What is ICAP and integration with Nutanix files

  • 17 January 2023
  • 4 replies
  • 1874 views

Userlevel 2
Badge +1

ICAP stands for internet content adaption protocol is an open standard being adopted to connect devices to enterprise-level virus scan engine . same way with the nutanix files is to enable communication with external servers hosting third-party anti-virus software to scan inbound data (files) in transit via Secure Proxy before sending it to the backend destination server.

ICAP WORKFLOW

The ICAP service runs on each Nutanix Files file server and can interact with more than one ICAP server in parallel to support horizontal scale-out of the antivirus server. The scale-out nature of Files and one-click optimization greatly mitigate any antivirus scanning performance overhead. If the scanning affects Nutanix Files FSVM performance, one-click optimization recommends either increasing the virtual CPU resources or scaling out the FSVMs. This feature also helps both the ICAP server and Files scale out, ensuring fast responses from the customer’s antivirus vendor

 

WHY Nutanix files integration with AV server is important

Ransomware is a persistent concern that requires multiple security controls and software layers to mitigate integration is important to protect users from malware and viruses,

WHAT all third-party vendor are support with Nutanix files

  1. Trand Micro
  2. McAfee
  3. BitDefender
  4. Symantec
  5. sentinelone

HOW to configure integration

  1. In the Files Console, go to Configuration > Antivirus.
  2. Connect the ICAP server.
    1. Click + Connect ICAP Server.A new row appears for new ICAP server details.
    2. Enter the following information in the corresponding fields:
      • IP address or hostname
      • Port (the default port number is 1344)
      • Description
    3. To save the configuration, click the check mark icon.For a detected antivirus server, the software tests the validity of the configured server and updates the status to OK.
    4. Ensure the connection status automatically updates to OK.
    5. Click Next.
    6. (https://portal.nutanix.com/page/documents/details?targetId=Files-v4_2:fil-file-server-anti-virus-enable-t.html) for more details

4 replies

Thanks for the post and link to the official documentation. I see you listed SentinelOne as an option for Nutanix Files. Do you know where I can find the documentation to support that? I’ve been digging and can’t seem to find anything that will let me connect my instance of SentinelOne to Nutanix Files. Thanks for any guidance!

Badge

JHoff,

I was looking for the same. Have you found anything ? If I search sentinelOne site, I get zero hits.

 

Thanks

Userlevel 3
Badge +4

Hi Yezdi,

Had you contacted SentinelOne support asking how to enable ICAP, from Nutanix files prospective, only IP address/hostname and port number is needed. All the policies and configuration is done from ICAP.

 

F>P 

Badge

i did reach out to them. I haven’t heard back yet. There is no documentation on how it is implemented. Does SentinelOne provides IP Address/hostname and port or do we need to deploy ICAP servers ? I will update once I hear from SentinelOne

Thanks for responding to my question. Appreciated

Reply