Skip to main content
Solved

HyperScale X on air-gapped environment

  • 23 September 2021
  • 4 replies
  • 542 views

Forum|alt.badge.img+6

Hi There.

I am searching for technical resources on how we setup an air-gapped environment.

The idea is to have an isolated HSX cluster that we air-gap from the production HSX cluster and used only for Aux Copies long retention.

I checked the online documentation and the internet on how CV achieve this with no luck. 

I want to use a VM as a network gateway proxy with blackout window and network topology. I just didn't find how we can automatically shutdown and power up the VM to isolate the air-gapped environment.

Searched for workflow but couldn’t find anything relevant.

Anyone did this before and if so how was it done ?

Thanks

Abdel

Best answer by Abdellatif AITELBACHA

Thanks Guys for your inputs

 

Tape is not an option as HSX was proposed and sold as the replication target on the air-gapped environment.

I was under the impression that Commvault will manage the VM Proxy power state using some workflows. But by reading the links provided, this should ne managed from the hypervisor.

In short, correct me if I am wrong, we use a combination of VM power management (from hypervisor), blackout window and network topology (from Commvault) to “open and close the gate” between the source HSX cluster/CS  and the air-gapped HSX cluster.

Then we assign proper schedules to Aux Copies so that they are allowed to run only outside the blackout window. The proxy VM being powered off during the blackout window , communication cannot be established with the appliances. It can also be enforced by FW or network routing.

Am I correct ?

Regards

Abdellatif

 

View original
Did this answer your question?

4 replies

Mike Struening
Vaulter
Forum|alt.badge.img+23

Forum|alt.badge.img+4
  • Byte
  • 12 replies
  • September 25, 2021

There is always tape. Its a Sheltered Harbor solution that can be plugged into the HSX.

Ejecting tapes is guaranteed air gap. Store them in the same location no need send them offsite.  

If you can virtually partition your tape library you can store them in the same library. Moving tapes from one virtual partition to another is done remotely by library software not by the backup software. It is completely out of band and even on a different or isolated IP network.   


Forum|alt.badge.img+6

Thanks Guys for your inputs

 

Tape is not an option as HSX was proposed and sold as the replication target on the air-gapped environment.

I was under the impression that Commvault will manage the VM Proxy power state using some workflows. But by reading the links provided, this should ne managed from the hypervisor.

In short, correct me if I am wrong, we use a combination of VM power management (from hypervisor), blackout window and network topology (from Commvault) to “open and close the gate” between the source HSX cluster/CS  and the air-gapped HSX cluster.

Then we assign proper schedules to Aux Copies so that they are allowed to run only outside the blackout window. The proxy VM being powered off during the blackout window , communication cannot be established with the appliances. It can also be enforced by FW or network routing.

Am I correct ?

Regards

Abdellatif

 


Mike Struening
Vaulter
Forum|alt.badge.img+23

@Abdellatif AITELBACHA , you have it.  The hypervisor keeps the vm proxy offline via power management as an extra security measure.  This limits exposure to malicious sources.


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings