Hardening the CommServe Server with CIS Level 1 Benchmarks

Updated

Commvault supports Center for Internet Security (CIS) Level 1 benchmarks for hardening the CommServe Server to allow organizations to stay compliant, and reduce the attack surface on the underlying infrastructure used for the Commvault platform. The following Commvault infrastructure components can be hardened using the CIS Level 1 benchmarks:

  • Windows Operating System

  • Redhat Linux Operating System

  • SQL

  • Apache Tomcat

  • IIS

For more information on CIS Level 1 Benchmarks, refer to the CIS benchmark guides.

How to Apply CIS Level 1 Benchmarks in Your Environment?

You can use any of the following methods to apply CIS level 1 controls:

Applying the CIS Benchmarks Manually

To apply CIS level 1 hardening manually, refer to the CIS Benchmarks provided for each supported component. The Commvault CIS guides will provide additional insights into various exceptions and caveats to any specific benchmarks.

Using the Hardened OVA Image

The easiest method to apply CIS benchmarks on the CommServe Server is to deploy the pre-hardened OVA image available in the software store.

  • For a new CommServe server, use the OVA image to deploy the CommServe to a supported HyperVisor following the instructions that appear during OVA deployment.

  • For an existing CommServe server, you can perform a CommServe hardware refresh to a newly deployed CommServe CIS hardened OVA image.

  • After deploying the CommServe CIS hardened OVA, make sure to apply the latest Commvault updates.

Using Group Policies and Scripts

  • To apply benchmarks for the Windows Operation System using group policies CIS offers downloadable GPO templates available with a CIS Memberships.

  • To apply controls for IIS, Tomcat and SQL, use the scripts available in the software store.

  • Other open source or community driven scripts can be found on GitHub.

Using Other Pre-hardened Images or Installation Methods

For RedHat Linux Operating systems you can select the CIS Red Hat Enterprise Linux Benchmark for Level 1 Server Security policy during the installation.

Other available pre-hardened OS images can be used as provided by cloud providers such as Azure or AWS. Please make sure that you use a CIS Level 1 image.