Hi,
We have a RHEV environment that resides in a DMZ network segment.
VSA Proxy is deployed within this env. Our Commserv and Media Agents can connect to the RHEV manager and the proxy ( One-Way ).
Should that be enough for taking baackups ? or should we create some network toplogy for the RHEV client and proxy ?
Thanks
Best answer by TNO
Thanks
Could you please expailn what do you refer to as ‘Clients’ ? Is it the RHEV manager ?
Also, should a ‘network topology’ be used to enforce the traffic to go through the proxy ?
+11hi
I hope you are doing well ,
In your case, clients should connect to the CS/MA via the VSA Proxy you've deployed.
The traffic direction will be: Client ⇨⇨⇨ VSA Proxy in DMZ ⇦⇦⇦ CS/MA (everything connects to the proxy).
For security, it’s best to only open the necessary ports for inbound and outbound traffic on the VSA Proxy. You can find the required port information here:
https://documentation.commvault.com/v11/essential/port_requirements_for_commvault.html
Best Regards,
Mohamed Ramadan
Data Protection Specialist
Thanks
Could you please expailn what do you refer to as ‘Clients’ ? Is it the RHEV manager ?
Also, should a ‘network topology’ be used to enforce the traffic to go through the proxy ?
+11hi
By "clients," I mean the RHEV manager node or nodes according to your RHEV architecture.
It shouldn’t be necessary to enforce traffic through a network topology if the RHEV node/s connection restricted ( not blocked between MA/CS ) but it's best practices in DMZ scenario
Best Regards,
Mohamed Ramadan
Data Protection Specialist
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
