EMC - iSilon - Antivirus

OneFS enables antivirus functionality by integrating with third-party antivirus products using the Internet Content Adaptation Protocol (ICAP). OneFS sends files through ICAP to servers running antivirus software, where the files are scanned and possibly repaired. No virus scanning is performed on the EMC Isilon cluster, only on the ICAP servers. Virus scanning functionality is implemented at the file system level, and will be enforced regardless of the protocols used to access data. At a high level, the virus scanning process is as follows:

• 1.A client writes a file to the EMC Isilon cluster.

• 2.OneFS queues the file to be scanned, and sends the file to an ICAP server.

• 3.The ICAP server scans the file using the installed antivirus software.

• 4.If the file is clean, a confirmation is returned to the cluster. In the event that the file is infected, the ICAP servers can be configured to perform different actions such as repair the file, quarantine the file or truncate the file

OneFS supports different kinds of scans;

• •On-access – when files are read or written the cluster can be configured to scan the file to ensure its integrity.

• •Policy Scanning can be manually executed or scheduled.

• •Individual files can be scanned manually to ensure its integrity. Virus scanning can be triggered in several different ways. The first way is through on-access scanning, which occurs when files are accessed by users or applications. Policy scans are configured jobs that are run either manually or through the job scheduler. Finally, individual files can be sent for scanning at any time. If the system detected a virus in a file, but was unable to clean it, the administrator may want to send the file for scanning again after the antivirus definitions have been updated.

On-access scanning can be configured to scan a file before it is opened, after it is closed or both. A file will be scanned when it is opened under two conditions:

• 1.It has not been scanned (scan on close is not enabled)

• 2.The virus definitions have been updated on the ICAP servers. In this case, there is the possibility that a previously undetected virus can now be caught by the system, so a scan will occur. Scanning a file before it is opened is more secure, but will introduce some latency for the user as he/she must wait until the file is scanned before being able to access it. Scanning a file after it is closed (written), is faster, but is less secure. When a file is written, it is queued for scanning. If the file does not get scanned before another user opens it, that user has the potential of opening an infected file. Scanning a file before it is opened and after it is closed is the most secure option, as it will guarantee that a user will only open a clean file. In addition, having the file scanned on close decreases the chance that a user opens a file that has not been scanned, and therefore reduces the number of times a file has to be scanned on opening.

Policy scanning allows the administrator to scan specific directories in the EMC Isilon cluster, either manually or in an automated manner, though a scheduled job. Running policy scans off-hours can reduce the number of on-access scans that are required when files are opened.
A policy can be configured to scan only a subset of directories on the cluster, or the entire cluster, allowing the administrator to manage the impact on users. Antivirus policies can follow the same rules as on-access scans, in terms of file size and exclusions, or can be configured to scan all files within the directory structure

Isilon Student Guide Foundations

Useful Link

Isilon scaleout nas overview 

Innovative File Data Storage Strategies to Power Your Enterprise, Syncplicity & Isilon 

Scale out NAS for VMware Virtualization 

emc isilon hdfs enterprise storage for hadoop 

Building Hadoop-as-a-Service with Pivotal Hadoop Distribution, Serengeti, & Isilon 

...