Prerequisites For Air Gap Protect

The following prerequisites are needed to setup Air Gap Protect as a storage target in Commvault software:

CommServe Server Version

The following minimum version is required for the CommServe server:

Air Gap Protect Type

Minimum CommServe Version

Global Cloud

Commvault V11 with Feature Release 21 (11.21.10 or later)

Government Cloud

Commvault V11 with Feature Release 24 (11.24.17 or later)

MediaAgent Version

The following minimum version is required for the MediaAgent:

Commvault V11 with Feature Release 20 (11.20.0 or later)

License Requirements

The Air Gap Protect license is required to configure Air Gap Protect.

In addition, you must accept the Commvault Terms and Conditions when you add the license. For more information about adding licenses and accepting the user agreement, see Adding a License in the CommCell Console.

See Also: License Administration for Air Gap Protect

Network Requirements

Outbound Connections

Air Gap Protect (Global Cloud)

Air Gap Protect (Government Cloud)

For outbound connectivity, the following endpoints must be whitelisted before configuring Air Gap Protect on Global Cloud:

  • *.blob.core.windows.net should be whitelisted on the MediaAgent. (All endpoints that contain.blob.core.windows.net must be whitelisted.)

  • https://login.microsoftonline.com should be whitelisted on both the CommServe server and the MediaAgent.

  • https://www.office.com should be whitelisted on both the CommServe server and the MediaAgent.

  • api.mcss.gov.metallic.io should be whitelisted only on the CommServe server. Static IP 23.97.4.188 is needed for api.mcss.gov.metallic.io.

  • https://metallic.io should be whitelisted on the CommServe server.

  • https://www.commvault.com should be whitelisted on both the CommServe server and the MediaAgent.

For outbound connectivity, the following endpoints must be whitelisted before configuring Air Gap Protect on Government Cloud:

  • *.blob.core.usgovcloudapi.net should be whitelisted on the MediaAgent. (All endpoints that contain .blob.core.usgovcloudapi.net must be whitelisted.)

  • https://login.microsoftonline.us should be whitelisted on both the CommServe server and the MediaAgent.

  • https://www.office.com should be whitelisted on both the CommServe server and the MediaAgent.

  • api.mcss.gov.metallic.io should be whitelisted only on the CommServe server. Static IP 23.97.4.188 is needed for api.mcss.gov.metallic.io.

  • https://metallic.io should be whitelisted on the CommServe server.

  • https://www.commvault.com should be whitelisted on both the CommServe server and the MediaAgent.

See https://www.microsoft.com/en-us/download/details.aspx?id=56519 for a list of IP addresses required by:

blob.core.windows.net

login.microsoftonline.com

blob.core.usgovcloudapi.net

login.microsoftonline.us

Note

  • The * in *.blob.core.windows.net can be replaced with specific storage account names, once the library is configured. For more information, see Obtaining the Storage Account Name.

  • Port 443 is required for all the listed endpoints.

  • For applying the license, Metrics Reporting server should have the same endpoints as the CommServe server (listed above under Outbound Connections) whitelisted.

Azure ExpressRoute circuit and Azure Private Link (Private Endpoint) is supported. For more information, see Configuring Azure ExpressRoute and Private Link.

HTTP Proxy for CommServe Server

If the CommServe server and the MediaAgent do not have direct access to the internet and have the proxy configured, make sure to configure the following:

During library configuration, make sure to provide the same proxy details, as configured in the HTTP Proxy Server Settings on the CommServe server.

Note

Before applying for the license, if the proxy is configured on the CommServe server, configure all_proxy as environment variable on the CommServe server with proxy server details (for example, http://x.x.x.x:port) as value and then restart Commvault services on the CommServe server.

Loading...