2.5 Configuring the Antimalware Database and Database Sync

When you first deploy the Antimalware Agent, it is enabled on devices but no malware activity is rolled up for viewing in the ZENworks Control Center. To enable monitoring of malware activity, you must configure the Antimalware Database required to store the rolled-up malware data. In addition, if your zone does not already have a Linux Primary Server, you must first add one in order for data to be synced between the main ZENworks database and the Antimalware database. After you enable Kafka and configure the Antimalware Database, you need to populate the Antimalware Database with the required data from the ZENworks Database (database sync).

To enable Kafka, configure the Antimalware Database, and then populate the database, navigate to Security > Getting Started > Protecting Against Malware in the ZENworks Control Center, and use the links under Linux Primary Server and Antimalware Database. You have to configure the Linux Primary Server before you can configure the Antimalware database.

2.5.1 Linux Primary Server

A Linux primary server is required for the Kafka platform to sync the Antimalware database with the ZENworks database to monitor Antimalware implementation and status. If possible, the Kafka synchronization should be the primary function of this Linux server. You can also use the ZENworks Virtual Appliance for this server.

Click Enable Kafka to select the Linux server that you will use for Antimalware and ZENworks database synchronization. You must already have a Linux server set up as a ZENworks primary server in the Server Hierarchy to enable this feature.

If you have multiple Linux primary servers, we recommend that you select one that is not already tasked with other functions such as the Patch Subscription Service.

See the following to understand the process of enabling Kafka and any follow-on actions you might need to take based on the Status indicator:

  1. Completed: Kafka enablement is completed. Because delays can occur as the service is connecting, you should check the status of the Kafka service before starting to configure the Antimalware database. Click Check Status of Services under Antimalware Database to navigate to the Diagnostics page.

    In the Kafka Cluster panel, make sure that the service is running on the Linux Primary Server you selected. If it is not yet running, wait a while for it to start. If it does not start after a while, manually start Kafka on the server. For information about manually starting Kafka on the server, see Enabling Kafka on a Single Server in the Kafka Reference Guide.

  2. In Progress: Kafka is currently being enabled on the selected Linux Primary Server. If the task remains in progress for an extended period of time (more than 20 minutes), it may be that the Kafka service has actually been enabled and the completed message was not returned for some reason. Click Check Status of Services under Antimalware Database to navigate to the Diagnostics page.

    In the Kafka Cluster panel, see if the service is running on the Linux Primary Server you selected. If it is not running, manually start Kafka on the server. For information about manually starting Kafka on the server, see Enabling Kafka on a Single Server in the Kafka Reference Guide.

  3. Failed: Enabling Kafka on the selected Linux Primary Server failed. Make sure the server is running and then use the Enable Kafka link to retry enabling the service.

    To troubleshoot Kafka connections, see Troubleshooting Antimalware Database Synchronization.

If you need information to install a ZENworks primary server on Linux or would like to install the ZENworks Virtual Appliance, see the following references:

2.5.2 Antimalware Database

The Antimalware database is separate from the ZENworks database, but must be of the same type for synchronization between the two databases. For example, PostgreSQL, Oracle, or Microsoft SQL. When configuring the Antimalware Database, ZENworks determines which type of ZENworks database your zone has and provides the Antimalware configuration for that database type. The only exception to this is PostgreSQL, which can be embedded or remote. If you are presented the Antimalware database type drop-down option, you must choose the PostgreSQL type that you want.

The process for configuration and database sync includes first configuring the Antimalware Database, and then populating the Antimalware Database with ZENworks data. If you will be using Embedded PostgreSQL, this is a one-step process for configuring the Antimalware Database. When you select this option, click Next and then Finish to create the database.

For information about configuring another type of database, populating the database after completing the configuration, or troubleshooting synchronization post configuration, reference the sections below:

Database Configuration Prerequisites

In the Antimalware database configuration sequence, ZENworks can create a new database or configure an existing database. Or in the case of using Oracle, create a new user schema or use an existing user schema.

NOTE:An “existing database” implies an Antimalware database configured for the specific purpose of running the Antimalware Database Configuration tool launched from Security > Getting Started > Protecting Against Malware page in ZENworks Control Center, as opposed to configuring a new database using the same tool.

Depending on the database type and whether it’s a new or existing database determines which credentials you require: Database Administrator (DBAdmin), Database Access, or both, as shown below:

Database Type

New Database

Existing Database

Remote PostgreSQL

  • Database Administrator credentials

  • Database Access credentials

  • Database Administrator credentials

  • Database Access credentials

Microsoft SQL Server

  • Database Administrator credentials

  • Database Access credentials

  • Database Access credentials

Oracle

  • Database Administrator credentials

  • Database Access credentials

  • Database Access credentials

NOTE:The Database Administrator should not provide the following database user names when the chosen option is configure an existing database:

  • Remote PostgreSQL: postgres or zenpostgres

  • Microsoft SQL Server: sa or Administrator

  • Oracle: System or Sys

If you need your database administrator to configure a new external Antimalware database or Oracle user schema, this is executed using command line to run the ZENworks setup.exe file. When presented with a database selection option in this process, the administrator needs to choose Antimalware Database, not ZENworks Database or Audit Database. The commands used to run setup.exe for database configuration are below:

  • Windows server: DVD_drive:\setup.exe -c

  • Linux server: sh /media/cdrom/setup.sh -c

    NOTE:Only GUI installation is available for configuring a database instance with Linux.

After choosing Antimalware Database in this process, the database administrator should follow database configuration instructions in the ZENworks Server Installation reference, post selecting the database type. This reference also includes information about administrator rights and prerequisites. See the following topics specifically:

Configure Remote PostgreSQL Server

If you are referencing this section, you should have PostgreSQL as your ZENworks database and selected Remote PostgreSQL as your database type in the Antimalware database configuration options.

To configure remote PostgreSQL Server:

  1. Click Next after selecting Remote PostgreSQL as the database type.

  2. Click Next in the Database Administrator Rights dialog box.

    If you need more information about database rights to create a new database, see Database Configuration Prerequisites.

  3. Choose to create a new database or configure an existing database, and click Next.

  4. Enter the server address and connection port for the existing database or where the new database will be installed, and click Next. For example:

    • Server address: serverName.company.domainName.com

    • Port: 54327

  5. Proceed according to your configuration.

    • Configure New Antimalware Database:

      1. Specify the name for the new Antimalware database.

      2. Specify the database administrator credentials required to create the new database.

      3. Specify the database access credentials that will be used for ongoing access to the Antimalware database.

      4. Click Next and Finish.

    • Configure Existing Antimalware Database:

      1. Specify the name of the existing Antimalware database.

      2. Specify the database administrator credentials.

      3. Specify the access credentials provided by your database administrator. These will be used for ongoing access to the Antimalware database.

      4. Click Next and Finish.

Configure Microsoft SQL Server

If you are referencing this section, you should have Microsoft SQL Server pre-configured as your database type in the Select Antimalware Database Type dialog box.

To configure Microsoft SQL Server:

  1. Click Next in the Select Antimalware Database Type dialog box.

  2. Click Next in the Database Administrator Rights dialog box.

    If you need more information about database rights to create a new database, see Database Configuration Prerequisites.

  3. Choose to create a new database or configure an existing database, and click Next.

  4. Enter the server address, connection port, and named instance for the existing database or for the new database that will be installed, and click Next. For example:

    • Server address: serverName.company.domainName.com

    • Port: 1433

    • Named instance: AD LDS Instance-Antimalware Database

  5. Proceed according to your configuration.

    • Configure New Antimalware Database:

      1. Specify the name for the new Antimalware database.

      2. Provide the server location where the database will be installed.

        For example: c:\database

      3. Select the authentication method for the database administrator: Windows Authentication or SQL Server Authentication.

      4. Specify the database administrator credentials who has permission to create a database, based on the type of authentication selected.

      5. If using Windows Authentication, enter the domain name. For example: domainName

        The domain name is available in the zdm.xml or dmaccounts.properties file.

      6. Select the authentication method for the database access credentials.

      7. Specify the access credentials for the type of authentication selected. These credentials will be used for ongoing access to the Antimalware database.

      8. If using Windows Authentication, enter the domain name. For example: domainName

        The domain name is available in the zdm.xml or dmaccounts.properties file.

      9. Click Next and Finish.

    • Configure Existing Antimalware Database:

      1. Specify the name of the existing Antimalware database.

      2. Select the authentication method: Windows Authentication or SQL Server Authentication.

        For Windows Authentication, the specified user must already exist in the Active Directory domain.

      3. Specify the access credentials for the type of authentication selected. These credentials will be used for ongoing access to the Antimalware database.

      4. If using Windows Authentication, enter the domain name. For example: domainName

        The domain name is available in the zdm.xml or dmaccounts.properties file.

      5. Click Next and Finish.

Configure Oracle Database

If you are referencing this section, you should have Oracle pre-configured as your database type in the Select Antimalware Database Type dialog box.

To configure the Oracle database:

  1. Oracle partitioning with ZENworks is enabled by default in the Select Antimalware Database Type dialog box. If you want to disable this feature, select No in the partitioning option.

    Otherwise, leave Yes selected, and click Next.

  2. Click Next in the Database Administrator Rights dialog box.

    If you need more information about database rights to create a new user schema, see Database Configuration Prerequisites.

  3. Choose to create a new user schema or configure an existing user schema, and click Next.

  4. Enter the server address, connection port, and service name for the existing database or for the new database that will be installed, and click Next. For example:

    • Server address: serverName.company.domainName.com

    • Port: 1521

    • Service name: zenworks.provo.novell.com

  5. Proceed according to your configuration.

    • Configure New User Schema:

      1. Specify the database administrator credentials who has permission to create a new user schema.

      2. Define new user credentials to be created. These credentials will be used for ongoing access to the Antimalware database. This also enables ZENworks to create tables, procedures, triggers, and sequences in the database.

      3. Select whether to let ZENworks create tablespaces for the new user defined above or to have the database administrator create the tablespaces.

      4. If you chose the option to have ZENworks create the tablespaces, define the tablespace names for tables and for indexes, and the DBF file locations for those tables and indexes.

        If you chose Let DBA create the tablespace, skip to the next step.

      5. Click Next and Finish.

    • Configure Existing User Schema:

      1. Specify the database access credentials that enable ZENworks to access the user schema and to create tables, procedures, triggers, and sequences in the database.

      2. Define the tablespace names for tables and for indexes.

      3. Click Next and Finish.

Populate the Antimalware Database

After you complete the Antimalware Database configuration for your zone, you should see a status link next to “Configure Database” in the Antimalware Database section of the Getting Started page. For example, . If there are any issues, the hyper-linked text would read differently, such as “Completed with Issues”. Click the link next to Status: to open the Database Configuration Status to see the status of two tasks: Database Configuration and Configuration Replication.

If there are no issues and the Antimalware Database is configured, the Populate Database link should be enabled. Click the link to populate the newly configured Antimalware Database with ZENworks data. If the zone runs on a single server using a Linux operating system, all ZENworks services will temporarily stop while the data is synchronized between the two databases, ZENworks and Antimalware, and then be restarted.

If you have multiple primary servers in your zone, open a command prompt or terminal as a Super Administrator on one of the primary servers and enter the command as shown below to execute the Populate Database action:

microfocus-zenworks-configure -c PopulateAMDatabaseConfigureAction

After running the command, you can specify the parameters as prompted.

  • Windows: Run the command from the command prompt of a ZENworks Primary Server, and follow the prompts to perform and monitor the migration.

  • Linux: Run the command from the terminal of a ZENworks Primary Server, and follow the prompts to perform and monitor the migration.

After giving time for the process to complete, the Configure Database status will update. If the status displays an output other than “Completed”, you can reference Troubleshooting Antimalware Database Synchronization to resolve potential issues.