commvault.com commvault.com
Solved

Hide the VSA Proxy in a VMware Subclient Content during the Browse action

  • 29 April 2021
  • 6 replies
  • 286 views
G
Rank
Userlevel 1
Badge +7

Hi All,

Is there a way to hide the VSA Proxies while browsing the subclient's content?
I have seen that the only way is to assign the "No Access" role to the user used for the VMware Pseudo Client, but in this way I cannot perform the backup in "Hot Add" mode.

CVMWareInfo::_MountVM_VCB4() - Connecting to VM [TESTVM] config [[DS1_01] TESTVM/TESTVM.vmx] MoRef [vm-10347] snapshot [snapshot-13541] for disk access
CVMDiskInfo::Connect() - Selecting transport mode: hotadd
CVMDiskInfo::Dispatch_VixDiskLib_Connect() - VixDiskLib_Connect failed Err=3 One of the parameters was invalid
CVMWareInfo::_MountVM_VCB4() - Failed to connect to VM [TESTVM], 0
CVMWareInfo::_MountVM() - MountVM_VCB4() failed!!
CVMDiskInfo::GetDiskPathsForVM() - Unable to find open VM Handle for VM: [TESTVM] GUID: [503a58b0-ad2f-6b1d-2a40-c85ed5e6fa49]

 

icon

Best answer by Dan White 30 April 2021, 18:06

View original
Thanks - Gabriele

6 replies

Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

@Gabriele Palumbo , thanks for the question!

Overall, what is your goal?  Is the issue that you don’t want people performing the browse to see the Proxy data, or is that error stemming from the proxy access itself?

I may have to tag in some colleagues, though I want to be sure I understand your issue and desired outcome.

https://www.linkedin.com/in/michael-struening
G
Rank
Userlevel 1
Badge +7

 

In a multi-tenant environment, I don't want users from one tenant to browse VSA Proxies in the subclient's content. Unfortunately to allow the backup, I must also assign a role to the VSA Proxy, and in this way the VSA becomes browsable.

Thanks - Gabriele
Mike Struening RETIRED
Rank
Userlevel 7
Badge +23

Thanks for clarifying!  Let me look into that one for you and rope in some colleagues.

https://www.linkedin.com/in/michael-struening
Sarahy
Rank
Userlevel 3
Badge +5

Hi @Gabriele Palumbo ,

I understand that you need to add some capabilities to the VSA Proxies in order to perform the backups.

However, as per our documentation: https://documentation.commvault.com/commvault/v11/article?p=32150.htm, "Browse” permission is only required for the virtualization client, but not the proxy.

 

Could you please adjust the role permissions in a way that only "In Place” and "Out of Place” recovery is allowed for Proxies, and “Browse” for VSA clients? as per the table referenced below and within the documentation link:

 

Ownership and Permissions Required for the CommCell Console

Also, make sure that tenant user is not the VSA Proxy owner, otherwise, it will still be able to browse it.

 

Hope that helps!

 

Best regards,

Sarahy Pardo

US-Server

 

Sarahy Pardo. US-Server Team
G
Rank
Userlevel 1
Badge +7

 

@Sarahy 

Hi Sarahy, I try to be more specific, in the subclient in addition to the "Resource Pool" (assigned to a specific user in VMware through the configuration of roles) I also see the VSA Proxy "SRVPROXY" which obviously I have to authorize in VMware (VMware Roles).

My wish is to hide the VSA Proxy on the Commvault side within the Content.

 

Thanks - Gabriele
D
Rank
Userlevel 4
Badge +8

Hello Gabriele,

So there are a couple of options here.

If you wish to backup the VSA proxies than you will have to follow THIS DOCUMENTATION.

OR

While there is no way to technically hide the proxies in content, you can filter them from being backed up on the backupset level. This will prevent the errors that you are seeing.

 

Let me know if this helps!

"If you give a man a fish, you feed him for a day. If you teach a man to fish, they will probably burn your spot"

Reply


Terms & ConditionsCookie settings