Installing InterScan Web Security Virtual Appliance. Microweb PRO Series
Add to my manuals
178 Pages
advertisement
Chapter 3
Installing InterScan Web Security
Virtual Appliance
This chapter explains the following:
•
•
•
Logging in to IWSVA for the First Time on page 3-11
•
Post-Installation Notes on page 3-11
3-1
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
Obtaining IWSVA
IWSVA is supported on the following platforms:
• Bare Metal installation (dedicated off-the-shelf server platform without an operating system). Refer to the list of current certified hardware platforms to ensure your preferred server platform is supported by IWSVA. This list can be found at the following location: http://us.trendmicro.com/imperia/md/content/us/pdf/partners
/certifiedbytrendmicro/trendtested_hw_matrix_mar2011.pdf
• VMware ESX 4.0/4.1 or ESXi 4.0/4.1 as a virtual machine
• Microsoft Hyper-V 2.0 installed as a virtual server on Windows Server 2008 R2 or later version
For information regarding server requirements for IWSVA, refer to Server Requirements on page 1-2
.
Trend Micro recommends that you evaluate the method of installation that best suits your environment.
You can install IWSVA from the Trend Micro Enterprise Solutions DVD or download the installation ISO from the Trend Micro IWSVA download location: http://downloadcenter.trendmicro.com/
The DVD is available to purchase and contains the installation files and all documentation.
Using the Trend Micro Enterprise Solutions DVD
To complete this installation, you need to create a bootable installation DVD that contains the IWSVA ISO file.
Procedure:
1.
To create the installation media, insert the Trend Micro Enterprise Solution disk into the DVD drive on the computer where ISO images can be created.
2. Copy the IWSVA ISO image from the Trend Micro Enterprise Solutions Media onto the local hard drive.
3-2
Installing InterScan Web Security Virtual Appliance
3. Eject the Enterprise Solutions DVD and place a blank DVD disk into the DVD writer.
4. Burn the IWSVA ISO image to the blank DVD.
5. Insert the newly created IWSVA Installation DVD into the target server where you would like to install IWSVA.
6. Reboot the server and boot from the IWSVA installation DVD to begin the installation process.
Note: The file on the Enterprise DVD and on the Trend Micro Evaluation site is an ISO image. The ISO image allows you to create an IWSVA installation DVD to install the product.
Downloading the Installation File
Procedure:
1.
Go to the Trend Micro download Web page: http://downloadcenter.trendmicro.com/
2. Download the IWSVA ISO file.
3. Burn the IWSVA ISO image to the blank DVD.
4. Insert the newly created IWSVA Installation DVD into the target server where you would like to install the IWSVA application.
WARNING! IWSVA does not support installation using an external USB DVD drive.
5. Reboot the server and boot from the IWSVA installation DVD to begin the installation process.
Note: The ISO image needs to be copied and then burned onto a blank DVD in order to create the IWSVA installation DVD (See the DVD ISO creation document, How to
Use the Trend Micro IWSVA ISO File.)
3-3
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
Installing IWSVA
IWSVA only supports new installations or migrations from specific versions.
IWSVA supports migrating existing configuration and policy data from IWSVA 5.6, and
IWSVA 6.0, IWSVA 6.0 SP1, IWSVA 6.5 products (see Migration on page 1-6 ).
The IWSVA installation process formats your existing system to install IWSVA. The installation procedure is basically the same for the Bare Metal and the VMware ESX
Hyper-V virtual machine platforms. The Bare Metal installation simply boots off of the
IWSVA installation DVD to begin the procedure. The VMware and Hyper-V installations require the creation of a virtual machine before installation. Additional
VMware virtual machine configuration is described in Appendix E, Creating a New
Virtual Machine Under VMware ESX for IWSVA on page E-1 . Additional Hyper-V virtual
machine configuration is described in Appendix F,
Creating a New Virtual Machine Under
Microsoft Hyper-V for IWSVA on page F-1 .
WARNING!
Any existing data or partitions are removed during the installation process. Backup any existing data on the system (if any) before installing
IWSVA.
IWSVA also installs a copy of the open source content caching application called Squid.
It is disabled by default but you can enable this free open-source utility through the
IWSVA administration Web UI. Trend Micro provides Squid content caching for convenient and easy installation. Support for Squid is provided by the Squid open-source community.
Trend Micro Disclaimer: Trend Micro IWSVA preinstalls Squid and provides the basic configuration and statistical reports to help reduce the complexity of installing and configuring Squid to function with
IWSVA. Squid is disabled by default and must be enabled by the customer through the IWSVA administration user interface after installation has been completed. Support for Squid is obtained through open source channels and it is the
responsibility of the customer to become acquainted with
Squid's benefits and functionality before enabling.
Additional information, documentation, and support on the
Squid application can be found at the official Squid Web Proxy
3-4
Installing InterScan Web Security Virtual Appliance
Cache Web site: www.squid-cache.org. Trend Micro will not provide support for Squid's features, but will provide support for the setup and integration of Squid and IWSVA through its supplied configuration commands.
To install IWSVA:
1.
Start the IWSVA installation.
Installing on a Microsoft Hyper-V Virtual Machine
a. Create a virtual machine on your Microsoft Hyper-V server.
See Appendix F, Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA on page F-1.
b. Refer to Post Installation Notes to access the IWSVA Web console and continue IWSVA configuration.
Installing on a Bare Metal Server
Insert the IWSVA Installation DVD (which was created from the IWSVA ISO image) into the DVD drive of the desired server.
Note: Because IWSVA does not support external USB CD/DVD drives, a “Cannot find kickstart file on DVD-ROM” warning message displays when installing
IWSVA. You can safely ignore this warning message.
Installing on a VMware ESX Virtual Machine
a. Create a virtual machine on your VMware ESX server.
See Appendix E, Creating a New Virtual Machine Under VMware ESX for
b. Power on the virtual machine that was created to boot from the IWSVA installation ISO.
Note: If your computer boots from an ISO image (such as ISOLINUX), you need to press
[ENTER] at the bootloader prompt to continue with the IWSVA installation process.
3-5
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
Installation Steps for both a VMware ESX Virtual Machine and a Bare Metal
Server
Note: IWSVA does not need a network connection during installation, but it must connect with the Internet when using the Deployment Wizard after the installation completes.
A page appears displaying the IWSVA Installation Menu. The options on this menu are as follows:
• Install IWSVA: Select this option to install IWSVA onto the new hardware or virtual machine.
• System Recovery: Select this option to recover an IWSVA system in the event that the administrative passwords cannot be recovered.
• Exit Installation: Select this option to exit the installation process and to boot from the local disk.
2. Select Install IWSVA.
The license acceptance page appears.
3. Click Accept to continue.
A page appears where you choose a keyboard language.
4. Select the keyboard language for the system and then click Next.
5. Select the driver(s) used for installation and then click Next.
The IWSVA installer scans your hardware to determine if the minimum specifications have been met and then displays the results illustrated as follows. If the host hardware contains any components that do not meet the minimum specifications, the installation program highlights the nonconforming components and the installation stops.
6. Click Next to continue.
A page appears where you specify network devices, hostname, and miscellaneous settings. If you choose to set the hostname manually, the Miscellaneous Settings will be available to you.
3-6
Installing InterScan Web Security Virtual Appliance
Note: You must assign a valid hostname to the IWSVA server for it to function
properly.
The IWSVA hostname must be entered into the DNS server assigned to the
IWSVA and its users.
7. Select the network devices and input the corresponding IP addresses.
Note: After installing the IWSVA OS, you can access the IWSVA Web console using the NIC you select, then run the Deployment Wizard to complete the necessary configuration. Also, you can use the Deployment Wizard to change the existing network settings.
F IGURE 3-1. Page to specify network devices, hostname, and miscellaneous settings
8. Configure the network settings as required for IWSVA and then click Next.
9. Specify the time zone for IWSVA on the time zone page.
3-7
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
Use the drop-down list to display the supported time zones or point to your location using the time zone map.
10. Click Next.
11. Specify a password for the administrator account.
IWSVA uses three different levels of administrator types to secure the system: Root account, Enable account, and Admin account. For convenience, the passwords for these three accounts are set the same in this step. You can change each password separately after installation.
Root Account: The Root account is used to gain access to the operating system shell and has all rights to the server. This is the most powerful account on the system.
Enable Account: The Enable account is used to gain access to the command line interface’s (CLI) privilege mode. It has all rights to execute CLI commands.
Admin Account: The Admin account is the default administration account used in the IWSVA Web console and CLI management interface. It has all rights to the
IWSVA application, but no access rights to the operating system shell. The default username is “admin”.
As you type the passwords, the password strength meter on the right indicates how strong the selected password is. For the best security, Trend Micro recommends using a strong, unique password.
12. Click Next.
A page appears where you accept all the configuration settings.
13. Confirm that the selected values are correct and then click Next.
The installation process prompts you to begin the installation. Selecting Continue erases any data on the hard disk partition and formats the hard disk. If you have data on the hard disks that you would like to keep, cancel the installation and backup the information before proceeding.
14. Click Continue.
A page appears that provides the formatting status of the local drive for the IWSVA installation. When formatting completes, the IWSVA installation begins.
3-8
Installing InterScan Web Security Virtual Appliance
F IGURE 3-2. Summary screen contains default password.
After the installation is complete a summary screen appears. The installation log is saved in the
/root/install.log
file for reference.
15. Click Reboot to restart the system.
• For a bare metal installation: The DVD automatically ejects. Remove the
DVD from the drive to prevent reinstallation.
• For a virtual machine installation: Trend Micro recommends disconnecting the DVD-ROM device from the virtual machine now that IWSVA is installed.
After IWSVA reboots, the initial CLI log in screen appears. (See Figure 3-3
.)
3-9
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
3-10
F
IGURE
3-3. The initial CLI log in screen
Note: During installation, you might receive the following messages:
for crash kernel (0x0 to 0x0) not within permissible range
powernow-k8: bios error -no psb or acpi_pss objects
Both of these messages are normal. The latter message indicates that the system BIOS is not reporting or presenting any PSB or ACPI objects or hooks to the Linux kernel.
Either the CPU or BIOS does not support PSB or ACPI objects or hooks or they are simply disabled.
16. Prepare to log into the IWSVA Web console by disabling the pop-up blocker in your browser.
Note: Pop-up blockers block the Change Password dialog box and the Deployment
Wizard which are launched during the first-time login.
17. Log in to the IWSVA Web console to launch IWSVA.
See
Logging in to IWSVA for the First Time on page 3-11 for details.
Installing InterScan Web Security Virtual Appliance
Logging in to IWSVA for the First Time
After IWSVA has restarted, you can log in to the appliance either through the CLI or the
Web management interface.
• For the CLI interface, type in your administrator username and password at the console login prompt.
Note: Turn off the pop-up blocker in your browser before logging into the Web console for the first time. Pop-up blockers block the Change Password dialog box and the Deployment Wizard.
• For the Web management interface, on your workstation (not IWSVA) open a new
Web browser and then type in the URL ( http://<IWSVA6.5IP address>:1812
) indicated in the initial CLI banner. You will need the IWSVA administrator account and password to log in. The administrator account name is
“admin” and the password is set by the user during installation.
Post-Installation Notes
After the initial CLI is available:
• The Deployment Wizard launches when you first log into the Web console. Use the
Deployment Wizard to complete your installation. (See the Administrator’s Guide,
Chapter 2.)
• Trend Micro recommends that you update your scan engine and virus pattern files immediately after registering and activating the product. (See the Administrator’s
Guide, Chapter 3.)
3-11
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
3-12
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 5 Contents
- 11 Preface
- 12 Audience
- 17 Preinstallation Planning
- 18 Server Requirements
- 18 Operating System
- 18 Hardware Requirements
- 19 Component Installation
- 20 Web Browser
- 21 Other Requirements
- 22 Information Needed to Install IWSVA
- 22 Fresh Installation
- 22 Migration
- 23 Type of Proxy Configuration
- 23 Control Manager Server Information
- 23 Database Type and Location
- 23 SNMP Notifications
- 23 Web Console Password
- 24 Command Line Access
- 24 Proxy for Internet Updates
- 24 Activation Codes
- 25 Planning Network Traffic Protection
- 25 Transparent Bridge Mode
- 26 Forward Proxy Mode
- 26 Reverse Proxy Mode
- 26 ICAP Mode
- 26 Simple Transparency Mode
- 27 WCCP Mode
- 29 Deployment Primer
- 30 Identifying Your Server Placement
- 30 Two Firewalls with DMZ
- 31 One Firewall with No DMZ
- 32 Planning Network Traffic Flows
- 33 Planning the HTTP Flow
- 35 Planning FTP Flows
- 38 Deploying in Forward Proxy Mode
- 38 Overview of Forward Proxy Mode
- 43 Planning the HTTP Flow Using the Forward Proxy Mode
- 51 Deploying in ICAP Mode
- 51 Overview of ICAP Mode
- 53 Planning the HTTP Flow Using the ICAP Mode
- 57 Deploying in Reverse Proxy Mode
- 57 Overview of Reverse Proxy Mode
- 58 Planning the HTTP Flow Using Reverse Proxy Mode
- 61 Deploying in Transparent Bridge Mode
- 61 Overview of Transparent Bridge Mode
- 62 Planning the HTTP Flow Using Transparent Bridge Mode
- 62 High Availability Deployment Mode
- 63 HA Deployment Mode Installation Guidelines
- 65 Installing InterScan Web Security Virtual Appliance
- 66 Obtaining IWSVA
- 66 Using the Trend Micro Enterprise Solutions DVD
- 67 Downloading the Installation File
- 68 Installing IWSVA
- 75 Logging in to IWSVA for the First Time
- 75 Post-Installation Notes
- 77 Migrating to InterScan Web Security Virtual Appliance
- 78 About Migration
- 78 Important Notes
- 79 Information Not Migrated
- 80 Overview of the Migration Process
- 81 Migrating from IWSVA 5.6, 6.0, 6.0 SP1 to IWSVA 6.5
- 82 Migrating from IWSVA 6.5 to Another IWSVA 6.5
- 83 After Migrating
- 85 Deployment Integration
- 86 IWSVA in a Distributed Environment
- 86 Connection Requirements and Properties
- 88 Integration with LDAP
- 88 Support Multiple Domains for Multiple LDAP Servers
- 90 LDAP Authentication in Transparent Mode
- 91 Integration with a Cisco Router using WCCP
- 92 Protecting an HTTP or FTP Server using Reverse Proxy
- 93 Integration with an ICAP Device
- 93 Setting up an ICAP 1.0-compliant Cache Server
- 93 Setting up ICAP for NetCache Appliances
- 95 Setting Up ICAP for the Blue Coat Port 80 Security Appliance
- 98 Setting up ICAP for Cisco CE ICAP Servers
- 100 Configuring Virus-scanning Server Clusters
- 100 Deleting a Cluster Configuration or Entry
- 101 Enabling “X-Virus-ID” and “X-Infection-Found” Headers
- 103 Tuning and Troubleshooting
- 104 IWSVA Performance Tuning
- 104 URL Filtering
- 104 LDAP Performance Tuning
- 108 Troubleshooting
- 108 Troubleshooting Tips
- 108 Before Contacting Technical Support
- 108 Installation Problems
- 109 General Feature Problems
- 111 Best Practices for IWSVA Installation and Deployment
- 112 IWSVA Installation Overview
- 114 Properly Sizing Your Environment
- 114 Best Practice Suggestions
- 115 Selecting Deployment Method and Redundancy
- 117 Best Practice Suggestions
- 119 Maintenance and Technical Support
- 120 Product Maintenance
- 120 Maintenance Agreement
- 121 Renewing Your Maintenance Agreement
- 122 Contacting Technical Support
- 123 TrendLabs
- 123 Knowledge Base
- 124 Known Issues
- 124 Sending Suspicious Code to Trend Micro
- 125 Security Information Center
- 127 Creating a New Virtual Machine Under VMware ESX for IWSVA
- 128 Introduction
- 128 Creating a New Virtual Machine
- 142 Powering On the IWSVA Virtual Machine and Completing the Installation
- 143 Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA
- 144 Introduction
- 144 IWSVA Support for Hyper-V
- 144 Hyper-V Virtualization Modes
- 145 Installing IWSVA 6.5 on Microsoft Hyper-V
- 149 Importing the IWSVA Image
- 151 Assigning Resources to IWSVA
- 162 Powering On the IWSVA Virtual Machine and Completing the Installation
- 170 Accessing the IWSVA Web console
- 171 Index