+9Hi!
We recently deployed 2 HyperScale X Reference Architecture clusters at a customer, and found out that:
In my opinion, in current times, it is strange that by default the solution is so insecure.
Why are the firewall and ransomware protection not enabled by default? And will that be addressed in a future release?
Best answer by R Anwar
Ransomware protection by default for HSX is being worked on and should be available in future releases.
For enabling firewalld, you can add the regkey sHSEnableFirewall Y in /etc/CommvaultRegistry/Galaxy/Instance001/MediaAgent/.properties
It will enable firewalld by default from next boot. Ensure you meet the firewall requirements.
+10Ransomware protection by default for HSX is being worked on and should be available in future releases.
For enabling firewalld, you can add the regkey sHSEnableFirewall Y in /etc/CommvaultRegistry/Galaxy/Instance001/MediaAgent/.properties
It will enable firewalld by default from next boot. Ensure you meet the firewall requirements.
+9Hi
Thanks for the fast response! Good to know this is being worked on!
Regarding the firewall requirements, I see that for Commvault Distributed Storage (CDS), a HUGE amounts of ports are required…! This is probably only required on the Storage network, right? And not on the Data Protection network?
+23+10
+13Hello
In our case, Hyperscale X Reference, 3 Nodes from HPE, In Health report, I see the following NEEDS ATTENTION about Platform Hardening.
Does anyone have an idea what is this?
Thank you in advance,
Nikos
+13Hello
In our case, Hyperscale X Reference, 3 Nodes from HPE, In Health report, I see the following NEEDS ATTENTION about Platform Hardening.
Does anyone have an idea what is this?
Thank you in advance,
Nikos
I sent a follow-up response.
Performance hardening fixed by disabling root access!
Best regards,
Nikos
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
