Skip to main content

Hi,

We have a RHEV environment that resides in a DMZ network segment.

VSA Proxy is deployed within this env.  Our Commserv and Media Agents can connect to the  RHEV manager and the proxy ( One-Way ).

Should that be enough for taking baackups ? or should we create some network toplogy for the RHEV client and proxy ?

 

 

Thanks

hi @TNO 
I hope you are doing well ,
 

In your case, clients should connect to the CS/MA via the VSA Proxy you've deployed.
The traffic direction will be: Client ⇨⇨⇨ VSA Proxy in DMZ ⇦⇦⇦ CS/MA (everything connects to the proxy).

For security, it’s best to only open the necessary ports for inbound and outbound traffic on the VSA Proxy. You can find the required port information here:
https://documentation.commvault.com/v11/essential/port_requirements_for_commvault.html
 

Best Regards,
Mohamed Ramadan

Data Protection Specialist 


Thanks @Mohamed Ramadan 

Could you please expailn what do you refer to as ‘Clients’ ? Is it the RHEV manager ?

Also, should a ‘network topology’ be used to enforce the traffic to go through the proxy ?


hi @TNO 

By "clients," I mean the RHEV manager node or nodes according to your RHEV architecture.

It shouldn’t be necessary to enforce traffic through a network topology if the RHEV node/s connection restricted ( not blocked between MA/CS ) but it's best practices in DMZ scenario 
 

Best Regards,
Mohamed Ramadan

Data Protection Specialist 


Reply