Smg Getting Started Guide

8/10/2019 Smg Getting Started Guide

1/50

Symantec Messaging

Gateway 10.5 Getting StartedGuide

powered by Brightmail


2/50

Thesoftwaredescribed in this book is furnishedundera license agreementand maybe used

only in accordance with the terms of the agreement.

Documentation version: 10.5

PN: 21319173

Legal Notice

Copyright 2013 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered

trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other

names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required

to provide attribution to the third party (Third Party Programs). Some of the Third Party

Programs are available under opensource or free software licenses.The License Agreement

accompanying the Software does not alter any rights or obligations you may have underthose open source or freesoftware licenses. Please seethe Third Party Legal Notice Appendix

to this Documentation or TPIP ReadMe File accompanying this Symantec product for more

information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,

copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization of

Symantec Corporation and its licensors, if any.

THEDOCUMENTATIONIS PROVIDED"AS IS"ANDALLEXPRESSOR IMPLIEDCONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,

ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BELEGALLYINVALID. SYMANTECCORPORATION SHALL NOTBELIABLE FORINCIDENTAL

OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED

IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The LicensedSoftware and Documentation are deemed to be commercial computersoftware

as defined in FAR 12.212 andsubject to restricted rightsas defined in FAR Section 52.227-19

"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in

Commercial Computer Software or Commercial Computer Software Documentation", as

applicable, and any successor regulations. Any use, modification, reproduction release,

performance,display or disclosure of theLicensed Software and Documentation by theU.S.

Government shall be solely in accordance with the terms of this Agreement.


3/50

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

http://www.symantec.com

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1
http://www.symantec.com/http://www.symantec.com/


4/50

Technical Support

Symantec Technical Support maintains support centers globally. TechnicalSupports primary role is to respond to specific queries about product features

and functionality. The Technical Support group also creates content for our online

Knowledge Base. The Technical Support group works collaboratively with the

other functional areas within Symantec to answer your questions in a timely

fashion. Forexample, theTechnical Support group works withProduct Engineering

and Symantec Security Response to provide alerting services and virus definition

updates.

Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the right

amount of service for any size organization Telephone and/or Web-based support that provides rapid response and

up-to-the-minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7

days a week basis

Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our website at

the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement

and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support

information at the following URL:


Before contacting Technical Support, make sure you have satisfied the system

requirements that are listed in your product documentation. Also, you should beat the computer on whichthe problem occurred, in case it is necessary to replicate

the problem.

When you contact Technical Support, please have the following information

available:

Product release level
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/


5/50

Hardware information

Available memory, disk space, and NIC information

Operating system

Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, accessour technical

support Web page at the following URL:


Customer service

Customer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as the

following types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs, DVDs, or manuals
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/


6/50

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please

contact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


7/50

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Chapter 1 Introducing Symantec Messaging Gateway . . . . . . . . . . . . . . . . . . . . 9

About Symantec Messaging Gateway.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

What's new in Symantec Messaging Gateway.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Where to get more information.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

About basic deployment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 2 Installing your appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

About installation configurations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Installation checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

System requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 17

Setting up the appliance hardware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Starting the appliance software set up.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Specifying Ethernet interfaces.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Specifying a static IP address for routing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Specifying gateway and DNS IP addresses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Specifying the role for the appliance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Registering your license.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Troubleshooting license file registration.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Updating to the latest software during initial setup .. . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Configuring the Control Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Adding a Scanner through the Control Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Configuring the Scanner for inbound and outbound mail

filtering.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 30

Chapter 3 Deploying Symantec Messaging Gateway as a

Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35About Symantec Messaging Gateway Virtual Edition.. . . . . . . . . . . . . . . . . . . . . . . . . 35

Virtual software terminology.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Symantec Messaging Gateway support for VMware Tools. . . . . . . . . . . . . . 38

Symantec Messaging Gateway Support for Hyper-V Tools. . . . . . . . . . . . . 38

Installing Symantec Messaging Gateway on VMware.. . . . . . . . . . . . . . . . . . . . . . . . . 39

System requirements for virtual deployment on VMware.. . . . . . . . . . . . . 39

Contents


8/50

Deploying an OVF template on an ESX 4.1 or ESXi 4.1/5.x

Server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 40

Installing from an ISO image or OS restore CD onto a virtual

machine on your ESX or ESXi Server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Using an OS restore CD on your ESX or ESXi Server to boot your

virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Using an ISO image on your datastore to boot your ESX/ESXi

Server virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Using an OS ISO image on your local computer to boot your

ESX/ESXi Server virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Installing Symantec Messaging Gateway on Hyper-V.. . . . . . . . . . . . . . . . . . . . . . . . . 46

System requirements for virtual deployment on Microsoft

Hyper-V.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 46

Installing from an ISO image or OS restore CD onto a virtual

machine on your Microsoft Hyper-V server.. . . . . . . . . . . . . . . . . . . . . . . . . .47Using an OS restore CD on your Microsoft Hyper-V Server to

boot your virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Using an OS ISO image on your Hyper-V server to boot your

Microsoft Hyper-V Server virtual computer .. . . . . . . . . . . . . . . . . . . . . . . . 49

Contents8


9/50

Introducing SymantecMessaging Gateway

This chapter includes the following topics:

About Symantec Messaging Gateway

What's new in Symantec Messaging Gateway

Where to get more information

About basic deployment

About Symantec Messaging GatewaySymantec Messaging Gateway offers enterprises a comprehensive gateway-based

message-security solution. Symantec Messaging Gateway delivers inbound and

outbound messaging security, real-time antispam and antivirus protection,

advanced content filtering, and data loss prevention in a single platform.

Symantec Messaging Gateway does the following to protect your environment:

Detects spam, denial-of-service attacks, and other inbound email threats

Leverages a global sender reputation and local sender reputation analysis to

reduce email infrastructure costs by restricting unwanted connections

Filtersemail to remove unwanted content,demonstrateregulatory compliance,and protect against intellectual property and data loss over email

Obtains visibilityinto messagingtrends and events with minimal administrative

burden

See Where to get more informationon page 11.

1Chapter


10/50

What's new in Symantec Messaging GatewayTable 1-1lists Symantec Messaging Gateway's new and enhanced features.

Table 1-1 Symantec Messaging Gateway new features and enhanced features

DescriptionNew feature or

enhancement

Disarmis a newSymantec technology that detects andremoves

potentially malicious content from many common email

attachments, including Microsoft Office documents and Adobe

PDFs. Potentially malicious content types include macros,

scripts, Flash movies, and other exploitable content. Disarm

deconstructs the attachment, strips the exploitable content,

and reconstructs the document, preserving its visual fidelity.Youcan choosethe types of documents andtypesof potentially

malicious content to Disarm. You can also choose whether to

archive the original unaltered documents in case administrators

or end users need access to them

Disarm: detection and

removal of potentially

malicious content from

email attachments

Expanded URL reputation-based filtering blocks more spam,

malware and phishing messages. This release includes 70%

more threat URLs than the previous version of Symantec

Messaging Gateway. URLs are identified as threatening as a

result of back-end analysis of the destination website's content.

This increasein threat URLs represents a significant expansion

of Symantec Messaging Gateway's existing reputation-basedfiltering technologies.

Expanded URL

Reputation Filtering

In previous releases, messages and attachments that could not

be scanned were subject to a single unscannable disposition.

Allunscannablemessages had to be treated the same way, even

if they were unscannablefor very different reasons. Thisrelease

features more granular policies and verdicts, letting you take

different actions depending on the reasons why a message is

unscannable. New reports that focus on unscannable messages

make it easier to isolate and interpret statistical information

about unscannable mail and attachments.

The release also includes a policy that can be used to configure

actions for attachments that are unscannable by Disarm

technology.

New unscannable

functionality: more

granular malware and

content scanning

verdicts, and a new

Disarm policy

Introducing Symantec Messaging GatewayWhat's new in Symantec Messaging Gateway

10


11/50

Table 1-1 Symantec Messaging Gateway new features and enhanced features

(continued)

DescriptionNew feature orenhancement

You can use LDAP sourcesto add Control Center administrators

and assign them to administrator-specific policy groups. You

can then configure administration policies and assign the

policies to groups. Existing administrators keep their

pre-upgrade privileges, which are mapped to five new default

administration policies. You can also create new policies based

on the defaults and apply them to individuals or groups.

End-user quarantine can now be enabled for specific groups. In

previous releases it was either enabled globally (for all users in

your directory data source) or completely disabled.

Administrators can also now switch views between their own

end-user quarantines and those of their users.Logins arebased

on a single set of LDAP credentials.

New ways to add and

manage Control Center

administrators using

LDAP sources

The option to enforce TLS encryption on inbound messages

from specific domains allows moresecure communication with

trusted partners and senders.

Enforce TLS encryption

for inbound mail

TLS-encrypted delivery to Symantec Data Loss Prevention

improves security for customers who have integrated it with

Symantec Messaging Gateway.

TLS-encrypted delivery

to Symantec Data Loss

Prevention

Outbound sender throttlingadds new control against outbound

spam attacks from compromised internal users.

Outbound sender

throttling

Support for Microsoft Hyper-V virtual environment provides a

new virtual deployment option in addition to the existing

VMware support. SeeSymantecMessagingGateway 10.5

Installation Guidefor information on deploying Symantec

Messaging Gateway in a Hyper-V virtual environment.

Support for Microsoft

Hyper-V

Where to get more informationThe following resources provide more information about your product:

Introducing Symantec Messaging GatewayWhere to get more information


12/50

The Symantec Messaging Gateway documentation set

consists of the following manuals:

SymantecMessagingGatewayAdministrationGuide SymantecMessagingGateway Installation Guide

SymantecMessagingGatewayGetting Started Guide

SymantecMessagingGatewayCommandLineReference

Guide

SymantecMessagingGateway Release Notes

SymantecMessagingGateway SoftwareUpdate Notes


documentation.jsp?language=englishview=

manualspid=53991

Documentation

Symantec Messaging Gateway includes a comprehensive

Help system that contains conceptual and procedural

information.

Product Help system

Visit the Symantec Web site for more information about

your product as follows:

www.symantec.com/enterprise/support

Provides accessto the technical support knowledge base,

newsgroups, contact information, downloads, and

mailing list subscriptions

https://licensing.symantec.com/acctmgmt/index.jsp

Provides information about registration, frequently

asked questions, how to respond to error messages, andhow to contact Symantec License Administration

www.symantec.com/business/index.jsp

Provides product news and updates

www.symantec.com/business/security_response/index.jsp

Provides you access to the virus encyclopedia, which

contains information about all known threats;

information about hoaxes; and access to white papers

about threats

Symantec Web site

About basic deploymentYou can use each appliance to perform a variety of functions. During the initial

setup, the installation wizard prompts you to choose the function that each

appliance will perform. Before you install the product, decide which functions to

assign your appliance. Contact a sales representative for additional help with

performance sizing.

Introducing Symantec Messaging GatewayAbout basic deployment

12
http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/enterprise/supporthttps://licensing.symantec.com/acctmgmt/index.jsphttp://www.symantec.com/business/index.jsphttp://www.symantec.com/business/security_response/index.jsphttp://www.symantec.com/business/security_response/index.jsphttp://www.symantec.com/business/index.jsphttps://licensing.symantec.com/acctmgmt/index.jsphttp://www.symantec.com/enterprise/supporthttp://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991


13/50

The available functions are as follows:

A ControlCenter letsyou configureand manageall of the following

from a Web-based interface:

Email filtering

SMTP routing

System settings

Spam Quarantine

Suspect Virus Quarantine

Content filtering incident folders

All other functions

The Control Center provides information on the status of all of

the Symantec Messaging Gateway hosts in your environment,

including logs and reports.

You must configure one Control Center for your site. One Control

Center controls one or more Scanners.

Control Center

Scanners can perform all of the following tasks:

Perform filtering based on IP connections, such as Connection

Classification, Fastpass, and various sender groups

Filter email for viruses, spam, and noncompliant messages

You can configure multiple Scanners.

Scanner

Performsboth functions. Thisconfiguration is suitable for smaller

installations.

Control Center and

Scanner

Note:This documentation assumes that you will configure a single appliance as

both a Control Center and a Scanner, and that your Scanner will perform inbound

and outbound mail filtering. If your filtering requirements exceed this basic

scenario, refer to the SymantecMessagingGateway InstallationGuide.



14/50


14


15/50

Installing your appliance

This chapter includes the following topics:

About installation configurations

Installation checklist

System requirements

Setting up the appliance hardware

Starting the appliance software set up

Specifying Ethernet interfaces

Specifying a static IP address for routing

Specifying gateway and DNS IP addresses

Specifying the role for the appliance

Registering your license

Updating to the latest software during initial setup

Configuring the Control Center

Adding a Scanner through the Control Center

Configuring the Scanner for inbound and outbound mail filtering

About installation configurationsYou can install and run Symantec Messaging Gateway in several ways:

2Chapter


16/50

Install and run a physical, Symantec-supplied appliance.Symantec Messaging

Gateway appliance

Install and run a virtual appliance, using your choice ofhardware.

See About Symantec Messaging Gateway Virtual Edition

on page 35.

Symantec MessagingGateway Virtual Edition

Install and run a combination of physical and virtual

components.

Mixed-mode

Installation checklistTable 2-1 describes the information to have on hand and the hardware to have in

place before you install Symantec Messaging Gateway.

Table 2-1 Installation checklist

DescriptionItem

Keyboardand VGAmonitoror through another computerthrough

a serial port. After initial setup, you can log into an appliance's

command line interface using SSH.

Console access to

appliance for initial

setup

The same license file can be used to license multiple appliances.Valid license file

The URL you use to access the appliance's Control Center Webinterface.

Hostname

A routable static IP address assigned to eth0 for inbound

email, and one of the following for outbound email:

Routable staticIP address assigned to eth1 (recommended)

Routable static virtual IP address

Separate port thatshares theone routable staticIP address

assigned to eth0

IP addresses assigned to eth0 or eth1 require a netmask IP

address anda gateway IP address. Refer to theScannerscenarios

to determine IP address requirements.

A static IP addresses

andone or twonetmask

and gateway IP

addresses

DNS is required to route email. You can use the Internet root

DNS servers or specify internal DNS servers.

Domain Name Servers

(DNS)

Internet or internal.NTP servers (optional)

Installing your applianceInstallation checklist

16


17/50

Table 2-1 Installation checklist(continued)

DescriptionItem

Instead of using a direct connection, you can optionally specify

a proxy for registration, filters, and retrieval of virus definitions

using LiveUpdate.

Hostname, port, user

name, and passwordfor

proxy (optional)

If there are MTAs configured between your Scanners and the

Internet, on the Inbound Mail Filtering - Connections wizard

page, configure the Scanners to only accept email from the

upstream MTAs. If there is a firewall between any of your

appliances and the Internet, the firewall must be configured to

permit network traffic through certain ports.

IP addresses from

which to permit traffic

System requirementsTable 2-2lists the minimal system requirements.

Table 2-2 System requirements

RequirementItem

The Control Center supports the following browsers:

Microsoft Internet Explorer 9/8

Mozilla Firefox 13 or later

Chrome 19 or later

Web browsers

Symantec Messaging Gateway supports the following LDAP directory

types:

Windows 2008 Active Directory (both LDAP and Global Catalog)

Windows 2003 Active Directory (both LDAP and Global Catalog)

Sun Directory Server 7.0



Lotus Domino LDAP Server 8.5



OpenLDAP 2.4

OpenLDAP 2.3

Symantec Messaging Gateway is LDAP v.3 compliant and can be

configured to work with other directory server types.

LDAP

Installing your applianceSystem requirements


18/50

Setting up the appliance hardwareBefore you can install and configure the appliance, you must first set up the

hardware.

To set up the appliance hardware

1 Unpack the appliance and either rack mount it or place it on a level surface.

2 Plug in AC power.

3 Plug in an Ethernet Cable to iDRAC port and enable DRAC. For moreinformation on iDRAC, see Dell Support.

4 Connect the appliance with one of the following methods:

Connect a keyboard and VGA monitor to the appliance.

Connect another computer to the appliance with the serial port.

Use a null modem cable with a DB9 connector and settings of 9600 bps,

8/N/1.

Connect to appliance through iDRAC console from a remote computer.

5 Connect an Ethernet cable to the Ethernet jack that is labeled 1 on the backpanel of the appliance, which corresponds to eth0.

To use the second Ethernet port for outbound traffic, connect a second cable

to the Ethernet jack that is labeled 2 on the back of the appliance and

corresponds to eth1.

See Starting the appliance software set upon page 18.

Starting the appliance software set upTo start the appliance software set up

1 Turn on the power.

2 Log on with the logon nameadminand the password symantec.

3 When you are prompted, type your new password twice.

4 When you are prompted, type a fully qualified domain name for this host.To avoid problems with message routing, this host name should not be your

mail domain, such as symantecexample.com.

For example, the name should be similar in form to:

host6.symantecexample.com

Installing your applianceSetting up the appliance hardware

18


19/50

5 When you are prompted, type the correct time zone.

Type ? to see a list of time zones.

Press the space bar to scroll through the list or type Q to exit the list.

6 To continue installation, next you specify Ethernet interfaces.

See Specifying Ethernet interfaceson page 19.

To start up Symantec Messaging Gateway Virtual Edition on VMware Hypervisor

1 Access the VMware ESX server through the VMware vSphere client. You candownload thissoftware from VMware Web siteor directly from your appliance

if your VMware ESX server is configured for https access. Go to https://. Select linkDownloadvSphereClientand install the VMware

vSphere Client software. Log into your VMware ESX server through VMware

vSphere Client.

2 In VMware vSphere Client, right-click on SymantecMessagingGatewayvirtualmachine and select Poweron from the right-click menu.

3 In VMware vSphere Client, select the Symantec Messaging Gateway virtualmachine and then click on the console tab.

To start up Symantec Messaging Gateway Virtual Edition on Microsoft Hyper-V

Hypervisor

1 AccesstheMicrosoftHyper-V Serverthrough theMicrosoftHyper-V MicrosoftManagement Console. You can download this software from the Microsoft

Web site.2 In Microsoft Hyper-V Microsoft ManagementConsole, right-clickon Symantec

Messaging Gateway virtual machine and select Start from the right-click

menu.

3 In Microsoft Hyper-V Microsoft Management Console, select the SymantecMessaging Gateway virtual machine and then right-click and selectConnect.

After you set up the appliance hardware, begin the software set up process.

See Setting up the appliance hardwareon page 18.

Specifying Ethernet interfacesAfter you perform the initial steps of starting the appliance setup, the next step

is to configure the Ethernet interfaces.

See Starting the appliance software set upon page 18.

Installing your applianceSpecifying Ethernet interfaces


20/50

To specify Ethernet interfaces

1 When you are prompted, type the IP address for the Ethernet interface thatis labeled 1 on the back of the appliance.

For example:

192.168.0.1

2 When you are prompted, type the subnet mask for Ethernet interface 1.

For example:

255.255.255.0

3 When you are prompted if you want to use the second Ethernet interface,

interface 2, type one of the following responses:

You want to use interface 2.YES

You do not want to use interface 2.

Skip to the next procedure.

See Specifying a static IP address for routing

on page 20.

NO

4 When you are prompted, type the IP address for Ethernet interface 2.

For example:

192.168.12.3

5 When you are prompted, type the subnet mask for Ethernet interface 2.

For example:

255.255.255.0

6 To continue installation, next you specify a static IP address for routing.

See

Specifying a static IP address for routing

on page 20.

Specifying a static IP address for routingAfter you set up the Ethernet interfaces, the next step in setting up your appliance

is to set up a static IP address for routing. You can set up multiple static IP

addresses or none at all.

Installing your applianceSpecifying a static IP address for routing

20


21/50

See Specifying Ethernet interfaceson page 19.

To specify a static IP address static for routing

1 When you are prompted whether you want to add a static IP address forrouting, type one of the following responses:

You want to add a static IP address for routing.YES

You do not want to add a static IP address for routing.


See Specifying gateway and DNS IP addresses

on page 21.

NO

2 When you are prompted, specify the IP address or CIDR block of thedestination host or network.

3 If you configure multiple Ethernet interfaces, you are prompted to specifythe Ethernet Interface number (either 1 or 2, the default is 1).

This setting is to force the route to be associated with the specified device.

4 When you are prompted whether you want to add another static IP address,type one of the following responses:

You want to add another static IP address.

Repeat steps2through3to add another static IP

address.

YES

You do not want to add another static IP address.


See Specifying gateway and DNS IP addresses

on page 21.

NO

5 To continue installation, next you specify gateway and DNS IP addresses.

See Specifying gateway and DNS IP addresseson page 21.

Specifying gateway and DNS IP addressesAfter you configure the static IP address, specify the default gateway IP address

and the IP address of your DNS server. You can add up to three DNS server IP

addresses.

See Specifying a static IP address for routingon page 20.

Installing your applianceSpecifying gateway and DNS IP addresses


22/50

To specify gateway and DNS settings

1 When you are prompted, type the IP address of the default gateway (defaultrouter).

2 When you are prompted, type the IP address of the DNS server.

3 When you are prompted if you want to enter another DNS server, type oneof the following responses:

You want to add an additional DNS server.

Type the IP address.

You can add up to three addresses.

YES

You do not want to an additional DNS server.


See Specifying the role for the appliance on page22.

NO

4 To continue installation, next you specify the role for the appliance.

See Specifying the role for the applianceon page 22.

Specifying the role for the applianceAfter you have specified IP addresses for your default gateway and DNS servers,

specify the role for the appliance.

See Specifying gateway and DNS IP addresseson page 21.

The roles that you can choose are as follows:

Scanner only

Control Center only

Scanner and Control Center

To set the role for the appliance

1 When you are prompted, choose one of the following roles for this appliance:

Scanner only

Control Center only

Installing your applianceSpecifying the role for the appliance

22


23/50

Scanner and Control Center

2 For Scanneronly, when prompted, type the IP address of the Control Center

that you intend to use to manage this Scanner.3 When you are prompted, type one of the following responses:

The summary information is correct.

Product setup is complete and the appliance restarts.

After the appliance restarts, you can register your

appliance.

See Registering your licenseon page 23.

YES

The summary information is not correct.

You return to the beginning of the process to makeyour changes.

See Starting the appliance software set up

on page 18.

NO

Registering your licenseTo register your license, you need the license file that Symantec provides you.

Place this file on the computer from which you access the Control Center. Each

time youadd a Scanner, you must confirmyour licenses or register again.However,

you can use the same license file for each Scanner.

Note:For your Scanners, ensure that your network is configured to permit

outbound connections to Symantec on port 443. Symantec Messaging Gateway

communicates with Symantec Security Response over a secure connection for

product registration and ongoing operations.

If you are performing the initial setup of your appliance, these steps appear in

the setup wizard after the appliance restarts.

See Specifying the role for the appliance

on page 22.

Installing your applianceRegistering your license


24/50

To register your license

1 From a computer that can access your appliance, locate the appliance in abrowser.

The default logon address is as follows:

https://

whereis the host name that you designate for your appliance

during setup or the IP address.

To use HTTP, you must enable HTTP through the command line interface

and specify port 41080.

2 When the security alert message appears, accept the self-signed certificateto continue.

3 On the Control Center logon page, log on as user admin and use the password

that you specified set during initial setup.

4 On the End-UserLicenseAgreement page, click I acceptthe terms of thelicense agreement and click Next.

5 On the License InformationRegistration page, click Browse to locate yourlicense file.

6 Select your license file and clickOpen to return to the LicenseRegistrationpage.

7 If your Scanner uses a proxy serverfor communications withSymantec, click

ProxyServer.

8 To specify a proxy server, checkUseHTTPProxy and type the server hostname and port. If required, type the user name and password.

9 Click RegisterLicense.

If registration was successful, the LicenseRegistration Information page

returns.

See Troubleshooting license file registrationon page 25.

Registration may fail because of an inaccessible proxy, closed port 443, or an

expired, missing, or corrupt license file.

Installing your applianceRegistering your license

24


25/50

10 If you have another license file for a different feature, repeat the process forregistering each license.

11 When all of the license files are successfully registered, click Next.

If your software is up-to-date, the setup wizard appears. Continue with the

installation process.

See Configuring the Control Centeron page 26.

If a software update is available, the SoftwareUpdate page appears.

See Updating to the latest software during initial setupon page 25.

Troubleshooting license file registration

If you have difficulty installing a licenseduring installation, the installation wizard

lets you troubleshoot the issue with the Traceroute utility or the Ping utility.

Troubleshooting license file registration

1 On the License Information Registration page, click Utilities.

2 In the Utility field, click the drop-down menu and select whether to useTraceroute or Ping, and then in the Hostnameor IPaddress field, type the

host name or IP address.

Make sure you can connect tohttps://register.brightmail.com.

3 Click Run.

The results appear in the Results text box.

4 Click Register License.

5 Complete registration.


Updating to the latest software during initial setupSymantec recommends that you apply the current software update after you

register the product, if one is available.


Installing your applianceUpdating to the latest software during initial setup
http://register.brightmail.com/http://register.brightmail.com/


26/50

Updating to the latest software during initial setup

1 On the SoftwareUpdate page, select any of the following options:

Lets you update your software later.Skip

Updates your software now.

After the update, thesetupwizard appears to help you

configure your appliance.


Update

Returns you to the LicenseRegistrationpage.


Cancel

Back

2 When the software update finishes, do one of the following tasks:

Refresh your browser.

Close and re-open your browser to ensure that the cached versions of

graphics redisplay correctly.

3 To continue installation, next you configure the Host.


See the SymantecMessagingGateway Administration Guidefor details on

Configuring Scanners.

Configuring the Control CenterAfter you register your license or after you complete the software update, the

AdministratorSettings page appears in the setup wizard.


See Updating to the latest software during initial setupon page 25.

Configure the Control Center before you configure any Scanners. If you specified

that this appliance is a Control Center and a Scanner, the wizard continues with

the Scanner setup after the Control Center setup finishes.

Installing your applianceConfiguring the Control Center

26


27/50

To configure the Control Center

1 On theAdministrator Settingspage, type an email address for theadministrator.

2 Check ReceiveAlertNotifications to have Symantec Messaging Gatewaysend alert notifications to this address.

You can set up alert notifications for outbreaks, spam and virus filters,

message queues, disk space, SMTP authentication, directories, licenses,

software updates, and events. Events include scheduled task, service,

hardware, swap space, and UPS issues.

You can add additional administrators or modify this administrator's settings

in the Control Center later.

3 Click Next.

4 OntheTimeSettings page, to verify that the date that appears in theCurrentApplianceTime area is correct, select one of the following options:

The time is correct and you do not want to make

changes. This option is the default setting.

Donot changethe time

Youwant to manually changethe time. Type theproper

values in the Date and SetTime fields.

Settimemanually

You want touse NTP servers tomanagetime. Typethe

IP address for up to three NTP servers.

UseNTPservers

5 Click Next.

6 On the SystemLocale page, specify the locale that the appliance should usefor formatting numbers, dates, and times. This setting is the language and

regional formatting Symantec Messaging Gateway uses for messages.

7 Select a Quarantinefallbackencoding format.

Fallback encoding is the formatting that the product uses for quarantined

messages if the formatting that you specified in theSystemLocale field fails.

Installing your applianceConfiguring the Control Center


28/50

8 ClickNext.

If your appliance has been set up as a Control Center and a Scanner, the

ScannerRole page appears, and you must define your Scanner role as

described in the following topics:

See Configuring the Scanner for inbound and outbound mail filtering

on page 30.

If you set up your appliance as a Control Center only, the SetupSummary

page lists your selected configuration options.

9 On the SetupSummary page, select any of the following options:

You are satisfied with the settings and do not want to

make changes. This option is the default setting.

Finish

You want to modify your settings.Back

Youwant to endthe setup without savingyourchanges.

You cannot use the appliance until you complete the

setup.

Cancel

10 If your Scanner is not on the Control Center, set up a Scanner on a separateappliance. You can do this task through the Control Center.

See Adding a Scanner through the Control Centeron page 28.

Adding a Scanner through the Control CenterYou must have Full Administration rights or Manage Settings modify rights to

add a Scanner.

Note:None of the settings that you specify throughout the wizard are final until

you click Finish at the end of the wizard.

To add a Scanner through the Control Center

1 On the Control Center, click Administration>Hosts > Configuration.2 If this Scanner is the first Scanner that you add, the AddScanner wizard

appears. Otherwise, on theHostConfiguration page under Reconfigurea

Scanner orControlCenterhost, click Add.

3 On theAddScannerWizardpage, click Next.

4 On the ScannerHostSettings page, do all of the following:

Installing your applianceAdding a Scanner through the Control Center

28


29/50

In theHostdescriptionbox, type a description for the new Scanner.

In theHostnameorIPaddressbox, type the host name or IP address for

the new Scanner.

5 Click Next.

6 On the LicenseRegistration page, click Browse to locate your license file.

7 Select your license file and click Open to return to the LicenseRegistrationpage.

8 If your Scanner uses a proxy server for communicationswith Symantec, clickProxyServer.

9 To specify a proxy server, checkUseHTTPProxy and type the server hostname and port.

10 Click Register License.

If registration was successful, the LicenseRegistration page returns.

If the license registration fails, perform troubleshooting steps.

See Troubleshooting license file registrationon page 25.

11 If you have another license file for a different feature, repeat the process forregistering each license.

12 When all the license files are successfully registered, click Next.

If your software needs to be updated, the SoftwareUpdate page appears. If

not, proceed to step 14.

13 On the SoftwareUpdate page, select any of the following options:

Lets you update your software later.Skip

Updates your software now. After the update, the setup

wizard returns you to the TimeSettingspage.

Update

Returns you to the LicenseRegistrationpage.


Cancel

Installing your applianceAdding a Scanner through the Control Center


30/50

14 OntheTimeSettingspage, verify whether thedatein theCurrentApplianceTime area is correct. Select one of the following options:

The time is correct and you do not want to makechanges. This option is the default setting.

Do not change the time

Youwant to manually changethe time. Type the proper

values in theDate and SetTime fields.

Set time manually

You want to use NTP serversto manage time. Click and

provide the IP address for up to three NTP servers.

Use NTP servers

15 To complete theAddScannerwizard, you must now configure the Scannerbased on its function.

See Configuring the Scanner for inbound and outbound mail filteringon page 30.

To configure the Scanner for inbound or outbound filtering only, see the

SymantecMessagingGateway InstallationGuide.

Configuring the Scanner for inbound and outboundmail filtering

You can configure the Scanner to perform both inbound mail filtering and

outbound mail filtering. Youcan use the same Ethernet interface for both inbound

mail filtering and outbound mail filtering. Or you can create a virtual IP address

to use for either inbound or outbound mail filtering.

To configure the Scanner for inbound and outbound mail filtering

1 On the ScannerRole page, click Inbound andOutboundmail filtering thenclick Next.

2 On the CreateOptionalVirtual IPAddress page, select one of the followingoptions:

You want to create a Virtual IP address.Yes

You do notwant to createa Virtual IP address. Proceed

to step 6.

No

3 Click Next.

Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering

30


31/50

4 On the CreateVirtual IPAddress page, do all of the following tasks:

Click to select the Ethernet interface.Ethernet

Type the IP address for the virtual server.IPaddress

Type the subnet mask IP address.Subnetmask

Type the network IP address.Network

Type the broadcast IP addressBroadcast

5 Click Next.

6 On the InboundMail Filteringpage, click InboundmailIPaddress to selectthe IP address to use for inbound mail filtering.

7 In the Inboundmail SMTPport field, type the port, and then click Next.

8 On the InboundMail Filtering - AcceptedHosts page, to specify the IPaddresses of the mail servers from which thisScanner should accept inbound

mail, select one of the following options:

Youwant your Scanner to acceptmail from all sources

or the Scanner is deployed at the gateway. For a

Scanner deployed at the Internet gateway, Symantec

recommends that you select this option to accept mail

from any MTA on the Internet.

All IP addresses

You want to restrict the domains from which your

Scanner accepts mail.Type IP addresses, CIDRranges,

or domains. If theScanner is deployed behindupstream

mail servers, specify the upstream mail servers.

Specific IP Addresses

9 Click Next.



32/50

10 On the LocalDomains page, check the addresses that you want to acceptinbound mail for in the LocalDomains list.

To modify the list, do any of the following tasks:

Type the address into the Domainoremail address

fieldforwhichto acceptinboundmail field, and click

Add.

For each domain address or email address that you

add, you can also specify whether messages should be

routed through a specific host and port. Add that

information to theOptionallyrouteto the following

destinationhostand Port fields.

To add an address

Check the address to remove and click Delete.To delete an address

Click Import, and then navigate to an existing file.To import a list of addresses

Check EnableMXLookup. If you enable MX lookup,

you must specify a host name, not an IP address.

For example, enable MX lookup if you configure

multiple downstreammail servers and useMX records

for email load balancing.

To route messages according

to the MX record for the

specified host name

11 Click Next.

12 On the OutboundMailFilteringpage, click the drop-down list to select theIP address to use for outbound mail filtering.

13 In the Outboundmail SMTPport field, type the port, and click Next.

14 On the OutboundMail Filtering - AcceptedHosts page, do one of thefollowing tasks:

Specify the internal host to which this Scanner should relay local domain

mail after filtering is complete. Thisserver is typically a downstream mail

server, such as your corporate mail server.

Check EnableMXLookup forthishost. If you enable MX lookup, specify

a host name instead of an IP address.

15 Click Next.

16 On the Mail Filtering-Mail Delivery page, type a host name or IP addressand port to specify how you want to relay local domain filtered mail.

17 Optionally, check EnableMXlookup for thishost.


32


33/50

18 On theMail Filtering - Non-localMail Delivery page, select one of thefollowing options to specify how you want to relay filtered mail:

You want to use MX Lookup to return thehosts for any domain.

Use default MX Lookup

You want to specify a new host. Type a

host name or IP address and port.

Symantec recommends that you check

EnableMXlookupforthis host if you

position the Scanner at the gateway. If

you choose this option, specify a host

name (not an IP address).

Define new host

You want to use an existing host. Select a

host from the drop-down list. If there is aseparate gateway MTA between the

Scanner and the Internet, provide that

MTA's host name or IP address and port.

Use an existing host

19 Click Next.

20 On the SetupSummary page, review your settings and select one of thefollowing options:

You are satisfied with the settings and want to save

them.

Finish

You want to modify your settings. Go back and revise

your settings.

Back

Youwant to cancelyourchanges without savingthem.Cancel



34/50


34


35/50

Deploying SymantecMessaging Gateway as a

Virtual MachineThis chapter includes the following topics:

About Symantec Messaging Gateway Virtual Edition

Installing Symantec Messaging Gateway on VMware

Installing Symantec Messaging Gateway on Hyper-V

About Symantec Messaging Gateway Virtual EditionUse Symantec Messaging Gateway Virtual Edition with VMware to create a

simulated computer environment (a virtual computer) on which to run Symantec

Messaging Gateway. The guest software is a complete operating system that

contains the Symantec Messaging Gateway Virtual Edition software. It runs in a

similar manner to the application as installed on a standalone hardware platform.

You can deploy the Symantec Messaging Gateway as a virtual appliance on your

existing VMware infrastructure in one of the following ways:

As an OVF on ESX 4.x and ESXi 5/4.x

See Deploying an OVF template on an ESX 4.1 or ESXi 4.1/5.x Server

on page 40.

Note:Symantec Messaging Gateway does not support a VHD for Microsoft

Hyper-V.

3Chapter


36/50

As an ISO or OS restore CD

See Installing from an ISO image or OS restore CD onto a virtual machine on

your ESX or ESXi Serveron page 42.

See Installing from an ISO image or OS restore CD onto a virtual machine onyour Microsoft Hyper-V serveron page 47.

The resources that are allocated to Symantec Messaging Gateway Virtual Edition

must meet the minimum requirements.

See System requirements for virtual deployment on VMwareon page 39.

See System requirements for virtual deployment on Microsoft Hyper-V

on page 46.

This documentation assumes the following:

Your environment has an existing VMware ESX, ESXi, or Hyper-V Server

deployment that is capable of deploying a 64-bit architecture.

You are familiar with administering virtual computers.

Your environment meets all prerequisite system requirements, including 64-bit

virtualization enabled in the BIOS of the host server.

For more information about VMware and to download trialware and prerequisite

applications, see the VMware Web site atwww.vmware.com.

For more information about Microsoft Hyper-V, see the Microsoft Web site at

www.microsoft.com.

See

Virtual software terminology

on page 36.

Virtual software terminology

Key terminology relating to virtual software is as follows:

A virtual computer is the software that insulates the

application stack from the physical hardware.

Virtual computer

Also known as Intel-VT.When enabled in the BIOS it allows

the CPU to support multiple operating systems including

64-bit architecture. On many Intel processors this setting

may be disabled in the BIOS and must be enabled prior toinstalling Symantec Messaging Gateway 10.5.

Note:AMD processors that support 64-bit architecture

usually have this setting enabled by default.

Intel Virtualization

Technology

Deploying Symantec Messaging Gateway as a Virtual MachineAbout Symantec Messaging Gateway Virtual Edition

36
http://www.vmware.com/http://www.microsoft.com/http://www.microsoft.com/http://www.vmware.com/


37/50

The host computer or operating system (OS) is the physical

hardware and primary OS upon which the guest

computer/OS run.

Host computer OS

The OS installed on the virtual computer. Symantec

Messaging Gateway Virtual Edition is the guest computer

and OS.

Guest computer OS

VMwareESX Serveris an enterprise-quality virtual machine

platform.

VMware ESX Server

VMware ESXi is an enterprise-quality virtual machine

platform similar to ESX but with a smaller code base.

VMware ESXi Server

A native hypervisor distributed by Microsoft that enables

platform virtualization on x86-64 systems.

Microsoft Hyper-V Server

A set of files in a VMware-specific format that contains an

image of a preconfigured virtual computer and Symantec

Messaging Gateway Virtual Edition. This image canbe used

to install a virtual computer on a host computer that runs

the VMware ESX Server or VMware ESXi Server.

Virtual computer Image

An image thatlets youinstallSymantec Messaging Gateway

onto a computer that runs VMware ESX Server or ESXi

Server.

ISO image or OS restore CD

A virtual machine that includes a set of software. For

example, an OVF template can include the Symantec

Messaging Gateway software.

OVF template

A virtual machine forMicrosoft Hyper-V that includes a set

of software.

Note:Symantec Messaging Gateway software is not

available as a VHD template.

VHD template

A desktop virtual machine platform that connects to a

VMware ESX Server or VMware ESXi server.

vSphere client

Extended console that is installed onto a Windows 7 PC or

Windows 2008 Server (32- or 64-bit) or System Center

Virtual Machine from which an administrator can manage

a Hyper-V server.

Microsoft Management

Consoles

See About Symantec Messaging Gateway Virtual Editionon page 35.



38/50

Symantec Messaging Gateway support for VMware Tools

Symantec Messaging Gateway virtual appliances provide support for a limited

set of VMware Tools.Only the following tools are supported:

This tool loads automatically at virtual appliance boot time. No

action is required to activate this support.

Currently supports vmxnet 1 and 2.

Second-generation

vmxnet Virtual NIC

driver

This tool starts automatically during virtual appliance boot time.

No actionis required to activate this support.The vmtoolsddaemon

supports automatic turn off of the virtual appliance from the

vSphere4 Client dashboard. The vmtoolsddaemon alsosupports the

Guest Information Service.

vmtoolsd daemon

This tool enables transparent page sharing and reclaims unused

memoryfrom the guest OS. It also enables memory swapping of the

virtual machines.

vmmemctl

No other VMware Tools functionality is supported.


Symantec Messaging Gateway Support for Hyper-V Tools

Symantec Messaging Gateway virtual appliances provide support for a limitedset of Hyper-V Tools.

Only the following tools are supported:

This tool provides support for the Hyper-V-specific (or "synthetic")

network adapter.

hv_netvsc

This tool provides support for all storage devices.hv_storvsc

This tool is the fast communication channel between the server

running Hyper-V and the virtual machine.

hv_vmbus

This tool provides integrated shutdown, key-value pair dataexchange, and heartbeat.

hv_utils



38


39/50

Installing Symantec Messaging Gateway on VMwareUse Symantec Messaging Gateway Virtual Edition with VMware to create a

simulated computer environment on which to run Symantec Messaging Gateway.

System requirements for virtual deployment on VMware

Table 3-1lists the system requirements to deploy Symantec Messaging Gateway

as a guest on VMware ESX Server and VMware ESXi Server. You must install and

configure one of these servers before you install Symantec Messaging Gateway

Virtual Edition.

Note:Symantec Messaging Gateway does not provide any version of BusLogic

Controller.

For requirements specific to VMware ESX Server and VMware ESXi Server, refer

to yourVMware documentation.

Table 3-1 Supported Configurations for Symantec Messaging Gateway Virtual

Edition on Vmware

NotesMinimumRecommendedDescription

Processor on host must support

VT andhave this setting enabled

in the BIOS prior to installationto support the 64-bit kernel,

which is newly supported (and

required) by Symantec

Messaging Gateway 10.5.

Version 4.1ESX/i Version 4.1VMware ESX/i

Server

Symantec Messaging Gateway

installed on flexible disk on a

virtual machine is not

supported.

----Fixed diskDisk type

Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/


40/50


Edition on Vmware(continued)


For Scanner-only virtual

machines.

120 GBFor more

information,

consult the

Symantec

Knowledge Base

article,Disk

Space

Recommendations

for Symantec

Messaging

Gateway Virtual

Edition.

Disk space

For Control Centeronly virtual

machines.

120 GB

For combined Scanner and

ControlCenter virtual machines.

120 GB

A minimum of 4 GBis necessary

to run Symantec Messaging

Gateway and the virtual

machine.

4 GB8 GB or moreMemory

Symantec recommends

allocating four or more CPUs,

based on workload demands and

hardware configuration.

Note:Your environment must

support 64-bit applications in

order to support Symantec


24 or moreCPUs

Onlyone network interface card

is required per virtual machine.

12NICs


Deploying an OVF template on an ESX 4.1 or ESXi 4.1/5.x Server

An OVF template is a virtual machine that includes the software you plan to run

on the machine. You can deploy an OVF template that contains Symantec

Messaging Gateway Virtual Edition on a VMware ESX Server 4.1 or VMware ESXi

Server 4.1/5.x. To deploy the OVF template, use a vSphere or vCenter client on a

different computer than the computer hosting your ESX or ESXi Server.


40


41/50

You may want to ensure that your guest computer is configured to restart when

the host computer restarts. Consult your VMware documentation for more

information.

Note: If you cannot successfully complete this procedure, you can instead use an

OS restore disk.



To deploy an OVF template on an ESX 4.1or ESXi 4.1/5.x Server

1 Insert the DVD that contains the OVF template or locate the OVF templateonline.

The OVF template file name is as follows:

Symantec_Messaging_Gateway_10.0.*.ovf

If you accessed the file online, proceed to step2. If you inserted the DVD,

proceed to step3.

2 If you access the file online, unzip the file.

The OVF template file name is as follows:

Symantec_Messaging_Gateway_10.0.ovf

3 In the Filemenu, click DeployOVFtemplate.

4 On the Source page, click Deployfrom file.

5 Select the file. If necessary, click Browse to find the file.

6 Click Next.

7 On theOVFTemplateDetails page, click Next.

8 On theName andLocation page, enter the name for your deployment andclick Next.

9 On theReady toComplete page, click Finish.

Deploying the OVF may take a few minutes.

When complete, the new computer appears in your inventory.

10 After deployment is complete, access the new virtual computer from yourclient. The standard Symantec Messaging Gateway boot sequence begins.



42/50

Installing from an ISO image or OS restore CD onto a virtual machineon your ESX or ESXi Server

Youcan configurea virtual machine and deployan instance of Symantec MessagingGateway from an OS restore CD or an ISO image. You can perform this task on a

computer that runs ESX 4.x or ESXi 5/4.x, but you must install either server first.

Use only ASCII characters in the entry fields when you create a virtual computer

with the management interface. The virtual computer's display name and path

cannot contain non-ASCII characters. Do not use spaces when you create file

names and directories for virtual computers.


the host computer restarts. Consult your VMware documentation for more

information.

Note:By default, ESXi uses DHCP and does not use a root password. If you use

ESXi, Symantec recommends that you modify the ESXi settings to create a root

password and assign a static IP address before installation.

See Specifying a static IP address for routingon page 20.

To install from an ISO image or OS restore CD onto a virtual machine on your ESX

4.x or ESXi 5/4.x Server

1 Click on the ESX or ESXi Server on which you want to place your virtualmachine.

2 On the Filemenu, click New, then click VirtualMachine.

3 Select the Typical option and click Next.

4 Type a descriptive name for the virtual computer and clickNext.

5 Select a data store option. This setting is where your virtual computer islocated on the physical disk. Make this selection based on your particular

storage configuration. Options can vary. Click Next.

6 Select the virtual machine version.

If you use ESX 4.x, select Virtual Machine version 7.

7 For the OS, clickLinuxas the guest operating systemandRedHatEnterpriseLinux5 (32-bit) as the version, and then click Next.


42


43/50

8 Reserve the necessary quantity of disk space, and then click Next.

See System requirements for virtual deployment on VMwareon page 39.

More disk space may be required based on your deployment.

After you reserve disk space and complete deployment, any changes to disk

space require that you repeat the OS restore process.

9 Select the LSI SAS SCSI device.

10 On the Ready toComplete page, checkEdit thevirtualmachinesettingsbeforesubmitting and click Continue.

11 ClickMemory at the left. Reserve the system memory based on yourdeployment needs, and then click Next.

A minimum of 4 GB is necessary to run Symantec Messaging Gateway Virtual

Edition and thevirtual computer.Symantec recommendsthat youuse at least8 GB.

12 Click CPU at the left. Select the number of virtual CPUs, and then clickNext.

ESX 4.x and ESXi 4.x are limited to two virtual CPUs per virtual computer.

Symantec recommends allocating a minimum of two virtual processors.

13 If you want a second network interface, click the Add button at thetop, choosethe EthernetAdapter, click Next, click Next again, and click Finish.

14 Click Finish.

15 Continue the deployment to bootstrap your virtual appliance.

See Using an OS restore CD on your ESX or ESXi Server to boot your virtual

computeron page 43.

See Using an ISO image on your datastore to boot your ESX/ESXi Server

virtual computeron page 44.

See Using an OS ISO image on your local computer to boot your ESX/ESXi

Server virtual computeron page 45.

Using an OS restore CD on your ESX or ESXi Server to boot your virtual

computer After you configure a virtual computer on ESX Server or ESXi Server, you can usean OS restore CD or ISO image as your bootstrap media.





44/50

To use an OS restore CD on your ESX or ESXi Server to boot your virtual computer

1 Insert the OS restore disk into your ESX or ESXi Server's CD drive.

2 Click Edit virtualmachine settings.

3 On theHardware tab, select CD/DVDDrive1.

4 Choose HostDevice and choose CD.

5 Check Connect atpoweron and click OK.

6 Click the power on virtual machine icon.

The virtual machine now reboots from the CD drive.

7 Click the DisconnectCD/DVD button and remove the disk from your driveto prevent the system from performing another OS restore.

Symantec recommends that you disconnect your boot media immediatelyafter the initial boot process to avoid a future accidental OS restore.

8 Once the installation process is complete, turn off the computer through theclient and edit your computer settings.


10 Uncheck Connect atpower on and click OK.

11 Restart your computer to begin the Symantec Messaging Gateway bootsequence.

Using an ISO image on your datastore to boot your ESX/ESXi Servervirtual computer

After you configure a virtual computer on ESX Server or ESXi Server, you can use

an ISO image on your datastore as your bootstrap media.



To use an ISO image on your datastore to boot your virtual computer

1 On theHardware tab, selectNewCD/DVD and check DatastoreISOfile as

the Device Type.

2 ClickBrowse and select the ISO file on your datastore. If you have not alreadyadded the ISO image to your datastore, refer to your VMware documentation

for the procedure.

3 Check Connect atPower on, then click Finish. The new virtual computerappears in the inventory.


44


45/50

4 Turnon your new computer andaccess your console. The boot process begins.

5 If the console prompts you to partition your SDA device, click your mouseon the console window, and then press the Enter key for Yes.

6 Once the installation process is complete, turn off the computer through theclient and edit your computer settings.


8 Uncheck Connectatpoweron and click OK.

9 Restart your computer to begin the Symantec Messaging Gateway bootsequence.

Using an OS ISO image on your local computer to boot your ESX/ESXiServer virtual computer

After you configure a virtual computer on an ESX Server or ESXi Server, use an

OS ISO image on your local computer as your bootstrap media.



To use an OS ISO image on your local computer to boot your virtual computer

1 Copy the ISO image onto your local hard drive.

2 Click Edit virtualmachine settings.

3 On theHardware tab, select NewCD/DVD and make sure ClientDevice isselected as the Device Type.

4 On theOptions tab, select BootOptions and set the ForceBIOS Setup.

5 Click OK. The new virtual computer appears in the inventory.

6 Click on the new virtual computer in the inventory, then click the consoleicon.

7 Click the power on virtual machine icon.



46/50

8 If you are using in ISO image. click ConnectCD/DVD>Use ISO image, andbrowse to your ISO image. If you are using an OS restore CD, choose theletter

of your computer's CD/DVD drive.

The boot process begins.

9 Once the installation process is complete, the Symantec Messaging Gatewayboot sequence begins.

If the Symantec Messaging Gateway boot sequence does not begin, turn off

the computer through the client, click DisconnectCD/DVDdevice to

disconnect your ISO image, then restart your computer.

Installing Symantec Messaging Gateway on Hyper-VUse Symantec Messaging Gateway Virtual Edition with Hyper-V to create a

simulated computer environment on which to run Symantec Messaging Gateway.

System requirements for virtual deployment on Microsoft Hyper-V

Table 3-2lists the system requirements to deploy Symantec Messaging Gateway

as a guest on Microsoft Hyper-V server. You must install and configure one of

these servers before you install Symantec Messaging Gateway Virtual Edition.

For requirements specific to Microsoft Hyper-V Server, refer to yourMicrosoft

Hyper-V documentation.


Edition on Hyper-V


Processor on host must support

VTandhave this setting enabled

in the BIOS prior to installation

to support the 64-bit kernel,

which is newly supported (and

required) by Symantec


Windows 2008

Standalone

Windows 2012

Datacenter

Edition

Microsoft

Hyper-V


doesnot support installation on

a virtual machine with a

dynamic disk.

----Fixed diskDisk type

Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on Hyper-V

46
http://www.microsoft.com/http://www.microsoft.com/http://www.microsoft.com/http://www.microsoft.com/


47/50


Edition on Hyper-V(continued)


For Scanner-only virtual

machines.

120 GBFor more

information,

consult the

Symantec

Knowledge Base

article,Disk

Space

Recommendations

for Symantec

Messaging

GatewayVirtual

Edition.

Disk space

For Control Centeronly virtual

machines.

120 GB

For combined Scanner and

ControlCenter virtual machines.

120 GB

A minimum of 4 GB is necessary

to run Symantec Messaging

Gateway and the virtual

machine.

4 GB8 GB or moreMemory

Symantec recommends

allocating four or more CPUs,

based on workload demandsand

hardware configuration.

Note:Your environment must

support 64-bit applications in

order to support Symantec


24 or moreCPUs

Onlyone networkinterface card

is required per virtual machine.


supports the use of synthetic

NICs only.

12NICs


Installing from an ISO image or OS restore CD onto a virtual machineon your Microsoft Hyper-V server

Youcan configurea virtualmachine and deployan instance of Symantec Messaging

Gateway from an OS restore CD or an ISO image. You can perform this task on a



48/50

computer that runs Standalone or Datacenter Hyper-V on Windows 2008 R2 or

Windows 2012, but you must install either server first.

Use only ASCII characters in the entry fields when you create a virtual computer

with the management interface. The virtual computer's display name and path

cannot contain non-ASCII characters. Do not use spaces when you create file

names and directories for virtual computers.


the host computer restarts. Consult your Microsoft documentation for more

information.

Note: Dynamic disk in a virtual deployment is not supported on Microsoft Hyper-V.

Please review settings for the Hyper-V guest and set the disk to fixed.

To install from an ISO image or OS restore CD onto a virtual machine on your

Microsoft 2008 R2 of 2012 Hyper-V Server

1 Click on theMicrosoft Hyper-V Server on which youwant to placeyour virtualmachine.

2 On theActionmenu, click New, then click VirtualMachine.

3 Click Next to create a virtual machine with a custom configuration.

4 Type a descriptive name for the virtual machine, select a storage folder thatpertains to your environment and click Next.

5 Specify the amount of system memory based on your deployment needs, andthen clickNext. A minimum of 4 GB is necessary to run Symantec Messaging

Gateway Virtual Edition and the virtual computer. Symantec recommends

that you use at least 8 GB.

6 Select a virtual switch for your network adapter and then click Next. If yourequire additional networkadapters, these may be added after the New Virtual

Machine Wizard has completed by editing the virtual machine settings.

7 SelectAttacha virtual harddisk later and then click Next. This will allowyou to add a fixed hard disk to your virtual machine.

8 Click Finish.

9 Right-click on new virtual machine and select Settings.

10 Highlight IDEController0 and click Add to add a new hard drive to yourvirtual machine.

11 Click New to create a new hard drive and then click Next.

12 Select Fixed and click Next.


48


49/50

13 Specify Name and Location for the new hard drive and then click Next.

14 Reserve thenecessaryquantityof disk space, andthen clickNext. See Systemrequirementsfor virtual deployment on Microsoft Hyper-V on page 46. More

disk space may be required based on your deployment. After you reserve disk

space and complete deployment, any changes to disk space require that you

repeat the OS restore process.

15 Click Finish, and then click OK.

16 Continue the deployment to bootstrap your virtual appliance.

See Using an OS restore CD on your Microsoft Hyper-V Server to boot your

virtual computeron page 49.

See Using an OS ISO image on your Hyper-V server to boot your Microsoft

Hyper-V Server virtual computer on page 49.

Using an OS restore CD on your Microsoft Hyper-V Server to boot yourvirtual computer

After you configure a virtual computer on Microsoft Windows 2008 R2 Hyper-V

Server or Microsoft 2012 Hyper-V Server, you can use an OS restore CD or ISO

image as your bootstrap media.


your Microsoft Hyper-V serveron page 47.

To use an OS restore CD on your Microsoft Hyper-V Server to boot your virtual

computer

1 Insert the OS restore disk into your Hyper-V Server's CD/DVD drive.

2 Right-click on new Microsoft Hyper-V virtual machine and selectConnect.

3 Select Mediamenu.

4 Select DVDDrive > InsertDisk....

5 Select Symantec Messaging Gateway install disk in your CD/DVD drive andclick Open.

6 Start your virtual machine to begin the Symantec Messaging Gateway boot

sequence.

Using an OS ISO image on your Hyper-V server to boot your MicrosoftHyper-V Server virtual computer

After you configure a virtual computer on a Microsoft Hyper-V Server, you can

use an OS ISO image on your Hyper-V server as your bootstrap media.



50/50


your Microsoft Hyper-V serveron page 47.

To use an OS ISO image on your Hyper-V server to boot your virtual computer

1 Copy Symantec Messaging Gateway install ISO to your Hyper-V server.

2 Right-click on new Microsoft Hyper-V virtual machine and selectConnect.

3 SelectMediamenu.

4 SelectDVDDrive > InsertDisk....

5 Select the Symantec Messaging Gateway install ISO and then clickOpen.

6 Start your virtual machine to begin the Symantec Messaging Gateway bootsequence.


50

Documents

Smg Getting Started Guide