Solved

Commvault Air Gap Orchestration Workflow

  • 10 January 2022
  • 6 replies
  • 655 views

Userlevel 3
Badge +12

Hi Team,

I was documenting about the feasibility of the Air Gaping on commvault, and found the picture below.

Can someone guide me where can I find and download the concerned workflows ?

 

Thanks in advance.

icon

Best answer by DMCVault 10 January 2022, 19:13

View original

6 replies

Userlevel 7
Badge +23

Let me find out.  I know some people I can check with.

@DMCVault 

Userlevel 5
Badge +8

@Commvault Engineer There isn't a pre-canned workflow available in the software store yet, however you can use the VM Utilities predefined activity to create a custom workflow.

Let me explain this a bit further though...

Air gapping is mostly architecture, with some software configuration.  It first starts with isolating storage. For on premises setups, you would want to architect the solution wherein a secondary or tertiary copy of data is segmented/isolated from the production environment - often referred to as a “vault” environment, or “clean room”.  This would typically require network configurations.  Ideally the isolated storage can only communicate out to the production environment using Commvault encrypted tunnels.  This can be direct one-way, or using a gateway in-between.  Use Commvault network topologies to configure the rules for how the resources will communicate to one another.

Gapping is the process of shutting down the communication tunnel periodically.  This can be done a few ways, and may require minor customization (and depends on requirements and architecture):

  1. If you are using virtual media agents then then just enable power management on the media agent.  This will shut the media agent down when not in use - super simple, no scripts or workflows needed. 
  2. If you are using a virtual gateway to manage communications between production and vault, you can create a workflow that power manages the gateway by using the VM Utilities predefined activity.
  3. In the event you don't want Commvault controlling the “gapping”, and would like to control it externally, you can run a command via Windows Task Scheduler (gxadmin command), or CRON (commvault start/stop command) on the Media Agent.

Let me know if you have questions.

Userlevel 3
Badge +12

Let me find out.  I know some people I can check with.

@DMCVault

Thanks @Mike Struening for your usual support !

Userlevel 3
Badge +12

@Commvault Engineer There isn't a pre-canned workflow available in the software store yet, however you can use the VM Utilities predefined activity to create a custom workflow.

Let me explain this a bit further though...

Air gapping is mostly architecture, with some software configuration.  It first starts with isolating storage. For on premises setups, you would want to architect the solution wherein a secondary or tertiary copy of data is segmented/isolated from the production environment - often referred to as a “vault” environment, or “clean room”.  This would typically require network configurations.  Ideally the isolated storage can only communicate out to the production environment using Commvault encrypted tunnels.  This can be direct one-way, or using a gateway in-between.  Use Commvault network topologies to configure the rules for how the resources will communicate to one another.

Gapping is the process of shutting down the communication tunnel periodically.  This can be done a few ways, and may require minor customization (and depends on requirements and architecture):

  1. If you are using virtual media agents then then just enable power management on the media agent.  This will shut the media agent down when not in use - super simple, no scripts or workflows needed. 
  2. If you are using a virtual gateway to manage communications between production and vault, you can create a workflow that power manages the gateway by using the VM Utilities predefined activity.
  3. In the event you don't want Commvault controlling the “gapping”, and would like to control it externally, you can run a command via Windows Task Scheduler (gxadmin command), or CRON (commvault start/stop command) on the Media Agent.

Let me know if you have questions.

Thanks, @DMCVault for the explanations and hints, it is clearer now, I will document further more and be back to you if I need more information :)

Userlevel 5
Badge +8

@Commvault Engineer 

We have a pre-canned workflow available now:

https://documentation.commvault.com/11.26/essential/147278_starting_or_stopping_network_gateway_to_create_air_gap.html

Userlevel 3
Badge +12

Wow! That’s very useful, thanks a lot @DMCVault.

Reply