Chapter 3

Installing InterScan Web Security

Virtual Appliance

This chapter explains the following:

•

Obtaining IWSVA on page 3-2

•

Installing IWSVA on page 3-4

•

Logging in to IWSVA for the First Time on page 3-11

•

Post-Installation Notes on page 3-11

3-1

Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide

Obtaining IWSVA

IWSVA is supported on the following platforms:

• Bare Metal installation (dedicated off-the-shelf server platform without an operating system). Refer to the list of current certified hardware platforms to ensure your preferred server platform is supported by IWSVA. This list can be found at the following location: http://us.trendmicro.com/imperia/md/content/us/pdf/partners

/certifiedbytrendmicro/trendtested_hw_matrix_mar2011.pdf

• VMware ESX 4.0/4.1 or ESXi 4.0/4.1 as a virtual machine

• Microsoft Hyper-V 2.0 installed as a virtual server on Windows Server 2008 R2 or later version

For information regarding server requirements for IWSVA, refer to Server Requirements on page 1-2

.

Trend Micro recommends that you evaluate the method of installation that best suits your environment.

You can install IWSVA from the Trend Micro Enterprise Solutions DVD or download the installation ISO from the Trend Micro IWSVA download location: http://downloadcenter.trendmicro.com/

The DVD is available to purchase and contains the installation files and all documentation.

Using the Trend Micro Enterprise Solutions DVD

To complete this installation, you need to create a bootable installation DVD that contains the IWSVA ISO file.

Procedure:

1.

To create the installation media, insert the Trend Micro Enterprise Solution disk into the DVD drive on the computer where ISO images can be created.

2. Copy the IWSVA ISO image from the Trend Micro Enterprise Solutions Media onto the local hard drive.

3-2

Installing InterScan Web Security Virtual Appliance

3. Eject the Enterprise Solutions DVD and place a blank DVD disk into the DVD writer.

4. Burn the IWSVA ISO image to the blank DVD.

5. Insert the newly created IWSVA Installation DVD into the target server where you would like to install IWSVA.

6. Reboot the server and boot from the IWSVA installation DVD to begin the installation process.

Note: The file on the Enterprise DVD and on the Trend Micro Evaluation site is an ISO image. The ISO image allows you to create an IWSVA installation DVD to install the product.

Downloading the Installation File

Procedure:

1.

Go to the Trend Micro download Web page: http://downloadcenter.trendmicro.com/

2. Download the IWSVA ISO file.

3. Burn the IWSVA ISO image to the blank DVD.

4. Insert the newly created IWSVA Installation DVD into the target server where you would like to install the IWSVA application.

WARNING! IWSVA does not support installation using an external USB DVD drive.

5. Reboot the server and boot from the IWSVA installation DVD to begin the installation process.

Note: The ISO image needs to be copied and then burned onto a blank DVD in order to create the IWSVA installation DVD (See the DVD ISO creation document, How to

Use the Trend Micro IWSVA ISO File.)

3-3

Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide

Installing IWSVA

IWSVA only supports new installations or migrations from specific versions.

IWSVA supports migrating existing configuration and policy data from IWSVA 5.6, and

IWSVA 6.0, IWSVA 6.0 SP1, IWSVA 6.5 products (see Migration on page 1-6 ).

The IWSVA installation process formats your existing system to install IWSVA. The installation procedure is basically the same for the Bare Metal and the VMware ESX

Hyper-V virtual machine platforms. The Bare Metal installation simply boots off of the

IWSVA installation DVD to begin the procedure. The VMware and Hyper-V installations require the creation of a virtual machine before installation. Additional

VMware virtual machine configuration is described in Appendix E, Creating a New

Virtual Machine Under VMware ESX for IWSVA on page E-1 . Additional Hyper-V virtual

machine configuration is described in Appendix F,

Creating a New Virtual Machine Under

Microsoft Hyper-V for IWSVA on page F-1 .

WARNING!

Any existing data or partitions are removed during the installation process. Backup any existing data on the system (if any) before installing

IWSVA.

IWSVA also installs a copy of the open source content caching application called Squid.

It is disabled by default but you can enable this free open-source utility through the

IWSVA administration Web UI. Trend Micro provides Squid content caching for convenient and easy installation. Support for Squid is provided by the Squid open-source community.

Trend Micro Disclaimer: Trend Micro IWSVA preinstalls Squid and provides the basic configuration and statistical reports to help reduce the complexity of installing and configuring Squid to function with

IWSVA. Squid is disabled by default and must be enabled by the customer through the IWSVA administration user interface after installation has been completed. Support for Squid is obtained through open source channels and it is the

 responsibility of the customer to become acquainted with

Squid's benefits and functionality before enabling.



Additional information, documentation, and support on the

Squid application can be found at the official Squid Web Proxy

3-4

Installing InterScan Web Security Virtual Appliance

Cache Web site: www.squid-cache.org. Trend Micro will not provide support for Squid's features, but will provide support for the setup and integration of Squid and IWSVA through its supplied configuration commands.

To install IWSVA:

1.

Start the IWSVA installation.

Installing on a Microsoft Hyper-V Virtual Machine

a. Create a virtual machine on your Microsoft Hyper-V server.

See Appendix F, Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA on page F-1.

b. Refer to Post Installation Notes to access the IWSVA Web console and continue IWSVA configuration.

Installing on a Bare Metal Server

Insert the IWSVA Installation DVD (which was created from the IWSVA ISO image) into the DVD drive of the desired server.

Note: Because IWSVA does not support external USB CD/DVD drives, a “Cannot find kickstart file on DVD-ROM” warning message displays when installing

IWSVA. You can safely ignore this warning message.

Installing on a VMware ESX Virtual Machine

a. Create a virtual machine on your VMware ESX server.

See Appendix E, Creating a New Virtual Machine Under VMware ESX for

IWSVA on page E-1 .

b. Power on the virtual machine that was created to boot from the IWSVA installation ISO.

Note: If your computer boots from an ISO image (such as ISOLINUX), you need to press

[ENTER] at the bootloader prompt to continue with the IWSVA installation process.

3-5

Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide

Installation Steps for both a VMware ESX Virtual Machine and a Bare Metal

Server

Note: IWSVA does not need a network connection during installation, but it must connect with the Internet when using the Deployment Wizard after the installation completes.

A page appears displaying the IWSVA Installation Menu. The options on this menu are as follows:

• Install IWSVA: Select this option to install IWSVA onto the new hardware or virtual machine.

• System Recovery: Select this option to recover an IWSVA system in the event that the administrative passwords cannot be recovered.

• Exit Installation: Select this option to exit the installation process and to boot from the local disk.

2. Select Install IWSVA.

The license acceptance page appears.

3. Click Accept to continue.

A page appears where you choose a keyboard language.

4. Select the keyboard language for the system and then click Next.

5. Select the driver(s) used for installation and then click Next.

The IWSVA installer scans your hardware to determine if the minimum specifications have been met and then displays the results illustrated as follows. If the host hardware contains any components that do not meet the minimum specifications, the installation program highlights the nonconforming components and the installation stops.

6. Click Next to continue.

A page appears where you specify network devices, hostname, and miscellaneous settings. If you choose to set the hostname manually, the Miscellaneous Settings will be available to you.

3-6

Installing InterScan Web Security Virtual Appliance

Note: You must assign a valid hostname to the IWSVA server for it to function

 properly.

The IWSVA hostname must be entered into the DNS server assigned to the

IWSVA and its users.

7. Select the network devices and input the corresponding IP addresses.

Note: After installing the IWSVA OS, you can access the IWSVA Web console using the NIC you select, then run the Deployment Wizard to complete the necessary configuration. Also, you can use the Deployment Wizard to change the existing network settings.

F IGURE 3-1. Page to specify network devices, hostname, and miscellaneous settings

8. Configure the network settings as required for IWSVA and then click Next.

9. Specify the time zone for IWSVA on the time zone page.

3-7

Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide

Use the drop-down list to display the supported time zones or point to your location using the time zone map.

10. Click Next.

11. Specify a password for the administrator account.

IWSVA uses three different levels of administrator types to secure the system: Root account, Enable account, and Admin account. For convenience, the passwords for these three accounts are set the same in this step. You can change each password separately after installation.

Root Account: The Root account is used to gain access to the operating system shell and has all rights to the server. This is the most powerful account on the system.

Enable Account: The Enable account is used to gain access to the command line interface’s (CLI) privilege mode. It has all rights to execute CLI commands.

Admin Account: The Admin account is the default administration account used in the IWSVA Web console and CLI management interface. It has all rights to the

IWSVA application, but no access rights to the operating system shell. The default username is “admin”.

As you type the passwords, the password strength meter on the right indicates how strong the selected password is. For the best security, Trend Micro recommends using a strong, unique password.

12. Click Next.

A page appears where you accept all the configuration settings.

13. Confirm that the selected values are correct and then click Next.

The installation process prompts you to begin the installation. Selecting Continue erases any data on the hard disk partition and formats the hard disk. If you have data on the hard disks that you would like to keep, cancel the installation and backup the information before proceeding.

14. Click Continue.

A page appears that provides the formatting status of the local drive for the IWSVA installation. When formatting completes, the IWSVA installation begins.

3-8

Installing InterScan Web Security Virtual Appliance

F IGURE 3-2. Summary screen contains default password.

After the installation is complete a summary screen appears. The installation log is saved in the

/root/install.log

file for reference.

15. Click Reboot to restart the system.

• For a bare metal installation: The DVD automatically ejects. Remove the

DVD from the drive to prevent reinstallation.

• For a virtual machine installation: Trend Micro recommends disconnecting the DVD-ROM device from the virtual machine now that IWSVA is installed.

After IWSVA reboots, the initial CLI log in screen appears. (See Figure 3-3

.)

3-9

Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide

3-10

F

IGURE

3-3. The initial CLI log in screen

Note: During installation, you might receive the following messages:



 for crash kernel (0x0 to 0x0) not within permissible range

 powernow-k8: bios error -no psb or acpi_pss objects



Both of these messages are normal. The latter message indicates that the system BIOS is not reporting or presenting any PSB or ACPI objects or hooks to the Linux kernel.

Either the CPU or BIOS does not support PSB or ACPI objects or hooks or they are simply disabled.

16. Prepare to log into the IWSVA Web console by disabling the pop-up blocker in your browser.

Note: Pop-up blockers block the Change Password dialog box and the Deployment

Wizard which are launched during the first-time login.

17. Log in to the IWSVA Web console to launch IWSVA.

See

Logging in to IWSVA for the First Time on page 3-11 for details.

Installing InterScan Web Security Virtual Appliance

Logging in to IWSVA for the First Time

After IWSVA has restarted, you can log in to the appliance either through the CLI or the

Web management interface.

• For the CLI interface, type in your administrator username and password at the console login prompt.

Note: Turn off the pop-up blocker in your browser before logging into the Web console for the first time. Pop-up blockers block the Change Password dialog box and the Deployment Wizard.

• For the Web management interface, on your workstation (not IWSVA) open a new

Web browser and then type in the URL ( http://<IWSVA6.5IP address>:1812

) indicated in the initial CLI banner. You will need the IWSVA administrator account and password to log in. The administrator account name is

“admin” and the password is set by the user during installation.

Post-Installation Notes

After the initial CLI is available:

• The Deployment Wizard launches when you first log into the Web console. Use the

Deployment Wizard to complete your installation. (See the Administrator’s Guide,

Chapter 2.)

• Trend Micro recommends that you update your scan engine and virus pattern files immediately after registering and activating the product. (See the Administrator’s

Guide, Chapter 3.)

3-11

Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide

3-12