Hi Folks,
I’ m looking a guide or BOL pages about the Commvault Network Hardening. I saw that there are some guides about Ransomware Protection, Securing the CommServe.. but can’ t find related to the Network. Basiclly, I need what can be done for Network Hardening ? Like Port Restriction, Authenticate with Certificate, SSL handshake, Encrypted tunnel ?
Best Regards.
Hi
As you mention we have a few pages covering Commcell hardening:
Securing the CommServe Computer
Within this section there are more details for network hardening including requiring certificate authentication and encrypted tunnels.
Enabling Secure Communication, specifically Enforcing Authentication of Client Certificates During Installation and Enabling Client Certificate Authentication on the CommServe Computer
Enabling Encryption in the CommCell, specifically for network communications, please see Encrypting Backup Data which can be used both for transmission and on storage media. We can also Enforce Automatic Tunneling and Encryption for Network Traffic.
We establish network tunnels using several possible protocols which is explained in Configuring Outgoing Tunnel Connections.
Essentially:
Regular (HTTP) - standard, data and control traffic use HTTP
Authenticated (HTTPSA) - control traffic is encrypted and sent using HTTPS, but data is sent UNencrypted using HTTP
Encrypted (HTTPS) - both control and data traffic are encrypted and sent using HTTPS
Thanks,
Stuart
Hi
Thanks for the information. I have searched but I couldn’ t find any information about the when a connection built between CS-Client is the any SSL handshake doing between again CS-MA ?
Best Regards.
Hi
There is no difference in this context between Clients and MAs.
A Media Agent is considered a client and would be governed by the same rules.
Thanks,
Stuart
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
