Verify that the VMs that you will use as Azure VM access nodes meet the system requirements.
Commvault Packages
Azure VM access nodes must have the Virtual Server Agent package installed.
Deployment Recommendations
-
Deploy an Azure Marketplace virtual machine image.
To use Azure Arm access nodes before a virtual machine image is available, you must install Mono. For information, see Install Mono on Azure Arm Access Nodes.
-
Deploy a virtual machine that meets one or both of the following criteria:
-
In the Azure cloud
-
Compute-optimized
-
-
If the Azure subscription includes multiple regions, deploy at least 1 access node in each region.
Operating Systems
Azure VM access nodes must run one of the following operating systems.
Linux
|
Operating system |
Processor architecture |
|---|---|
|
CentOS 7.9, 7.8, 7.7, 7.6, 7.5, 7.4 |
x64 |
|
Oracle Linux 9.4, 8.7, 8.6, 8.5, 8.4, 8.3, 8.2, 8.1, 8.0 |
x64 |
|
Red Hat Enterprise Linux (RHEL) 8.7, 8.6, 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4 |
|
Note
To use a machine that runs RHEL 7.7 as a VSA proxy, you must install the pcre-devel-8.32-17.el7.x86_64 package.
For a machine that runs RHEL 8.x, to install operating system packages that are required to enable automatic installation of Mono, register the machine with Red Hat. For more information, see Deploying a Linux Machine as a VSA Proxy.
Windows
|
Operating system |
Processor architecture |
|---|---|
|
Microsoft Windows Server 2025 Editions (Standard, DataCenter, and Core) |
x64 |
|
Microsoft Windows Server 2022 Editions (Standard, DataCenter, and Core) |
x64 |
|
Microsoft Windows Server 2019 (Standard, Datacenter) Editions (Standard, DataCenter, and Core) |
(64-bit only) x64 |
|
Microsoft Windows Server 2016 Editions (Standard, DataCenter, and Core) |
x64 |
|
Microsoft Windows Server 2012 R2 Editions (Standard, DataCenter, and Core) |
x64 |
|
Microsoft Windows Server 2012 Editions (Standard, DataCenter, and Core) |
x64 |
Firewall Requirements
Tunnel ports (for example, 8400 and 8403) must be opened in the security group for the instance to enable installation of the Virtual Server Agent to Azure virtual machines and communication with the CommServe system.
If you deploy a CommServe host in an environment with firewalls, create a persistent route from the CommServe host to the VSA proxy, as documented in Setting Up a Network Gateway Connection Using a Predefined Network Topology. Specify the RESTRICTED setting for connections from the CommServe host to the VSA proxy (step 3 under If you chose not to use predefined network topologies) and the BLOCKED setting in the CommServe node settings for the proxy (step 9).
If a firewall proxy is installed, configure Internet options for the firewall proxy machine. On the HTTP Proxy tab of the Internet Options dialog box, enter the user name and password for the firewall proxy machine, using only the user name and not including the domain name with the user name.
All requests from VSA proxy machines connect through port 443 of the Azure endpoints. Therefore:
-
If a firewall is configured on the proxy machine, then port 443 must remain open.
-
If the proxy machine is an instance in the cloud, then port 443 must be opened at the network security group level for the VSA proxy instance.
To access Azure backup and restore services for the Azure regions, incorporate the following URLs in your firewall or proxy settings.
|
Azure |
Azure China |
Azure Germany |
Azure US Gov |
|---|---|---|---|
|
https://management.azure.com/ https://login.microsoftonline.com/ https://*.blob.core.windows.net https://*.blob.storage.azure.net https://*.vault.azure.net https://graph.windows.net/ http://169.254.169.254/metadata/identity/oauth2/token |
https://management.chinacloudapi.cn/ https://login.chinacloudapi.cn/ https://*.blob.core.chinacloudapi.cn https://*.blob.storage.azure.net https://*.vault.azure.cn https://graph.chinacloudapi.cn/ http://169.254.169.254/metadata/identity/oauth2/token |
https://management.microsoftazure.de/ https://login.microsoftonline.de/ https://*.blob.core.cloudapi.de https://*.blob.storage.azure.net https://*.vault.microsoftazure.de https://graph.cloudapi.de/ http://169.254.169.254/metadata/identity/oauth2/token |
https://management.usgovcloudapi.net/ https://login.microsoftonline.us/ https://*.blob.core.usgovcloudapi.net https://*.blob.storage.azure.net https://*.vault.usgovcloudapi.net https://graph.windows.net/ http://169.254.169.254/metadata/identity/oauth2/token |
Configuring a Firewall to Install the Virtual Server Agent on a Cloud VM or Instance
To deploy the access node or MediaAgent on a cloud VM or instance when other components (such as the CommServe host) are on premises <Category>, configure a firewall for an access node in the cloud between the on premises components and the cloud VM or instance.
Hardware Specifications
For information about hardware requirements for the Virtual Server Agent, see Hardware Specifications for Virtual Server Agent.