> CommCell Console > CommCell Management > CommServe Administration > Securing the CommServe Computer > Increasing Backup Data Security from Ransomware > Data Isolation and Air Gapping

Air Gapping

You can air gap isolated data by severing communication with the machine that contains or manages the data.

Air gapping can be achieved by using one of the following methods:

  • Use VM power management to automatically shut down a MediaAgent virtual machine when not in use.

  • Create blackout windows on storage targets or network devices using scripts and workflows.

Air Gapping Using VM Power Management

You can air gap by using VM power management to shut down a MediaAgent virtual machine automatically when not in use.

For more information, see Cloud MediaAgent Power Management.

Air Gapping Using Blackout Windows

You can create an air gap by creating blackout windows on isolated resources (for example, a MediaAgent) using scripts. When blackout windows are not in effect, the resources are brought back online. This air gapping method can be used on any storage target or network device.

Procedure 1: Starting and Stopping Outbound Connections to a MediaAgent

You can start and stop outbound connections to a MediaAgent using a one-way topology, in order to create an air gap.

  1. Create a blackout window to control when you want connections established on the MediaAgent.

    For more information, see Blackout Window.

  2. Use commands to turn services on and off, as follows:

    • For Windows, do the following:

      • Create a task schedule that runs the following command to stop services at the beginning of the blackout window:

        <Path to Commvault Base Directory>\gxadmin -stopsvcgrp “All” -console

      • Create another task schedule that runs the following command to start services at the end of the blackout window:

        <Path to Commvault Base Directory>\gxadmin -startsvcgrp "All" -console

    • For UNIX, do the following:

      • Create a cron job that runs the following command to stop services at the beginning of the blackout window:

        commvault -all stop

      • Create another cron job that runs the following command to start services at the end of the blackout window:

        commvault -all start

Procedure 2: Starting and Stopping a Network Gateway to Create an Air Gap

You can use the Airgap workflow to start or stop network gateway proxies to create an air gap. This workflow can be scheduled to run at the beginning of the auxiliary copy blackout window to stop the gateway machines and at the end of the blackout window to start the gateway machines.

For more information, see Starting or Stopping a Network Gateway to Create an Air Gap.

Virtual Air Gap Using Commvault Cloud Air Gap Protect

You can create a virtual air gap using Commvault Cloud SaaS storage called Air Gap Protect storage (for more information, see Air Gap Protect).

Since connections to Commvault Cloud SaaS storage rely on authenticated APIs once data is written to the them, there are no persistent connections to the storage, thus reducing the chance of infection by a potential threat.

Using Commvault Cloud Air Gap Protect as a virtual air gap has a further advantage, since credentials are not provided and there is no direct access to the storage accounts.

×

Loading...