Solved

HyperScale X (Reference Architecture) not hardened by default?

  • 18 January 2022
  • 5 replies
  • 395 views

Userlevel 3
Badge +8

Hi!

 

We recently deployed 2 HyperScale X Reference Architecture clusters at a customer, and found out that:

 

  1. Ransomware Protection is not enabled by default
  2. Linux Firewall is not enabled by default

 

In my opinion, in current times, it is strange that by default the solution is so insecure.

Why are the firewall and ransomware protection not enabled by default? And will that be addressed in a future release?

icon

Best answer by R Anwar 18 January 2022, 11:33

View original

5 replies

Userlevel 4
Badge +8

Hi @Patrick Dijkgraaf 

Ransomware protection by default for HSX is being worked on and should be available in future releases.

For enabling firewalld, you can add the regkey sHSEnableFirewall Y in /etc/CommvaultRegistry/Galaxy/Instance001/MediaAgent/.properties

It will enable firewalld by default from next boot. Ensure you meet the firewall requirements.

https://documentation.commvault.com/11.24/expert/132961_firewall_port_requirements_for_hyperscale_x_reference_architecture.html

Userlevel 3
Badge +8

Hi @R Anwar 

Thanks for the fast response! Good to know this is being worked on!

Regarding the firewall requirements, I see that for Commvault Distributed Storage (CDS), a HUGE amounts of ports are required…! This is probably only required on the Storage network, right? And not on the Data Protection network?

 

Userlevel 3
Badge +8

Anyone able to confirm? Thanks!

Userlevel 7
Badge +23

@R Anwar , can you confirm?  I’ll reach out to some other people internally to see if I can confirm for you @Patrick Dijkgraaf !

Userlevel 4
Badge +8

Hi @Patrick Dijkgraaf 

Yes, these port requirements for CDS is on the Storage Pool network.

 

Reply