Configuring License Manager

To add, activate, or deactivate other licenses on the filer, navigate to the following section:

Configuration > License

The system identifier shown near the top of the page is unique to each filer and is used to generate and request licenses.

You can also specify settings for file access auditing, as described in File Access Auditing Support for SMB and NFS Clients and Antivirus and Malware Scanning.

For AMI filers running within a public cloud to be added to a CloudFS configuration, installation of an AMI Interoperability license on all other filers is required. Contact Panzura to obtain the licenses.

Managing Licenses

Panzura licenses can be installed using either of the following methods:

  • License token: This the simpler method, and is the default for deployments in which Secure Private Network Mode is disabled. A single 34-character token provided by Panzura is required. You enter this token either while running the setup wizard or in the WebUI as described here.
  • Individual license files: This method is the only method supported for Secure Private Network Mode. Individual license files keyed uniquely to the filer are installed.

Panzura license files are not the same thing as either cloud storage provider (CSP) licenses, or peer-to-peer authentication key files. CSP licenses are issued by your CSP and authenticate access to your cloud storage. Peer-to-peer key files authenticate peer-to-peer communication among all filers that have the same Master Filer (including the Master Filer itself).

Install Panzura Licenses

Use the following buttons as applicable to the license type, token-based or individual license-based licenses:

  • Upload: Uploads a license to the filer. Click Browse to locate the license file and then click Add License to make the license available for activation.

All licenses are keyed to the system identifier of a specific filer and cannot be used for any other filer.

  • Activate: Activates the licenses that have checkboxes selected.
  • Deactivate: Deactivates the licenses that have checkboxes selected.
  • Edit: Modify license settings.
  • Reload: Reload so the license changes take effect.
  • Delete: Removes the licenses that have checkboxes selected from the License Manager list.

 

ICAP Settings

The Internet Content Adaptation Protocol (ICAP) license allows you to use an ICAP‐capable enterprise-class virus scanner to automatically scan files with the latest virus definitions based on ICAP. Actions include the ability to block the file from being accessed, logging the detection event, and quarantining the file. If a file was previously scanned, it is not rescanned unless the virus signature information has changed, the cloud filer has rebooted, or the filename, contents or path have changed.

To view the logs associated with ICAP quarantine, select Maintenance > Diagnostics, and use the Diagnostic Tools command. See ICAP Operations for information on managing operations with the ICAP server.

The following settings are available if you edit an ICAP license in the License Manager section. For more information, see ICAP Best Practices.

The following table describes the ICAP settings.

ICAP Setting Description
Port Specify the port number used by the antivirus scanners. All scanners must use the same port. The industry standard port assignment for ICAP assigned by IANA is 1344 (default).
scan‐on‐write

Specify whether to scan files when they are saved or closed (default no).

Exclude Files

Specify patterns to explicitly identify files not to be scanned.

Example: Enter *.pdf to exclude files with the pdf suffix from the scans.

Host Specify the IP address of the anti‐virus scanner, using commas to separate multiple scanners. The filer load balances across the scanners in a round-robin fashion. All scanners must be synchronized with identical virus definitions and configured identically.
allow206

Not currently supported.

Include Files

Specify patterns to identify the files to be scanned. The default is '*' which indicates that all files are scanned.

Example: Enter *.exe, *.docx to scan only files with the exe or docx suffix.

scan‐on‐read

Specify whether to scan files when they are open for reading (default no).

Service Specify the antivirus scanner ICAP service name. Most scanners ignore this parameter. avscan is the recommended default.
Deny on Error Specify whether to assume content is suspicious and deny read access if the av scanner is non‐responsive for any reason and no other scanners are available (default yes). Applies only to scans done on read operations. Deny on Error will not prevent a write to a disk if the file was not scanned.

 

Antivirus and Malware Scanning

This section describes how to configure McAfee VirusScan Enterprise and Symantec Protection Engine for antivirus and malware scanning.

McAfee VirusScan Enterprise 8.8 with VirusScan Enterprise for Storage

You can configure a filer to use McAfee VirusScan Enterprise (VSE) 8.8 for antivirus and malware scanning. When installing the ICAP license on the filer, you are prompted for configuration information.

Enter the IP address of the McAfee scanner into the Hostname setting of the ICAP license. No other setting changes are required. If you have multiple scanners and want to load balance between them, enter the IP addresses in the Hostname setting as a comma‐separated list.

By default, the ICAP license scans files when a read or write occurs. If you do not want to scan on writes, enter no for Scan on Write.

After the settings are configured, select the checkbox for the ICAP license and then activate the license at the top of the License Manager page. This will enable virus scanning immediately. If you need to change the settings later, enter new values and click Activate Selected at the top of the License Manager page. It is not necessary to deactivate the license to make configuration changes.

Symantec Protection Engine for Network Attached Storage 7.5

You can configure a filer to use Symantec Protection Engine for antivirus and malware scanning. When installing the ICAP license on the filer, you are prompted for configuration information.

Enter the IP address of the Symantec scanner into the Hostname setting of the ICAP license and verify that Deny on Error is set to no. If you have multiple scanners and want to load balance between them, enter the IP addresses in the Hostname setting as a comma‐separated list.

By default, the ICAP license scans files when a read or write occurs. If you do not want to scan on writes, enter no for Scan on Write.

After the settings are configured, select the checkbox for the ICAP license and then activate the license at the top of the License Manager page. This will enable virus scanning immediately. If you need to change the settings later, enter new values and click Activate Selected at the top of the License Manager page. It is not necessary to deactivate the license to make configuration changes.