Re: Configure Network to work with Kaspersky

pendal8286 · ‎04-30-2019

throughout our MAN. Hello all and thanks for your time and expertise.

At this stage we have Kaspersky setup in one location. For those of you who don't know we're using Kasperksy as an imaging solution.

We want to have a centralized setup with Kaspersky in one buidling. And then if we are in other buildings we would RDP to the main server and be able to image in the other buildings.

I understand I may have to go to Kasperksy for this but I was wondering if you good folks could help me from a networking perspective.

Should this traffic be on a separate VLAN with QoS prioritizing traffic or is this a simple matter of IP helpers setup in the various buildings.

And I'm sure this route has to be setup as well.

Anyway, I appreciate any recommendations you have on this topic.

Mark Malone · ‎05-01-2019

Hi
if KP is doing the imaging it sounds like what we do for building PXE boot for system machines, all thats really required from network point of view is reach ability to the KP setup and yes you must use the helper address on the vlan interface usually if its using PXE so the request can change from broadcast to unicast to reach the KP get the IP and start the build , im talking about how ours works with Linux and PXE it may be KP is the same, do you know how it builds what it uses at all , that may provide more info of whats required ..

pendal8286 · ‎05-01-2019

Mark,

Thanks for the information. Yes, we currently use Linux with PXE, same as you. Appreciate your help.

Mark Malone · ‎05-01-2019

no probs if you get stuck just post back on the thread

pendal8286 · ‎05-01-2019

Mark,

It's also possible to deploy the Kaspersky Network agent on the dhcp servers in the respective buildings and then the IP helpers for those servers are already in place. Then the handoff is from the dhcp server to Kaspersky.

So if this works, or if we use the specific IP helper pointing to Kaspersky, do you think we need to get into any QoS or no? Just want to follow best practices. Again, appreciate your time.

Mark Malone · ‎05-01-2019

Hi
we dont have any QOS in place for PXE ,although we have line rate switches in the DC where the PXE occurs but Ive also seen posts where users had to remove QOS as it was causing PXE issues, i would test without QOS for now if its not in place already see how it goes, and if you deploy it on the DHCP server itself if it was on same subnet as the machines you wont need helpers either.

https://community.cisco.com/t5/switching/pxe-and-dhcp-issues/td-p/2493618

pendal8286 · ‎05-01-2019

Thank you Mark. I will test this out and follow-up. Much appreciated.

pendal8286 · ‎05-02-2019

Mark,

I tested a device out and it connected no problem across the network. That said the actual performance relative to the imaging is terrible.

Please note we have 10GB interconnects between the buildings. Inside the building we have 1GB speed. The image was 22GB. I waited around for an hour and the image still wasn't completed. Do you have any recommendation or insight as to what could be slowing the imaging process down? Thanks.

Mark Malone · ‎05-02-2019

first thing i would do is put a machine on the local switch where the DHCP server is and build it through PXE so its not going accross the network , if speeds are same you will know to look at the server itself , could be throttling by default i dont know a lot about PXE servers our systems guys look after it but it may not be the network issue i know they have complained before about the speeds but it wasnt our network when we checked as we could see utilization was very low along the path

does the interfaces its crossing for the build look under stress running hot ?

pendal8286 · ‎05-02-2019

Thanks Mark. We don't have instances of Kaspersky in all the buildings. We want to have a central sever and then be able to image over the network to our various buildings which I thought we could do with 10gb interconnects. I really don't want to get into installing a kaspersky server in every building. If I have to do that I'll go the USB route for the guys in the field. Kaspersky is just a pain in the butt to use. Amazingly Kaspersky doesn't even have a status indicator relative to the imaging process. One doesn't know how long the image will take.

And we were imaging after school so traffic was basically nothing.

Mark Malone · ‎05-02-2019

Well you could at least rule out the network as the issue , sounds as if there should be plenty of bandwidth to do this if the networks not under pressure,if your transferring the file from Kasper server to the PC say in building A , I would check each switch in path , check cpu make sure load is low there not under pressure ,check the interfaces the file will be passing through see if there under pressure , look at the RX/TX , check logs too make sure nothing like malloc failures are occurring or any cpu hog alerts they would show there , if its all good it may be the rate the server is sending at or the rate the machine is able to receive at too, another thing you could check is span the traffic coming from the server using wireshark make sure there's nothing out of the ordinary as that will let you view what's happening on the wire level , could also try transfer a file by cifs or nfs whatever's available from same server to a pc on same switch where a PXE would occur and see if speed is any different , just some things to try if you cant see the speed or have any LAN monitoring tools setup

Mark Malone · ‎05-02-2019

Iperf may give some idea of general speeds it's a good tool to test with

pendal8286 · ‎05-02-2019

Will do. Thanks Mark.