Solved

2 diverse Commserves sharing Media Agents

  • 26 May 2022
  • 1 reply
  • 419 views

Userlevel 1
Badge +6

Hello!

 

Is it securely possible to have a CV environment for servers, which is not in Active Directory and using one set of Media Agents, to share those Media Agents with another Commserve which IS in AD in order to facilitate backing up of workstations?  How hard would this be?

Things I’m wondering about:

  1.  We could just create a new Library on the Media Agent dedicated to workstations.  There are actually two MAs, one at each of our locations, but let’s keep this simpler for now.
  2. How susceptible do we think the server Libraries are to hacking attempts via CV?  The only communication between Commserves, workstations and media agents is TCP 8000-8006? Commserves for server backups are segrated from “everybody else” short of a few physical servers and ESX/VMs.  If we are hacked on the workstation side (let’s assume someone gets into an admin account and runs ramped), can they harm the server backups in another library on the same media agent?

Thanks for any input and please let me know if I’m not thinking of something else...

icon

Best answer by Matt Medvedeff 26 May 2022, 19:25

View original

1 reply

Userlevel 4
Badge +10

Hello @roc_tor 

Yes this can be done, you would simply install a 2nd instance of the Media Agent software on the machines and point it at the other Commserve.

See the steps here  to enable multi-instance installs

https://documentation.commvault.com/11.24/expert/1847_enabling_multi_instance_installations.html

Also see the 2 below links for supported agents and some caveats for multi instance configuration:

https://documentation.commvault.com/11.24/expert/1853_multi_instance_support.html

You should be good as long as you don’t nest any of the paths for any Disk Libraries, Index, or DDBs under each other. 

As far as security goes, if you enable ransomware protection on all the media agents involved, only Commvault processes can change/delete data under CV mount paths. So even an administrator could not delete data from CV disk libraries.

https://documentation.commvault.com/11.24/expert/9400_ransomware_protection_for_disk_libraries_on_windows_mediaagent.html

Let me know if you have any questions 

 

 

Reply