Commvault Network Hardening Guide ?

  • 4 August 2021
  • 3 replies
  • 1252 views

Userlevel 2
Badge +9

Hi Folks,

I’ m looking a guide or BOL pages about the Commvault Network Hardening. I saw that there are some guides about Ransomware Protection, Securing the CommServe.. but can’ t find related to the Network. Basiclly, I need what can be done for Network Hardening ? Like Port Restriction, Authenticate with Certificate, SSL handshake, Encrypted tunnel ?

Best Regards.


3 replies

Userlevel 7
Badge +15

Hi @0ber0n 

As you mention we have a few pages covering Commcell hardening:

Securing the CommServe Computer

Within this section there are more details for network hardening including requiring certificate authentication and encrypted tunnels.

Enabling Secure Communication, specifically Enforcing Authentication of Client Certificates During Installation and Enabling Client Certificate Authentication on the CommServe Computer

Enabling Encryption in the CommCell, specifically for network communications, please see Encrypting Backup Data which can be used both for transmission and on storage media. We can also Enforce Automatic Tunneling and Encryption for Network Traffic.


We establish network tunnels using several possible protocols which is explained in Configuring Outgoing Tunnel Connections.

Essentially:
Regular (HTTP) - standard, data and control traffic use HTTP

Authenticated (HTTPSA) - control traffic is encrypted and sent using HTTPS, but data is sent UNencrypted using HTTP

Encrypted (HTTPS) - both control and data traffic are encrypted and sent using HTTPS

Thanks,

Stuart

 

Userlevel 2
Badge +9

Hi @Stuart Painter ,

Thanks for the information. I have searched but I couldn’ t find any information about the when a connection built between CS-Client is the any SSL handshake doing between again CS-MA ?

Best Regards.

Userlevel 7
Badge +15

Hi @0ber0n 

There is no difference in this context between Clients and MAs.

A Media Agent is considered a client and would be governed by the same rules.

Thanks,

Stuart

 

Reply