In order to implement a Vault site which will contain one MediaAgent in it, we wanted to restrict the communication of this MediaAgent to only the CS + MAs in Prod site and make connection only be established through the Vault site.
To make things even securised, we wanted to use a dedicated port for the Vault MA unstead of the defaults 8400/8403.
Seems this can be achived through One-Way network topology while setting : Vault MA → Prod CS/MAs.
But not sure about the customized port to be used, as from OS/Network perspective only the custom port will be allowed between the Vault MA and Prod CS/MAs. Should the custom port be set in the below screenshot during topology creation or set as an additional setting in the Vault MA (nCVDPORT) or both ? How to let CV know that the communication will only be established by the Vault MA and use a defined port ?
This is a bit confusing.
Thanks in advance.
Best answer by Jace Ross
Hi Sys Engineer,
You have the right idea. 8400 and 8403 serve different purposes. 8400 is your CVD port, it’s your initiation connections, your requests between servers, etc. 8403 is your tunnel port, this is what is transporting data.
So you can use both settings you’ve mentioned and at the end of it you will have 2 custom ports. However if you want a single port you will need to use nCLNT_FORCE_TUNNEL
So, if I understood well, I will need to set the nCLNT_FORCE_TUNNEL to 0 to disable automatic tunneling and then set my custom port to whatever we want.
Also, just to be sure, let’s say we wanted to set the custom port to 9000 for the Vault MA, in the network topology, should we set the Tunnel port parmater to 9000 fot he Vault MA and keep the default 8403 for our Prod nodes (CS + MAs) ? will the communication be established without issues ?
Provided the tunnel port is set only in a topology that goes to the specific media agent and the CVD port additional setting is only on the media agents this won’t affect any other clients.
You have the right idea. 8400 and 8403 serve different purposes. 8400 is your CVD port, it’s your initiation connections, your requests between servers, etc. 8403 is your tunnel port, this is what is transporting data.
So you can use both settings you’ve mentioned and at the end of it you will have 2 custom ports. However if you want a single port you will need to use nCLNT_FORCE_TUNNEL
You have the right idea. 8400 and 8403 serve different purposes. 8400 is your CVD port, it’s your initiation connections, your requests between servers, etc. 8403 is your tunnel port, this is what is transporting data.
So you can use both settings you’ve mentioned and at the end of it you will have 2 custom ports. However if you want a single port you will need to use nCLNT_FORCE_TUNNEL
So, if I understood well, I will need to set the nCLNT_FORCE_TUNNEL to 0 to disable automatic tunneling and then set my custom port to whatever we want.
Also, just to be sure, let’s say we wanted to set the custom port to 9000 for the Vault MA, in the network topology, should we set the Tunnel port parmater to 9000 fot he Vault MA and keep the default 8403 for our Prod nodes (CS + MAs) ? will the communication be established without issues ?
You have the right idea. 8400 and 8403 serve different purposes. 8400 is your CVD port, it’s your initiation connections, your requests between servers, etc. 8403 is your tunnel port, this is what is transporting data.
So you can use both settings you’ve mentioned and at the end of it you will have 2 custom ports. However if you want a single port you will need to use nCLNT_FORCE_TUNNEL
So, if I understood well, I will need to set the nCLNT_FORCE_TUNNEL to 0 to disable automatic tunneling and then set my custom port to whatever we want.
Also, just to be sure, let’s say we wanted to set the custom port to 9000 for the Vault MA, in the network topology, should we set the Tunnel port parmater to 9000 fot he Vault MA and keep the default 8403 for our Prod nodes (CS + MAs) ? will the communication be established without issues ?
Provided the tunnel port is set only in a topology that goes to the specific media agent and the CVD port additional setting is only on the media agents this won’t affect any other clients.
