Operation of the Mirror server

The computer hosting the Mirror server should always be running, and connected to the Internet or to an upper Mirror server for replication. Mirror server update packages can be downloaded in two ways:

1.Using the HTTP protocol (recommended)

2.Using a shared network drive (SMB)

ESET‘s update servers use the HTTP protocol with authentication. A central Mirror server should access the update servers with a username (usually in the following form: EAV-XXXXXXX) and password.

The Mirror server which is a part of ESET Endpoint Security/ESET Endpoint Antivirus has an integrated HTTP server (variant 1).

NOTE: If you decide to use the integrated HTTP server (with no authentication), please ensure that it will not be accessible from outside your network (i.e., to clients not included in your license). The server must not be accessible from the Internet.

By default, the integrated HTTP server listens at TCP port 2221. Please make sure that this port is not being used by any other application.

NOTE: If the HTTP server method is in use, we recommend a maximum of 400 clients updating from one mirror. In large networks with more clients, we recommend balancing mirror updates among more ERA (or ESS/EAV) mirror servers. If the mirror needs to be centralized on a single server, we recommend using another type of HTTP server, such as Apache. ERA also supports additional authentication methods (e.g., on Apache Web Server the .htaccess method is used).

The second method (shared network folder) requires sharing (“read” rights) of the folder containing update packages. In this scenario, the username and password of a user with ”read” rights for the update folder must be entered into the client workstation.

NOTE: ESET client solutions use the SYSTEM user account and thus have different network access rights than a currently logged-in user. Authentication is required even if the network drive is accessible for ”Everyone” and the current user can access them, too. Also, please use UNC paths to define the network path to the local server. Using the DISK:\ format is not recommended.

If you decide to use the shared network folder method (variant 2), we recommend that you create a unique username (e.g., NODUSER). This account would be used on all client machines for the sole purpose of downloading updates. The NODUSER account should have ”read” rights to the shared network folder which contains the update packages.

For authentication to a network drive, please enter the authentication data in the full form: WORKGROUP\User or DOMAIN\User.

In addition to authentication, you must also define the source of updates for ESET client solutions. The update source is either a URL address to a local server (http://Mirror_server_name:port) or UNC path to a network drive: (\\Mirror_server_name\share_name).