Solved

What is the difference between one-way and two-way network/firewall connections?

  • 30 December 2020
  • 1 reply
  • 5070 views

  • Anonymous
  • 0 replies

Hi,

I’m configuring the network setting between remote clients and my media agent. I what is the primary difference between one-way and two-way connections and which should I use?

icon

Best answer by Damian Andre 30 December 2020, 17:23

View original

1 reply

Userlevel 7
Badge +23

Hey Neo (love the name :D)

You can check out this video on network topologies for configuring networking within Commvault - but to specifically answer your question:

One-way means that in order to communicate, only one side is allowed to establish the network connection. Once established the source and destination servers can talk freely over the established network connection.

A good example scenario is when you are configuring networks across a DMZ. Typically your internal infrastructure would connect to servers in the DMZ, but DMZs are not allowed to connect to your internal infrastructure due to security reasons. For this, you want to use a one-way topology where the internal servers always establish the connection, and this tells commvault not to try to have the DMZ servers reach out, but instead wait for the remote side.

One ‘hidden’ benefit of one-way topologies is that the network connection is always established, this can be helpful if you have some network glitches - one-way is always trying to re-establish the connection and can add some additional resiliency.

Two-way means that both sides can connect freely to each other, but only on restricted ports. By default the port is 8403 but you can change it to anything you like. Unlike one-way network connections, after a timeout period, the connections will drop, but they will automatically re-establish when needed  - since they are free to connect to each other, the network connection does not always have to be established. For large environments with thousands of servers, you can reduce network chatter by using two-way where possible.

 

Hope that helps.

 

Reply