V11 Service Pack 9
Loading...

Setting Up the Commvault Proxy

As part of the firewall configuration for proxy connections, you must configure the computer that you want to use as the Commvault proxy. The proxy must be a computer in the perimeter network.

Since the perimeter network always receives connections from outside, the Commvault proxy must communicate with the CommServe computer through tunnel connections initiated by the CommServe computer.

Before You Begin

  • The proxy computer must meet the following hardware recommendations:
    Number of Clients Regular, Authenticated or Raw Encrypted
    <1000 clients Single-core 1-GHz processor with 4 GB RAM Dual-core 1-GHz processor with 8GB RAM
    >5000 clients Dual-core 1-GHz processor with 8 GB RAM 2 x dual-core 1-GHz processors with 8GB RAM
  • If you plan to use a predefined network topology, you must configure the topology before setting up the proxy. For instructions, see Setting Up Proxy Connections Using a Predefined Network Topology.

Procedure

To set up the Commvault Proxy, complete the following main steps:

Step 1: Create a Placeholder Client

Before you install the Commvault software on the proxy computer, you must create and configure a placeholder client for the proxy.

Tip: If you need to create multiple placeholders, run the Client Certificate Administration Workflow.

  1. From the CommCell Browser, expand Client Computers, and then click New Client > File System > [Windows or Unix].

  2. In the New [Windows or Unix] Client window, enter a Client Name and Host Name for the proxy computer. These details will also be used during your Commvault proxy installation.
  3. Click Next.
  4. Confirm the information shown under Summary, then click Finish.

Step 2: Configure the Placeholder Client

Follow the steps that correspond to your firewall configuration:

Expand All

Configuration steps for those who ARE using predefined network topologies

Add the placeholder client to the proxy client group that you specified in the network topology.

  1. From the CommCell Browser, expand Client Computer Groups, right-click the proxy_client_group, and then click Properties.

    The Client Computer dialog box appears.

  2. On the General tab, select the placeholder client (or clients) from the All clients list, click Include >, and then click OK.

    Adding the placeholder clients to the proxy group automatically configures them as proxy computers.

  3. Push the firewall configuration on the MediaAgent (if any) and then on the CommServe computer. For example:
    1. From the CommCell Browser, right-click the CommServe, and then click All Tasks > Push Firewall Configuration.
    2. When the Warning dialog box appears, click Continue.

      A notification appears indicating that the push firewall operation was successful. Click OK to close the notification.

    You are now ready to install the Commvault proxy.

Configuration steps for those who ARE NOT using predefined network topologies

Configure the firewall settings on the placeholder client as follows:

  1. From the CommCell Browser, expand Client Computers, right-click the new client_name, and then click Properties.

    The Client Computer Properties dialog box appears.

  2. Click Network.

    The Network Properties for Client dialog box appears.

  3. On the Firewall Configuration tab, select the Configure Firewall Settings check box.
  4. Click Advanced, read the warning, and click OK.
  5. Configure the proxy to allow the CommServe to initiate a connection to it:
    1. Click Add.
    2. In the From list, select the CommServe name.
    3. In the State list, select RESTRICTED.
    4. Click OK.

    For information about the RESTRICTED setting, see Restricting or Blocking Connections.

  6. If a MediaAgent is behind the firewall, configure it:
    1. Click Add.
    2. In the From list, select the MediaAgent name.
    3. In the State list, select RESTRICTED.

    For information about the RESTRICTED setting, see Restricting or Blocking Connections.

  7. On the Incoming Ports tab, in the Override default tunnel port box, set the incoming port number on which the Commvault proxy will listen for a connection request from the CommServe host, and then write it down so that you have it during the Commvault proxy installation.

    The default tunnel port is the Commvault Communications (CVD) service port plus 3, for example, 8403.

  8. On the Options tab, select the This computer is in DMZ and will work as a proxy check box, and then click OK twice.

    The placeholder client is now configured. The rest of the steps will configure the CommServe computer.

  9. From the CommCell Browser, right-click the CommServe node and click Properties.
  10. On the Firewall Configuration tab, select the Configure Firewall Settings check box, and on the Incoming Connections tab, click Add.
  11. From the From list, select the Commvault proxy computer. From the State list, select BLOCKED. Click OK.
  12. On the Outgoing Routes tab, click Add.
  13. Select the Commvault proxy from the Remote Group/Client list.
  14. For Route Type, select Direct, and for Tunnel Connection Protocol, select Regular.
  15. Click OK.
  16. From the CommCell Browser, right-click the CommServe node and click All Tasks > Push Firewall Configuration.
  17. Click Continue to acknowledge the warning and proceed.
  18. Click OK to close the firewall push notification.
  19. Check the Event Viewer window to confirm that your firewall configuration was pushed successfully.

    You are now ready to install the Commvault proxy.

Step 3: Install the Commvault Software on the Proxy

During the installation, you need to specify a local HTTP or HTTPS port number that can be used by the CommServe computer to open tunnel connections towards the proxy. For firewall instructions during the installation, see Setting Up Direct Connections from the CommServe Computer to the Client.

Note: If firewall is enabled on the proxy, ensure there are open connections to the CommServe and client computers.

What to Do Next