Installation guide

ManualsBrandsMicroweb ManualsComputer equipmentPRO Series

i-i

Summary of content (178 pages)

PAGE 1
i-i
PAGE 2
i-ii
PAGE 3
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro Web site at: http://www.trendmicro.
PAGE 4
The Installation Guide for Trend Micro™ InterScan™ Web Security Virtual Appliance is intended to introduce the main features of the software and installation instructions for your production environment. You should read through it prior to installing or using the software. Detailed information about how to use specific features within the software are available in the online help file and the online Knowledge Base at Trend Micro’s Web site. Trend Micro is always seeking to improve its documentation.
PAGE 5
Contents Preface Audience ............................................................................................................... x How to Use this Guide ...................................................................................... x IWSVA Documentation ..................................................................................xii Document Conventions .................................................................................xiii About Trend Micro ..............................
PAGE 6
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Forward Proxy Mode ...............................................................................1-10 Reverse Proxy Mode ................................................................................1-10 ICAP Mode ...............................................................................................1-10 Simple Transparency Mode ....................................................................1-10 WCCP Mode ........
PAGE 7
Contents IWSVA ICAP Mode with Multiple Servers .................................... 2-27 Deploying in Reverse Proxy Mode ............................................................ 2-29 Overview of Reverse Proxy Mode ........................................................ 2-29 Planning the HTTP Flow Using Reverse Proxy Mode ...................... 2-30 HTTP Reverse Proxy in Dependent Mode .................................... 2-30 Deploying in Transparent Bridge Mode .......................................
PAGE 8
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Connection Requirements and Properties ............................................. A-2 Throughput and Availability Requirements ..................................... A-3 Integration with LDAP ................................................................................. A-4 Support Multiple Domains for Multiple LDAP Servers ..................... A-4 LDAP Authentication in Transparent Mode ....................................
PAGE 9
Contents Best Practice Suggestions ..........................................................................C-4 Selecting Deployment Method and Redundancy .......................................C-5 Best Practice Suggestions ..........................................................................C-7 Appendix D: Maintenance and Technical Support Product Maintenance .................................................................................... D-2 Maintenance Agreement ..............................
PAGE 10
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Accessing the IWSVA Web console ....................................................
PAGE 11
Preface Preface Welcome to the Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide. This guide helps you to get “up and running” by introducing InterScan Web Security Virtual Appliance (IWSVA), assisting with deployment, installation, migration (if necessary), initial configuration, troubleshooting, performance tuning, and main post-installation configuration tasks.
PAGE 12
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Audience The IWSVA documentation is written for IT managers and system administrators working in enterprise environments.
PAGE 13
Preface Chapter 4, Migrating to InterScan Web Security Virtual Appliance This chapter describes the different migration scenarios and how to complete a migration to IWSVA. Appendix A, Deployment Integration This appendix describes deployment scenarios for IWSVA, involving several technologies such as LDAP, Cisco routers using WCCP, ICAP, and Transparent Bridge. Appendix B, Tuning and Troubleshooting This appendix describes performance tuning involving URL filtering and LDAP performance.
PAGE 14
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide IWSVA Documentation In addition to the Trend Micro™ InterScan Web Security Virtual Appliance 6.5 Installation Guide, the documentation set includes the following: • Administrator’s Guide—this guide provides detailed information about all IWSVA configuration options.
PAGE 15
Preface Document Conventions To help you locate and interpret information easily, the InterScan Web Security Virtual Appliance documentation uses the following conventions. TABLE 1-1.
PAGE 16
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide information that flows through Internet gateways, email servers, and file servers, Trend Micro allows companies and service providers worldwide to stop viruses and other malicious code from a central point, before they ever reach the desktop. For more information, or to download evaluation copies of Trend Micro products, visit our award-winning Web site: http://www.trendmicro.
PAGE 17
Chapter 1 Preinstallation Planning This chapter describes the following: • Server Requirements on page 1-2 • Information Needed to Install IWSVA on page 1-6 • Planning Network Traffic Protection on page 1-9 1-1
PAGE 18
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Server Requirements Operating System A purpose-built, hardened, and performance-tuned 64-bit operating system is included with InterScan Web Security Virtual Appliance (IWSVA). Hardware Requirements The minimum requirements specified provide enough resources to properly evaluate the product under light traffic loads. The recommended requirements specified provide general production sizing guidance.
PAGE 19
Preinstallation Planning Server Platform Compatibility IWSVA should install and operate without issues on many brands of “off-the-shelf ” server platforms. However, Trend Micro cannot guarantee 100% compatibility with all brands and models of server platforms. To obtain a list of Trend Micro certified servers that are compatible with IWSVA, access the following URL: http://www.trendmicro.
PAGE 20
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide During installation, the following open-source application is installed for convenience, but is not enabled by default: • Squid—To provide optional content caching. Web Browser To access the HTTP-based Web console, use any of the browsers in Table 1-1. TABLE 1-1. Supported Web Browsers for Web Console Access B ROWSER W INDOWS XP L INUX Windows 7 SP1 CentOS 6 ✔ IE 9.
PAGE 21
Preinstallation Planning Other Requirements • Database Requirements: • • • PostgreSQL v9.2.8 (included) Internet Content Adaptation Protocol (ICAP): • NetApp™ NetCache™ release 6.0.1 • Blue Coat Systems™ SGOS v5 • Cisco ICAP servers: CE version 5.3 • Any cache server that is ICAP 1.
PAGE 22
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Information Needed to Install IWSVA You can either purchase or download a 30-day trial version of IWSVA. The 30-day trial version provides all the functionality of IWSVA. The IWSVA setup program prompts you for required information, depending on the options chosen during installation.
PAGE 23
Preinstallation Planning Type of Proxy Configuration IWSVA supports multiple deployment modes. • Forward proxy where clients directly connect to IWSVA. • Upstream proxy to another existing internal proxy server • ICAP Server to an existing ICAP 1.
PAGE 24
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Tip: For security reasons, Trend Micro recommends that you change the admin password after you log in to the Web console the first time. Tip: The password for OS account "root" and CLI account "enable" and IWSS account "admin" are the same after installing from ISO file. The IWSVA administrator can make them different. For details, please refer to the Administrator Guide.
PAGE 25
Preinstallation Planning Planning Network Traffic Protection IWSVA can be deployed in different modes to help secure your network. (See Chapter 2, Deployment Primer).
PAGE 26
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide For further details on the Transparent Bridge Mode, see Deploying in Transparent Bridge Mode on page 2-33. Forward Proxy Mode IWSVA acts as an upstream proxy for network clients. Client browser settings must be configured to redirect traffic to IWSVA. IWSVA scans HTTP and FTP traffic and there is no separate need for another dedicated proxy server. Content is scanned in both the inbound and outbound directions.
PAGE 27
Preinstallation Planning For more details on the Simple Transparency Mode, see HTTP Proxy in Simple Transparency Mode on page 2-16. WCCP Mode IWSVA works with Cisco's WCCP protocol to provide content scanning for Web and FTP traffic without the need to modify client configurations and allows redundancy and saleability to be designed into the architecture without additional hardware. For more details on the WCCP Mode, see Deploying in WCCP Mode on page 2-23.
PAGE 28
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.
PAGE 29
Chapter 2 Deployment Primer This chapter describes the following: • Identifying Your Server Placement on page 2-2 • Planning Network Traffic Flows on page 2-4 • Deploying in Forward Proxy Mode on page 2-10 • Deploying in ICAP Mode on page 2-23 • Deploying in Reverse Proxy Mode on page 2-29 • Deploying in Transparent Bridge Mode on page 2-33 2-1
PAGE 30
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Identifying Your Server Placement Before installing InterScan Web Security Virtual Appliance (IWSVA), you will need to review the IWSVA deployment modes and decide how to install IWSVA into your network environment to best meet your needs. This involves identifying where to place the IWSVA server in the network and identifying the best deployment mode for your network.
PAGE 31
Deployment Primer • Corporate LAN—These segments are located behind the internal firewall. The configuration of the internal firewall passes traffic to machines on the corporate LAN only when the traffic originates from computers inside the DMZ. FIGURE 2-1. Two Firewalls with DMZ This topology requires that all data inbound from the external servers (such as those on the Internet) first pass through a server in the DMZ.
PAGE 32
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide • The firewall configuration allows connections to machines on the corporate LAN. For security, the firewall must limit the types of data that can reach machines on the LAN. For example, the firewall might allow HTTP data from the Internet to reach only the IWSVA server. FIGURE 2-2.
PAGE 33
Deployment Primer Create a flow plan for the network traffic by doing the following: • Understand each IWSVA service’s purpose and function • Determine each service's valid data sources. For example, does the HTTP service receive requests directly from the HTTP browsers, or indirectly through an ICAP proxy device? • Determine which ports to use for the service. For instance, by default, the HTTP proxy service uses port 8080, and the FTP service uses port 21.
PAGE 34
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide There are seven possible deployment modes: Transparent Bridge Settings • Transparent Bridge mode — Use the transparent bridge mode when clients' computers are not configured to use the IWSVA server as their proxy, but still need to connect to the Internet through IWSVA. All network traffic, including HTTP/HTTPS and FTP, is visible to IWSVA in this mode.
PAGE 35
Deployment Primer Each configuration has implications for configuring IWSVA, configuring the network, and for network security. HTTPS Decryption IWSVA closes the HTTPS security loophole by decrypting and inspecting encrypted content for malware and URL access policy violations. You can define policies to decrypt HTTPS traffic from selected Web categories. While decrypted, data is treated the same way as HTTP traffic to which URL filtering and scanning rules can be applied.
PAGE 36
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide To configure FTP clients to use this flow: • Set the IWSVA server as a FTP proxy • Set the username to be username@targetftp-server, instead of the normal username Note: IWSVA FTP works with most firewalls, usually requiring only a modification to the firewall to open a port for the FTP proxy. FTP requests follow this sequence: 2-8 1. The FTP client sends a request to the IWSVA FTP service. 2.
PAGE 37
Deployment Primer FIGURE 2-3. FTP Proxy in Standalone Mode FTP Proxy in Dependent Mode You can also install IWSVA FTP on a dedicated machine between an upstream proxy and the requesting clients. Using this setup adds other FTP features (for example, access blocking, logging, and filtering) to supplement the existing FTP proxy. IWSVA's FTP-proxy mode, shown in Figure 2-4, is analogous to the dependent-mode flow of the HTTP service.
PAGE 38
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide FTP requests follow this sequence: 1. The FTP client sends a request to the IWSVA FTP service. 2. The IWSVA FTP service validates the request (for example, the file type is not blocked). If the request is valid, the IWSVA FTP service relays it to the other FTP proxy or the FTP server being protected by IWSVA. 3. The FTP server on the Internet responds to the request, ideally with the requested file. 4.
PAGE 39
Deployment Primer IWSVA configured in forward proxy mode provides the following configuration options to enable client protection: • Reconfiguring Client Settings on page 2-11 • Using a Layer 4 Switch on page 2-12 • Using a WCCP-enabled Switch or Router on page 2-14 Additionally, when IWSVA is configured in this mode, all traffic can be configured to be sent to an additional upstream proxy server if applicable.
PAGE 40
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide FIGURE 2-5. Reconfiguring the Client Settings Using a Layer 4 Switch Transparency is the functionality whereby client users do not need to change their Internet connection’s proxy settings to work in conjunction with IWSVA. Transparency is accomplished with a Layer 4 switch that redirects HTTP packets to a proxy server, which then forwards the packets to the requested server. IWSVA supports the “simple” type transparency.
PAGE 41
Deployment Primer • Simple transparency is not compatible with some older Web browsers when their HTTP requests do not include information about the host. • HTTP requests for servers that use a port other than the HTTP default port 80 are redirected to IWSVA. This means SSL (HTTPS) requests are typically fulfilled, but the content is not scanned. • Do not use any source NAT (IP masquerade) downstream of IWSVA, because IWSVA needs to know the IP address of the client to clean.
PAGE 42
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide During the installation, ensure that the check box that enables transparency to support this deployment mode is checked. TABLE 2-2. Using a Layer 4 Switch A DVANTAGES L IMITATIONS Transparent to clients Traffic interception must be port-based (not protocol-based) for one port. If the non-standard port is used for HTTP, it bypasses the switch.
PAGE 43
Deployment Primer FIGURE 2-7. IWSVA deployment in a WCCP environment Planning the HTTP Flow Using the Forward Proxy Mode For complete details on implementing the Forward Proxy Mode, see Forward Proxy Mode on page 1-10. HTTP Proxy in the Standalone Mode The simplest configuration is to install IWSVA in standalone mode, with no upstream proxy. In this case, IWSVA acts as a proxy server for the clients.
PAGE 44
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide settings. This requires cooperation from your network users, and also makes it possible for users to exempt themselves from your organization’s security policies by reconfiguring their Internet connection settings. Note: If you configure IWSVA to work in standalone mode, each client on your network needs to configure their Internet connection settings to use the IWSVA device and port (default 8080) as their proxy server.
PAGE 45
Deployment Primer FIGURE 2-8. Use a Layer 4 switch to load balance between IWSVA servers in simple transparent mode HTTP Proxy in Dependent Mode (Proxy Ahead) For HTTP browsers to use this flow, configure the browsers to proxy through the IWSVA server, by default at port 8080.
PAGE 46
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide HTTP Proxy in Dependent Mode (Proxy Ahead Web page requests follow this sequence: 2-18 1. The Web client sends a request to the HTTP service. 2. The HTTP service validates the request. • If the URL is invalid (blocked), the HTTP service sends the HTTP client an appropriate notice, completing the transaction. • If the URL is valid, the HTTP service forwards the request to an upstream HTTP proxy server. 3.
PAGE 47
Deployment Primer 6. The HTTP service scans the content for unwanted data and returns an appropriate response to the HTTP client. TABLE 2-4. HTTP Proxy in Dependent Mode (Proxy Ahead) A DVANTAGES Proxy server controls timing and content availability behavior. L IMITATIONS IWSVA has to scan every response-even when cached. It is more secure—configuration changes will affect cached objects. IWSVA does not wait for the downloading of already cached objects.
PAGE 48
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Web page requests follow this sequence: 1. The Web client sends a request to the HTTP proxy server. 2. The proxy server forwards the request to IWSVA. 3. IWSVA validates the request using URL Filtering/URL Access Control: • If the URL is invalid (blocked), the HTTP service sends the HTTP client an appropriate notice, completing the transaction.
PAGE 49
Deployment Primer TABLE 2-5. HTTP Proxy in Dependent Mode (Proxy Behind) (Continued) A DVANTAGES L IMITATIONS Cached objects are downloaded by clients directly from the Proxy server, which minimizes delays. HTTP Double Proxy in Dependent Mode Double proxy configuration requires two caching proxies. The first proxy is placed between the HTTP client and the IWSVA server, and other one is placed between the IWSVA server and the Internet.
PAGE 50
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 8. The first proxy server caches the data (if cacheable), then delivers the response/data to the HTTP client. FIGURE 2-10. HTTP Double Proxy in Dependent Mode TABLE 2-6. HTTP Double Proxy in Dependent Mode A DVANTAGES L IMITATIONS Proxy server controls timing and content availability behavior. Costs more—additional proxy servers are needed. IWSVA does not wait for the downloading of already cached objects.
PAGE 51
Deployment Primer Deploying in WCCP Mode Note: For advanced information on deploying in WCCP mode, see the IWSVA 6.5 Administrator's Guide, “Appendix F, WCCP Deployment & Troubleshooting.” HTTP Proxy in WCCP Mode (Single and Multiple IWSVA Servers) IWSVA configured in the WCCP Mode processes Web page requests in the following sequence: 1. The Web client sends a request to the Web server. 2. The router intercepts the request and forwards the request to IWSVA. 3.
PAGE 52
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide FIGURE 2-11. Using an ICAP-enabled Proxy TABLE 2-7. ICAP-enabled Proxy A DVANTAGES 2-24 L IMITATIONS ICAP allows scanning of only new and necessary content. Up front cost of ICAP equipment. Reduced and selective scanning enhances performance Adds extra steps in the IWSVA installation process. Increased resource efficiencies reduce the number of IWSVA server hardware needed. Requires management.
PAGE 53
Deployment Primer Planning the HTTP Flow Using the ICAP Mode For complete details on implementing the ICAP Mode, see ICAP Mode on page 1-10. HTTP Proxy in ICAP Mode (Single and Multiple IWSVA Servers) This section discusses the flow of a typical HTTP GET request using both an ICAP device and IWSVA servers. In these flows, IWSVA interacts with the ICAP device, in response to ICAP rules. This is very different from other flows where IWSVA receives URL requests from HTTP clients.
PAGE 54
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Although IWSVA performs the same filtering of URLs and scanning of data for unwanted content, the ICAP flow is so different from the other flows that it requires a completely different communications protocol. Administrators indicate which protocol (ICAP or non-ICAP) to use during post-installation configuration. The figures that follow show the HTTP flow with single and multiple IWSVA servers.
PAGE 55
Deployment Primer by IWSVA) to the HTTP client, and the ICAP device does not retain a copy for future requests. FIGURE 2-12. HTTP Proxy in ICAP Mode (Single IWSVA Server) IWSVA ICAP Mode with Multiple Servers If there is already a content cache server on your network, then Trend Micro recommends installing the ICAP HTTP handler. The following diagram shows the installation topology for IWSVA ICAP with multiple servers.
PAGE 56
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide FIGURE 2-13. HTTP Proxy in ICAP Mode (Multiple IWSVA Servers) TABLE 2-8. HTTP Proxy in ICAP Mode A DVANTAGES No configuration changes required on the clients. Cached objects are downloaded by clients directly from the Proxy server, which minimizes delays, and improves performance. Load-balancing is possible after some configuration to the clients. 2-28 L IMITATIONS Configuration changes on IWSVA affects cached objects.
PAGE 57
Deployment Primer Deploying in Reverse Proxy Mode Overview of Reverse Proxy Mode IWSVA is usually installed close to clients to protect them from security risks from the Internet. However, IWSVA also supports being installed as a reverse proxy to protect a Web server from having malicious programs uploaded to it. In Reverse Proxy Mode, IWSVA is installed close to the Web server that it protects. In this mode, IWSVA protects a Web server with the proxy server.
PAGE 58
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide FIGURE 2-14. Reverse proxy protects Web server from clients Planning the HTTP Flow Using Reverse Proxy Mode For complete details on implementing the Reverse Proxy Mode, see Reverse Proxy Mode on page 1-10. HTTP Reverse Proxy in Dependent Mode In reverse proxy mode, the HTTP proxy acts as the Web server to the client systems. The proxy receives all requests and transfers them to the real Web server.
PAGE 59
Deployment Primer Note: Administrators should be aware of the following: - The URL-filtering feature makes no sense in this configuration; only antivirus scanning and URL-blocking are useful. - In the reverse proxy mode, the Web server's access log is useless. To analyze the connections for the Web site, you must use the IWSVA access log.
PAGE 60
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 6. The modified page returns to the requestor. FIGURE 2-15. HTTP Reverse Proxy in Dependent Mode TABLE 2-9. More About HTTP Reverse Proxy in Dependent Mode A DVANTAGES IWSVA scans all objects before they are cached. L IMITATIONS New engines, patterns, and configurations will not affect cached objects. The access logging feature of IWSVA is compromised.
PAGE 61
Deployment Primer Deploying in Transparent Bridge Mode Overview of Transparent Bridge Mode In the Transparent Bridge Mode, IWSVA acts as a bridge between two network devices (switch, router, or firewall) and transparently scans HTTP/HTTPS and FTP traffic. Transparent Bridge Mode is the simplest way to deploy IWSVA into an existing network topology and does not require modifications to clients, routers, or switches. IWSVA acts as a “bump in the wire” and scans for malware.
PAGE 62
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Note: Silicom bypass cards are recognized by VMware ESXi 5.0, but they can only be used as NORMAL network cards without the bypass function. Planning the HTTP Flow Using Transparent Bridge Mode For complete details on implementing the Forward Proxy Mode, see Transparent Bridge Mode on page 1-9. IWSVA configured in Transparent Bridge Mode processes Web page requests in the following sequence: 1.
PAGE 63
Deployment Primer Note: The HA deployment mode is only supported in Transparent Bridge mode. High Availability among multiple IWSVAs deployed in the other supported deployment modes is handled externally to the IWSVA instance. Specifically, load balancers support redundancy in any of the proxy modes. The Cisco WCCP device can manage traffic to redundant IWSVAs in WCCP mode. The ICAP proxy client can manage traffic to redundant IWSVAs in ICAP mode. FIGURE 2-17.
PAGE 64
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide WARNING! If you accidentally configure both IWSVA devices as parent or active devices in transparent bridge mode, a network loop can be created. To avoid this possibility, please configure each IWSVA as a forward proxy device before configuring the HA feature. To configure an IWSVA HA cluster: 1. Install two IWSVA devices in forward proxy mode.
PAGE 65
Chapter 3 Installing InterScan Web Security Virtual Appliance This chapter explains the following: • Obtaining IWSVA on page 3-2 • Installing IWSVA on page 3-4 • Logging in to IWSVA for the First Time on page 3-11 • Post-Installation Notes on page 3-11 3-1
PAGE 66
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Obtaining IWSVA IWSVA is supported on the following platforms: • Bare Metal installation (dedicated off-the-shelf server platform without an operating system). Refer to the list of current certified hardware platforms to ensure your preferred server platform is supported by IWSVA. This list can be found at the following location: http://us.trendmicro.
PAGE 67
Installing InterScan Web Security Virtual Appliance 3. Eject the Enterprise Solutions DVD and place a blank DVD disk into the DVD writer. 4. Burn the IWSVA ISO image to the blank DVD. 5. Insert the newly created IWSVA Installation DVD into the target server where you would like to install IWSVA. 6. Reboot the server and boot from the IWSVA installation DVD to begin the installation process. Note: The file on the Enterprise DVD and on the Trend Micro Evaluation site is an ISO image.
PAGE 68
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Installing IWSVA IWSVA only supports new installations or migrations from specific versions. IWSVA supports migrating existing configuration and policy data from IWSVA 5.6, and IWSVA 6.0, IWSVA 6.0 SP1, IWSVA 6.5 products (see Migration on page 1-6). The IWSVA installation process formats your existing system to install IWSVA.
PAGE 69
Installing InterScan Web Security Virtual Appliance Cache Web site: www.squid-cache.org. Trend Micro will not provide support for Squid's features, but will provide support for the setup and integration of Squid and IWSVA through its supplied configuration commands. To install IWSVA: 1. Start the IWSVA installation. Installing on a Microsoft Hyper-V Virtual Machine a. Create a virtual machine on your Microsoft Hyper-V server.
PAGE 70
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Installation Steps for both a VMware ESX Virtual Machine and a Bare Metal Server Note: IWSVA does not need a network connection during installation, but it must connect with the Internet when using the Deployment Wizard after the installation completes. A page appears displaying the IWSVA Installation Menu. The options on this menu are as follows: 2.
PAGE 71
Installing InterScan Web Security Virtual Appliance Note: 7. You must assign a valid hostname to the IWSVA server for it to function properly.  The IWSVA hostname must be entered into the DNS server assigned to the IWSVA and its users. Select the network devices and input the corresponding IP addresses. Note: After installing the IWSVA OS, you can access the IWSVA Web console using the NIC you select, then run the Deployment Wizard to complete the necessary configuration.
PAGE 72
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Use the drop-down list to display the supported time zones or point to your location using the time zone map. 10. Click Next. 11. Specify a password for the administrator account. IWSVA uses three different levels of administrator types to secure the system: Root account, Enable account, and Admin account. For convenience, the passwords for these three accounts are set the same in this step.
PAGE 73
Installing InterScan Web Security Virtual Appliance FIGURE 3-2. Summary screen contains default password. After the installation is complete a summary screen appears. The installation log is saved in the /root/install.log file for reference. 15. Click Reboot to restart the system. • For a bare metal installation: The DVD automatically ejects. Remove the DVD from the drive to prevent reinstallation.
PAGE 74
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide FIGURE 3-3. Note: The initial CLI log in screen During installation, you might receive the following messages:  for crash kernel (0x0 to 0x0) not within permissible range powernow-k8: bios error -no psb or acpi_pss objects  Both of these messages are normal. The latter message indicates that the system BIOS is not reporting or presenting any PSB or ACPI objects or hooks to the Linux kernel.
PAGE 75
Installing InterScan Web Security Virtual Appliance Logging in to IWSVA for the First Time After IWSVA has restarted, you can log in to the appliance either through the CLI or the Web management interface. • For the CLI interface, type in your administrator username and password at the console login prompt. Note: • Turn off the pop-up blocker in your browser before logging into the Web console for the first time. Pop-up blockers block the Change Password dialog box and the Deployment Wizard.
PAGE 76
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.
PAGE 77
Chapter 4 Migrating to InterScan Web Security Virtual Appliance This chapter describes the following: • About Migration on page 4-2 • Information Not Migrated on page 4-3 • Migrating from IWSVA 5.6, 6.0, 6.0 SP1 to IWSVA 6.5 on page 4-5 • Migrating from IWSVA 6.5 to Another IWSVA 6.
PAGE 78
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide About Migration InterScan Web Security Virtual Appliance (IWSVA) 6.5 supports both full and partial migration. Use full migration to restore the system and application settings or to apply current configuration to an IWSVA replacement machine. Perform a partial migration if you want to replace policy and application level configurations. WARNING! IWSVA 6.5 does not support migration from another language version of IWSVA 6.
PAGE 79
Migrating to InterScan Web Security Virtual Appliance • Password information in a configuration backup file will not be displayed in clear text. • IWSVA records a configuration import or export action in the audit log. Information Not Migrated The following lists the items that are not migrated.
PAGE 80
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Overview of the Migration Process This procedure lists the major steps for both full and partial migration. Procedure: 1. Back up previous IWSx settings. 2. Install IWSVA 6.5. 3. Import the previously backed up configuration file to the new IWSVA machine. If you are migrating from a source IWSVA to a target IWSVA 6.5, and both devices are configured in standalone mode, you can choose to perform a full or partial migration.
PAGE 81
Migrating to InterScan Web Security Virtual Appliance Migrating from IWSVA 5.6, 6.0, 6.0 SP1 to IWSVA 6.5 Note: IWSVA 6.5 only supports partial migration if you want to restore back to a previous backup IWSVA 5.6, 6.0, 6.0 SP1 configuration.  IWSVA 6.5 does not support migration from another language version. Procedure: 1. Open the Web console of the source IWSVA; then, select Administration > Configuration Backup & Restore, and then click Export. The screen displays a progress bar.
PAGE 82
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Migrating from IWSVA 6.5 to Another IWSVA 6.5 Note: IWSVA 6.5 does not support migration from another language version of IWSVA 6.5.  A full migration from one IWSVA 6.5 device to another IWSVA 6.5 device is only supported if both devices are configured in standalone mode.  To perform a full migration, make sure the hardware configuration and deployment mode are the same on both IWSVA machines.
PAGE 83
Migrating to InterScan Web Security Virtual Appliance 4. Choose an option and click OK to continue. After Migrating Existing customers can check the “What’s New” section in the first chapter of the IWSVA Administrator’s Guide to see the new features are available in this release. New customers can see all of the other IWSVA features listed after the “What’s New” section.
PAGE 84
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.
PAGE 85
Appendix A Deployment Integration This appendix describes the following: • IWSVA in a Distributed Environment on page A-2 • Integration with LDAP on page A-4 • Integration with a Cisco Router using WCCP on page A-7 • Protecting an HTTP or FTP Server using Reverse Proxy on page A-8 • Integration with an ICAP Device on page A-9 A-1
PAGE 86
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide IWSVA in a Distributed Environment InterScan Web Security Virtual Appliance (IWSVA) is designed to be part of a distributed system and can establish a number of network connections based on the configuration settings.
PAGE 87
Deployment Integration TABLE A-1. Required Connections and Properties (Continued) C ONNECTING C OMPONENT Web Reputation TRAFFIC : TYPE AND VOLUME Type: HTTP Volume: Depends on the specific access I F THE C ONNECTION IS LOST Cached data is used for already started services. Service will not start and user is given access to requested URL. Throughput and Availability Requirements The administrator must determine the IWSVA availability requirements.
PAGE 88
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Integration with LDAP Support Multiple Domains for Multiple LDAP Servers IWSVA has an LDAP module that allows communication with multiple LDAP servers with the ability to establish multidomain trees and forest-like environments. IWSVA LDAP integration supports multiple domains and multiple LDAP servers. To configure the LDAP function at the IWSVA Web console: 1.
PAGE 89
Deployment Integration Catalog is handy when creating IWSVA LDAP policies for a parent group with user(s)/group(s) member(s) residing on remote domains that are part of many subdomain levels.
PAGE 90
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide LDAP Authentication in Transparent Mode Before configuring LDAP authentication on IWSVA deployed in transparent mode (bridge and WCCP), review the following criteria to ensure each item is fully met. • IWSVA must have a valid hostname assigned at Administration > Deployment Wizard > Network Interface page in the Web console. Make sure the hostname is also entered in the corporate DNS server.
PAGE 91
Deployment Integration Note: You must configure your IE settings to enable automatic authentication on each client computer.   By default, automatic authentication is enabled in IE 7.0, IE 8, and IE 9. Refer to the Administrator’s Guide for additional information. Integration with a Cisco Router using WCCP You can integrate IWSVA on a network that uses a Cisco router at the gateway without changing the browser settings of the client machines. This is achieved by utilizing Cisco’s WCCP protocol.
PAGE 92
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Protecting an HTTP or FTP Server using Reverse Proxy If you are protecting the HTTP server, install the HTTP scanning service in the HTTP proxy mode and use the reverse proxy configuration.
PAGE 93
Deployment Integration • Define the following configuration settings in the [ftp] section of the pni-file: • proxy_mode=dedicated specifies operational mode • ftp_server specifies the IP address of the protected FTP server • ftp_server_port specifies the TCP port of the protected server Integration with an ICAP Device You can integrate IWSVA on a network that utilizes an ICAP 1.0 compliant cache server. Setting up an ICAP 1.
PAGE 94
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 5. a. Click the Setup tab, and then click System > Licenses on the left menu. The System Licenses screen appears. b. Type IWFLPWA under the ICAP license section. c. Click Commit Changes. Select the Service Farms tab on the ICAP 1.0 screen, and then click New Service Farm to add ICAP servers. Then, assign the service farm name in the Service Farm Name field.
PAGE 95
Deployment Integration Click Commit Changes. For request mode, • icap://{ICAP-SERVER1-IP}:1344/REQ-Service on • icap://{ICAP-SERVER2-IP}:1344/REQ-Service on Click Commit Changes. Note: For multiple ICAP servers within a service farm with strong consistency selected, make sure that all ICAP servers have identical intscan.ini and other configuration files and the same virus pattern. The service farm will not work properly if the ICAP servers have different configurations. 10.
PAGE 96
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Edit ICAP Service name screen appears. 7. Type or select the following information: a. ICAP version number (that is, 1.0) b. The service URL, which includes the virus-scanning server host name or IP address, and the ICAP port number. The default ICAP port number is 1344.
PAGE 97
Deployment Integration Gateway opens a separate browser window and starts the Visual Policy Manager. The first time you start the policy editor, it displays an empty policy. If you have not installed JRE on your workstation, a security-warning window appears. Click Yes to continue. Follow the instructions to install the JRE. To add the response mode policy: a. Select Management. Type the log on username and password if prompted. b. Click Policy in the left menu, and then click Visual Policy Manager. c.
PAGE 98
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Add New Policy Table screen appears. e. Type the policy name under the Select policy table name field. Click OK. f. Under the Action column, right-click Deny and click Set. The Add Object screen appears. g. Click New and select Use ICAP Request Service. The Add ICAP Service Action screen appears. h. Choose the ICAP service name under the ICAP Service/Cluster Names field. i.
PAGE 99
Deployment Integration To set up ICAP for Cisco CE ICAP servers: 1. Open the Cisco CE console. 2. Type config to enter the configuration mode. 3. Type ICAP to display a list of all ICAP-related commands. 4. Create a response modification service, by typing the following: icap service RESPMOD SERVICE NAME The ICAP service configuration menu opens. Display a list of all available commands.
PAGE 100
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Configuring Virus-scanning Server Clusters For the Blue Coat Port 80 Security Appliance to work with multiple virus-scanning servers, you must configure a cluster in the Security Gateway (add the cluster, and then add the relevant ICAP services to the cluster). To configure a cluster using the management console: 1. Select Management. Type the log on username and password if prompted. 2.
PAGE 101
Deployment Integration To delete a cluster configuration using the management console: 1. Select Management. Type the log on username and password if prompted. 2. Click ICAP in the left menu, and then click the ICAP Clusters tab. 3. Click the cluster you want to delete. 4. Click Delete, and then click OK to confirm.
PAGE 102
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.
PAGE 103
Appendix B Tuning and Troubleshooting This appendix explains the following: • IWSVA Performance Tuning on page B-2 • Troubleshooting on page B-6 B-1
PAGE 104
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide IWSVA Performance Tuning If you are experiencing issues with slow browsing performance, consider the following modifications and the InterScan Web Security Virtual Appliance (IWSVA) remote rating service. URL Filtering IWSVA utilizes the Trend Micro URL Filtering Engine to perform URL categorization and reputation rating based on the data supplied by the Trend Micro Web Reputation feature.
PAGE 105
Tuning and Troubleshooting • User group membership cache: This cache can store group membership information. By default, entries in this cache will be valid for two hours, or until the cache fills (at which point the entries are replaced, starting with the oldest).   The time to live (TTL) for entries in this cache can be configured in the Web console: Administrator > IWSVA Configuration > User Identification.
PAGE 106
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Disable Verbose Logging When LDAP is Enabled Trend Micro recommends turning off verbose logging in the intscan.ini file, under the [http] section, “verbose” parameter) when LDAP is enabled for server performance reasons. Verbose logging is primarily used by software developers to identify abnormal application behavior and troubleshooting. In a production deployment, verbose logging is usually unnecessary.
PAGE 107
Tuning and Troubleshooting a. Bypass LDAP authentication for the application by adding the URLs that application accesses to “Global Trusted URLs.” The URLs in this list will bypass both authentication and content scanning. b. Instruct users to open their Web browsers and get authenticated before starting up applications that need Internet access. c. Add the IP address of the client machine to “LDAP authentication White List.” IP address in this list will bypass LDAP authentication.
PAGE 108
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Troubleshooting Troubleshooting Tips • Issue: IWSVA could not connect to the database specified in the Database Connection Settings page. The IWSVA management console displays the following error message: JDBC-ODBC BRIDGE: [UNIXODBC] Could not connect to the server; Could not connect to remote socket. Solution: • • Check the ODBC connection or the database server and try again.
PAGE 109
Tuning and Troubleshooting General Feature Problems If you have problems with IWSVA, collect the following information to provide to Trend Micro support: • The system file(s) that describes the current state of IWSVA. To compile these files, access the Web console and choose Administration > Support and then click Generate System Information File. This button is an extension of the Case Diagnostic Tool (CDT), allowing you to package the current machine “state” at a click of a button.
PAGE 110
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Use these files when working with Trend Micro technical support to help diagnose the cause of your problem. To view the files yourself, use a program like GDB, the GNU Project debugger. • B-8 Log file for the day the issue occurred • All log files the day the issue occurred (logs are stored in /etc/iscan/log by default) • Make sure verbose=1 is set in the [ftp], [http], and [notification] sections of the intscan.
PAGE 111
Appendix C Best Practices for IWSVA Installation and Deployment This appendix describes the following: • IWSVA Installation Overview on page C-2 • Properly Sizing Your Environment on page C-4 • Selecting Deployment Method and Redundancy on page C-5 C-1
PAGE 112
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide IWSVA Installation Overview This installation overview provides a quick reference on the order and key steps to install and configure InterScan Web Security Virtual Appliance (IWSVA) to function with the core scanning, logging, and reporting features. The detailed sections in the Best Practices appendix of the IWSVA Administrator’s Guide will provide the URLs for downloading the necessary material.
PAGE 113
Best Practices for IWSVA Installation and Deployment IWSVA provides operating system updates separately from application service packs. Make sure the latest operating system patch is also downloaded and applied along with the application service pack. Always read the patch's ReadMe file to familiarize yourself with the installation procedure before upgrading your system. Use the Administration > System Updates functions to perform these tasks. 6. Configure the system settings.
PAGE 114
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 13. Backup the IWSVA configuration to keep a copy of the newly created configuration. Use the Administration > Config Backup/Restore function to complete this task. 14.
PAGE 115
Best Practices for IWSVA Installation and Deployment • Redundant architectures must be designed to support your maximum number of users when it fails over to the backup unit or secondary. Otherwise, performance and response time expectations will drop when a unit fails. Selecting Deployment Method and Redundancy IWSVA is one of the most flexible Web gateway security products for deployment options.
PAGE 116
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide SQUID - IWSVA bundles the popular open source caching program, called Squid, to offer customers an economical way to cache web content without paying additional licensing fees. With IWSVA 3.1, Squid can be enabled through IWSVA's CLI interface and is deployable as a downstream proxy or an upstream proxy in relation to IWSVA. Starting with IWSVA 5.
PAGE 117
Best Practices for IWSVA Installation and Deployment Best Practice Suggestions • IWSVA uses a hybrid malware scanning architecture that is comprised of cloud-based scanning and on-box scan engines. This solution provides one of the industry's highest detection and prevention rates. Cloud-based scan engines provide proactive detection and blocking services based on reputation services. To ensure fast performance with low latency, you need to provide IWSVA access to a fast and robust DNS architecture.
PAGE 118
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide C-8 • For installations with Transparent Bridge mode on VMWare ESX, the external interface of IWSVA will connect to a virtual switch which binds to a physical network adapter. It is better not to connect any other virtual machine to this virtual switch and leave the virtual machine dedicate for IWSVA usage.
PAGE 119
Appendix D Maintenance and Technical Support This appendix describes the following: • Product Maintenance on page D-2 • Contacting Technical Support on page D-4 • Security Information Center on page D-7 D-1
PAGE 120
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Product Maintenance From time to time, Trend Micro might release a patch for a reported known issue or an upgrade that applies to your product. To find out whether there are any patches available for InterScan Web Security Virtual Appliance (IWSVA), visit the following URL: http://www.trendmicro.com/download/ The Update Center screen displays.
PAGE 121
Maintenance and Technical Support Typically, ninety (90) days before the Maintenance Agreement expires, you will be alerted of the pending discontinuance. You can update your Maintenance Agreement by purchasing renewal maintenance from your reseller, Trend Micro sales, or on the Trend Micro Online Registration URL: https://olr.trendmicro.
PAGE 122
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Contacting Technical Support To contact Trend Micro Technical Support, visit the following URL: http://www.trendmicro.com/us/home/products/support-services/ind ex.html Then, click the link for one of the following regions: • Asia/Pacific • Australia and New Zealand • Europe • Latin America • United States and Canada Follow the instructions for contacting support in your region.
PAGE 123
Maintenance and Technical Support TrendLabs TrendLabs is Trend Micro’s global infrastructure of antivirus research and product support centers that provide up-to-the minute security information to Trend Micro customers. The “virus doctors” at TrendLabs monitors potential security risks around the world, to ensure that Trend Micro products remain secure against emerging risks.
PAGE 124
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Known Issues Known issues are features in your IWSVA software that might temporarily require a workaround. Known issues are typically documented in section 7 of the Readme document you received with your product. Readme files for Trend Micro products, along with the latest copies of the product manuals, can also be found in the Trend Micro Update Center: http://www.trendmicro.
PAGE 125
Maintenance and Technical Support • Description: Include a brief description of the symptoms you are experiencing. Our team of virus engineers will “dissect” the file to identify and characterize any risks it might contain and return the cleaned file to you, usually within 48 hours. Note: Submissions made through the submission wizard or virus doctor are addressed promptly and are not subject to the policies and restrictions set forth as part of the Trend Micro Virus Response Service Level Agreement.
PAGE 126
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide • The Virus Primer, which helps you understand the difference between viruses, Trojans, worms, and other risks • The Trend Micro Safe Computing Guide • A description of risk ratings to help you understand the damage potential for a risk rated Very Low or Low vs.
PAGE 127
Appendix E Creating a New Virtual Machine Under VMware ESX for IWSVA This appendix describes how to create a new virtual machine for InterScan Web Security Virtual Appliance (IWSVA).
PAGE 128
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Introduction The actual installation of ESX is not covered in this document. Refer to VMware's product documentation to install this product. The steps outlined in the following section detail the process to create a new virtual machine under VMware ESX to install IWSVA. Creating a New Virtual Machine Use the following steps as a guideline for creating the virtual machine for your environment.
PAGE 129
Creating a New Virtual Machine Under VMware ESX for IWSVA 3. In the Storage area, double click a storage area that contains enough space to upload the IWSVA ISO. FIGURE E-1.
PAGE 130
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Datastore Browser window opens. FIGURE E-2. Storage Area 4. From the button bar, click the upload button (database icon with upward-pointing arrow) and upload the IWSVA ISO to this datastore. 5. Close the datastore after the upload has completed. To create the virtual machine 6. E-4 From the menu bar, select File > New > Virtual Machine.
PAGE 131
Creating a New Virtual Machine Under VMware ESX for IWSVA The New Virtual Machine Wizard appears. FIGURE E-3. Virtual Machine Configuration 7. Under Virtual Machine Configuration, leave Typical selected. 8. Click Next.
PAGE 132
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Name and Location Selection page appears. FIGURE E-4. 9. E-6 Name and Location of Virtual Machine Type in the Name field, an appropriate machine name and then click Next.
PAGE 133
Creating a New Virtual Machine Under VMware ESX for IWSVA The Virtual Machine Datastore Selection page appears. FIGURE E-5. Virtual Machine Datastore 10. Select the datastore where the virtual machine will reside. This does not have to be the same datastore used to upload the IWSVA ISO. 11. Click Next.
PAGE 134
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Virtual Machine Guest Operating System screen appears. FIGURE E-6. Note: Virtual Machine Guest Operating System If you are using ESXi 5.0, you must select Linux as the Guest Operating System and Red Hat Enterprise Linux 6 (64-bit). 12. For the guest operating system, select Linux and Red Hat Enterprise 6 64Bit. 13. Click Next.
PAGE 135
Creating a New Virtual Machine Under VMware ESX for IWSVA The New Virtual Machine Wizard (Virtual CPUs) screen appears. FIGURE E-7. Virtual Machine CPU 14. Select the number of processors for the virtual machine. IWSVA takes advantage of the Virtual SMP, so select the maximum number of virtual processors available. 15. Click Next.
PAGE 136
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The New Virtual Machine Wizard (Memory) screen appears. FIGURE E-8. Virtual Machine Memory 16. Allocate 2048MB of memory as a minimum for IWSVA. For production networks, Trend Micro recommends at least 4096 MB of RAM. 17. Click Next.
PAGE 137
Creating a New Virtual Machine Under VMware ESX for IWSVA The New Virtual Machine Wizard (Memory) screen appears. FIGURE E-9. Virtual Machine Network 18. Accept the default network settings and then click Next. Note: Trend Micro recommends using E1000 or VMXNet3 for the adapter type. Silicon bypass cards are also recognized by VMware and can be used as normal network cards.
PAGE 138
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Virtual Disk Capacity screen appears. FIGURE E-10. Virtual Disk Capacity 19. For testing purposes, it is adequate to leave the 50GB disk allocation at its default. For production environments, provide at least 300GB for logging and reporting purposes. See Hardware Requirements on page 1-2 for more information on disk space allocation. 20. Click Next.
PAGE 139
Creating a New Virtual Machine Under VMware ESX for IWSVA The New Virtual Machine Wizard (Ready to Complete New Virtual Machine) screen appears. FIGURE E-11. Ready to Complete 21. Check the Edit the virtual machine settings before submitting check box and then click Continue.
PAGE 140
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Virtual Machine Properties screen appears. FIGURE E-12. Virtual Machine Properties screen 22. Click on the floppy drive and then click Remove. 23. Click Resources tab, and reserve CPU and memory for IWSVA. WARNING! If you skip this step, IWSVA will not run normally. 24. Select the New CD/DVD option and then select the Datastore ISO file radio button on the right hand side. 25.
PAGE 141
Creating a New Virtual Machine Under VMware ESX for IWSVA Client Device uses the remote workstation's CD/DVD ROM drive to perform the installation and Host Device uses the VMware Server's CD/DVD ROM drive to perform the installation. Using one of these two methods saves about 500 MB or more of disk space on the VMware server. 26. Ensure that the Connect at power on check box for the New CD/DVD is checked.
PAGE 142
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Powering On the IWSVA Virtual Machine and Completing the Installation Use the following steps as a guideline for completing the installation and powering on the virtual machine. To power on a new virtual machine: 1. From the VMware Virtual Infrastructure client Console, select the name of the virtual machine you previously created. 2. Right-click the name and select Power, then select Power On.
PAGE 143
Appendix F Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA This appendix describes how to create a new virtual machine for InterScan Web Security Virtual Appliance (IWSVA) under Microsoft Hyper-V. • Introduction on page F-2 • Installing IWSVA 6.
PAGE 144
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide Introduction Starting with IWSVA 5.1 SP1, Microsoft Hyper-V based virtual platforms are supported. This document provides a step-by-step installation guide to install IWSVA 6.5 on Hyper-V based virtual machines. The actual installation of Hyper-V is not covered in this document. Refer to Microsoft’s product documentation to install this product. The procedure outlined in this document describes how to install IWSVA 6.
PAGE 145
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA Installing IWSVA 6.5 on Microsoft Hyper-V Use the following steps as a guideline for creating the virtual machine for your environment. The number of CPUs, NIC cards, memory, and hard disk space selected should reflect the requirements for your deployment. The values entered here are for instructional purposes. To create a virtual network assignment: 1. From the Hyper-V Server Manager menu, right click Hyper-V Manager. A menu appears.
PAGE 146
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 2. Select Connect to Server. A dialog box appears prompting you to select the location of the virtualization server that you want to connect to. FIGURE F-2. 3. Select the location of the virtualization server and click OK. 4. With the correct Hyper-V server connected, right click on the Windows 2008 R2 server and select Virtual Network Manager. FIGURE F-3.
PAGE 147
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA 5. Create a new virtual network by selecting External from the list of options and clicking Add. FIGURE F-4.
PAGE 148
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 6. From the External pull-down menu, select the physical network adaptor you want to connect to the new virtual network to support IWSVA 6.5. See Figure F-5. Note: The physical adaptor must be connected to the network and have access to the corporate network and the public Internet. FIGURE F-5. Physical Network Adaptor Selection WARNING! You must reserve CPU and memory for IWSVA.
PAGE 149
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA Importing the IWSVA Image After configuring the Hyper-V network settings, import the IWSVA 6.5 image into the new virtual machine. Trend Micro provides a pre-configured Hyper-V IWSVA 6.5 image for rapid deployment. To install IWSVA, import this pre-configured image onto your Windows 2008 R2 server using the following steps. To import the IWSVA image: 1.
PAGE 150
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 2. Select Import Virtual Machine from the menu options. The Import Virtual Machine dialog box appears. FIGURE F-7. F-8 Configuration for Importing IWSVA Image 3. In Location, specify the location of the folder that contains the virtual machine files. 4. In the Settings area, select the option to copy the virtual machine. 5. Select the option to duplicate all files. 6. Click Import.
PAGE 151
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA A progress bar appears indicating the status of the import process. FIGURE F-8. Image Importing Progress Assigning Resources to IWSVA After the IWSVA image has been successfully imported, you can configure the necessary resources and assign them to the IWSVA virtual machine. This includes the network adaptor, CPU, memory, and hard disk space. To assign resources to IWSVA: 1.
PAGE 152
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 2. Right click the virtual machine you want to configure. A menu with a list of options appears. FIGURE F-9.
PAGE 153
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA 3. Select the Settings... option. The Settings box for that virtual machine opens. FIGURE F-10. Assigning Virtual Network Adaptor to IWSVA Virtual Machine 4. In the Hardware area, select Network Adapter. 5. In the Network pull-down menu, select the external network adaptor that you previously configured in step 6 of the procedure: To create a virtual network assignment: on page F-3 6.
PAGE 154
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Processor area appears. FIGURE F-11. Assigning Processors to the IWSVA Virtual Machine 7. Type the number of logical processors to allocate to the virtual machine. Hyper-V allows you to assign up to four logical processors. IWSVA requires a minimum of two logical processors. Refer to the IWSVA 6.5 Sizing Guide for more information on sizing your environment.
PAGE 155
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA 8. In the Hardware area, select Memory to allocate memory for your IWSVA environment. The Memory area appears. FIGURE F-12. Assigning Memory to the IWSVA Virtual Machine 9. Type the appropriate amount of memory you want to allocate to your IWSVA environment.
PAGE 156
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 10. In the Hardware area, select the hard disk controller you want to create the virtual hard disk on. The IDE Controller area appears. FIGURE F-13. Adding a Hard Drive to the IWSVA Virtual Machine 11. Select Hard Drive from the list of options. 12. Click Add.
PAGE 157
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA The Hard Drive area appears. FIGURE F-14. Hard Drive Settings 13. In the Media area, leave the Virtual hard disk (.vhd) file option selected. 14. Click New. The New Virtual Hard Disk Wizard appears. 15. Click Next.
PAGE 158
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide The Choose Disk Type screen appears. FIGURE F-15.
PAGE 159
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA 16. Leave the Fixed size option selected and click Next. The Specify Name and Location screen appears. FIGURE F-16. Specify Hard Drive Name and Location Note: For this example, we name the virtual hard drive “IWSVA_30Gig” and set the size to 30GB. We select Fixed Size for maximum performance. This is Trend Micro’s recommended disk volume type for the IWSVA application. 17. Name the hard disk appropriately for your application. 18.
PAGE 160
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide 19. Click Next. The Configure Disk screen appears. FIGURE F-17. Specify Hard Drive Size 20. Keep the default Create a new blank virtual hard disk option selected. 21. In Size, type the disk size you want to allocate to the virtual hard drive. 22. Click Next.
PAGE 161
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA A summary screen appears that lists the configuration of the virtual hard drive. FIGURE F-18. Virtual Hard Drive Configuration Summary 23. Click Finish to complete the configuration of the virtual hard disk.
PAGE 162
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide A progress bar appears indicating the status of the hard disk creation process. When this process is finished, the Hard Drive area appears. FIGURE F-19. Adding the Virtual Hard Disk to the SCSI Controller 24. In the Hardware area, select the newly created hard drive that was created in the previous steps. 25. In the Hard Drive area, select SCSI Controller in the Controller menu. 26. Click Apply. 27.
PAGE 163
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA To power on the IWSVA virtual machine: 1. From the Server Manager, click the name of the virtual machine you created. 2. From the menu bar, select Action. 3. From the menu, select Start. This will power on the virtual machine. You can now connect to the IWSVA virtual machine’s console. To connect to the IWSVA virtual machine’s console: 1. From the Server Manager, right click the name of the virtual machine you want to configure. 2.
PAGE 164
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide To check and/or change the keyboard type: 5. Check the keyboard type and reconfigure it if necessary. FIGURE F-20. Displaying the Current Keyboard Type a. To check the keyboard type, at the system prompt, type: show system keyboard The current keyboard type will display. By default, the keyboard type is set to “US”. b.
PAGE 165
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA Where is the code for the specific keyboard type you want to configure. FIGURE F-21.
PAGE 166
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide To complete the hard disk configuration: 1. At the enable system prompt, type: configure system harddisk This action will add the new virtual hard drive in the IWSVA /var folder. FIGURE F-22. Configuring the Virtual Hard Disk for IWSVA Use Note: IWSVA supports the addition of one virtual hard drive with each virtual machine. To configure the network settings: 1.
PAGE 167
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA Where is the name of the virtual network adaptor that was previously created. FIGURE F-23. Configuring the IP Address Note: Make sure you use the proper virtual Network Interface Card (NIC) name that was created earlier for IWSVA’s use.
PAGE 168
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide b. To configure the Gateway address, at the system prompt, type: configure network route default 10.10.10.254 FIGURE F-24.
PAGE 169
Creating a New Virtual Machine Under Microsoft Hyper-V for IWSVA c. To configure the Domain Name Server (DNS) assignment, at the system prompt, type: configure network dns 10.10.99.1 10.10.100.2 FIGURE F-25.
PAGE 170
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide d. To create a network host name, at the system prompt, type: configure network hostname my_iwsva.company.com FIGURE F-26. Configuring the Hostname Accessing the IWSVA Web console After the network parameters are configured, you can now access IWSVA’s Web console to change the deployment mode, review the default policies, and make any other configuration settings.
PAGE 171
Index Index A Activation Code 1-8 adding policy request mode A-13 response mode A-13 Applet and ActiveX scanning component 1-3 Application Service Pack C-8 authentication automatic B-5 error message B-6 availability A-3 availability requirements A-3 B best practices suggestions C-7 Blue Coat Port 80 Security Gateway, setting up A-11 browser requirements 1-4 C CDT-compliant B-7 Cisco CE ICAP servers, setting up A-15 Cisco router A-7 client configuration 2-11 client IP to user ID cache B-3 clock settings C
PAGE 172
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.
PAGE 173
Index L Layer 4 switch 2-13 Layer 4 switches 2-12 LDAP A-4 authentication in transparent mode A-6, B-4 integration A-4 performance tuning B-2 requirements 1-5 verbose logging B-4 License Agreement D-2 log into console first time 3-11 logs locations B-8 M main program 1-3 maintenance D-2 Maintenance Agreement D-2 defined D-2 expiration D-2 renewal D-3 renewing D-3 Microsoft SQL Server Desktop Engine (MSDE) 1-7 migration 1-6 about 4-2 important notes 4-2 information not migrated 4-3 IWSVA 5.
PAGE 174
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.
PAGE 175
Index white papers D-8 X X-Infection-Found A-17 X-Virus-ID A-17 1-5
PAGE 176
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.
PAGE 177
i-i
PAGE 178
i-ii