Pruning on isolated MA

  • 1 August 2022
  • 2 replies

Userlevel 3
Badge +12

Hi Commvaulters,


Had a question regarding data aging/pruning on isolated MAs.

So, we have an isolated MAs (Air gapped = They are powered on only during Aux Copies, then, when the last aux copy finishes, the MAs are shutdown), the data is Deduped.


All jobs concerning the MAs are rescheduled to be aligned with the Air Gap window (Aux Copy, DDB Backup, Data Aging...etc). My concern now, is that the Air Gap window may not be sufficient to process the data pruning on the storage, since the MAs are directly shutdown after the Aux Copies.


Can the Air Gap window be an issue for the data aging/pruning process ? If someone gives us some guidance regarding this, that would be great.




Best answer by Jos Meijer 2 August 2022, 21:05

View original

2 replies

Userlevel 7
Badge +17

This setup will definitely result in a situation as described by Collin.

You could:

  • Isolate the MA receiving data in network segment x
  • Isolate a Commvault Gateway Proxy based on a different OS with a NIC for communication with the receiving MA in network segment y1
  • Isolate that same Commvault Gateway Proxy with a NIC for communication with the source MA in network segment y2
  • Have the source MA in network segment z

Configure a Gateway network topology, limit the receiving MA and CV Gateway Proxy OS firewall to only allow TCP 8403 communication with the specific counterparts and then configure network security to only allow incoming connections in from the MA to the CV Gateway Proxy.



Depending on the environment requirements then either:

  • leave the MA online with this setup, or
  • only periodically let the aging process do it’s work and then shut down the MA to resume the day to day aux copies followed by a shutdown.

Maybe not ideal, but definitely quite a secure way to facilitate data pruning periodically as it is:

  • Secured by network configuration to only communicate on a fixed peer to peer route
  • Divided by multiple network segments from which 2 are completely isolated for traffic other than Commvault, where Commvault traffic is limited to one TCP port which is monitored and authenticated with a proprietary TLS method by Commvault on process level.
  • Multiple OS strategy

Curious if this will work for you 😃


Userlevel 5
Badge +14

Hello @Commvault Engineer 

Since the AirGap blackout window prevents communication to the MediaAgent for periods of time, the MediaAgent would be unavailable to receive pruning requests and new batches of prunable records. It seems this would cause an issue with pruning since the MediaAgent is unavailable for parts of the day.


Thank you,