hi @TNO
I hope you are doing well ,
In your case, clients should connect to the CS/MA via the VSA Proxy you've deployed.
The traffic direction will be: Client ⇨⇨⇨ VSA Proxy in DMZ ⇦⇦⇦ CS/MA (everything connects to the proxy).
For security, it’s best to only open the necessary ports for inbound and outbound traffic on the VSA Proxy. You can find the required port information here:
https://documentation.commvault.com/v11/essential/port_requirements_for_commvault.html
Best Regards,
Mohamed Ramadan
Data Protection Specialist
Thanks @Mohamed Ramadan
Could you please expailn what do you refer to as ‘Clients’ ? Is it the RHEV manager ?
Also, should a ‘network topology’ be used to enforce the traffic to go through the proxy ?
hi @TNO
By "clients," I mean the RHEV manager node or nodes according to your RHEV architecture.
It shouldn’t be necessary to enforce traffic through a network topology if the RHEV node/s connection restricted ( not blocked between MA/CS ) but it's best practices in DMZ scenario
Best Regards,
Mohamed Ramadan
Data Protection Specialist