About protection of network attached storages
This section provides information about the principles of joint operation of Kaspersky Security for Windows Server and network attached storages.
Protecting an EMC network attached storage of the Celerra / VNX group
Kaspersky Security for Windows Server interacts with an EMC network attached storage of the Celerra / VNX group using CAVA (Celerra Antivirus Agent) running on the protected device with Kaspersky Security for Windows Server installed. When running, Kaspersky Security for Windows Server checks the protected device for installed CAVA, which must meet the requirements of Kaspersky Security for Windows Server.
When an attempt is made to read or write a file stored in a network attached storage, this storage initiates a network request and hands the file to CAVA. CAVA writes the received file to a local disk of the computer, saving it in a dedicated folder. The Real-Time File Protection component intercepts the file operation and scans the file in accordance with the settings defined in the Real-Time File Protection task, for example, disinfecting or deleting the file. CAVA analyzes Kaspersky Security for Windows Server actions to create the check result and hand it to the network attached storage.
RPC Network Storage Protection
Interaction between Kaspersky Security for Windows Server and an RPC network storage (such as NetApp or Hitachi NAS in RPC mode) requires the RPC (Remote Procedure Call) protocol.
Kaspersky Security for Windows Server maintains a continuous connection with the network attached storage and regularly initiates RPC requests. When an attempt is made to read or create / write to a file stored in a network attached storage, the latter provides Kaspersky Security for Windows Server direct access to the file using the CIFS protocol. The RPC Network Storage Protection component scans the file in accordance with the settings defined in the RPC Network Storage Protection task. When a threat is detected, Kaspersky Security for Windows Server performs the actions defined in the task settings (including file disinfection or deletion) on the file, and then it sends the scan result to the network attached storage.
ICAP Network Storage Protection
With an ICAP network storage (such as EMC Isilon, IBM NAS, or Hitachi NAS in ICAP mode), Kaspersky Security for Windows Server functions as a service operating via the Internet Content Adaptation Protocol (ICAP).
When an attempt is made to read or create / write to a file stored in a network attached storage, the latter generates an ICAP request to Kaspersky Security for Windows Server and sends the file inside this request. The ICAP Network Storage Protection component scans the file in accordance with the settings defined in the ICAP Network Storage Protection task. When a threat is detected, Kaspersky Security for Windows Server performs the actions defined in the task settings on the file, and then it returns the scan result to the network attached storage. If the Disinfect action is specified in the settings, and the file is successfully disinfected, Kaspersky Security for Windows Server returns the disinfected file to the network attached storage as the response to the request.
