Corporate Installation Nod32

Discussion in 'NOD32 version 2 Forum' started by reflux, Aug 16, 2006.

Thread Status:
Not open for further replies.
  1. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    Ok I need some advise.

    I am looking at Nod32 for a large agency with the following infrastructure.

    137 Locations - speed of links range from 64k to 512k - each site has between 5 and 20 users.

    There are a total of 950 workstations and around 200 servers.

    What I am wanting is a way to have a mirror server on each site but using an automated installation which also configures each mirror.

    Is this possible?

    I would also like clients at these sites to only update form the local server.

    Would I have to have an individual config for each site as that would be painfull.

    Any help would be greatly appreciated.

    Cheers
     
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Easily done with NOD32
    Once again, no problem
    This cold be done - each site mirror could potentiall have exactly the same config but depending on your network setup, each location would probably need different config for it's clients
    You're planning on using Enterprise Edition right?
     
  3. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    Yes we would be using the Enterprise version. Is there documentation on these types of configurations?

    I can push out a mirror but it won't configure the mirror and when I do it manually it keeps complaining about having to update it before the mirror process happens, even if this has already happened.

    Cheers
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    There's two or three documents that cover the operation principles needed to get this done - here, here and here. Nothing that covers your specific setup I am aware of though.
    So you've gone to the update module and used the 'update now' button then returned to the mirror module and it still won't let you?
     
  5. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    I will check out the doco now.

    This is the error I receive http://img124.imageshack.us/my.php?image=errorbc7.jpg

    Edit: None of the documentation goes into remote deployment of mirrors though.

    Cheers
     
  6. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    This error is normal when manually configuring the mirror until the first time the installed NOD32 updates from ESET. Does it still throw this errror after you've gone to the update module and used the 'update now' button then returned to setup the mirror module?
     
  7. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    So the mirror can't update from another configured mirror?

    Cheers
     
  8. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I believe updating from another mirror is no problem in itself, but I know that some things (like the list of ESET update servers for example) only get updated when connecting to an ESET update server.
    Also if possible why not configure the mirror at each location to get it's updates direct from ESET? If the link goes down it then doesn't impact on your whole networks ability to update. Just a thought.
     
  9. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    All 137 sites connect directly back to the central office.

    Cheers
     
  10. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I'm in the middle of another job just now but later will check a couple of things later for you and post back, unless anybody else has some info to share?

    Cheers :)
     
  11. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    Appreciate it.


    Cheers
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    No worries,
    Just tested and the mirror worked perfectly so long as I first used the update module to update before I tried to set up the mirror module, even if updates were from another mirror right from the word go, never having connected to an ESET server for updates. Is this what you did?

    Cheers :)
     
  13. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    So I would have to do this manually on every server I configure as a mirror?

    Mine would never work it would never create the mirror.

    Cheers
     
  14. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    My preference, on the WAN setups I've done..is to have each satellite offices mirror go out to Esets public servers, and download the updates themselves. I have the remote RAS/RAC mirrors report into the main Admin RAS/RAC server....you'll see where in RAC on the servers...Tools, Server Options, Replication Settings.

    The NOD CC on each satellite office would report to their own local RAS/RAC box.

    The reason I choose to have each remote location download from the Eset pub servers..is I don't want that traffic hitting the VPN tunnels 'tween the sites. Instead..keep that bulkier traffic on their fat 3 meg or whatever direct internet pipe...instead of clogging the 128 or 384K or whatever VPN tunnel. Sure the definition updates are usually small..but it's when you'll get the program updates..which at times..well...you see the size of the Admin server installs.
     
  15. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    I can understand you doing that, for us seeing as internet traffic and wan traffic goes across the same link I would probably prefer them to all update from the one source rather than 137 servers downloading updates from the internet.

    I can create the mirror options in the configuration tab and push the install I am just having problems with the mirror creating. It would be good if someone wrote the steps to follow for this. I like the look of Nod but I only have a limited time to trial it before I need to make a final decision on which product to use. Without swearing I have tested Avast and it gave me nothing but problems, Symantec is very simple to configure. I just want to give NOD a good chance.

    Cheers
     
  16. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I'm trying to picture how I'd approach your setup...I've done a lot of EE installs...been doing several per month lately...but none on a WAN with that many satellites, I focus on consulting for SMBs..I don't have any clients that have a WAN of greater than 6 locations. I can appreciate your concern in simplifying the deployment. You forcing traffic through proxy?

    I see a potential for creating up to possibly 412 separate configurations...assuming you have workstations, servers, and laptops at each location.

    Prior to going to NOD32 a couple of years ago...I'd been a VAR for Symantecs CE since about version 5. Started to jump ship and look for another solution after version 9...permanently jumped ship when version 10 came out. While I'll admit the MMC for Symantec CE is a bit more simple and intuitive than NODs RAC, I find the overall performance of NOD better, the level of granularity you can get in RAC better, and something I'd consider important in your light bandwidth situation..smaller packages for deployment.

    The amount of work involved is I'm sure somewhat equally involved with no matter which brand you choose. My preference is always having remote desktop access to servers at the remote satellite..and working that way. The ones I've done I set them up through that method..as if I'm sitting right there.

    So I'm assuming you have created your initial admin server...the one located at the central office..what I'll call "mothership". And this update server is fully updated..the mirror is populated? Lets assume for the purpose of example, this server has an IP of 192.168.0.10

    HTTP update is enabled? And no Sharepoint running on this server?

    You've created a push install package named something like "MirrorBoxes"...set them to update from this mothership server? They'd update from http://192.168.0.10:8081

    After attempting to push install the remote mirror...can you RDC into it after it reboots? Check on the status? See if the mirror directory was created..and it's populated?
     
  17. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    The last part is the problem, all installs but the mirror is not created, It can update from the "Mothership" but won't create the mirror.

    Cheers
     
  18. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    The actual mirror directory....does it appear? To be honest...ever since day one I've just been in the habit of manually creating that mirror folder..and sharing it...I don't believe I've ever tried seeing in the mirror install would make the directory.
     
  19. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    I agree with YeOld here - and for another reason - if a mirror chains to a mirror, then the 2nd mirror can potentially be 2 hours behind in update - and those workstations relying on that mirror can potentially be 3 hours behind. While this MIGHT seem like a fairly insignificant amount of time, with the rapid propogration times of email worms, every hour counts. So I also deploy each remote mirror as a direct pull from Eset. This cuts one delay from the loop, and means that each workstation is never more than 2 hours from the latest definitions (in reality it's less - but with hourly updates that's the WORST case scenario).

    hth

    Greg
     
  20. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    I understand this and to be honest my main concern is getting the mirror configured. I manually create the directory and tell it where I want it to be but it just keeps complaining. In the morning I will change the config so it doesn't look at the other mirror and downloads from eset.

    I spose my main concern is that you can push out a mirror and then not have to touch it. I don't want to remotely connect to 137 servers to configure them. All I am hoping to be able to do is just push it and it doesnt the rest its self. If I need to configure 137 different configs for clients that doesnt worry me too much as I can create a script to modify the individual xml files.

    Should it just be a case of creating the xml file with the mirror information and path and pushing it to the server, surely I couldn't have missed anything? Seems pretty simple thing to do.

    Cheers
     
  21. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I suppose you're configuring the mirror as an administator on the machine, not a limited permissions user? I know - silly question -but you have to ask!?!?
     
  22. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    OK so for some strange reason I could change the update setup to get the updates from the internet then I was able to update and create the mirrror. I will have another go at configuring the mirror by its self.

    I would still want the ability to deploy the mirrror and not have to do anything to it though.

    Cheers
     
  23. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Hello Reflux,

    You should be able to do this. The first thing to do is set NOD32 on your main server to use Remote Administrator (NOD32 Control Center > NOD32 System Tools > NOD32 System Setup > Remote Admin. tab). Once the server appears in the Clients list (default 5 mins), right click on him and choose 'Configuration...'. In the new window, select 'Save as...' and check the box by 'Then Run NOD32 Configuration Editor to edit the file' and give this config a name like MirrorServer Config, or whatever, and save it.

    The config editor will then open and you need to check 3 areas - 1st, under General > Settings > Remote Adminstration > check that the correct server name is entered, IF you want this server to appear as a client also on this server, or the main server.

    2nd, go to Update > Profile (My Profile) [if default] > Settings > Update server: should be set to http://yourmainservername:8081

    3rd, the Mirror settings should be OK as they are, ie: the Mirror will be created in a similar fashion/location to the one on your main server.

    Now download the NOD32 LAN Update Server version and save this installer on your main server (in a new NOD32 installers directory maybe, or wherever you choose). Next, back in the RA Console, go the Remote Install panel and press the 'Packages' button.

    Press the 'Create' button and in the resultant window, press the browse button to locate the NOD32 LAN Update Server installer (ndntenad.exe) and then press 'Create'.

    Now in the 'Edit/Select configuration associated with this package' press the 'Select' button and locate the new config you created (MirrorServer Config?) and then press 'Save as...' and give this package a name - MirrorInstallPackage? Close the package editor window.

    Now, back in the RA Console, press the 'Install' button and on the left side of the new window, locate which new server/box you want to push to and drag him over to the right side. From the drop down field just above, select your new package (MirrorInstallPackage) and the press 'Get Info' to establish the connection from your main server to the target server. If OK, press the 'Install' button, enter your admin's logon name and password, and the installation will go through.

    After the remote server has rebooted and NOD32 is installed, he will appear in RAC on your main server (default 5 mins). Then right-click on this new client and choose 'New task...' > Update now > Finish.

    Within another 5 minutes, the remote server will receive updates from the main server's Mirror and simultaneously create and populate the new Mirror on the remote server.

    Bandicoot.
     
  24. reflux

    reflux Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    27
    Thanks for the info Bandicoot.

    I am having a look at it now.

    Update: Bandicoot thanks you are a champion. I have had no problems deploying servers, I have tried 4 without failure. I am now playing around with the clients. What would be the recommended time for clients to connect to the RAS?

    Again thanks for the instructions.

    Cheers
     
    Last edited: Aug 21, 2006
Thread Status:
Not open for further replies.