commvault.com commvault.com
Solved

Decoupled package, "add client" from a specific Commcell only?

  • 9 December 2021
  • 13 replies
  • 383 views
RubeckDK
Rank
Userlevel 3
Badge +10

Hi everyone.. 

 

Scenario: 
On a VM, a decoupled package is installed in case of the VM owner decides to install some sort of database application on it. A DB IDA now needs to be installed to handle the DB backups.. The VM itself is ofc already being backed up by a VSA job.
The backup admin can then simply "add client" and retrieve config from the client and then push whatever IDA is needed. 

 

Question:
How can one limit that the "add client" and retrieve config  can only be done from one specific Commcell? I mean, what could prevent me from starting up my rouge Commcell running on my laptop, connect the client and steal all the data by running a full FS backup before the REAL backup admin adds it to the REAL Commcell?  

 

Might be a stupid question and maybe the fit of my tinfoil hat is way too tight.. :-) 
But my question is: Is there some way to configure the decoupled package so only "add client" requests from a specific Commcell would be allowed?

Thank you for any input anyone of you may provide... 
 

Best regards

Rubeck

icon

Best answer by Stuart Painter 10 January 2022, 13:46

View original

13 replies

S
Rank
Userlevel 7
Badge +15

Hi @RubeckDK 

I would say your tinfoil hat fits just fine :nerd:, great question.

I’m reviewing the options available for Planning a custom package and wondering if with a decoupled installation you can specify the Commserve or network routes to reach the Commserve.

If you can specify the Commserve name in the answer file or network routes to reach the Commserve, then this would in effect prevent a different Commserve from obtaining details from or registering the client. The client would fail the connection as a mis-matched Commserve name or network connectivity would fail as the network route would be invalid.

Usually authentication required is from the Commserve - to enable only authorised clients from connecting to the Commcell - this turns that principle on it’s head by trying to restrict the client to only one pre-determined Commserve.

Thanks,

Stuart

Customer Support
RubeckDK
Rank
Userlevel 3
Badge +10

Hi @Stuart Painter 

 

Thanks a lot for your input… Very much appreciated.

When having some spare time I’ll see what I can do with the answer file…  I just remembering that there are some differences in the options that can be selected when creating these packages for various OS types when creating them interactively…(We have AIX, Linux on PPC and x64, Wintendo etc) 

We were just discussing internally that having decoupled packages (a basic FS IDA) installed on every server deployed would “might” be a good idea, in case the client owner decides to install something which would require a special IDA to be running…. So before going down this route I need to make sure that “my rouge Commcell” can’t simply snatch data from these clients :-)

 

Anyway… Have a great weekend when you get this far :-)

 

/Rubeck 

RubeckDK
Rank
Userlevel 3
Badge +10

Hi @Stuart Painter 

 

Thank you for your input….  Don’t know where my previous reply have gone off to?
Replied the same day…. Weird.

Anyway… specifying a specific CS name in the install.xml doesn’t seem to prevent me from adding it to a different CS :-(  

For a Windows_x64 package I specified the following in the install.xml.

<CommServeInfo>
        <CommserveHostInfo hostName="specific_cs.whocares.inc" clientName="specific_cs" />
    </CommServeInfo>

 

But again.. it was some what expected due to what’s mentioned here:

https://documentation.commvault.com/11.24/expert/57500_customizing_answer_file_of_windows_custom_package.html

CommServeInfo

clientName

The name of the CommServe computer as it appears in the CommCell Console.

If you are running a decoupled installation, do not specify a value for this parameter.

hostname

The hostname of the CommServe computer (fully qualified domain name or IP address). For example, cscomputer.domain.company.com.

If you are running a decoupled installation, do not specify a value for this parameter.

 

:-( 

 

If you have more ideas, please let me know :-) 

Thank you..

 

/Rubeck

 

S
Rank
Userlevel 7
Badge +15

Hi @RubeckDK 

Ok, thanks for working through options, looks like you’re prevented from adding the items you need to specify.

Let me follow up internally and see what options we have to specify CS on a decoupled installation.

Thanks,

Stuart

Customer Support
S
Rank
Userlevel 7
Badge +15

Hi @RubeckDK 

I’m following up internally with Development to see if:

  1. We have options available to achieve this now
  2. If not, if we can look at an enhancement to build this in to a future release.

Thanks,

Stuart

Customer Support
RubeckDK
Rank
Userlevel 3
Badge +10

Hi @Stuart Painter 

 

Any word back from Development yet? :-)

 

/Rubeck

 

 

 

S
Rank
Userlevel 7
Badge +15

Hi @RubeckDK 

Yes, Development have responded, sorry for the delay.

The behaviour you are seeking, so lock a de-coupled client installation to a particular Commserve or Commcell isn’t currently supported or available.

Development have however suggested that we can raise a Customer Modification Request (CMR), to request this feature in a future release.

I will go ahead and raise this CMR and provide the details here, if you would private message me your details, I can attribute this CMR to a Commcell ID and you can track progress via Commvault Cloud.

Thanks,

Stuart

Customer Support
RubeckDK
Rank
Userlevel 3
Badge +10

Hi @Stuart Painter 

 

Thank you.. Appreciate it :-) 
I’ll send you a private message, ASAP.

 

/Rubeck 

S
Rank
Userlevel 7
Badge +15

Hi @RubeckDK 

I have raised CMR 341556 which is now with Development.

Thanks for your PM, I have tagged your CCID on this CMR so you can track progress.

Thanks,

Stuart

Customer Support
RubeckDK
Rank
Userlevel 3
Badge +10

Excellent, @Stuart Painter . Thanks a million…  :-)

Have a great day.. 

 

/Rubeck

S
Rank
Badge +5

Hi Together,

 

I’m also looking excactly for this feature. @Stuart Painter can you give me a hint how to check updates on CMR 341556 … is there any way to see and check the process.

 

Thanks 

 

Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

@Sebbo , nothing yet, though I have added your CommCell to the CMR itself.

You can also view the number of requests that were submitted for a change in the software during the specified time period in the Modification Requests tile:

https://documentation.commvault.com/11.24/essential/133935_creating_customer_modification_request_from_commcell_dashboard.html

https://www.linkedin.com/in/michael-struening
Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Moved new question to its own thread:

 

https://www.linkedin.com/in/michael-struening

Reply


Terms & ConditionsCookie settings