> Software > Storage for Backups > Air Gap Protect > Getting Started

Prerequisites for Air Gap Protect

The following prerequisites are needed to configure Air Gap Protect storage for backups.

License Requirements

The Air Gap Protect license is required to configure Air Gap Protect.

In addition, you must accept the Commvault Terms and Conditions when you add the license. For more information about adding licenses and accepting the user agreement, see Adding a License in the Command Center.

See Also: License Administration for Air Gap Protect.

Outbound Connections

Air Gap Protect

For outbound connectivity, the following endpoints must be allowlisted on the CommServe server before configuring Air Gap Protect.

  • https://login.microsoftonline.com

  • https://api.mcss.metallic.io (IP address 40.75.17.108)

  • https://metallic.io

  • https://www.commvault.com

In addition, whitelist the endpoints required for specific storage type on the MediaAgent.

Azure Blob Storage

Before configuring Air Gap Protect storage on Azure Blob Storage, add the required endpoints to your Air Gap Protect MediaAgent's allowlist.

Replacing * in *.blob.core.windows.net

After you configure your Air Gap Protect storage on Azure Blob Storage, you can replace * in *.blob.core.windows.net with the specific storage account name. For example, in the following image, the name of the storage account is AGP_AWS_Mumbai:

agp-storage-account-name

Global Azure

  • *.blob.core.windows.net: All endpoints that contain blob.core.windows.net

  • https://login.microsoftonline.com

Azure Government

  • *.blob.core.usgovcloudapi.net: All endpoints that contain .blob.core.usgovcloudapi.net

  • https://login.microsoftonline.us

Azure IP ranges and service tags

For a downloadable list of IP addresses required by the following, see Azure IP Ranges and Service Tags – Public Cloud:

  • blob.core.windows.net

  • login.microsoftonline.com

  • blob.core.usgovcloudapi.net

  • login.microsoftonline.us

In the name: "Storage.[region]" values—such as "name": "Storage.AustraliaCentral"[region] is the region of the Air Gap Protect storage.

Azure ExpressRoute is supported with no additional configuration.

Azure Private Link is supported with additional configuration.

Amazon S3 Storage

For outbound connectivity, the following endpoints must be allowlisted on the MediaAgent before configuring Air Gap Protect on Amazon S3.

Replace [region] with the region ID. For example, for Asia Pacific (Seoul), replace [region] with ap-northeast-2.

  • s3.[region].amazonaws.com

  • s3.[region].amazonaws.com

Oracle Cloud Infrastructure Object Storage

For outbound connectivity, the following endpoints must be allowlisted on the MediaAgent before configuring Air Gap Protect on OCI.

Replace [region] with the region ID. For example, for Brazil Southeast (Vinhedo), replace [region] with sa-vinhedo-1.

  • objectstorage.[region].oraclecloud.com

  • identity.[region].oraclecloud.com

Notes

  • Port 443 is required for all the listed endpoints.

  • For applying the license, Metrics Reporting server should have the same endpoints as the CommServe server (listed above under Outbound Connections) allowlisted.

Google Cloud Storage

For outbound connectivity, the following endpoints must be allowlisted on the MediaAgent before configuring Air Gap Protect on Google Cloud Storage.

  • storage.googleapis.com

HTTP Proxy for CommServe Server and MediaAgent

If the CommServe server and/or the MediaAgent do not have direct access to the internet and have the http proxy configured, make sure to configure the http proxy on the CommServe server and MediaAgent Client or Client Group. For more information, see Configuring an HTTP Proxy for a Server Group.

×

Loading...