Lua Dist v11

18
Copyright © 2008, Symantec Corporation (Symantec). Dieses Dokument darf ohne ausdrückliche schriftliche Genehmigung durch Symantec weder vervielfältigt, noch weiter verteilt, noch auf andere Weise vollständig oder teilweise offengelegt oder weitergegeben werden. Managing Distribution Points with LiveUpdate Administrator 2.1 GEA IT Services GmbH Stefan Brexel Werner-Habig-Straße 1 D-59302 Oelde, Germany Symantec (Deutschland) GmbH Presales Consulting Kaiserswerther Str. 115 D-40880 Ratingen Phone: +49 (0) 2102 7453 0 Your Contact: Patrick Heinen Principal Presales Consultant Phone: +49 (0) 2102 7453 868 Mobile: +49 (0) 172 219 7041 [email protected] Version: 1.1 Bearbeiter: PH

description

dfzfef

Transcript of Lua Dist v11

Page 1: Lua Dist v11

Copyright © 2008, Symantec Corporation (Symantec). Dieses Dokument darf ohne ausdrückliche schriftliche Genehmigung durch Symantec weder vervielfältigt, noch weiter verteilt, noch auf andere Weise vollständig oder teilweise offengelegt oder weitergegeben werden.

Managing Distribution Points

with LiveUpdate

Administrator 2.1

GEA IT Services GmbH

Stefan Brexel

Werner-Habig-Straße 1 D-59302 Oelde, Germany

Symantec (Deutschland) GmbH

Presales Consulting

Kaiserswerther Str. 115 D-40880 Ratingen

Phone: +49 (0) 2102 7453 0

Your Contact:

Patrick Heinen

Principal Presales Consultant Phone: +49 (0) 2102 7453 868 Mobile: +49 (0) 172 219 7041

[email protected]

Version: 1.1 Bearbeiter: PH

Page 2: Lua Dist v11

Table of Content

Table of Content .............................................................................................................................................. 2

Executive Summary......................................................................................................................................... 3

Active Directory preparations .......................................................................................................................... 4

Define new users ......................................................................................................................................... 4

Internet Information Server settings ................................................................................................................ 5

General IIS Settings:.................................................................................................................................... 5

Setting up the IIS Website: .......................................................................................................................... 5

Setting up read and write permissions......................................................................................................... 7

Anonymous access.................................................................................................................................... 10

Define Mime-Types for LiveUpdate ........................................................................................................... 11

Live Update Administrator settings................................................................................................................ 12

Test the distribution center with a manual distribution request.................................................................. 16

Troubleshooting ......................................................................................................................................... 18

Page 3: Lua Dist v11

Executive Summary

This document describes the setup and installation of a Distribution Point with the LiveUpdate Administrator 2.1 to a Microsoft Internet Information Server Version 6 via HTTP.

The LiveUpdate Administrator 2.1 is a web based tool to manage the virus definition updates internally. It allows downloading LiveUpdate content from the Symantec FTP Server and distributing the content to different distribution points within your company.

A distribution point could be a HTTP site where you are allowed to push content, a FTP site where are you allowed to push files or a UNC path which could be a file share on computer or server.

Page 4: Lua Dist v11

Active Directory preparations

In order to prevent users from deleting or changing the content of the distribution points you should create two different accounts within the Active Directory. One Account is for pushing the updates to the different distribution accounts and one is for reading the updates from the distribution points via Live Update.

Define new users

Go to Active Directory Users and Computers

Create a new user e.g. LUA_PUSH with a password.

If you do not want to change the password at regular intervals like your password policy could contain you should define that the given password should never expire. When you want to change the password on regular intervals you will have to change the read accounts given in the LiveUpdate policy for every single user!

Create a new user e.g. LUA_PULL with a password.

The LUA_PUSH user is defined for pushing the updates from the LiveUpdate Administrator to the different distribution points and the LUA_PULL user is reading the new updates with a LiveUpdate client.

Page 5: Lua Dist v11

Internet Information Server settings

You will have to define a folder on the server where the updates will have to be stored. This folder could contain a lot of data (up to multiple gigabytes) depending on how long you want to store older updates. You can define how long the LiveUpdate Administrator should store older updates.

General IIS Settings:

In order to be able to push and pull updates with the LiveUpdate Administrator to an IIS Server you must have WebDav enabled in the IIS Web Server Extensions.

Setting up the IIS Website:

Move to the file system area where you want to store your updates. Define a new folder.

Open the Internet Information Services (IIS) Manger. Browse to Web Sites and define a new Virtual Directoy…

Page 6: Lua Dist v11

Define the name of the new Web Site directory e.g. LiveUpdateLiveUpdate

Browse to the folder which you have created for the LiveUpdate files before.

Page 7: Lua Dist v11

For the LUAdmin you have to define read, write and browse Access Permissions in order to be able to retrieve and push the updates to the distribution points.

Setting up read and write permissions

When you right click on the new defined Virtual Website go to Permissions.

Page 8: Lua Dist v11

Add the new users LUA_PULL and LUA_PUSH.

Define read Access NTFS permissions for the LUA_PULL user

and write or full access for the LUA_PUSH user

Page 9: Lua Dist v11

Again check the settings. You can define IIS logging if it is wanted.

You will have to choose basic authentication in the directory security settings.

Page 10: Lua Dist v11

Anonymous access

If you want to enable anonymous access for the LiveUpdate distribution point it is possible but you will be able do set up anonymous access for read only.

You have to set different NTFS permission to the LiveUpdate folder which you have defined as content folder.

You will have to add the standard IIS anonymous user with read only access.

e.g.: Internet Guest Account

Open the Internet Information Services (IIS) Manger. Move to the Directory Security Tab and enable Edit Authentication and access control.

Page 11: Lua Dist v11

Add the standard IIS anonymous user

Ensure that basic authentication is enabled.

You will now be able to read the LiveUpdate definitions without authentication but you must authenticate when you want to update the content of the web folder.

Define Mime-Types for LiveUpdate

You need to define a new mime-type that the LiveUpdate Client will be able to download all file types Symantec distributes with LiveUpdate. The mime-type has to be set to “*” because we cannot know today if there will be some changes in the future regarding different file types. To be able to retrieve all kind of file types we need to add a “*”. You can add a mime-type for every single file type you see today but then you have to change it if Symantec pushes out new file types with LiveUpdate.

Define a new mime-type with extension: * and mime-type: application/octet-stream#

Press ok then you are finished. The mime-type has to be set for the LiveUpdate folder only.

Page 12: Lua Dist v11

Live Update Administrator settings

Open the LiveUpdate Administrator 2.1 (http://your_luadmin_machine:8080/lua)

To define a new distribution point move to “configure” and “Distribution Centers”

Page 13: Lua Dist v11

Click add and define a new Distribution center name, if it is for testing or production and maybe a description.

Move to “Locations” an add a new location

Fill out all fields and add the user “LUA_PUSH” which has write access to the LiveUpdate folder. Define the HTTP Port which you have chosen in the IIS Settings. The standard port is 80.

Page 14: Lua Dist v11

You will immediately see if the result is okay. If you will not see a “ready” in the status field the permissions might not be set right. You then might see “unreachable”

You must define the Products which you want to make available for this distribution point.

Page 15: Lua Dist v11

You are now ready with the distribution point setup.

You should see your new defined distribution center

Page 16: Lua Dist v11

Test the distribution center with a manual distribution request

To test if your new defined distribution center is working and if you are able to push the updates to the distribution center you can start a manual distribution request.

Move to “Download & Distribute” and start a “Manual Distribution Request”

Define the products you want to push to the distribution point.

Page 17: Lua Dist v11

Define a subset and add your distribution point.

Select the updates that you want to distribute

You will see the Activity Monitor with the status of distributing.

Page 18: Lua Dist v11

Troubleshooting

When a distribution point has the status “unreachable” there might be some permission settings which have to be corrected.

You have to ensure that all Internet Information Server settings are enabled as described in the IIS Settings part of this document.

You can troubleshoot the IIS by looking into the IIS logfile. Do do this you have to ensure that IIS logging is enabled for the specified folder.

You can find the standard logfile in: C:\WINDOWS\system32\LogFiles\W3SVC1

The logfile shows the IIS error code at the end.

You will find a detailed description of all error codes in the Microsoft Technet Site for IIS troubleshooting.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/624fb32a-d0ac-48b1-b6bf-238aa5b4a70a.mspx?mfr=true