ESET SHARED LOCAL CACHE
User Guide
Linux distribution: CentOS 6.x 64-bit
Click here to download the most recent version of this document
ESET SHARED LOCAL CACHE
Copyright ©2017 by ESET, spol. s r. o.
ESET Sha red Loca l Ca che wa s devel oped by ESET, s pol . s r. o.
For more i nforma ti on vi s i t www.es et.com.
Al l ri ghts res erved. No pa rt of thi s documenta ti on ma y be reproduced, s tored i n a
retri eva l s ys tem or tra ns mi tted i n a ny form or by a ny mea ns , el ectroni c, mecha ni ca l ,
photocopyi ng, recordi ng, s ca nni ng, or otherwi s e wi thout permi s s i on i n wri ti ng from
the a uthor.
ESET, s pol . s r. o. res erves the ri ght to cha nge a ny of the des cri bed a ppl i ca ti on
s oftwa re wi thout pri or noti ce.
Worl dwi de Cus tomer Support: www.es et.com/s upport
REV. 3/13/2017
Contents
1. Introduction
.......................................................4
2. System
.......................................................5
requirements
3. Overall
.......................................................6
principles and benefits
4. Installation
.......................................................7
5. ESLC Appliance
.......................................................8
deployment process
5.1 VMware
....................................................................................................8
5.2 Microsoft
....................................................................................................11
Hyper-V
6. Activation
.......................................................13
7. Configuration
.......................................................16
of the appliance
8. Client
.......................................................19
side configuration
9. Updating
.......................................................22
ESET Shared Local Cache
10. Communication
.......................................................24
11. How.......................................................25
to access system logs
1. Introduction
In virtualized environments, multiple computers on a network often use the same base image. Such an arrangement
results in a large number of identical files stored on different virtual machines. The ESET Shared Local Cache boosts
performance in virtualized environments by eliminating the need to scan duplicate files. Each file is scanned once
and stored in the share cache.
ESET Shared Local Cache (ESLC) records files declared clean by the Anti-virus scanner (represented by ESET Endpoint
Security, ESET Endpoint Antivirus or ESET File Security). Once recorded, this information is available for all clients in
the virtual environment, and is processed when these clients perform a new scan. Unaltered files that are marked
as clean in the cache will not be scanned by other clients.
NOTE
Cache entries are written to RAM only. When a newer version of the virus signature database is present on the
machine, cache entries are rewritten automatically.
4
2. System requirements
Supported Linux distributions:
· CentOS 6.x, 7.x 64-bit
· Red Hat Enterprise Linux 6.x, 7.x
ESET Shared Local Cache is also available as an OVA file appliance, which is intended for use with VMware solutions
but is also compatible with most hypervisors (such as VMware, Microsoft Hyper-V, etc.).
5
3. Overall principles and benefits
ESET endpoint solutions on virtual client computers combat malware with the same set of tools used in physical
environments. The ESET Shared Local Cache takes advantage of the fact that virtual machines often share the same
base image, which results in over 80% duplication of files stored on these machines.
The ESET Shared Local Cache component is compatible with desktop and server products for Windows and Mac, and
delivers a significant reduction in resources used during scanning.
6
4. Installation
To install ESET Shared Local Cache on a 64-bit linux distribution, load the image file to the virtual machine where you
want to install it (using SCP, WinSCP or Wget, depending on where the package is stored) and follow the steps
below:
IMPORTANT
We recommend installing the ESET Shared Local Cache on CentOS 6.7 64-bit.
NOTE
Before installation, make sure that all dependencies (for example, libc.so.6) including i686 dependencies are
installed. Install them by entering the command: yum install ed make glibc.i686 openssl.i686 libgcc.i686 libstdc+
+.i686
1. Change permissions to run the installation package with the following command:
· chmod +x eslc_appliance.x86_64.rpm.bin
2. Run the installation package by entering the following command:
· rpm -i eslc_appliance.x86_64.rpm
3. Add an exception to your system firewall to allow inbound UDP traffic to the cache (the default port is 3537),
using the iptables command:
· iptables -I INPUT -p udp --dport 3537 -j ACCEPT
4. Start the main service by entering the following command:
· /etc/init.d/eslc start
To view the status of ESET Shared Local Cache, or change settings using system console, enter the following
command /opt/eset/eslc/sbin/eslc_syscon.
7
5. ESLC Appliance deployment process
5.1 VMware
The appliance is formatted as a VMware compatible image intended primarily for use in local networks with a
dedicated Shared Local Cache server. The OVA file contains a functional operating system, and is ready to use as
soon as it is deployed. You can deploy the OVA file using vSphere Client.
Deployment procedure:
1. Log into vSphere Client, click File in the top menu bar and select Deploy OVF Template.
2. Click Browse and navigate to the image stored on your computer (local hard drive, network share...) or enter
a URL where the image is located.
3. Click Next to verify that you have selected the correct image to use.
4. Read and accept the end user license agreement.
5. Follow the instructions on screen to complete installation and specify the following information about your
virtual appliance:
· Name and Location – Specify a name for the deployed template and location where virtual machine files
are stored.
· Host / Cluster – Select the host or cluster on which you want to run the template.
· Resource Pool – Select the resource pool within which you want to deploy the template.
· Storage – Select a location to store virtual machine files.
· Disk Format – Select the format that virtual disks will use.
· Network Mapping – Select the network for the virtual machine to use. Ensure that you select the virtual
machine network associated with the IP pool you created.
8
6. If you plan to manage ESET Shared Local Cache using ESET Remote Administrator, specify all required values
on the Properties window. Failure to enter these values can keep your virtual machine from starting or deny
it the necessary certificates for communication with ESET Remote Administrator.
7. If you do not already have a certificate authority and agent/server certificate, you will need to create them in
ERA Web Console:
To create a certificate authority, follow the steps below in ERA Web Console:
a) Navigate to Admin > Certificates > Certificate Authorities and click New.
b) Complete the required fields, add whatever optional information you want to and then click Save.
9
To create an agent/server certificate follow the steps below in ERA Web Console:
a) Navigate to Admin > Certificates > Peer Certificates and click New at the bottom of the window to
add a new certificate.
b) Complete all mandatory fields, add any optional information that you want to and then click Finish.
c) Select your Agent certificate and select Export as Base64 from the Action drop-down menu. You will
be prompted to save the text file.
d) To enter this certificate into the respective field, open the file, copy all text and paste the text into
the appropriate field. Repeat these steps when exporting and entering the Server certificate.
8. Repeat these steps to create a new Server certificate.
NOTE
For more details on creating Agent/Server certificates and certificate authority, navigate to the Peer
Certificates and Certificate Authorities sections of ESET Remote Administrator User Guide.
10
9. Review the deployment summary and confirm by clicking Finish (the Power on after deployment check box
is optional).
10. The deployment process will automatically create a virtual machine with the settings you specified. This
process can take several minutes depending on network performance.
5.2 Microsoft Hyper-V
Deploying ESLC virtual appliance in Microsoft Hyper-V
1. Download the file from ESET.com.
2. Launch the Hyper-V manager and connect to the appropriate Hyper-V.
3. Create a new virtual machine, with at least 1 CPU and 1 GB of RAM.
3.1. When you are specifying which generation of Virtual Machine you would like to use, select Generation 1.
3.2. In Configuring Network menu select available network or create a new with help of Virtual Switch Manager.
3.3. Select a location where the virtual hard drive (ESET_Shared_Local_Cache_Appliance.vhd) is stored.
4. Review the virtual machine details and click Finish to complete the virtual machine creation.
5. Once the VM is successfully created, power it on.
11
6. Enter valid ERA Server Hostname or IP Address and Username and Password for Webconsole. This information
you can get from ERA Server Administrator.
12
6. Activation
You must activate ESET Shared Local Cache in order to manage it using ESET Remote Administrator. ESET Shared Local
Cache requires an offline license file, which must be generated in ESET License Administrator in ELA and transferred
to the machine on which ESET Shared Local Cache is installed before you can use it to activate ESET Shared Local
Cache. Follow the instructions below to generate a new offline license file and activate ESET Shared Local Cache:
NOTE
You will need your License File Token to create the License file in ELA. Follow the steps below to find your
License File Token:
a. Open ESET Remote Administrator Web Console (ERA Web Console), log in, and navigate to Admin >
License Management.
b. Click Add Licenses and expand License File. Your License File Token will be displayed, make note of it for
use later.
1. In your web browser, open ESET License Administrator (ELA). You will need to register for an account if you do
not already have one.
2. Log into ELA and expand Settings.
3. Select the check box next to Offline license files if it is not already selected and then click Save Settings.
4. Expand Unit distribution. Locate the Offline column for the license you want to use and click the number or icon
(if you already have offline licenses in use, a number will be displayed) to open the Offline License File dialog.
5. Click Add License File.
13
6. Select ESET Shared Local Cache from the drop-down menu, select the check box next to Allow management with
Remote Administrator, type your License File Token into the appropriate field and then click Generate. A new
license file will be generated.
7. Click the License File icon to download the license file that you just created.
8. Transfer the file to your server where ESET Remote Administrator installed using removable media, email or
whatever method you prefer.
9. Open ESET Remote Administrator, log in, and navigate to Admin > License Management.
10. Click Add Licenses and expand License File.
11. Click Browse, navigate to the License file that you exported in step 7 and click Open.
12. Click Upload and then click Add Licenses. ESET Remote Administrator will add the License file and ESET Shared
Local Cache will now be activated.
14
NOTE
Please allow a short delay until the activation task reaches your server with ESET Shared Local Cache installed.
15
7. Configuration of the appliance
ESET Shared Local Cache requires the following information for proper configuration:
·
·
·
·
IP address or hostname of the ERA server
Shared cache server listening port (3537 by default)
Cache password
Cache size (maximum number of items that can be stored in the cache)
The basic information screen, shown below, gives an overview of your cache usage and allows you to configure
settings by pressing Enter.
16
The following options can be edited in management mode:
· Configure network – network settings for ESET Shared Local Cache such as IP address, mask, gateway and DNS
server
· Set cache size – configure the maximum number of items stored in ESET Shared Local Cache
· Set cache password – required for clients to add items to the cache
· Set cache listening port – communication port on which ESET Shared Local Cache will listen for requests
· Change administrator password – the system console can be configured so that only administrators can change
settings (set an administrator password to use this configuration)
· Configure updates – configure updates of ESET Shared Local Cache within the appliance
· Perform appliance update – will trigger an update of the appliance when available
· Reset ERA configuration – will revert settings to the defaults specified in virtual machine parameters
· Restart system – will restart your server
· Shut down system – will shut down your system
· Lock screen – will lock the console and return to the basic information screen
Use the arrow keys to select a setting and press Enter to configure it.
17
To create a policy for ESET Shared Local Cache, follow the steps below in ERA Web Console:
1. Navigate to Admin > Policies and select New from the Policies drop-down menu.
2. Expand the Basic tab and enter a Name and Description for your new policy.
3. Expand the Settings tab, select ESET Shared Local Cache from the drop-down menu, click Shared Local Cache
and set the parameters as shown in the figure below:
After a Policy is created, you can assign it to a Static or Dynamic Group. There are a two ways to assign a policy in the
ERA Web Console:
· Under Admin > Policies select a policy and click Assign Group(s). Select a static or Dynamic Group and click OK.
· Click Admin > Groups > Group or click the cogwheel icon next to the group name and select Manage
Policies.
18
8. Client side configuration
ESET Shared Local Cache supports the following client solutions:
· ESET File Security
· ESET Endpoint Security for Windows and OS X
· ESET Endpoint Antivirus for Windows and OS X
Configuration on ESET Endpoint Security or ESET Endpoint Antivirus for Microsoft Windows
Open the main menu program window, press F5 to open Advanced setup, and navigate to Antivirus > Shared local
cache. Enable Caching option to save information about scans of files and folders on your network to the local cache.
If you perform a new scan, ESET Endpoint Security or ESET Endpoint Antivirus will search for scanned files in the
cache. If files match, they will be excluded from scanning.
The Cache server section contains the following options:
· Hostname – Name or IP address of the computer where the cache is located.
· Port – Number of the port used for communication (the same port specified during deployment of ESET Shared
Local Cache.
· Password – We highly recommend that you specify a password for the Shared Local Cache.
19
Configuration on ESET File Security
Open the main menu program window, press F5 to open Advanced setup, and navigate to the Antivirus > Shared
local cache tab. Enable Caching option to save information about scans of files and folders on your network to the
local cache. If you perform a new scan, ESET File Security will search for scanned files in the cache. If files match,
they will be excluded from scanning.
The Cache server section of Advanced setup contains the following options:
· Hostname – Name or IP address of the computer where the cache is located.
· Port – Number of the port used for communication (the same port specified during deployment of the ESET
Shared Local Cache.
· Password – We highly recommend that you specify a password for the Shared Local Cache.
20
Configuration on ESET Endpoint Security or ESET Endpoint Antivirus for OS X
To enable the use of the Shared local cache, click Setup > Enter application preferences > Shared local cache and
select the check box next to Enable caching using ESET Shared Local Cache.
Shared Local Cache settings contains the following:
· Server address – Name or IP address of the computer where the cache is located. Number of the port used for
communication (3537 by default).
· Password – We highly recommend that you specify a password for the Shared Local Cache.
21
9. Updating ESET Shared Local Cache
For optimal functionality, it is important that ESET Shared Local Cache is regularly updated.
IMPORTANT
To update ESET Shared Local Cache, please download the newest installation file from download servers and redeploy appliance or re-install .rpm.bin package.
To update operating system, select Configure updates from the management mode screen to edit the following
settings:
· Enable operating system updates – Leave this option selected to check for all updates for the appliance operating
system.
· Use proxy server for updates – Enter the IP address of your proxy server in the Address field. If your proxy server
requires a Username and Password, enter these credentials in the appropriate fields.
NOTE
These fields are not for your Username/Password for ESET Shared Local Cache, and should only be completed if
you know you need a password to access the internet via a proxy server.
· A trusted SSL certificate is required for access to the proxy server, updates will fail is this certificate is not present.
Once updates are available, select Perform appliance update from the basic information screen to open the update
dialog. The update process can take several minutes depending on your network speed.
NOTE
When updates for your operating system are disabled, the operating system of the ESET Shared Local Cache
appliance will not receive any updates. We recommend that you manually update ESET Shared Local Cache in
situations where the automatic update feature has been disabled for operating system updates.
22
23
10. Communication
ESET Shared Local Cache cache uses the UDP communication protocol in order to provide the fastest request and
response transaction. Hash-based Message Authentication Code (HMAC) is computed for each message, and a cache
password which is required to ensure the authenticity of each cache request and response.
24
11. How to access system logs
Enter Management mode and select menu Access system logs and then select Enable SFTP access to the system
logs. Enter your password for SFTP access and select Apply.
Run your SFTP client (we recommend to use free WinSCP SFTP client).
Enter the Hostname (you can find it in ESET Shared Local Cache in management mode > Configure network).
25
Default SFTP port is 22. As User name, enter logs. Now you can save the configuration or just click Login.
When you are prompted for password, enter the password that you used in ESET Shared Local Cache.
Now you have access to ESET Shared Local Cache logs.
26
In communication with ESET Customer Care, you are normally prompted for these files:
§ messages, dmesg, boot.log, yum.log (and all rotated copies (for example messages-20160411, maillog20160411 and so on).
§ all files from audit folder
§ eset/RemoteAdministrator/EraAgentInstaller.log
§ all files from eset/RemoteAdministrator/Agent/
27
Download PDF
Similar pages