+9Hi!
We recently deployed 2 HyperScale X Reference Architecture clusters at a customer, and found out that:
In my opinion, in current times, it is strange that by default the solution is so insecure.
Why are the firewall and ransomware protection not enabled by default? And will that be addressed in a future release?
Best answer by R Anwar
Hi
Ransomware protection by default for HSX is being worked on and should be available in future releases.
For enabling firewalld, you can add the regkey sHSEnableFirewall Y in /etc/CommvaultRegistry/Galaxy/Instance001/MediaAgent/.properties
It will enable firewalld by default from next boot. Ensure you meet the firewall requirements.
+10Hi
Ransomware protection by default for HSX is being worked on and should be available in future releases.
For enabling firewalld, you can add the regkey sHSEnableFirewall Y in /etc/CommvaultRegistry/Galaxy/Instance001/MediaAgent/.properties
It will enable firewalld by default from next boot. Ensure you meet the firewall requirements.
+9Hi
Thanks for the fast response! Good to know this is being worked on!
Regarding the firewall requirements, I see that for Commvault Distributed Storage (CDS), a HUGE amounts of ports are required…! This is probably only required on the Storage network, right? And not on the Data Protection network?
+23+10Hi
Yes, these port requirements for CDS is on the Storage Pool network.
+13Hello
In our case, Hyperscale X Reference, 3 Nodes from HPE, In Health report, I see the following NEEDS ATTENTION about Platform Hardening.
Does anyone have an idea what is this?
Thank you in advance,
Nikos
+13Hello
In our case, Hyperscale X Reference, 3 Nodes from HPE, In Health report, I see the following NEEDS ATTENTION about Platform Hardening.
Does anyone have an idea what is this?
Thank you in advance,
Nikos
I sent a follow-up response.
Performance hardening fixed by disabling root access!
Best regards,
Nikos
+3Hi!
We recently deployed 2 HyperScale X Reference Architecture clusters at a customer, and found out that:
In my opinion, in current times, it is strange that by default the solution is so insecure.
Why are the firewall and ransomware protection not enabled by default? And will that be addressed in a future release?
With the release of HyperScale X Platform v3 all platform hardening features are enabled by default during initial deployment and when new nodes are added to an existing cluster. Just make sure your using our v3 media (the version number list at the end will start with 3, for example 3.2408)
For existing clusters deployed on v2 these options can be enabled manually following our documentation here: https://documentation.commvault.com/2024e/expert/configuring_immutability_on_hyperscale_x.html
Additionally when you upgrade nodes from v2 to v3 these features are automatically enabled as part of the upgrade process, even if they were not previously enabled.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
