Prerequisites for Air Gap Protect

The following prerequisites are needed to configure Air Gap Protect storage for backups.

License Requirements

The Air Gap Protect license is required to configure Air Gap Protect.

In addition, you must accept the Commvault Terms and Conditions when you add the license. For more information about adding licenses and accepting the user agreement, see Adding a License in the Command Center.

See Also: License Administration for Air Gap Protect.

Outbound Connections

For outbound connectivity, the following endpoints must be allowlisted on the CommServe server before configuring Air Gap Protect.

• https://login.microsoftonline.com

• https://api.mcss.metallic.io (IP address 40.75.17.108)

• https://metallic.io

• https://www.commvault.com

In addition, whitelist the endpoints required for specific storage type on the MediaAgent.

• Amazon S3 Storage

• Google Cloud Storage

• Microsoft Azure

• Oracle Cloud Infrastructure Object Storage

HTTP Proxy for CommServe Server and MediaAgent

If the CommServe server and/or the MediaAgent do not have direct access to the internet and have the http proxy configured, make sure to configure the http proxy on the CommServe server and MediaAgent Client or Client Group. For more information, see Configuring an HTTP Proxy for a Server Group.

Network Security Controls

You can secure access to storage by restricting it to your private network using one of the following options:

1. Restrict access by IP address
   Provide Commvault Support with a list of allowed IP addresses to restrict access accordingly.

2. Private endpoint (Azure)
   If your MediaAgents are running in Azure, configure a private endpoint to ensure that storage is accessed only through a private connection.

3. ExpressRoute (On-premises)
   If your MediaAgents are on-premises, configure ExpressRoute to send data securely over a private connection.