Setting Connections between Several Dr.Web Servers

To use several Servers in an anti-virus network, you should set up connections between these Servers.

It is advisable to make a plan of the anti-virus network structure first. All data flows, connections of the "peer to peer" and "parent-child" types should be indicated. Then, each Server included into the network connections with any "neighboring" Servers ("neighbors" have at least one dataflow between them) should be set up. After that, for each Server included into the network, you should set up connections with "neighboring" Servers ("neighbors" have at least one data flow between them).

Example of configuring of a connection between Parent and Child Dr.Web Servers

info

Values of fields, marked with the * sign, must be obligatory specified.

1.Make sure that both Dr.Web Servers operate normally.

2.To each of Dr.Web Servers give “meaningful” names, as it will help prevent mistakes while connecting and administering Dr.Web Servers. You can change the names through Dr.Web Security Control Center menu: Administration → Dr.Web Server configuration on the General tab in the Name field. In this example we name the parent Server MAIN, and the child Server—AUXILIARY.

3.On both Dr.Web Servers, enable the server protocol. To do this, on Dr.Web Security Control Center Administration menu, select Dr.Web Server configuration. On the Modules tab, set the Dr.Web Server protocol flag (see p. Modules).

info

If the server protocol is disabled, the message about enabling this protocol will be shown and the link to the corresponding section of Dr.Web Security Control Center will be given during creation of new connection.

4.Restart both Dr.Web Servers.

5.Via Dr.Web Security Control Center of the child Server (AUXILIARY), add the parent Server (MAIN) to the list of neighbor Servers.

To do this, select Anti-virus Network item in the main menu. A window with the hierarchical list of the anti-virus network will be opened. To add a Server to the list, click the icon-add-object Add a network object → icon-neighbor-add Create neighbor on the toolbar.

A window with connection settings between the current and a new Server will be opened. Specify the following parameters:

Type of creating neighbor is Parent.

Name—the name of the parent Server (MAIN).

Password*—an arbitrary password to access the parent Server.

Own certificates of Dr.Web Server—the list of SSL certificates of configuring Server. Click icon-item-search and select the drwcsd-certificate.pem certificate file of the current Server. To add one more certificate, click icon-item-add and add the certificate to a new field.

Certificates of neighbor Dr.Web Server*—the list of SSL certificates of connecting parent Server. Click icon-item-search and select the drwcsd-certificate.pem certificate file of the parent Server. To add one more certificate, click icon-item-add and add the certificate to a new field.

Address*—the network address of the parent Server and the connection port. Use the following format: <Server_address>:<port>.

You can browse the list of Servers, available in the network. To do this:

a)Click the arrow on the right of the Address field.

b)In the opened window, specify networks in the following format: with a hyphen (for example, 10.4.0.1-10.4.0.10), separated by a comma with a whitespace (for example, 10.4.0.1-10.4.0.10, 10.4.0.35-10.4.0.90), with a network prefix (for example, 10.4.0.0/24).

c)Click icon-neighbor-search to browse the network for available Servers.

d)Select the Server in the list of available Servers. Its address will be set to the Address field to create connection.

URL of Dr.Web Security Control Center—you can specify the address of a start web page for Dr.Web Security Control Center of the main Server (see p. Dr.Web Security Control Center).

In the Connection parameters drop-down lists, specify the type of creating neighbor Servers connection.

In the Encryption and Compression drop-down lists, specify parameters of traffic encryption and compression between connecting Servers (see p. Traffic Encryption and Compression).

Validity period of donated licenses—time period on which licenses are donated from the key on the parent Server. The setting is used if the parent Server donates licenses to the current Server.

Period for accepted licenses renewal—the setting is not used in creating a parent Server.

License synchronization period—interval for synchronizing information about donating licenses between Servers.

Flags in Licenses, Updates and Events sections are set according to parent-child type of connection and cannot be changed:

parent Server sends licenses to child Servers;

parent Server sends updates to child Servers;

parent Server receives information about events from child Servers.

Configure administrator notification:

Set the Send notifications on events of neighbor Server flag to send notifications to the administrator about the events received from the configuring child Server. If the flag is cleared, the administrator will receive notifications on events only on the own Server. You can configure the sending of certain notifications in the Notification Configuration section.

Set the Send notifications on events of neighbor Server at threat detection by known hashes flag to send notifications to the administrator about the events received from the configuring child Server in case of security threat detection by known hashes of threats. If the flag is cleared, the administrator will receive notifications on events only on the own Server. You can configure the sending of certain notifications in the Notification Configuration section.
The flag is available only if the usage of bulletins of known threat hashes is licensed. You can check the license in the information on a license key that can be found in the License Manager section, the Allowed lists of hash bulletins parameter (the license in at least one of the license keys used by the Server is sufficient).

info

Using these options may significantly increase the number of received notifications.

 

When configuring peer Servers, these options are available only if the Receive flag is set in the Events section.

 

The following notifications are available about events on the neighbor Server: Security threat detected, Report of Preventive protection, Scan error, Scan statistics.

The following separate notifications are provided about event on the neighbor Server in case of security threat detection by known hashes of threats: Security threat detected by known hashes of threats, Scan error at threat detection by known hashes of threats, Report of Preventive protection on threats detection by known hashes of threats.

In the Update restrictions → Events section, you can configure the schedule of events transmission from the current Server to the parent one (editing of the Update restrictions table is the same as editing schedule table in the Update Restrictions for Workstations section).

Click Save.

As a result, the Parent Server (MAIN) will be included to the Parents and Offline folders (see Figure below).

sshot-neighbor-main-offline

Open Dr.Web Security Control Center of the parent Server (MAIN) and add the child Server (AUXILIARY) to the list of neighbor Servers.

To do this, select Neighborhood item in the main menu. A window with the hierarchical list of the anti-virus network will be opened. To add a Server to the list, click the icon-add-object Add a network object → icon-neighbor-add Create neighbor on the toolbar.

A window with connection settings between the current and a new Server will be opened. Specify the following parameters:

Type of creating neighbor is Child.

Name—the name of the child Server (AUXILIARY).

Password*—type the same password as at step 5.

Own certificates of Dr.Web Server—the list of SSL certificates of configuring Server. Click icon-item-search and select the drwcsd-certificate.pem certificate file of the current Server. To add one more certificate, click icon-item-add and add the certificate to a new field.

Certificates of neighbor Dr.Web Server*—the list of SSL certificates of connecting child Server. Click icon-item-search and select the drwcsd-certificate.pem certificate file of the child Server. To add one more certificate, click icon-item-add and add the certificate to a new field.

URL of Dr.Web Security Control Center—you can specify the address of a start web page for Dr.Web Security Control Center of the child Server (see p. Dr.Web Security Control Center).

In the Connection parameters drop-down lists, specify the type of creating neighbor Servers connection.

In the Encryption and Compression drop-down lists, specify parameters of traffic encryption and compression between connecting Servers (see p. Traffic Encryption and Compression).

Validity period of donated licenses—the setting is not used in creating a child Server.

Period for accepted licenses renewal—period till the license expiration, starting from which the child Server initiates renewal of the license which is accepted from the current Server. The setting is used if the child Server accepts licenses from the current Server.

License synchronization period—interval for synchronizing information about donating licenses between Servers.

Flags in Updates and Events sections are set according to parent-child  type of connection and cannot be changed:

child Server receives licenses from the main Server;

child Server receives updates from the main Server;

child Server send information about events to the main Server.

The Send notifications on events of neighbor Server option is disabled and cannot be changed, because the child Server does not receive events from the main Server.

In the Update restrictions → Updates section, you can configure the schedule of updates transmission from the current Server to the child one (editing of the Update restrictions table is the same as editing schedule table in the Update Restrictions for Workstations section).

Click Save.

As a result, the child Server (AUXILIARY) will be included to the Children and Offline folders (see Figure below).

sshot-neighbor-aux-offline

Wait until the connection between Servers is established (usually it takes not more than a minute). Press f5 from time to time to update the Servers list. After the Servers have been connected, the child Server (AUXILIARY) will move from the Offline folder to the Online folder (see Figure below).

sshot-neighbor-aux-online

Open Dr.Web Security Control Center of the child Server (AUXILIARY) to make sure that the parent Server (MAIN) is connected to the child Server (AUXILIARY) (see Figure below).

sshot-neighbor-main-online

warning

You may not connect several Servers with the same pare of parameters: password and the SSL certificate.

info

For peer to peer connections between Servers, it is recommended to set Server address in the settings for one of them only.

It will not take effect on the Servers interconnection, but allows to avoid messages like Link with the same key id is already activated in the Servers log files.

Connection between two Dr.Web Servers can be failed because of the following reasons:

Network problems.

Wrong address of the parent Server was set during connection setup.

Wrong certificates at one of connecting Servers.

Wrong access password at one of connecting Servers (passwords on connecting Servers do not match).

If you need to establish a new interserver connection between Servers of 10 and 11 versions, perform the following additional actions:

1.When creating a connection, specify the public key of the Server v.11 on the Server v.10.

2.Generate certificate from the private key of the Server v.10 using the drwsign utility (the gencert command) from the Server v.11 kit (see the Appendices document, p. H9.1. Digital Keys and Certificates Generation Utility). Specify this certificate when creating a connection on the Server v.11.