The Interaction Scheme of an Anti-Virus Network Components

The Figure below describes a general scheme of an anti-virus network built with Dr.Web Enterprise Security Suite.

The scheme illustrates an anti-virus network built with only one Dr.Web Server. In large companies it is worthwhile installing several Dr.Web Servers to distribute the load between them.

In this example the anti-virus network is implemented within a local network, but for the installation and operation of Dr.Web Enterprise Security Suite and anti-virus packages the computers need not be connected within any local network, Internet connection is enough.

	Dr.Web Server		HTTP/HTTPS
	Dr.Web Security Control Center		TCP/IP network
	Protected local computer		Unprotected local computer

When Dr.Web Server is launched, the following sequence of commands is performed:

3.The content of the centralized installation catalog and update catalog is loaded, notification system is initialized. The Dr.Web Server database integrity is checked.

5.Dr.Web Server is waiting for information from Dr.Web Agents and commands from Dr.Web Security Control Center.

6.The whole stream of instructions, data and statistics in the anti-virus network always goes through Dr.Web Server.

Dr.Web Security Control Center exchange information only with Dr.Web Servers. Based on Dr.Web Security Control Center commands, Dr.Web Servers transfer instructions to Dr.Web Agents and change the configuration of workstations.

Thus, the logical structure of the fragment of the anti-virus network looks as in the Figure below.

	Dr.Web Server		HTTP/HTTPS
	Dr.Web Security Control Center		TCP/IP network
	Protected computer		Transfer of updates via HTTP
	Dr.Web GUS

Between Dr.Web Server and workstations (a thin continuous line in the Figure above) transferring the following information:

•Agents requests for the centralized schedule and the centralized schedule of workstations,

•requests for scheduled tasks to be performed (scanning, updating of virus databases, etc.),

•files of anti-virus packages—when the Agent receives a task to install them,

•statistics on the operation of Agents and anti-virus packages for adding to the centralized log,

The volume of traffic between the workstations and Dr.Web Server can be quite sizeable subject to the settings and the number of the workstations. Therefore Dr.Web Enterprise Security Suite provides for the possibility to compress traffic. See the description of this optional mode in p. Traffic Encryption and Compression below.

Traffic between Dr.Web Server and Dr.Web Agent can be encrypted. This allows to avoid disclosure of data transferred via the described channel as well as to avoid substitution of software downloaded onto workstations. By default traffic encryption is enabled. For more detailes, please read p. Traffic Encryption and Compression.

From the update web server to Dr.Web Server (a thick continuous line in the Figure above) files necessary for replication of centralized catalogs of installation and updates as well as overhead information on this process are sent via HTTP. The integrity of the information (Dr.Web Enterprise Security Suite files and anti-virus packages) is provided through the checksums: a file corrupted at sending or replaced will not be received by Dr.Web Server.

Between Dr.Web Server and Dr.Web Security Control Center (a dashed line in Figure above) data about the configuration of Dr.Web Server (including information about the network layout) and workstations settings are passed. This information is visualized on Dr.Web Security Control Center, and in case a user (an anti-virus network administrator) changes any settings, the information about the changes is transferred to Dr.Web Server.

Connection between Dr.Web Security Control Center and a certain Dr.Web Server is established only after an anti-virus network administrator is authenticated by his login name and password on the given Dr.Web Server.