connections.
When one of the hosts is being updated from the update servers (that are external to the local cloud—Dr.Web GUS update servers or a centralized protection server), the host sends a notification to all concerned clients (if the host is configured as a server providing an update exchange service) and sends to the server host a new list of files available for distribution from this host. Upon receiving this notification, client hosts can request downloading updated files from the server, which in turn can request the files from the client to store them locally or to send them to another client that requested these files from the server.
Such mechanism decreases a delay in applying updates because clients send requests to Dr.Web GUS at different times, at that the first updated client immediately distributes the latest update files to all concerned cloud hosts. This also decreases traffic and Dr.Web GUS load.
|
When using a local cloud to distribute updates, both the Dr.Web MeshD and Dr.Web Updater components must be installed on hosts. |
Remote file scanning (Engine)
This service allows to use Dr.Web Scanning Engine for scanning remote files: hosts acting as clients send files for scanning to a server host, and server hosts provide a service for scanning files sent by the client hosts. Typical client settings are as follows:
… |
The following settings are specified on the host acting as a local scanning server:
EngineChannel = On |
Here, <server address> in the uplink connection of the client must refer to the <address> and <port> that are used by the server host for managing client connections.
Sending files for scanning (File)
This feature is not used (remote scanning is provided by the Engine service).
URL checking (Url)
This service allows to check whether a URL belongs to potentially dangerous and unwanted categories: client hosts send a URL to be checked to a server host. Typical client settings are as follows:
… |
The following settings are specified on the host acting as a URL checking server:
UrlChannel = On |
Here, <server address> in the uplink connection of the client must refer to the <address> and <port> that are used by the server host for managing client connections.