Antivirus Scanning With Symantec Endpoint Protection For IBM SONAS
Antivirus scanning with SymantecEndpoint Protection for IBM SONASBhushan Pradip JainPratap BanthiaISV Business StrategyApril 2010 Copyright IBM Corporation, 2010. All Rights Reserved.All trademarks or registered trademarks mentioned herein are the property of their respective holders
Table of contentsAbstract.1Overview .1Introduction .2IBM SONAS overview: A global offering with global data access . 2Introduction to Symantec AntiVirus products (SEP and SAVFL) . 3Recommended platforms .5Minimum hardware requirements for Symantec Endpoint Protection . 5Minimum hardware requirements for Symantec AntiVirus for Linux . 5Planning and preparation .6Planning the creation of shares . 6Creating and mounting shares. 7NFS shares. 7CIFS shares. 8Installation and configuration .10Installing and configuring Symantec Endpoint Protection (Windows) . 10Installing Symantec Endpoint Protection Manager . 10Running the Management Server Configuration Wizard. 10Running the Migration and Deployment Wizard. 10Running the Push Deployment Wizard . 11Other configuration and management. 11Installing and configuring Symantec AntiVirus for Linux. 11Symantec Antivirus usage on SONAS clients.12Scan files using Windows client (Symantec Endpoint Protection) . 12Scan files using Linux client (Symantec AntiVirus for Linux). 17Recommendations .18Maintaining better scan process performance. 18Setup for mounting NFS Shares . 18Setup for mapping and mounting CIFS Shares . 18User permissions required for scanning. 18Scanning Windows and Linux files with Windows and Linux scan nodes. 18Multiple scan processes and load-balancing . 19Summary.20Resources.21About the authors .22Trademarks and special notices.23Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS
AbstractWith today’s explosive growth in information come higher risks of virus threats. Enterprises mustensure the integrity and availability of business-critical data against malicious viruses andthreats. This technical report details IBM Scale 0ut Network Attached Storage (IBM SONAS)interoperability, support, use-case scenarios and guidelines for using it with Symantec EndpointProtection Version 11.0 and Symantec AntiVirus for Linux v1.0.7, which is available fromSymantec. When used in conjunction with SONAS, these Symantec scanning products helpprotect the enterprise data stored in SONAS from malicious threats, spyware and virus attacks.The focus of this paper is technical and the reader should be familiar with SONAS system andthe Symantec AntiVirus products.OverviewComputer viruses have become an important threat to data, from both internal and external sources.Enterprises must ensure the integrity and availability of business-critical data against malicious virusesand threats. In many organizations, the data contained in files are growing even faster and requirescalable solutions that must be protected from viruses and other threats in a timely manner. It is possibleto ensure this by using a good, reliable antivirus product that has proven compatibility in the user’s ITenvironment, and then regularly scanning the system for new threats.The new IBM Scale Out Network Attached Storage (SONAS) system is a highly scalable storagesolution for high-performance file sharing and file services. IBM proactively provides its customers withthe independent software vendors (ISVs) best-in-class application solutions that have been thoroughlytested for interoperability and compatibility — to save them time and mitigate implementation risks. Theinitial SONAS solutions for antivirus scanning and repair of file data include support for SymantecEndpoint Protection v11.0 and Symantec AntiVirus for Linux v1.0.7.SONAS offers antivirus capabilities using the user’s scanning servers, running Symantec EndpointProtection scan over a Common Internet File System (CIFS) file-access protocol or AntiVirus for Linux over an NFS file-access protocol. These combined solutions protect enterprise data (that is accessedover either CIFS or NFS file access protocols and stored on SONAS systems) from virus or spywarethreats. It also repairs the files if a virus infection is detected.This technical white paper details IBM SONAS interoperability, support, use-case scenarios andguidelines for using it with Symantec Endpoint Protection v11.0 and Symantec AntiVirus for Linux v1.0.7.The use-case scenarios describe how IBM clients can protect their file data that is stored in a very highperforming and highly-available SONAS storage solution from malicious threats and virus attacks. Theseguidelines are recommendations, not requirements, to better tune the interoperability of SymantecAntiVirus with the SONAS system.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS1
IntroductionComputer viruses are an important threat to the data from both internal and external sources. Thesethreats are most prevalent where the data are accessed by users over the CIFS, HTTP or FTP file-accessprotocols.Symantec Endpoint Scan Engine lets users scan and protect their stored file data at their discretion —scanning now or according to a preset schedule. This white paper provides guidelines for out-of-bandantivirus scanning of files. An out-of-band scan involves an antivirus process that runs on one or morescan nodes, which are external servers dedicated to virus protection. The scan nodes are connected as aclient to the SONAS system. It is recommended that the system be scanned periodically, especially afterevery update of the virus signatures. The network file system (NFS) or CIFS shares from SONAS arescanned by the authenticated NFS- and CIFS-connections, using locally-run antivirus processes. Thestorage administrator can initiate the scan process or schedule it for auto-initiation.IBM SONAS overview: A global offering with global data accessIBM Scale Out Network Attached Storage (SONAS) is a new state-of-the-art, scale-out network-attachedstorage system. It combines high-speed interface nodes interconnected with an advanced storagesubsystem and IBM General Parallel File System (IBM GPFS ) to deliver both high-performance andscalable capacity. SONAS is designed to support consolidation, unified management and access to dataanywhere in the world. It combines extreme scale-out capability with automated data placement and veryfast access to file data that allows users to rapidly expand storage infrastructure by hundreds of terabytesup to multiple petabytes at a time, with minimal effort. With SONAS, enterprises can independently scalestorage infrastructure's capacity and performance for their most demanding applications. SONAS uses asingle global namespace to provide fast access to data, irrespective of the physical location of the files,as well as improved storage utilization, reduced complexity and improved productivity. SONAS supportsquick file access and backup for cloud-storage requirements and beyond.SONAS is preconfigured (see Figure 1) in a 42U Enterprise Rack and includes the following elements: All required SONAS software (GPFS, volume management, I/O protocols, snapshot and more).The management node is a dedicated server that runs SONAS software; it is the central elementmanager for the SONAS system. The SONAS system contains at least two (up to a maximum 30)interface nodes, each of which is connected to the organization’s Ethernet IP network (either 1 or10 GbE) to provide file-serving capabilities over the IP interface. The interface nodes also supportclients that use the NFS, CIFS, FTP, SCP or HTTP file-services protocols. The interface nodes are connected to a redundant InfiniBand private cluster network. Each interface node is connected, through the redundant IB network, to redundant storage nodes(also up 30 nodes) within each storage building block. The storage nodes are connected, throughredundant paths, to redundant RAID controllers in the storage building block and the RAIDcontrollers are connected to one or more disk storage enclosures within the storage buildingblock. 1 Gb Ethernet host connectivity with two 1GbE (100/1000) ports available onboard and choice ofOne Quad-port GbE NIC or one dual-port 10 GbE Converged Network Adapter.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS2
Figure 1. SONAS system componentsIntroduction to Symantec AntiVirus products (SEP and SAVFL)Symantec Endpoint protection products offer advanced threat protection for endpoints from known andunknown threats, including malware (viruses, worms, Trojan horses, spyware, adware). Two SymantecEndpoint antivirus protection products have been tested by the IBM ISV Enablement team for SONASinteroperability. Both support file-system or file-level virus protection and scanning through scheduled ormanually initiated scans. They are bundled in the same package and are supported for use with SONAS. Microsoft Windows: Symantec Endpoint Protection or Protection Suite Enterprise (SEP) v11.0(or higher) for installing in a scan node to protect CIFS mounted shares. Linux: Symantec AntiVirus for Linux (SAVFL) v1.0.7 or higher is installed in one or more scan nodesrunning Red Hat Enterprise Linux v5.4. Symantec AntiVirus supports realtime file protection withAntivirus Scanning with Symantec Endpoint Protection for IBM SONAS3
autoprotect and file-system scanning through manual and scheduled scans. It also supports scanprocesses on the same Linux scan nodes to scan multiple directories or shares at the same time.Symantec Endpoint Protection Manager is installed on a dedicated server connected to the SONASsystem. Symantec Endpoint Protection Manager communicates with Symantec Endpoint Protectionclients and is configured with Symantec Endpoint Protection Manager Console. The Symantec EndpointProtection client is installed on the scan nodes, which are used to protect the file data that resides onSONAS. Symantec Endpoint Protection Manager Console lets users centrally manage SymantecEndpoint Protection clients, known as scan nodes. From the console, users install the scan nodes, setand enforce a security policy and monitor and report on clients. You can run the console from the serverthat hosts Symantec Endpoint Protection Manager, or you can run it remotely through a Web browser.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS4
Recommended platformsBoth the Linux and Windows platforms are supported as scan nodes to scan the files located on the NFSand CIFS shares of the SONAS system. Multiple scan nodes can be deployed, depending on the volumeof data being scanned and the performance requirements. See Administration Guide for SymantecEndpoint Protection [7] for guidelines on the sizing and number of scan nodes. The following operatingsystem platforms are recommended as the scan nodes: For Symantec Endpoint Protection: Windows Server 2003 Enterprise Edition or later. For Symantec AntiVirus for Linux: Red Hat Enterprise Linux version 5.4Minimum hardware requirements for Symantec Endpoint ProtectionThe minimum hardware requirements for the manager software installation (as mentioned in theSymantec documentation) are as follows:Manager: 1 GB RAM (2 to 4 GB recommended) 4 GB on the hard disk for the server, plus 4 GB for the database VGA (640x480) or higher resolution video adapter and monitor Windows Server 2003 or laterScan Nodes: The minimum requirements for scan node (client) software are: 256 MB RAM (1 GB recommended) 600 MB hard disk on 32-bit systems, 700 MB hard disk on 64-bit systems VGA (640x480) or higher resolution video adapter and monitor Choice of 1 or 10 GbE network interface cards connected through an Ethernet LAN. Windows Server 2003 or laterMinimum hardware requirements for Symantec AntiVirus for LinuxThe minimum requirements for Symantec AntiVirus for Linux are: Intel Pentium II 266 MHz or higher processor 256 MB RAM or higher (1 GB recommended) 80 MB free disk space Choice of 1 or 10 GbE network interface cards connected through an Ethernet LAN. Red Hat Linux 5.4 or laterAntivirus Scanning with Symantec Endpoint Protection for IBM SONAS5
Planning and preparationIdeally, the files created on the Windows platform are scanned by using a Windows scan node that isinstalled with Symantec Endpoint Protection, and the files created on the Linux platform are scanned byusing a Linux scan node that is installed with Symantec AntiVirus for Linux. Access permission conflictscan be reduced and platform-specific files can be trustfully scanned if the files that are created on aspecific platform are scanned by a scan node on the same platform.This section explains the planning and preparation required to create and mount CIFS and NFS shares.Planning the creation of sharesYou can use Symantec Endpoint Protection or Symantec AntiVirus for Linux in either of two ways to scanselected SONAS CIFS and NFS shares to scan the files contained in them. Option A: Mount each share separately to different directories or logical drives and then run thescan process to scan all these drives or directories. Option B: Create a super share on the root level of a directory structure at any level for all theshares to be scanned, to be accessed by the scan client only. Then mount this share to a singledirectory or drive and start the scanning process for this directory or drive.For example, a user has the structure of the file system and shares, as shown in Figure 2. The user alsohas the following directories exported as shares: /ibm/gpfs0/Company/Production /ibm/gpfs0/Company/Finance /ibm/gpfs0/Company/Sales /ibm/gpfs0/Company/Sales/City1 roduction/Finance/Sales/City1/City2Figure 2. Directory structureAntivirus Scanning with Symantec Endpoint Protection for IBM SONAS6
In this scenario, the two options work as follows:For option A, mount each share separately. Use the existing NFS and CIFS shares and mount them onthe corresponding directories (see Table 1). Then, run the scan process for each path.Share pathWindows logical driveLinux s/City2U:\/mnt/city2Table 1. NFS and CIFS mount mappingFor option B, create a share for the super parent of all the shares to be scanned (that is,/ibm/gpfs0/Company) and mount it on the corresponding directory (see Table 2):Share pathWindows logical driveLinux directory/ibm/gpfs0/CompanyZ:\/mnt/companyTable 2. NFS and CIFS mount mappingThis process permits scanning a single share and all the files on all the five shares are scanned. To scana particular share only, mount only that share or mount the parent share and give the path to thatparticular share for scanning. (Note: Option B is recommended.)Creating and mounting sharesTo create and mount NFS and CIFS shares, follow these steps:NFS sharesCreate NFS shares by running the following command on the management node:mkexport Share name Share path --nfs “ Client1 FQDN/ip-address ( NFSoptions ); Client2 FQDN/ip-address ( NFS options )”This command is explained next: Share name: This is the name to be assigned to the share. Share path: This is the SONAS/GPFS path to be exported. The path does not need to exist.The command creates the path in the GPFS directory if it does not exist.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS7
FQDN (fully qualified domain name): An FQDN is mandatory only if the two servers(SONAS and the client [scan node]) are in different domains. If the servers are in the samedomain, even short name or host name is sufficient. However, the IP address, as well as FQDN,can be used irrespective of the domain of the two servers. NFS options: (rw) or (rw,no root squash). Typically, to use the quarantine or clean risk featurefrom the antivirus software, the client (scan node) must have read and write access to all files.For example, the following command creates a share named Scan Share NFS and exports the/ibm/gpfs0/Company directory through NFS to allow read and write access to client1 (scan node 1)and client2 (scan node 2).mkexport Scan Share NFS /ibm/gpfs0/Company rw)”Use the following command to mount the share on the Linux based client (scan node) server.mount -t nfs public ip :/ibm/gpfs0/Company /mnt/antivirus scan/Where: –t nfs: This specifies the protocol to be used as NFS. You mount the shared path /ibm/gpfs0/Company on /mnt/antivirus scan/.CIFS sharesCreate CIFS shares by running the following command on the management nodemkexport Share name Share path --cifs “ cifs options ”Where: Share name: This is the name to be assigned to the share Share path: This is the SONAS/GPFS path to be exported. (Note: The path need not existThe mkexport command creates the path in the GPFS directory if it does not exist.)CIFS options include browseable yes,read only no or browseable no,read only no.For example, the following command creates a share named Scan Share CIFS and exports the/ibm/gpfs0/Company directory through CIFS to allow read and write access. Typically, to use thequarantine or clean-risk feature from the antivirus, the user who starts the scan process must haveread and write access to all the files. Set the value for read only to no.mkexport Scan Share CIFS /ibm/gpfs0/Company –-cifs “browseable yes,read only no”You can mount this share on a Windows based client system using the following process:1. Open My Computer.2. On the Tools menu, click Map Network Drive.3. In the pop-up window (see Figure 3), for Drive, type or select the drive letter to map to the CIFSshare.4. For Folder, type the public IP address and the share name, in the form of\\ public ip-address \share name.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS8
5. Click Finish.6. In the User name and password dialog box, in User name, if prompted, type LDAP/AD as theuser name, if prompted.7. In Password, type the password.For additional details, refer to the SONAS Administration Guide for Symantec Endpoint Protectionand Symantec Network Access ort/documentation/Administration Guide SEP11.0.5.pdf).Figure 3. Map network drive dialogAntivirus Scanning with Symantec Endpoint Protection for IBM SONAS9
Installation and configurationThis section explains how to install and configure Symantec Endpoint Protection and Symantec AntiVirusfor Linux. Refer to the following documents for additional details for installation and administration. Installation Guide for Symantec Endpoint Protection and Symantec Network Access rt/documentation/Installation Guide SEP11.0.5.pdf Administration Guide for Symantec Endpoint Protection and Symantec Network Access rt/documentation/Administration Guide SEP11.0.5.pdf Client Guide for Symantec Endpoint Protection and Symantec Network Access rt/documentation/Client Guide SEP11.0.5.pdf Symantec Endpoint Protection Getting Started /documentation/Getting Started SEP11.0.5.pdfThe Symantec Endpoint Protection package includes a CD and DVD for both Windows SEP andSymantec AntiVirus for Linux.Installing and configuring Symantec Endpoint Protection (Windows)These steps discuss installing and configuring Symantec Endpoint Protection Manager and running theinstallation wizards.Installing Symantec Endpoint Protection ManagerInstall Symantec Endpoint Manager to manage the scan nodes. This can be installed on a scan node. Fordetails, see Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control documentation/Installation Guide SEP11.0.5.pdf ). Fordetermining the number of scan nodes required, consult the Administration Guide for Symantec EndpointProtection and Symantec Network Access Control [7].Running the Management Server Configuration WizardConfigure database type, server console port and other components. It is advised that you use theembedded database because the number of scan nodes will likely not exceed 5000. Select the databaseusername and password. Start the Management Server Configuration Wizard by navigating this path:Start All Programs SEP Manager Management Server Configuration WizardRunning the Migration and Deployment WizardAfter installing Endpoint Manager, run the Migration and Deployment Wizard to create the client-installpackage to use for deployment. Provide the path where this package is to be saved. For details, see theInstallation Guide for Symantec Endpoint Protection and Symantec Network Access Control documentation/Installation Guide SEP11.0.5.pdf). Startthe Migration and Deployment Wizard by navigating the following path:Start All Programs SEP Manager Migration and Deployment WizardAntivirus Scanning with Symantec Endpoint Protection for IBM SONAS10
Running the Push Deployment WizardAfter the installation package is ready, the Push Deployment Wizard appears. Select the servers tobe used as scan nodes so that the wizard can deploy the installation package on those nodes. Formore information, refer to the installation instructions in the Installation Guide for Symantec EndpointProtection and Symantec Network Access Control documentation/Installation Guide SEP11.0.5.pdf ).Other configuration and managementStart the Symantec Endpoint management console by navigating the following path:Start All Programs SEP Manager SEP Manager ConsoleAdd new policies or edit the existing ones in the Policy tab and then assign the policies to the clientgroups. You can create groups and add more clients to be managed. You can configure notificationsfor threat detection. For more information, refer to the Administration Guide for Symantec EndpointProtection and Symantec Network Access ort/documentation/Administration Guide SEP11.0.5.pdf) .Installing and configuring Symantec AntiVirus for LinuxAntiVirus for Linux installed on a Linux scan node should be used to scan NFS files created on Linux orUNIX servers. Refer to the following documents for additional details for installation and administration. Symantec AntiVirus for Linux Implementation pdf/SAV Linux Impl.pdfSymantec AntiVirus for Linux Client pdf/SAV Linux Client.pdfThe installation package directories for Symantec AntiVirus for Linux are as follows:1. /deb/ contains the deb packages for both the Debian and Ubuntu distributions. Ensure that the user is in the sudo-ers list. For Debian or Ubuntu 32-bit architectures, run the following command:sudo dpkg -i sav-*.i386.deb savap-*.i386.deb savjlu-*.i386.deb savui-*.i386.deb For Debian 64-bit architecture, run the following command. (Note: The Ubuntu 64-bitarchitecture is NOT supported for AntiVirus for Linux v 1.0.7, as of the date that this whitepaper is published.)sudo dpkg -i sav-*.amd64.deb savap-*.amd64.deb savjlu-*.amd64.deb savui*.amd64.deb2. /rpm/ contains the RPM packages for most Linux distributions that support Red Hat PackageManager. For i386/i686 32bit architectures, run the following command:rpm -i sav-*.i386.rpm savap-*.i386.rpm savjlu-*.i386.rpm savui-*.i386.rpm For x86-64 EM64T/AMD64 architectures, run the following command:rpm -i sav-*.i386.rpm savap-x64-*.x86 64.rpm savjlu-*.i386.rpm savui-*.i386.rpmAntivirus Scanning with Symantec Endpoint Protection for IBM SONAS11
Symantec Antivirus usage on SONAS clientsThis section shows how to scan files using the Symantec Endpoint Protection Windows and Linux clients.Scan files using Windows client (Symantec Endpoint Protection)Follow the steps discussed here to scan files by using the Symantec Endpoint Protection Windows client(see Figure 4).Figure 4. Symantec Endpoint Protection for SONAS use-case scenario (Windows)1. On the Windows client, map the CIFS share on IBM SONAS as a Network Drive, as explained inthe section of this white paper titled Creating and mounting shares.2. On the Windows client, open the main Symantec Endpoint Protection window by navigating thefollowing path:Start All Programs Symantec Endpoint Protection Symantec Endpoint Protection3. Click Scan for Threats in the left toolbar (see Figure 5).4. Click Create a new Scan to create a new scan to be used.5. Select Custom Scan and click Next.6. Select the directory to be scanned, which is located on the IBM SONAS CIFS share; it is mappedas a network drive on the client.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS12
Figure 5. Symantec Endpoint Protection main window7. Click Advanced and then in the Advanced Scan Options pop-up window, click Tuning (seeFigure 6).8. Because the client nodes use specific scan nodes, it is not necessary to have good applicationperformance, but good scanning performance is important. Therefore, in the Scan Tuning Optionspop-up window, move the slide bar to the top, thus indicating Best Scan Performance and clickOK for both the current dialog, as well as the dialog for Advanced Scan Options.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS13
Figure 6. Performance tuning for better scan performance9. On the following panel (see Figure 7), click Actions and then select the actions to be taken if arisk is detected. Click OK. The recommended first action is Clean risk and the Action if firstaction fails is Quarantine Risk. You can set the action to be taken for all the three scenarios, viz.,Macro virus, Non-macro virus and Security Risks.Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS14
Figure 7. Actions to be taken on threat detection10. On the next dialog box of the wizard (see Figure 8), you can schedule scans to run automaticallyby selecting At Specified times. Alternatively, you can just create the scan at this point; then, theuser can run the scan only when needed — in this case, select On demand.11. If you select the At Specified times option, select the frequency and the time when the scan is tobe performed and click Next (see Figure 8).Antivirus Scanning with Symantec Endpoint Protection for IBM SONAS15
Figure 8. Create a Scan Schedule12. Enter a new name and an optional short description for the scan.13. Ensure that the Enable the scan checkbox is ticked and click Finish.Notes: In regard to the Running Multiple Scan Processes option, a user cannot start multiplescan processes on Windows simultaneously. If multiple scan requests are received, theEndPoint Protection client serializes the requests and addre
clients and is configured with Symantec Endpoint Protection Manager Console. The Symantec Endpoint Protection client is installed on the scan nodes, which are used to protect the file data that resides on SONAS. Symantec Endpoint Protection Manager Console lets users centrally manage Symantec Endpoint Protection clients, known as . scan nodes
Keywords: Symantec , antivirus, endpoint protection 1.2 Overview The TOE is Symantec Endpoint Protection Version 11.0, which delivers a comprehensive antivirus/endpoint security solution with a single agent and a single, centralized management console. Symantec Endpoint Protection
3. Symantec Endpoint Protection Manager 4. Symantec Endpoint Protection Client 5. Optional nnFortiClient EMS For licenses to Symantec Endpoint Protection, please contact Symantec’s respective sales team. NOTE: This guide is pertinent to the integration between the relevant portions of the FortiGate, the FortiClient, and Symantec Endpoint .
Installing Symantec Endpoint Protection Manager on the Amazon EC2 platform Symantec Endpoint Protection Manager is installed by deploying the Symantec Endpoint Protection Manager AMI (Amazon Machine Image) from AWS Marketplace. Symantec Endpoint Protection Manager AMI can be
Endpoint Protection Manager (SEPM) operations from a remote application, such as Symantec Advanced Threat Protection (ATP) and Symantec Web Gateway (SWG). You use the APIs if you do not have access to Symantec Endpoint Protection Manager. If you use the Symantec Endpoint Protection
TOE Identifier Symantec Endpoint Protection (SEP) TOE Software Version Version 14.2 TOE Developer Symantec Corporation Key Words Endpoint Security, Client, Application, Cyber Defense Table 1 TOE/ST Identification 1.2 TOE Overview The Symantec Endpoint Protection client (hereafter referred to as the TOE or SEP) is a multifaceted endpoint threat .
Endpoint Encryption Management Server computer. If you use Microsoft SQL authentication, Symantec Endpoint Encryption uses this account to create and configure the Symantec Endpoint Encryption Management Server database during installation. Symantec Endpoint Encryption does not store the credentials for this Microsoft SQL account.
including Symantec AntiVirus, Symantec Endpoint Protection, Symantec Endpoint Encryption and Symantec Enterprise Vault, as part of a virtual desktop implementation for 5,000 employees in the UK. As a result of the project, staff will have mobile and secure access to corporate systems an
as advanced engineering mathematics and applied numerical methods. The greatest beneÞt to the reader will probably be derived through study of the programs relat-' 2003 by CRC Press LLC. ing mainly to physics and engineering applications. Furthermore, we believe that several of the MATLAB functions are useful as general utilities. Typical examples include routines for spline interpolation .
