This article explains the typical communications timeouts for a request from a Microsoft Windows CIFS/SMB end-node client, to a storage appliance that ENSSP/VSES protects. A storage appliance is called an
appliance in this article.
Request Type |
Direction |
FILE REQUEST
|
Client to Appliance
|
SCAN REQUEST
|
Appliance to ENNSSP/VSES
|
SCAN REQUEST VERDICT
|
ENSSP/VSES to Appliance
|
FILE REQUEST VERDICT
|
Appliance to Client
|
NOTE: These basic procedures are applicable to all appliance types.
Expected Operations
- The end-node client sends an open file request for the target file to the appliance. At this stage, 0 seconds have elapsed.
- The appliance's clean cache, if it exists, is consulted.
If the target file is listed in the appliance's clean cache:
- No scan is needed.
- The open file request is answered and the target file is served to the end node.
If the target file isn't listed in the appliance's clean cache:
- The open file request isn't answered and the target file isn't served to the end node.
- The appliance sends a scan request for the target file to the ENSSP/VSES scanner.
- The ENSSP/VSES scanner acknowledges the scan request and accepts the target file to be scanned.
- File Transfer (ICAP)/Access (RPC) occurs:
ICAP
- The target file is copied to the scanner via the ICAP protocol.
- Scanning operations are paused until the target file copy to the scanner is complete.
NetApp OnTap (RPC appliances such as NetApp OnTap or Hitachi HNAS in RPC mode)
- The ENSSP/VSES scan engine accesses the target file directly on the appliance share via RPC and SMB.
- The ENSSP/VSES timeout begins incrementing.
- The target file is scanned.
- A scan request verdict is returned to the appliance with one of the following statuses:
- Clean
- Cleaned (ENSSP/VSES also quarantines for NetApp OnTap)
- Not Cleanable (ENSSP/VSES also quarantines for NetApp OnTap)
- Any other applicable result is returned to the appliance, if required.
- The appliance does one of two things. The appliance answers the open file request and the target file is served to the end node, or it performs another configured action based on the scan results.
Typically a period shorter than 0–9 seconds (ICAP) or 0–5 milliseconds (NetApp OnTap) has elapsed between the initial request and the completed action.
Tolerable but Unexpected Operations
Any events seen beyond this point indicate that a timeout threshold has been exceeded.
Appliance Initial Timeout
If the
appliance initial timeout is applicable to the appliance model:
- 10 seconds have elapsed since the appliance sent the scan request to the ENSSP/VSES scanner.
NOTE: This timeout is configurable. Set it to 10.
- The appliance requests scan status from the ENSSP/VSES scanner.
- The appliance continues to wait if the ENSSP/VSES scanner acknowledges.
Appliance initial timeout types per appliance model
The ICAP timeout name varies by vendor:
- IBM StorWize 7000 and similar appliance models have only a single timeout value:
- The subsection Appliance Initial Timeout shouldn't apply to IBM StorWize 7000 Series.
- Configure the single timeout value to serve as the Appliance Abort Timeout value per the Appliance Abort Timeout subsection below, instead.
- EMC Isilon OneFS and similar appliance models have three timeout values:
- This subsection Appliance Initial Timeout shouldn’t apply to EMC Isilon OneFS.
- Configure the Open, Close, and Batch timeout values to serve as Appliance Abort Timeout values per the Appliance Abort Timeout subsection below, instead.
- NetApp OnTap (including IBM N Series) appliance models have this Appliance Initial Timeout value:
- The timeout name is vscan timeout.
ENSSP/VSES Timeout:
- 55 seconds have elapsed since the ENSSP/VSES timeout began incrementing.
NOTE: This timeout is configurable. Set it to 55.
- The ENSSP/VSES scanner deliberately closes scanning and informs the appliance that scanning didn’t complete. This action is done to make sure that the ENSSP/VSES scanner times out before the open file request from the end node times out. This sequence allows the appliance to determine whether to serve the unscanned target file to the end-node client based on the appliance configuration.
Intolerable and Unexpected Operations
Don’t expect such operations. If they occur, they indicate that communication between the appliance and the ENSSP/VSES scanner isn't behaving as expected.
CIFS/SMB Timeout (SessTimeout):
- 60 seconds have elapsed since the end-node client sent the open file request to the appliance.
- This Microsoft default SessTimeout is configurable. This value isn't recommended because cascading effects on the Microsoft environment are possible. Changing the SessTimeout value does permit the appliance and scanner timeouts to be changed.
- The Microsoft default SessTimeout dictates the appliance and scanner timeout values recommended in this document:
- The ENSSP/VSES timeout should occur 5 seconds before the SessTimeout.
- The appliance quit timeout should occur 5 seconds after the SessTimeout.
- This Microsoft SessTimeout isn't strictly 60 seconds, but must be considered as 60 seconds. For more information, see: CIFS and SMB timeouts in Windows and SMB timeouts in Windows.
- The open file request (CIFS/SMB protocol) might time out.
- The ENSSP/VSES timeout above should prevent this SessTimeout from ever occurring.
Appliance Abort Timeout:
- 70 seconds have elapsed since the appliance sent the scan request to the ENSSP/VSES scanner.
NOTE: This timeout is configurable. Set it to 70. You can set this number to any value if that value is equal to or greater than 70.
- The appliance closes waiting for the scan request to the ENSSP/VSES scanner to complete.
- The ENSSP/VSES timeout above should prevent this timeout from ever occurring.
- A NetApp OnTap appliance determines that the connection is unreliable and deliberately deregister the ENSSP/VSES scanner.
- Appliance initial timeout types per appliance model.
ICAP timeout name varies by vendor:
- IBM StorWize 7000 and similar appliance models have only a single timeout value. Configure the single timeout value to be applicable to this Appliance Abort Timeout subsection.
- EMC Isilon OneFS and similar appliance models have up to three timeout values. Configure the Open, Close, and Batch timeout values to be applicable to this Appliance Abort Timeout subsection.
- The NetApp OnTap timeout name is vscan abort_timeout.