In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

EM Library: installing and updating on a secure network with an air gap

This article describes a method of installing and updating Sophos Anti-Virus, using EM Library, on a secure network with an air gap (an isolated network which is physically separate from other company networks and the internet).

What to do

Installing EM Library on the secure network

1. Installing EM Library onto the dirty network
   Install EM Library, as described in sections 1 to 7 of the Sophos Anti-Virus startup guide, onto a computer on the dirty network (the network that is exposed to the internet). There is no need to run the Enterprise Console on this computer.
2. Publishing the library
   In the EM Library console, double-click 'Packages' and then 'Subscribed'. Highlight your chosen package in the Details pane, and right-click to display a menu. Select 'Publish'.
3. Copying the library files
   Copy the folder C:\Program Files\Sophos Enterprise Manager\Library and all of its subfolders from the computer on the dirty network onto a CD, flash memory device or similar medium. Remove that device and subject it to your normal scanning and verification procedures.
4. Installing Enterprise Console on your secure server
   Run any necessary checks on the Sophos Anti-Virus Network Install CD, then place it in the CD drive of the Windows 2000 or Windows 2003 server that you will use on your secure network. Install Enterprise Console and EM Library as described in sections 1 to 5 of the Sophos Anti-Virus startup guide.
5. Using a library on the removable device
   In the console, in the details pane, the 'Configuration' view is displayed. Click 'Select Parent'.
   In the Primary parent tabbed page, select 'UNC path' then click 'Browse'. Browse to your removable device and select it. Installation and updating will now take place from that removable device.
   Do not select a secondary parent.
6. Choosing whether to schedule updates on the secure network
   
   • Preventing update schedules on the secure network
     You can turn off scheduled updating on EM Library. This is described in the section below, "How to switch off scheduled updates in EM Library".
   • Scheduling updates on the secure network
     You must select a schedule for updates, as described in the EM Library user manual. However, this schedule could be once a day as you can trigger an update each time the removable device is refreshed. There is no need for the system overheads involved in more frequent checks.
     
7. Completing the installation
   Follow the instructions in section 4 and subsequent sections of the Sophos Anti-Virus startup guide to complete the installation on the secure network.

Updating EM Library on the secure network

To update EM Library on the secure network, do as follows:

1. Obtaining the updated library files
   Copy the folder C:\Program Files\Sophos Enterprise Manager\Library and all of its subfolders from the computer on the dirty network onto a CD, flash memory device or similar medium. Remove that device and subject it to your normal scanning and verification procedures.
2. Updating EM Library
   Place the updated removable device in the drive on the secure network server. Open the EM Library console. In the console, in the details pane, the 'Configuration' view is displayed. Click 'Download Packages'.

The Sophos Anti-Virus Central Installation Directory (CID) and your workstations will be updated as directed during installation.

Alternative method

Clicking 'Download Packages' performs an immediate manual update. Otherwise, an update would take place at the next scheduled time. If appropriate, you could establish, and rely on, frequent scheduled update checks.

How to switch off scheduled updates in EM Library

• During installation of EM Library 

1. Create a schedule for updates, as described in the EM Library user manual.
2. Deselect the checkbox next to the schedule and click Finish

This will create a schedule, but it is switched off. EM Library will no longer update automatically.

• Following installation of EM Library

If EM Library is already installed and a schedule has been set, go into the 'EM Library properties' dialog and deselect all schedules.

How to run updates with scheduling switched off

You can now run updates by running emlexp.exe:

1. Open a command prompt
2. Move to C:\Progam Files\Sophos Enterprise Manager\library\bin3.
3. Run the following command;

EMLexp update \\servername\SophosEM

If you need more information or guidance, then please contact technical support.

• Article ID: 12985
• Created: 7 Apr 2005
• Last updated: 13 Oct 2008

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement