12
3.3.1
Operation of Mirror server
The computer hosting the Mirror server should always be running, and connected to the Internet or to an upper
Mirror server for replication. Mirror server update packages can be downloaded in two ways:
1. Using the HTTP protocol (recommended)
2. Using a shared network drive (SMB)
ESET‘s update servers use the HTTP protocol with authentication. A central Mirror server should access the update
servers with a user name (usually in the following form: EAV-XXXXXXX) and password.
The Mirror server which is a part of ESET Smart Security/ESET NOD32 Antivirus has an integrated HTTP server.
NOTE:
If you decide to use the integrated HTTP server (with no authentication), please ensure that it will not be accessible
from outside of your network (i.e. to clients not included in your license). The server must not be accessible from the Internet.
By default, the integrated HTTP server listens at TCP port 2221. Please make sure that this port is not being used by any other
application!
Any other type of HTTP server can also be used. ESET also supports additional authentication methods (user name /
password access – on Apache Web Server the .htaccess method is used).
The second method (shared network folder) requires sharing (“read” rights) of the folder containing update
packages. In this scenario, a user name and password of a user with “read” rights for the update folder must be
entered into the client workstation.
NOTE:
ESET client solutions use the SYSTEM user account and thus have different network access rights than a currently
logged-in user. Authentication is required even if the network drive is accessible for “Everyone” and the current user can
access them, too. Also, please use UNC paths to define the network path to the local server. Using the DISK:\ format is not
recommended.
If you decide to use the shared network folder method, we recommend that you create a unique user name (e.g.
NODUSER). This account would be used on all client machines for the sole purpose of downloading updates. The
NODUSER account should have “read” rights to the shared network folder which contains the update packages.
NOTE:
For authentication to a network drive, please enter the authentication data in the full form: WORKGROUP\User, or
DOMAIN\User.
In addition to authentication, you must also define the source of updates for ESET client solutions. The update
source is either a URL address to a local server:
http://Mirror_server_name:port
or UNC path to a network drive:
\\Mirror_server_name\share_name
3.3.2
Types of updates
Aside from regular virus signature database updates, which can include ESET software kernel updates, program
component upgrades can be downloaded on a far less frequent basis. Program upgrades usually add new features
to ESET security solutions and require a reboot to finish installing. If there is a Mirror server installed in a network,
program upgrades are downloaded from the Mirror server.
The Mirror server allows an administrator to disable automatic downloading of program upgrades from ESET‘s
update servers (or from a upper Mirror server) and disable its distribution to clients. Distribution can later be
triggered manually by the administrator (e.g. when he is sure there will be no conflict between the new version and
other applications).
This feature is especially useful if the administrator wishes to download and use virus signature database updates
even though there is also a new program version available to download. In this scenario, the new program version
could be tested in a non-production environment before its implementation. If an older program version is used in
conjunction with the most recent virus database version, the program will continue to provide the best protection
available. Still, we recommend that you download and install the newest program version without too much delay,
in order to gain access to new program features.
