Securing the CommServe Computer

This section contains topics about security features and administrative tools that can enhance your data security plan to ensure that your data is kept private and safe from unauthorized users. Specifically, these topics explain how to increase the security of the CommServe database, where all configuration data, job records, and access control reside (hardening the CommServe database).

All configuration data, job records, and access control to Commvault managed data is contained within the CommServe database. Regardless of what other security barriers in place, if the CommServe database is compromised, the data is vulnerable. The primary means to protect the CommServe database are – and will always be - the physical, application, and network security measures taken. However, there are additional security precautions as listed in this whitepaper.

Some of the security precautions recommended involve configuration of the Microsoft SQL Server instance or the Windows Server host used by the CommServe component. Configuration steps listed here may vary depending on the versions of software being used - Microsoft Windows or SQL Server version 2008 or 2012 – initial or R2 variant. Consult the latest Microsoft’s documentation for version specific steps.

For a convenient PDF with all of the procedures to increase the security of your CommServe database, see Security Best Practices.

The software uses AES-256 to encrypt the passwords of the application user accounts, and then stores the key used for encryption in the CommServe database. Optionally, you can use a key management server including passphrase key management server to protect the encryption key. For instructions to configure a key management server, see Configuring a Key Management Server to Secure the Passwords of Application User Accounts.

Last modified: 10/24/2019 7:24:26 AM