Hi All, we are using Access Node and MediaAgent (FREL) 2022E . The docu says: Automatic OS updates: Select this option to enable automatic OS updates.By default, automatic updates are applied daily for security updates. To modify the security level, perform the following steps after the File Recovery Enabler has been deployed: That was the reason why we are using 15 of these proxy in our wxrail enviroment. The Update is failing because the FREL is behind an firewall. I opend an Case 221121-292 to find out what we need but the awnser was….. For internet access, on FREL machine you can open port 80 - HTTP and 443 - HTTPSThan i asked for the urls and the awnser….. Unfortunately, we won't be able to provide the exact URL's. I confirmed this with Tier 2 as well. This needs to be looked into with the help of your network team. You can open those ports, run wireshark during OS updates download to check which requests on which ports are denied. This is not what we want to do :) The ova is provide by commvault and my opinion is that commvault should know wich ports must allow to make os updates. allow port 80 and 443 for any urls is not an option. Mybe you have an list of urls wich are needed to be allowd for os updates ?

Solved

OS Updates Access Node and MediaAgent (FREL) 2022E

2 years ago
November 29, 2022
5 replies
377 views

+13

SSchmidt
Commvault Certified Expert
92 replies

Hi All,

we are using Access Node and MediaAgent (FREL) 2022E .

The docu says:

Automatic OS updates: Select this option to enable automatic OS updates.

By default, automatic updates are applied daily for security updates. To modify the security level, perform the following steps after the File Recovery Enabler has been deployed:

That was the reason why we are using 15 of these proxy in our wxrail enviroment.

The Update is failing because the FREL is behind an firewall.

I opend an Case 221121-292 to find out what we need but the awnser was…..

For internet access, on FREL machine you can open port 80 - HTTP and 443 - HTTPS

Than i asked for the urls and the awnser…..

Unfortunately, we won't be able to provide the exact URL's. I confirmed this with Tier 2 as well.

This needs to be looked into with the help of your network team.

You can open those ports, run wireshark during OS updates download to check which requests on which ports are denied.

This is not what we want to do :) The ova is provide by commvault and my opinion is that commvault should know wich ports must allow to make os updates.

allow port 80 and 443 for any urls is not an option.

Mybe you have an list of urls wich are needed to be allowd for os updates ?

Best answer by Mike Struening RETIRED

Sure thing!

Here’s what I heard back:

Security updates are allowed on the OS. Ideally, never let the OS reach out and they would control a production environment and thus they would leverage their own local mirror. They would establish a monthly maintenance to be in control of their environment.

https://docs.oracle.com/en/operating-systems/oracle-linux/software-management/sfw-mgmt-UpdateSoftwareonOracleLinux.html#controlled-updates

they should be using dnf update --security

You can also set up a yum server:

https://docs.oracle.com/en/operating-systems/oracle-linux/software-management/sfw-mgmt-ConfigureaSystemtoUseOracleLinuxYumServer.html#config-proxy-with-yum

Let me know if that helps.

View original

Did this answer your question?

+23

Mike Struening
Vaulter
4996 replies
2 years ago
November 29, 2022

@SSchmidt I can see that the case owner was not able to provide the urls, though I know some SMEs I can ping.

https://www.linkedin.com/in/michael-struening

+13

SSchmidt
Author
Commvault Certified Expert
92 replies
2 years ago
November 29, 2022

hi thanks

+23

Mike Struening
Vaulter
4996 replies
Answer
2 years ago
November 29, 2022

Sure thing!

Here’s what I heard back:

https://docs.oracle.com/en/operating-systems/oracle-linux/software-management/sfw-mgmt-UpdateSoftwareonOracleLinux.html#controlled-updates

they should be using dnf update --security

You can also set up a yum server:

https://docs.oracle.com/en/operating-systems/oracle-linux/software-management/sfw-mgmt-ConfigureaSystemtoUseOracleLinuxYumServer.html#config-proxy-with-yum

Let me know if that helps.

https://www.linkedin.com/in/michael-struening

Gopinath
Vaulter
68 replies
2 years ago
November 29, 2022

Hello,

Check yum.repos.d on those OVA deployed Linux Access nodes. if its FR28’s OEL based then will use these oracle-linux-ol8.repo and uek-ol8.repo repos for OS updates.

If its CentOS based, then uses centos and elrepo repos.

Regards

Gopinath

+13

SSchmidt
Author
Commvault Certified Expert
92 replies
2 years ago
December 1, 2022

Hi,

we decided to switch to windows core.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

FREL/access node auto-deploy from Command Centericon

CommCell environment upgrade with HSX Clustersicon

Linux proxy for Xenservericon

Change IP of Metallic applianceicon

ova deploy via Command Center. Choose another VSA access node than primaryicon

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings