McAfee GTI Proxy 1.0 InstallationGuide

McAfee® GTI Proxy® 1.0.0 Installation Guide

2 McAfee GTI Proxy Installation Guide

COPYRIGHT

Copyright © 2010 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE

GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE

CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE

RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU

DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

License Attributions

For a complete list of third-party license attributions, see the license.txt file. This file is included at the root of the product download zip file and, in default installations, at:

C:\Program Files\McAfee\<Product>

McAfee GTI Proxy Installation Guide 3

Contents

Using this guide ..............................................................................................5 Audience ..................................................................................................5 Type conventions ......................................................................................6

Where to find documentation ............................................................................6 Downloading manuals from the McAfee ServicePortal ....................................6

McAfee GTI Proxy ............................................................................................8 GTI Proxy ................................................................................................8 GTI Proxy Appliance ..................................................................................8

System Requirements ......................................................................................9 Pre Installation Tasks..................................................................................... 10

Uninstalling GTI Server for ePO from managed nodes .................................. 10 Uninstalling GTI Server Appliance for ePO from managed nodes ................... 10 Removing GTI Server Appliance for ePO deployment package ....................... 11 Removing GTI Server for ePO deployment package ..................................... 11 Removing GTI Server Appliance extension ................................................. 12 Removing GTI Server extension ................................................................ 12 Removing GTI Server Appliance from the System Tree ................................ 12

Installing GTI Proxy Appliance ........................................................................ 14 Deploying VMware Image ........................................................................ 14 Configure Network Settings ...................................................................... 14 Configuring Time zone ............................................................................. 16 Configuring the Date and Time ................................................................. 17 Installing McAfee Agent for Linux on GTI Proxy Appliance ............................ 17 Determining the Agent wake-up communication port ................................... 18 Determining the Agent-to-server communication port ................................. 18

Installing GTI Proxy ....................................................................................... 19 Installing GTI Proxy Package .................................................................... 19 Deploying GTI Proxy Appliance plugin ........................................................ 19 Deploying GTI Proxy Agent plugin on managed nodes ................................. 20 Check GTI Proxy Appliance installed packages ............................................ 20

Uninstalling GTI Proxy ................................................................................... 22 Uninstall GTI Proxy Appliance plugin.......................................................... 22 Uninstalling GTI Proxy Agent from managed nodes ..................................... 22 Uninstall GTI Proxy package ..................................................................... 23

Restarting and shutting down GTI Proxy Appliance ............................................ 25 Restarting the GTI Proxy Appliance ........................................................... 25 Shut down the GTI Proxy Appliance ........................................................... 25

Configuring GTI Proxy Appliance ..................................................................... 26 Adding a GTI Proxy Appliance ................................................................... 26 Configuring GTI Cloud Server ................................................................... 27 Configuring tiered GTI Proxy Appliance access ............................................ 28 Configuring Performance Log Purging and Archiving .................................... 29 Configuring Performance Data Collection Interval ........................................ 30

Configuring GTI Proxy Agent........................................................................... 31 Configuring fallback servers for managed nodes ......................................... 31 Configuring fallback servers for sets of managed nodes ............................... 32

GTI Proxy Appliance Diagnostics ..................................................................... 34 Check General DNS Access ....................................................................... 34 Check Resolution to GTI Servers in the Cloud ............................................. 34 Check GTI lookups from GTI Proxy Appliance ............................................. 35 Check GTI lookups using GTI Proxy Appliance ............................................ 35 Check appliance status using GTI Proxy Appliance....................................... 35

GTI Proxy Diagnostics .................................................................................... 37 Check GTI Proxy Agent managed nodes ..................................................... 37 Check GTI Proxy Agent configuration on managed nodes ............................. 37 Check GTI Proxy Appliance managed nodes ............................................... 38


Check GTI Proxy Appliance status ............................................................. 38 Check GTI Proxy Appliance configuration ................................................... 38 Reinstall McAfee Agent for Linux on GTI Proxy Appliance ............................. 39 Start GTI Proxy Appliance plugin ............................................................... 40 Start McAfee Agent for Linux .................................................................... 40


Using this guide This guide helps network administrator’s install McAfee® GTI Proxy software. It

contains an overview of the product technology, concepts and architecture, as well as

a detailed description of steps to install the McAfee GTI Proxy components.

The guide includes these topics:

� Introduction and system components

� Installing McAfee GTI Proxy

� Configuring McAfee GTI Proxy

� Diagnostics and Trouble Shooting McAfee GTI Proxy

Audience The information in this guide is intended primarily for two audiences:

� Security officers who are responsible for determining sensitive and confidential

data and defining the corporate policy for protecting the company’s intellectual

property.

� Network administrators who are responsible for implementing and enforcing

the corporate policy for protecting the company’s intellectual property.

Preface


Type conventions This guide uses these type conventions:

Bold Condensed Words from the interface, including options, menus,

buttons, and dialog boxes.

Courier The path of a folder or program; a code sample; text

that the user types exactly, as in a command at the

system prompt.

Italic Emphasis for a new term; book and chapter titles.

Bold Emphasis.

Blue Words from the product interface

<TERM> Angle brackets enclose a generic or replaceable term.

Note Supplemental information, like an alternate method of

accessing an option.

Tip Suggestions and recommendations.

Caution/Important Important advice to protect your computer system,

enterprise, software installation, or data.

Warning Important advice to prevent bodily harm when using a

hardware product.

Where to find documentation McAfee product documentation is designed for each phase of the product’s use.

Downloading manuals from the McAfee ServicePortal To access the documentation for your McAfee products, use the McAfee ServicePortal.

1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and, under Support

by Reading, click Product Documentation.

2 Select a Product.

3 Select a Version.

4 Select a product document. Product documentation by phase

McAfee documentation provides the information you need during each phase of

product implementation, from installing a new product to maintaining existing ones.

Depending on the product, additional documents might also be available. After a

product is released, information regarding the product is entered into the online

KnowledgeBase, available through the McAfee ServicePortal.


Installation Before, during, and after installing the product

� Release Notes

� Installation Guide

Setup Using the product

� Product Guide

� Online Help

Maintenance Maintaining the software

� KnowledgeBase – http://mysupport.mcafee.com under Self Service

McAfee GTI Proxy McAfee GTI Proxy is a system that allows McAfee Virus Scan Enterprise (VSE) nodes to

perform GTI system lookups from within the Enterprise Network without requiring

direct access to the GTI Servers in the Cloud. The GTI Proxy system acts as a central

controller within the enterprise to resolve GTI requests on behalf of the VSE nodes.

The VSE nodes make the GTI request to the GTI Proxy system and the GTI Proxy

system then makes the lookup to the GTI Servers in the Cloud. The GTI Proxy system

uses the response to populate a local cache and then sends back the response to VSE

nodes. The GTI Proxy system caches the response for a period as defined by the GTI

Servers in the cloud. When the cache period expires, the next request for the

information from the GTI Proxy system by VSE nodes causes another request to the

GTI Servers in the Cloud and the cache to be updated. This mechanism keeps the GTI

Proxy system synchronized with the GTI Server in the cloud.

There are two parts to the McAfee GTI Proxy system:

� GTI Proxy (for setting up fallback servers on the managed VSE client nodes

and for managing GTI Proxy Appliance)

� GTI Proxy Appliance (performs GTI lookups)

GTI Proxy GTI Proxy is a combination of two ePO products, which is delivered as a single zip

file GTI Proxy.zip. One is GTI Proxy, which configures VSE nodes on the enterprise

network to communicate with specified GTI Proxy Appliance instances for resolving GTI system lookups.

Another is GTI Proxy Appliance, which communicates with and manages the GTI

Proxy Appliance machine on the enterprise network. The services it offers are

Configuring the GTI Proxy Appliance to setup GTI cloud servers, managing

specified Log files (Pull/Purge) on the server, managing the GTI Proxy process for

querying its Status and also performing operations like Start, Stop etc. Along with

this it provides reporting information on the GTI Proxy Appliance performance in

the form of different graphs and charts.

GTI Proxy Appliance The GTI Proxy Appliance is delivered as a VMware image to the Enterprise. The

VMware host image is a CentOS 5.3 64-bit installation. A gtiproxy process is running

on the system to service GTI requests. The following functionality is provided:

� Service GTI requests from VSE nodes on the Enterprise network

� Perform GTI lookup requests in the Cloud

Introducing McAfee GTI Proxy


� Caching of GTI lookup

� Tiered support for multiple GTI Proxy Appliance configuration on the Enterprise

network

System Requirements Prerequisites of GTI Proxy Appliance:

Item Requirements

VMWare Convertor • VMware Converter Standalone 4.0.x

• VMware OVF Tool

VMware • VMware Workstation 7.x

• VMware Workstation 6.x

• VMware Player 3.x

• VMware Server 1.x

• VMware Server 2.x

• VMware ESXi 4.0

• VMware vCenter Server 2.5

Disk Minimum of 35GB available

Memory Minimum of 2GB available

CPU 64-bit CPU

Prerequisites of GTI Proxy:

� McAfee ePolicy Orchestrator 4.5

Prerequisites of GTI Proxy Agent managed nodes:

� McAfee Agent 4.5

� McAfee VirusScan Enterprise 8.7 or later with DAT release version 5884 or later

and 5400 Engine or later

Prerequisites of GTI Proxy Appliance managed nodes:

� McAfee Agent 4.5 for Linux


This chapter describes the tasks to be performed, in case the RTS Version of the

McAfee GTI Proxy (formerly know as McAfee GTI Server) is installed previously. The

RTS Version must be uninstalled before installing Version 1.0 on the system.

Pre Installation Tasks Use this task to uninstall the RTS version of the software. This will completely remove

the RTS version of the software from the environment. When this section is complete

successfully installation of GTI Proxy can commence.

Uninstalling GTI Server for ePO from managed nodes Use this task to uninstall previously installed GTI Server for ePO from managed nodes.

Note

This task should be completed successfully for all nodes before progressing to the next

task.

Task

For option definitions, click ? in the interface.

1. Log on to the ePolicy Orchestrator server as an administrator.

2. Select Menu | Systems | System Tree | Client Tasks, select the required group in the System

Tree, then select Actions | New Task. The Client Task Builder wizard appears.

3. In the Description page, type a Name for the task, Notes (optional), select the Type

as Product Deployment, then click Next.

4. In the Configuration page, select Target Platforms as Windows, Products and components as

GTI_ SERVER for ePO 1.0.0, Action as Remove. Select an appropriate Language, then click

Next.

5. Schedule the task to run immediately or as required, then click Next to view a

summary of the task.

6. Review the summary of the task, then click Save.

7. Send an agent wake-up call.

Uninstalling GTI Server Appliance for ePO from managed nodes

Use this task to uninstall previously installed GTI Server Appliance for ePO from

managed nodes.

Pre Installation Tasks


Task







4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI_

SERVER_APPLIANCE for ePO 1.0.0, Action as Remove. Select an appropriate Language, then

click Next.





Removing GTI Server Appliance for ePO deployment package

Use this task to remove the previously checked in GTI Server Appliance for ePO

deployment package from the ePolicy Orchestrator.

Task



2. Select Menu | Software | Master Repository.

3. Click the Delete link of the GTI_ SERVER_APPLIANCE package.

4. Click OK on the Delete Package page.

Removing GTI Server for ePO deployment package Use this task to remove the previously checked in GTI Server for ePO deployment

package from the ePolicy Orchestrator.

Task




3. Click the Delete link of the GTI_ SERVER package.



Removing GTI Server Appliance extension Use this task to remove the previously installed GTI Server Appliance extension from

the ePolicy Orchestrator server.

Task



2. Select Menu | Software | Extensions.

3. Select the GTI Server Appliance for ePO extension file, then click Remove.

4. Select Force removal, bypassing any checks or errors, then click OK.

5. Select Menu | Reporting | Queries.

6. In the Groups, click on the arrow in front of the Shared Groups.

7. From the list that appears, select GTI Server Appliance.

8. Click Group Actions and select Delete Group.

9. Click on OK to confirm deletion of Query Group and All the queries inside this

group.

Removing GTI Server extension Use this task to remove the previously installed GTI Server extension from the ePolicy

Orchestrator server.

Task




3. Select the GTI Server for ePO extension file, then click Remove.


Removing GTI Server Appliance from the System Tree Use this task to remove the GTI Server Appliance system from the System Tree within

ePolicy Orchestrator.

Task



2. Select Menu | Systems | System Tree.

3. Click the checkbox for the GTI Server Appliance system (default name of

mfegtiserver).

4. Select Actions | Directory Management | Delete, then click OK.


This chapter describes how to install GTI Proxy Appliance using VMware. To use this

chapter effectively you need to be familiar with VMware and basic UNIX shell

interaction.

Installing GTI Proxy Appliance This chapter describes how to install GTI Proxy Appliance using VMware and McAfee

ePolicy Orchestrator management software. To use this chapter effectively you need to

be familiar with VMware and ePolicy Orchestrator.

Note

This document does not provide detailed information about installing or using ePolicy

Orchestrator or VMware software. See the VMware and McAfee ePolicy Orchestrator

product documentation for more information.

Deploying VMware Image GTI Proxy Appliance is delivered as a VMware image to the Enterprise. Installation

instruction for an existing VMware image as specified by the version of VMware

installed in the Enterprise should be followed to install GTI Proxy Appliance. The

version must be one of those as specified in the system requirements of this

document.

The VMware image is delivered as an .ova file. This is a single file bundled image. It

must be converted to the VMware flavor of choice as defined by the prerequisites in

this document. To convert the ova file use VMWare convertors mentioned in the

system requirements section. Using a .ova file allows a single deliverable while

satisfying multiple VMware product requirements using the conversion process.

Configure Network Settings The GTI Proxy Appliance has DHCP network configuration by default. Use this section

to configure the GTI Proxy Appliance to use static or DHCP network configuration.

Configuring DHCP Addressing Use this task to setup DHCP network configuration.

Prerequisites

� Hostname for the GTI Proxy Appliance.

� Domain name for the GTI Proxy Appliance.

Installing GTI Proxy Appliance


Note

At any time use the Cancel options to abort the task.

Task

1. Log on to the GTI Proxy Appliance as the user gtip.

2. Type in the command sudo /usr/sbin/system-config-network, then press

Enter.

3. Select Edit a device params, then press Enter.

4. Select eth0 (eth0), then press Enter.

5. Select Use DHCP.

6. Select OK, then press Enter.

7. Select Save, then press Enter.

8. Select Edit DNS configuration, then press Enter.

9. Select Hostname.

10. Type in the Hostname.Domain from the prerequisites.


12. Select Save&Quit, then press Enter.

13. Type in the command sudo /sbin/shutdown –r now, then press Enter. The GTI

Proxy Appliance will restart with the changes applied.

Configuring Static Addressing Use this task to setup static network configuration.

Prerequisites

� Hostname for the GTI Proxy Appliance.

� Domain name for the GTI Proxy Appliance.

� IP Address for the GTI Proxy Appliance.

� Subnet mask for IP Address.

� IP Address for the default gateway used by the GTI Proxy Appliance.

� IP Addresses of the DNS servers used by the GTI Proxy Appliance.

Note

At any time use the Cancel options to abort the task.


Task


2. Type in the command sudo /usr/sbin/system-config-network, then press

Enter.

3. Select Edit a device params, then press Enter.

4. Select eth0 (eth0), then press Enter.

5. Deselect Use DHCP.

6. Type in the Static IP from the prerequisites, then press Enter.

7. Type in the Netmask from the prerequisites, then press Enter.

8. Type in the Default gateway IP from the prerequisites, then press Enter.


10. Select Edit DNS configuration, then press Enter.

11. Select Hostname.

12. Type in the Hostname.Domain from the prerequisites.

13. Type in the DNS Servers from the prerequisites.


15. Select Save&Quit, then press Enter.


Proxy Appliance will restart with the changes applied.

Configuring Time zone Use this task to set the time zone you want to use on GTI Proxy Appliance so that it is

in sync with the ePO time.

Task


2. Type in the command tzselect, then press Enter.

3. Type in the number corresponding to the required continent, then press Enter.

4. Type in the number corresponding to the required country, then press Enter.

5. Type in the number corresponding to the required time zone, then press Enter.

6. Type in the number 1, then press Enter.

7. Make note of the time zone string required for the .profile file.

8. Type in the command vi .profile, then press Enter.

9. Press the key sequence SHIFT-G.

10. Press the key o in lower case.

11. Type in the time zone string from step 7.

12. Press the ESC key.

13. Type :wq, then press Enter. This saves the file.

14. Type in the command exit, then press Enter. The gtip user is logged out of the

system.


16. Type in the command date, then press Enter. The time zone is displayed as set in

the steps above.


Configuring the Date and Time Use this task to set the date and time for the GTI Proxy Appliance.

Note

This task should be performed before McAfee Agent for Linux is installed on the GTI

Proxy Appliance.

If the date or time is changed on the GTI Proxy Appliance the system should be

restarted so that the McAfee Agent for Linux adjusts for the change

Task


2. Type in the command sudo /bin/date –s “Thu Jun 17 13:00:00 EST 2010”, then

press Enter.

3. This sets the date for the specified string. Choose the locale based on the desired

time zone and set other values accordingly.

Installing McAfee Agent for Linux on GTI Proxy Appliance Use this task to install MA on GTI Proxy Appliance to manage it through ePO.

Prerequisites

� IPv4 address and Agent-to-server communication port of the ePO server. Refer

the task Determining Agent-to-server communication port to know the

currently configured Agent-to-server communication port.

� McAfee Agent for Linux 4.5 or above should be present in the ePO Master

Repository.

� Agent wake-up communication port. Refer the task Determining the agent

wake-up communication port.

Task


2. Type in the command sudo /usr/local/sbin/configure_ma.sh, then press

Enter.

3. Type the ePO server IP address and the Agent-to-server communication port,

separated with a colon (IP:port) on the prompt “Provide IP Address and port of

ePO server”, then press Enter.

4. The McAfee Agent installer is downloaded from ePO server and McAfee Agent is

installed on GTI Proxy Appliance.

5. In case the system firewall is not running, a prompt appears asking for whether

the firewall needs to be started or not. Type ‘y’ on the prompt “Firewall is off. Do

you want to turn it on”, then press Enter.

6. Next, the default Agent wake-up communication port is shown.


7. Type the Agent wake-up communication port on the prompt “Enter new port if it is

different on ePO” if it is different from the default shown above, then press Enter.

Otherwise, just press Enter.

8. Wait until the first ASCI happens.

9. The port is configured and the GTI Proxy Appliance is now managed through ePO.

10. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy

Appliance.

Determining the Agent wake-up communication port Use this task to know the Agent wake-up communication port configured in ePO.

Task



2. Select Menu | Configuration | Server Settings.

3. In the Setting Categories, click on the Ports.

4. The Agent wake-up communication port is shown along with all other ports.

Determining the Agent-to-server communication port Use this task to know the Agent-to-server communication port configured in ePO.

Task



2. Select Menu | Configuration | Server Settings.

3. In the Setting Categories, click on the Ports.

4. The Agent-to-server communication port is shown along with all other ports.


This chapter describes how to install GTI Proxy using McAfee ePolicy Orchestrator

management software. To use this chapter effectively you need to be familiar with

ePolicy Orchestrator and basic UNIX shell interaction.

Installing GTI Proxy This chapter describes how to install GTI Proxy extensions for ePO. In 1.0 release, now the entire package is provided as a single archive file (“GTI Proxy.zip”) which contains

two ePO extensions (GTI Proxy Agent and GTI Proxy Appliance). Within each extension, the

plugin package for managing VSE nodes and GTI Proxy Appliance respectively resides.

Installing GTI Proxy Package Use this task to install the GTI Proxy Agent and GTI Proxy Appliance ePO extensions. The extension file is in .ZIP format. By installing the single extension package (“GTI

Proxy.zip”) the two extensions for ePO referenced above are installed. In addition, it will

check-in two deployable packages (GTI Proxy Agent & GTI Proxy Appliance) automatically into

the Master Repository. These packages must be installed on the managed VSE client nodes and GTI Proxy Appliance machine (CentOS 5.3 64-bit) respectively, using ePO client

tasks. The steps to install these packages using client task are mentioned later in this

chapter.

Note

This task checks in packages in Master Repository, make sure no other operation (Pull

operation) is being performed on the Master Repository, while performing this task.

Task


1. Copy the “GTI Proxy.zip” archive to a temporary location of your ePolicyOrchestrator

server.


3. Select Menu | Software | Extensions | Install Extension. The Install Extension dialog box

appears.

4. Click Browse to locate the extension file “GTI Proxy.zip”, then click OK. The Install

Extension page appears with the extension names and version details.

5. Click OK.

Deploying GTI Proxy Appliance plugin Use this task to install GTI Proxy Appliance MA plugin on managed GTI Proxy

Appliance. ePolicy Orchestrator allows you to create tasks to deploy product on a

single node, or on groups of the system tree.

Installing GTI Proxy


Task




Tree, then click Actions | New Task. The Client Task Builder wizard appears.

3. In the Description page, type a Name for the task, Notes (optional), select the

Type as Product Deployment, then click Next.

4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI

Proxy Appliance 1.0.0, Action as Install. Select an appropriate Language, then click Next.



6. Review the summary of the task, click Save. The task is added to the list of client

tasks for the selected group and any group that inherits the task.


Deploying GTI Proxy Agent plugin on managed nodes Use this task to deploy GTI Proxy Agent MA plugin on the managed nodes. ePolicy

Orchestrator allows you to create tasks to deploy product on a single node, or on

groups of the system tree.

Task




Tree, then click Actions | New Task. The Client Task Builder wizard appears.

3. In the Description page, type a Name for the task, Notes (optional), select the

Type as Product Deployment, then click Next.


GTI PROXY AGENT 1.0.0, Action as Install. Select an appropriate Language, then click Next.



6. Review the summary of the task, click Save. The task is added to the list of client

tasks for the selected group and any group that inherits the task.


Check GTI Proxy Appliance installed packages This section describes how to check various installed packages on GTI Proxy

Appliance.

Check GTI Proxy Appliance Package Use this task to check whether the GTI Proxy Appliance software is installed on the

VMware.

Task



2. Type the command rpm -q mfegtiproxy and then press enter.

3. The installed GTI Proxy Appliance package is shown with the current version.


Appliance.

Check MA for Linux Package Use this task to check whether the MA for Linux is installed on the VMware.

Task


2. Type the command rpm -q MFEcma and then press enter.

3. The installed MA package is shown with the current version.


Appliance.

Check GTI Proxy Appliance plugin Package Use this task to check whether the GTI Proxy Appliance plugin software is installed on

the VMware.

Task


2. Type the command rpm –q gtipa and then press enter.

3. The installed GTI Proxy Appliance plugin package is shown with the current

version.


Appliance.


This chapter describes how to uninstall GTI Proxy using McAfee ePolicy Orchestrator



Uninstalling GTI Proxy This chapter describes how to uninstall or remove GTI Proxy components from ePO.

Also it describes how to uninstall the plugins from managed nodes and GTI Proxy

Appliance.

Uninstall GTI Proxy Appliance plugin Use this task to uninstall GTI Proxy Appliance MA plugin from managed GTI Proxy

Appliance.

Task







4. In the Configuration page, select Target Platforms as Linux, Products and components as GTI

Proxy Appliance 1.0.0, Action as Remove. Select an appropriate Language, then click Next.





Uninstalling GTI Proxy Agent from managed nodes Use this task to uninstall GTI Proxy from managed nodes.

Task








GTI Proxy Agent 1.0.0, Action as Remove. Select an appropriate Language, then click Next.



Uninstalling GTI Proxy




Uninstall GTI Proxy package This task describes how to uninstall the ePO extensions and how to remove the

checked in MA packages from the Master Repository.

Removing GTI Proxy Appliance plugin Use this task to remove the GTI Proxy Appliance plugin from the ePolicy Orchestrator.

Task




3. Click the Delete link on the GTI Proxy Appliance.


Removing GTI Proxy Agent plugin Use this task to remove the GTI Proxy Agent plugin from the ePolicy Orchestrator.

Task




3. Click the Delete link on the GTI Proxy Agent.


Removing GTI Proxy Appliance extension Use this task to remove the GTI Proxy Appliance extension from the ePolicy

Orchestrator server.

Important

This task does not remove the GTI Proxy Appliance MA plugin from the Master

Repository, use the task Removing GTI Proxy Appliance Plugin to do so.

Task





3. Select the GTI Proxy extension group; it will list two extensions namely GTI Proxy Agent and GTI Proxy Appliance.

4. Click Remove link on GTI Proxy Appliance, to remove the extension from ePO.


Removing GTI Proxy Agent extension Use this task to remove the GTI Proxy Agent extension from the ePolicy Orchestrator

server.

Important

This task does not remove the GTI Proxy Agent MA plugin from the Master Repository,

use the task Removing GTI Proxy Agent Plugin to do so.

Task




3. Select the GTI Proxy extension group; it will list two extensions namely GTI Proxy Agent and GTI Proxy Appliance.

4. Click Remove link on GTI Proxy Agent, to remove the extension from ePO.



Restarting and shutting down GTI Proxy Appliance This chapter describes how to restart and shutdown GTI Proxy Appliance.

Restarting the GTI Proxy Appliance Use this task to restart the GTI Proxy Appliance.

Task



Proxy Appliance will restart.

Shut down the GTI Proxy Appliance Use this task to shut down the GTI Proxy Appliance.

Task


2. Type in the command sudo /sbin/shutdown –h now, then press Enter. The GTI

Proxy Appliance will shutdown and power off.

Restarting and Shutting Down GTI Proxy Appliance


This chapter describes how to configure GTI Proxy Appliance using McAfee ePolicy

Orchestrator management software. To use this chapter effectively you need to be

familiar with ePolicy Orchestrator and basic UNIX shell interaction.

Configuring GTI Proxy Appliance This section describes how to configure GTI Proxy Appliance from ePO so that it can

support:

� Resolving GTI Requests using the GTI Servers in the Cloud

� Resolving GTI Requests using another GTI Proxy Appliance

Following these tasks will change any previous configuration applied to the GTI Proxy

Appliance.

Adding a GTI Proxy Appliance Use this task to setup GTI Proxy Appliance from ePO to administer/monitor a single or

multiple GTI Proxy Appliance(s). Make sure the GTI Proxy Appliance is managed

through ePO and GTI Proxy Appliance plugin is installed in it, before performing this

task. Refer the tasks Install McAfee Agent for Linux on GTI Proxy Appliance and

Deploying GTI Proxy Appliance plugin to do so.

Important

This is also a mandatory task, to be performed for the first use of GTI Proxy Appliance

from ePO.

Task


2. Select Menu | Configuration | GTI Proxy Appliance Setup.

3. Two select boxes appear. The one at the left, Managed System having GTI Proxy Appliance

deployed, lists the GTI Proxy Appliance, which are managed and having GTI Proxy

Appliance plugin installed in it.

4. The box at the right GTI Proxy Appliances which are to be monitored, lists the GTI Proxy

Appliance which needs to be monitored using GTI Proxy Appliance from ePO. If

this is the first use, then this box will be empty, otherwise it shows all the GTI

Proxy Appliance which are being currently monitored using GTI Proxy Appliance

from ePO.

5. To add a GTI Proxy Appliance to be monitored, select the server in the left side

select box and click the first arrow button pointing towards right direction (or

Configuring GTI Proxy Appliance


double click on the server). The server is added to the select box in the right and

is removed from the select box in the left.

6. To remove an already monitored GTI Proxy Appliance, in case it’s no longer

required to be monitored using GTI Proxy Appliance from ePO. Select the server in

the right side select box and click the second arrow button pointing towards left

direction (or double click on the server). The server is removed from the right side

select box and is added to the left side select box.

7. Once all the desired GTI Proxy Appliance are added or removed to or from the right side select box respectively, click on the Save button to save the GTI Proxy

Appliance setup.

Configuring GTI Cloud Server Use this task to set the GTI Cloud Servers that the GTI Proxy Appliance uses to

resolve GTI requests.

Important

When configuring the GTI Cloud Servers, the GTI Proxy Appliance (gtiproxy) process

has to be restarted for the configuration changes to take effect.

Note

The last configuration is shown in case the GTI Proxy Appliance is already configured

once.

Configuring UDP access

Use this task to set the GTI Cloud Servers with Cloud Access Mode as UDP. Using this

option uses UDP as the protocol to access the GTI cloud servers.

Task


2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring. Use the task Adding a GTI

Proxy Appliance, if you are using GTI Proxy Appliance for the first time.

3. Click on the Configuration tab.

4. If multiple GTI Proxy Appliance are added for monitoring, then select the desired server from the drop down combo box, which says Select GTI Proxy Appliance from drop-

down list. This combo box does not show up, in case a single GTI Proxy Appliance is

being monitored through ePO.

5. The last configuration is shown in case the GTI Proxy Appliance is already

configured once.

6. Choose SSL Option as Enabled, which enables a secured SSL layer over the UDP

protocol to access the GTI cloud servers. Otherwise leave the default option Disabled as selected, in case SSL is not required.

7. Use one of the options Get from ePO or Get from MA to specify the GTI Cloud Server IP’s.

8. The option Get from ePO, looks up the GTI Cloud Server IP’s automatically from the

machine where ePO server is hosted. Click the button Get from ePO after selecting

this option. It populates the Forwarder IP List select box with the IP’s after doing a


successful look up. SSL enabled GTI servers are listed in case SSL Option is chosen

as Enabled.

9. The option Get from MA, looks up the GTI Cloud Server IP’s automatically from the

GTI Proxy Appliance (VMware). Click the button Get from MA after selecting this

option. It populates the Forwarder IP List select box with the IP’s after doing a

successful look up. SSL enabled GTI servers are listed in case SSL Option is chosen

as Enabled.

10. Click on the Configure button, to update the configuration changes to the GTI Proxy

Appliance configuration file.

11. A success message in green saying, “Configuration file updated successfully”

appears on the screen.

12. Restart GTI Proxy Appliance from the Status tab, for the configuration changes to

take effect. Use the task Check GTI Proxy Appliance Status for getting the current

GTI Proxy Appliance status and starting/restarting it.

13. Use the task Check GTI lookups using GTI Proxy Appliance to ensure GTI Proxy

Appliance can perform GTI lookups, after successful configuration.

Configuring tiered GTI Proxy Appliance access Use this task to set the GTI Proxy Appliance to use another GTI Proxy Appliance to

resolve GTI requests.

Caution

When using Tiered GTI Proxy Appliance setup at least one of the GTI Proxy Appliance

instances must be configured to use GTI Cloud Servers to resolve GTI requests

otherwise ALL GTI requests will fail. The tier must follow a path to the GTI Proxy

Appliance configured to use GTI Cloud Servers.

Prerequisites

The IPv4 address of the other GTI Proxy Appliance this GTI Proxy Appliance instance

will use to resolve GTI requests.

Important

All the IP addresses should only be in decimal format. Additionally avoid the use of

following IP addresses.

� Loopback addresses (e.g. 127.0.0.1) or self address of GTI Proxy Appliance

being configured

� Broadcast addresses (e.g. 255.255.255.255 or 192.168.1.255)

� Reserved IP addresses (0.0.0.0, 192.168.0.0)

Task




3. Click on the Configuration tab.





5. The last configuration is shown in case the GTI Proxy Appliance is already

configured once.

6. Select the option Disabled for SSL Option.

7. Use the option Enter Forwarder IP to specify the GTI Proxy Appliance IP’s.

8. Enter IPv4 IP address of the GTI Proxy Appliance, which this GTI Proxy Appliance is going to use to resolve GTI requests, in the text box provided for Forwarder IP List.

Entering one IP at a time.

9. Click Add to IP List to add the specified IP to the list below it.

10. After the list is populated by manually entering the GTI Proxy Appliance IP’s. The

IP’s can be ordered as desired by selecting the IP in the list and clicking on the up

or down arrow key buttons.

11. Using the cross symbol button deletes selected IP from the list.

12. To edit an already added IP, select it and click on the Edit Selected IP button. Click Add

to IP List to add the edited IP back to the list.

13. Click on the Configure button, to update the configuration changes to the GTI Proxy

Appliance configuration file.

14. A success message in green saying, “Configuration file updated successfully”

appears on the screen.

15. Restart GTI Proxy Appliance from the Status tab, for the configuration changes to

take effect. Use the task Check GTI Proxy Appliance Status for getting the current

GTI Proxy Appliance status and starting/restarting it.

16. Use the task Check GTI lookups using GTI Proxy Appliance to ensure GTI Proxy

Appliance can perform GTI lookups, after successful configuration.

Configuring Performance Log Purging and Archiving Use this task to configure GTI Proxy Appliance performance Logs to be

purged/archived at regular interval automatically from ePO database.

Task




3. Click on the Report tab.




5. In GTI Proxy Appliance Performance Report, click on the Action button on the left hand

corner at the bottom of the page.

6. Choose Automate Purge/Archive from the menu.

7. The automate purge/archive window appears on the screen.

8. The Automation Status is Disabled by default. Choose Enabled to enable the automatic

purging/archiving of the logs.


9. In Automate Type, choose Allow only max Records, if you want only a specified number of

log records to be kept at any given time.

10. Specify the number of log records that you want to keep at any given time, in the Specifications, Maximum Records Allowed.

11. Choose Automate Type, as Schedule purge/archive of records, if you want to delete all the log

records at a specified time.

12. In Specifications, choose Schedule Action as, Daily or Weekly. To delete all the performance

logs Daily or Weekly once respectively.

13. In Actions, choose Purge in case the logs need to be purged completely. Choose

Archive and Purge if you want to archive the log records in a flat file before purging.

14. If Archive and Purge is chosen in the Actions, specify the location to store the archive

file in the Location to archive records text box. Specify a valid windows directory location

here.

15. Click on the OK button to save the configuration for automating the Log

Purge/Archiving.

Configuring Performance Data Collection Interval Use this task to set the GTI Proxy Appliance Performance Data Collection interval. This

is used by GTI Proxy Appliance plugin for collecting the performance log records within

this interval. However, the actual data is sent to ePO only after the interval MA has set

to send events data to ePO.

Task



2. Select Menu | Policy | Policy Catalog.

3. Select Product GTI Proxy Appliance 1.0.0.

4. Click Edit Settings.

5. In Performance Data collection Interval text box, type the interval in seconds between 60

(1 minute) to 600 (10 minutes).

6. Click on the Save button.



This chapter describes how to configure GTI Proxy using McAfee ePolicy Orchestrator



Configuring GTI Proxy Agent This section describes how to configure GTI Proxy Agent for the GTI Proxy Appliance

list managed nodes use to resolve GTI requests.

Important

� Following this task will change any previous configuration applied to GTI Proxy

Agent.

� If the GTI Proxy Appliance instance(s) change IP address these steps must be

performed again.

� If the GTI Proxy Agent Extension is reinstalled these steps must be performed

again.

Configuring fallback servers for managed nodes This task describes how to set the policy used by GTI Proxy Agent to set the list of GTI

Proxy Appliance instances used by managed nodes.

Prerequisites

For this task, the GTI Proxy Appliance should be managed and GTI Proxy Appliance

plugin should be installed in it and the GTI Proxy Appliance IPV4 address or GTI Proxy

Appliance Hostname/Alias name should be known.

Important



� Loopback addresses (e.g. 127.0.0.1)



Note

Specify up to five fallback servers here. The VSE nodes use a maximum of five

fallback servers to resolve GTI lookups. It ignores fallbacks configured above five.

Task


Configuring GTI Proxy Agent



2. Select Menu | Policy | Policy Catalog.

3. Select Product GTI Proxy Agent 1.0.0.

4. Click Edit Settings of My Default policy.

5. In Fallback Server text box type first few digits of the IPv4 address of the GTI Proxy

Appliance, if the server is managed through ePO and also installed GTI Proxy

Appliance plugin. The complete list of IP’s starting with that digit appears as an Auto complete option. Choose one of the GTI Proxy Appliance IP’s. Click on the Add

to IP/hostname List button. Repeat this step to add multiple IP’s.

6. Hostnames can also be added in the Fallback Server text box. Ensure that

hostnames used can be resolved by the VSE Nodes onto which the policy is

applied.

7. The value is added to the list below the text box.

8. Select a value in the list and click on the red color cross button to delete the value

from the list.

9. Select a value in the list and click on the up or down arrow buttons to change the

order of the values in the list.

10. Select a value in the list and click on the Edit Selected IP/hostname to edit a value in the

list.

11. Click Save, to save the value(s) added into the list.


Configuring fallback servers for sets of managed nodes This task describes how to set the policy used by GTI Proxy Agent to set the list of GTI

Proxy Appliance instances used by sets/group of managed nodes.

Prerequisites

For this task, the GTI Proxy Appliance should be managed and GTI Proxy Appliance

plugin should be installed in it or the GTI Proxy Appliance IPV4 address should be

known.

Important



� Loopback addresses (e.g. 127.0.0.1)



Note

Specify a minimum of three up to five fallback servers here, repeated value are

acceptable. The VSE nodes use a maximum of five fallback servers to resolve GTI lookups. It ignores fallbacks configured above five.

Task





3. Select a group from the left for which you want to configure the fallback servers.

4. All the systems in that group is shown under the Systems tab.

5. Click on the Assigned Policies tab.

6. In the Product select GTI Proxy Agent 1.0.0.

7. The policy detail for GTI Proxy Agent is shown.

8. For the Category GTI Enterprise Settings, click on any assigned policy link under the

column Policy.

9. The policy page for setting fallback server is shown.

10. In Fallback Server text box type first few digits of the IPv4 address of the GTI Proxy

Appliance, if the server is managed through ePO and also installed GTI Proxy

Appliance plugin. The complete list of IP’s starting with that digit appears as an Auto complete option. Choose one of the GTI Proxy Appliance IP’s. Click on the Add

to IP /Hostname List button. Repeat this step to add multiple values.

11. Hostnames can also be added in the Fallback Server text box. Ensure that

hostnames used can be resolved by the VSE Nodes onto which the policy is

applied.

12. The value is added to the list below the text box.

13. Select a value in the list and click on the red color cross button to delete a value

from the list.

14. Select a value in the list and click on the up or down arrow buttons to change the

order of the values in the list.

15. Select a value in the list and click on the Edit Selected IP/Hostname to edit a value in the

list.

16. Click Save, to save the value(s) added into the list.



This chapter describes how to diagnose and trouble shoot the GTI Proxy Appliance

system.

GTI Proxy Appliance Diagnostics This section describes various diagnostic and troubleshooting tasks to be performed on

the GTI Proxy Appliance.

Check General DNS Access Use this task to ensure the GTI Proxy Appliance instances general resolver can resolve

general DNS queries. DNS queries are required from GTI Proxy Appliance to resolve

GTI requests.

Prerequisites

For this task an accessible and functioning DNS server will need to be available on the

GTI Proxy Appliance instances network and IPv4 address known.

Task


2. Type the command dig mcafee.com, then press Enter.

3. On successful completion the response from the command will contain status:

NOERROR.


Appliance.

Check Resolution to GTI Servers in the Cloud Use this task to ensure the GTI Proxy Appliance can resolve the GTI servers in the

Cloud. Resolution for the GTI Servers in the Cloud is required for the GTI Proxy

Appliance to operate and resolve lookups for managed nodes.

Task


2. Type in the command dig @ns1.mcafee.com local.cloud.mcafee.com, then

press Enter.

3. On successful completion the response from the command will contain

status:NOERROR and the a list of name servers will be displayed in the

AUTHORITY SECTION.

GTI Proxy Appliance Diagnostics



Appliance.

Check GTI lookups from GTI Proxy Appliance Use this task to ensure the GTI Proxy Appliance can forward queries to the GTI servers

in the Cloud. GTI lookups are required for the GTI Proxy Appliance to operate and

resolve lookups for managed nodes.

Task


2. Type in the command dig @ns1.mcafee.com local.cloud.mcafee.com, then

press Enter.


status:NOERROR and the a list of name servers will be displayed in the

AUTHORITY SECTION.

4. Type in the command dig @[geo server name from ANSWER SECTION previous]

local.cloud.mcafee.com, then press Enter.


status:NOERROR and the a list of name server addresses will be displayed in the

ANSWER SECTION.

6. Using an address from the AUTHORITY SECTION type in the command dig @[ip address from ANSWER SECTION]

4z9p5tjmcbnblehp4557z1d136.avqs.mcafee.com, then press Enter.


status:NOERROR.


Appliance.

Check GTI lookups using GTI Proxy Appliance Use this task to ensure the GTI Proxy Appliance is performing GTI lookups

successfully.

Task


2. Type in the command dig @127.0.0.1

4z9p5tjmcbnblehp4557z1d136.avqs.mcafee.com, then press Enter.


status:NOERROR.


Appliance.

Check appliance status using GTI Proxy Appliance Use this task to check the status of the GTI Proxy Appliance from GTI Proxy Appliance

console.


Task


2. Type in the command gtiproxy.init status, then press Enter. The status of the

server is displayed.


Appliance.


This chapter describes how to diagnose and trouble shoot the GTI Proxy system.

GTI Proxy Diagnostics This document does not provide detailed information about using ePolicy Orchestrator

software. See the McAfee ePolicy Orchestrator product documentation for more

information on diagnostics for ePolicy Orchestrator.

Check GTI Proxy Agent managed nodes Use this task to check which managed nodes have GTI Proxy Agent installed on them

using the ePolicy Orchestrator system.

Task



Proxy Appliance, if you are using the GTI Proxy Appliance for first time.

3. Click on the Report Tab.

4. The Boolean Pie chart GTI Proxy Agent Coverage Report shows the coverage report for

the GTI Proxy Agent.

5. Clicking on the green pie shows the list of GTI Proxy Agent managed nodes.

6. Clicking on the red pie shows the list of systems where GTI Proxy Agent is not

installed.

Check GTI Proxy Agent configuration on managed nodes Use this task to check that the managed node has the correct configuration as

specified in the ePolicy Orchestrator system.

Note

For this version of GTI Proxy Agent only the Microsoft Windows platform is supported.

Prerequisites

For this task note the list of GTI Proxy Appliance instances specified in the section

Configuring GTI Proxy Agent.

Task


2. Select Menu | Systems | GTI Proxy Appliance Control and Monitoring.

3. Click on the Report Tab.

4. The Boolean Pie chart GTI Proxy Agent Coverage Report shows the coverage report for

the GTI Proxy Agent.

GTI Proxy Diagnostics


5. Clicking on the Green pie shows the list of managed nodes, where GTI Proxy is

installed.

6. Click on a row to get the System Details for that particular node.

7. In GTI Proxy Agent section, click on the More link.

8. The value in the Fallback Server shows the IP’s (comma separated) of GTI Proxy

Appliance configured for that particular node.

Check GTI Proxy Appliance managed nodes Use this task to check which managed GTI Proxy Appliance has GTI Proxy Appliance

plugin installed on them using the ePolicy Orchestrator system.

Task



3. Choose the appropriate system group from the System Tree.

4. Click Advanced Filter.

5. In Available Properties list click Installed Path (GTI Proxy Appliance).

6. In Comparison list click Value is not blank.

7. Click Update Filter. The list of managed nodes is filtered to those with GTI Proxy

Appliance installed.

Check GTI Proxy Appliance status Use this task to check the status of GTI Proxy Appliance using the ePolicy Orchestrator

system.

Task




3. Click on the Status tab.




5. The Process Name (gtiproxy) and the Status column is displayed, with the initial status

of the GTI Proxy Appliance.

6. Click on the green refresh button to get the current GTI Proxy Appliance (gtiproxy

process) status.

7. The Status column shows the current GTI Proxy Appliance status with Result value

as Command ‘Status’ : Successful.

Check GTI Proxy Appliance configuration Use this task to check the GTI Proxy Appliance has the correct GTI Cloud Servers

configured as specified in the ePolicy Orchestrator system.


Prerequisites

For this task note the list of IPv4 addresses specified in the section Configuring GTI

Cloud Servers.

Task


2. Go to the directory /acs/gtip/gtiproxy/current/etc.

3. Open the file gtiproxy.cfg. This contains the GTI Cloud Server configurations.

4. Check whether the same IP and Cloud Access Mode are present as specified in the

ePolicy Orchestrator.


Appliance.

Reinstall McAfee Agent for Linux on GTI Proxy Appliance Use this task to manage an already managed GTI Proxy Appliance through a different

ePO.

Prerequisites

� IPv4 address and Agent-to-server communication port of the new ePO server.

Refer the task Determining Agent-to-server communication port to know the

currently configured Agent-to-server communication port.

� McAfee Agent for Linux 4.5 or above should be present in the ePO Master

Repository.

� Agent wake-up communication port. Refer the task Determining the agent

wake-up communication port.

Task



Enter.

3. Type ‘y’ on the prompt “Do you want to reinstall McAfee Agent[y/n]”, then press

Enter.

4. Type the new ePO server IP address and the Agent-to-server communication port,

separated with a colon (IP:port) on the prompt “Provide IP Address and port of

ePO server”, then press Enter.

5. The McAfee Agent installer is downloaded from ePO server and McAfee Agent is

installed in GTI Proxy Appliance.




7. Next, the default Agent wake-up communication port is shown.


8. Type the Agent wake-up communication port on the prompt “Enter new port if it is

different on ePO” if it is different from the default shown above, then press Enter.

Otherwise, just press Enter.

9. Wait until the first ASCI happens.

10. The port is configured and the GTI Proxy Appliance is now managed through the

new ePO.


Appliance.

Start GTI Proxy Appliance plugin Use this task to start GTI Proxy Appliance plugin in case it has stopped due to some

reason.

Task



Enter.

3. Type ‘n’ on the prompt “Do you want to reinstall McAfee Agent[y/n]”, then press

Enter.

4. Type ‘y’ on the prompt “McAfee GTI Proxy Appliance Plugin is not running. Do you

want to start[y/n]”, then press Enter.




6. The GTI Proxy Appliance plugin starts.

7. Press Enter on the next prompt “Enter new port if it is different on ePO”.


Appliance.

Start McAfee Agent for Linux Use this task to start McAfee Agent on the GTI Proxy Appliance in case it has stopped

due to some reason.

Task



Enter.

3. Type ‘y’ on the prompt “McAfee Agent is not running. Do you want to start[y/n]”,

then press Enter.

4. The McAfee Agent starts.




6. Press Enter on the next prompt “Enter new port if it is different on ePO”.



Appliance.

McAfee GTI Proxy 1.0 InstallationGuide

Documents

Transcript of McAfee GTI Proxy 1.0 InstallationGuide