Lua Dist v11
description
Transcript of Lua Dist v11
Copyright © 2008, Symantec Corporation (Symantec). Dieses Dokument darf ohne ausdrückliche schriftliche Genehmigung durch Symantec weder vervielfältigt, noch weiter verteilt, noch auf andere Weise vollständig oder teilweise offengelegt oder weitergegeben werden.
Managing Distribution Points
with LiveUpdate
Administrator 2.1
GEA IT Services GmbH
Stefan Brexel
Werner-Habig-Straße 1 D-59302 Oelde, Germany
Symantec (Deutschland) GmbH
Presales Consulting
Kaiserswerther Str. 115 D-40880 Ratingen
Phone: +49 (0) 2102 7453 0
Your Contact:
Patrick Heinen
Principal Presales Consultant Phone: +49 (0) 2102 7453 868 Mobile: +49 (0) 172 219 7041
Version: 1.1 Bearbeiter: PH
Table of Content
Table of Content .............................................................................................................................................. 2
Executive Summary......................................................................................................................................... 3
Active Directory preparations .......................................................................................................................... 4
Define new users ......................................................................................................................................... 4
Internet Information Server settings ................................................................................................................ 5
General IIS Settings:.................................................................................................................................... 5
Setting up the IIS Website: .......................................................................................................................... 5
Setting up read and write permissions......................................................................................................... 7
Anonymous access.................................................................................................................................... 10
Define Mime-Types for LiveUpdate ........................................................................................................... 11
Live Update Administrator settings................................................................................................................ 12
Test the distribution center with a manual distribution request.................................................................. 16
Troubleshooting ......................................................................................................................................... 18
Executive Summary
This document describes the setup and installation of a Distribution Point with the LiveUpdate Administrator 2.1 to a Microsoft Internet Information Server Version 6 via HTTP.
The LiveUpdate Administrator 2.1 is a web based tool to manage the virus definition updates internally. It allows downloading LiveUpdate content from the Symantec FTP Server and distributing the content to different distribution points within your company.
A distribution point could be a HTTP site where you are allowed to push content, a FTP site where are you allowed to push files or a UNC path which could be a file share on computer or server.
Active Directory preparations
In order to prevent users from deleting or changing the content of the distribution points you should create two different accounts within the Active Directory. One Account is for pushing the updates to the different distribution accounts and one is for reading the updates from the distribution points via Live Update.
Define new users
Go to Active Directory Users and Computers
Create a new user e.g. LUA_PUSH with a password.
If you do not want to change the password at regular intervals like your password policy could contain you should define that the given password should never expire. When you want to change the password on regular intervals you will have to change the read accounts given in the LiveUpdate policy for every single user!
Create a new user e.g. LUA_PULL with a password.
The LUA_PUSH user is defined for pushing the updates from the LiveUpdate Administrator to the different distribution points and the LUA_PULL user is reading the new updates with a LiveUpdate client.
Internet Information Server settings
You will have to define a folder on the server where the updates will have to be stored. This folder could contain a lot of data (up to multiple gigabytes) depending on how long you want to store older updates. You can define how long the LiveUpdate Administrator should store older updates.
General IIS Settings:
In order to be able to push and pull updates with the LiveUpdate Administrator to an IIS Server you must have WebDav enabled in the IIS Web Server Extensions.
Setting up the IIS Website:
Move to the file system area where you want to store your updates. Define a new folder.
Open the Internet Information Services (IIS) Manger. Browse to Web Sites and define a new Virtual Directoy…
Define the name of the new Web Site directory e.g. LiveUpdateLiveUpdate
Browse to the folder which you have created for the LiveUpdate files before.
For the LUAdmin you have to define read, write and browse Access Permissions in order to be able to retrieve and push the updates to the distribution points.
Setting up read and write permissions
When you right click on the new defined Virtual Website go to Permissions.
Add the new users LUA_PULL and LUA_PUSH.
Define read Access NTFS permissions for the LUA_PULL user
and write or full access for the LUA_PUSH user
Again check the settings. You can define IIS logging if it is wanted.
You will have to choose basic authentication in the directory security settings.
Anonymous access
If you want to enable anonymous access for the LiveUpdate distribution point it is possible but you will be able do set up anonymous access for read only.
You have to set different NTFS permission to the LiveUpdate folder which you have defined as content folder.
You will have to add the standard IIS anonymous user with read only access.
e.g.: Internet Guest Account
Open the Internet Information Services (IIS) Manger. Move to the Directory Security Tab and enable Edit Authentication and access control.
Add the standard IIS anonymous user
Ensure that basic authentication is enabled.
You will now be able to read the LiveUpdate definitions without authentication but you must authenticate when you want to update the content of the web folder.
Define Mime-Types for LiveUpdate
You need to define a new mime-type that the LiveUpdate Client will be able to download all file types Symantec distributes with LiveUpdate. The mime-type has to be set to “*” because we cannot know today if there will be some changes in the future regarding different file types. To be able to retrieve all kind of file types we need to add a “*”. You can add a mime-type for every single file type you see today but then you have to change it if Symantec pushes out new file types with LiveUpdate.
Define a new mime-type with extension: * and mime-type: application/octet-stream#
Press ok then you are finished. The mime-type has to be set for the LiveUpdate folder only.
Live Update Administrator settings
Open the LiveUpdate Administrator 2.1 (http://your_luadmin_machine:8080/lua)
To define a new distribution point move to “configure” and “Distribution Centers”
Click add and define a new Distribution center name, if it is for testing or production and maybe a description.
Move to “Locations” an add a new location
Fill out all fields and add the user “LUA_PUSH” which has write access to the LiveUpdate folder. Define the HTTP Port which you have chosen in the IIS Settings. The standard port is 80.
You will immediately see if the result is okay. If you will not see a “ready” in the status field the permissions might not be set right. You then might see “unreachable”
You must define the Products which you want to make available for this distribution point.
You are now ready with the distribution point setup.
You should see your new defined distribution center
Test the distribution center with a manual distribution request
To test if your new defined distribution center is working and if you are able to push the updates to the distribution center you can start a manual distribution request.
Move to “Download & Distribute” and start a “Manual Distribution Request”
Define the products you want to push to the distribution point.
Define a subset and add your distribution point.
Select the updates that you want to distribute
You will see the Activity Monitor with the status of distributing.
Troubleshooting
When a distribution point has the status “unreachable” there might be some permission settings which have to be corrected.
You have to ensure that all Internet Information Server settings are enabled as described in the IIS Settings part of this document.
You can troubleshoot the IIS by looking into the IIS logfile. Do do this you have to ensure that IIS logging is enabled for the specified folder.
You can find the standard logfile in: C:\WINDOWS\system32\LogFiles\W3SVC1
The logfile shows the IIS error code at the end.
You will find a detailed description of all error codes in the Microsoft Technet Site for IIS troubleshooting.
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/624fb32a-d0ac-48b1-b6bf-238aa5b4a70a.mspx?mfr=true