English en
2022E (11.28)

Deploying a Commvault Network Proxy Appliance

Updated

On this page

Deploy the Network Proxy Appliance as a VM on VMware vCenter. The appliance performs the following functions:

  • Acts as a network proxy for all backup traffic from a tenant network into the backup management network.

  • Configures itself as a remote software cache that stores agent packages and maintenance releases. This configuration enables the appliance to support remote installation of client software from the CommServe system into guest machines in the tenant network.

Before You Begin

  • Before deploying the Network Proxy Appliance, install the latest available feature release for Commvault on the CommServe host and Virtual Server Agent.

  • Use the latest available version of the Network Proxy Appliance template.

  • To verify the version of VMware software that is required to support this feature, see System Requirements.

  • Before deploying the appliance, define a client computer group that can be used to identify the proxy DMZ group for the tenant network.

    If there are multiple tenant networks, create a client computer group for each tenant and deploy a Network Proxy Appliance for each tenant. When you deploy the appliance and enter the Client Group Name during deployment, the client for the appliance is added to the group automatically when the appliance is deployed and powers on.

    Note: You might need to close and reopen the CommCell Console to refresh the client computer group listings.

  • Virtual machine requirements on the ESX server where the Network Proxy Appliance is deployed:

    • Deployment uses 4 GB of RAM

    • Deployment uses 2 vCPUs

    • Disk requirements: 1 disk with 100 GB (thin or thick provisioned)

  • The virtual machine requires 2 network interface cards (NICs). Verify that network communication is enabled so that the VMware servers, the CommServe system, and the machine where the Network Proxy Appliance is deployed can communicate with each other.

  • The virtual machine runs CentOS 7.4.

  • If a firewall is used, see Entering Required Firewall Settings.

  • The virtualization client must refer to a vCenter user with permissions defined as described in User Accounts.

  • The following vSphere permissions are required to enable deployment or reconfiguration of a Network Proxy Appliance:

    Category

    Available Permissions

    vApp

    Import

    vApp

    vApp application configuration

    vApp

    vApp instance configuration

  • The following Commvault permissions must be assigned for the CommServe user account in the CommCell Console:

    Category

    Permission

    Usage

    Global

    Administrative Management

    Enables the CommServe user (identified as CS User Name below) to deploy the Network Proxy Appliance in the CommServe system.

    Client

    Agent Management

    Enables the Network Proxy Appliance to be added to a client computer group.

Considerations

After deploying the Network Proxy Appliance, download and install maintenance releases for the installed feature release.

Procedure

  1. Go to Cloud Services, log in, access the Download Center, and select Media Kits > Virtual Appliance. Download the most recent Network Proxy Appliance package, and save it to a location that is accessible from the vCenter.

  2. In vSphere, click the File menu and select Deploy OVF Template.

    The Deploy OVF Template wizard launches and displays the Select source page.

  3. Browse to the location where the Network Proxy Appliance template file is located and select that file.

  4. Click Next.

    The Review details page provides summary information for the OVF template, including the download size and the size on disk.

  5. Optional: Enter a description for the appliance.

  6. Click Next.

    The Select name and folder page appears.

  7. Enter a name for the virtual machine (for example, VM_CVNetworkProxyAppliance).

  8. Select a vCenter folder where the virtual machine can be deployed.

  9. Click Next.

    The Select a resource page appears.

  10. Select a data center and ESX server.

  11. Click Next.

    The Select storage page appears.

  12. Select the virtual disk format.

  13. Select a storage policy.

  14. Select a datastore that has at least 100 GB of available space.

  15. Click Next.

    The Setup networks page appears.

  16. In the Destination columns, select the management and tenant networks.

  17. Click Next.

    The Customize template page appears.

  18. Enter the following information to configure the deployed VM and register it with the CommServe system:

    • CS Configuration:

      • CS Client Name: Short name for the CommServe system.

        This entry is case sensitive, and must match the top-level node in the CommCell Browser.

      • CS Hostname: Host name or IP address for the CommServe system. This entry is case sensitive.

      • CS User Name: User name for the CommCell Console.

        The user account must have admin and agent installation privileges for the CommCell Console.

      • CS Password: Password for the CommCell Console user.

    • Client Configuration:

      • Client Name: Short name for the virtual machine (for example, VM_CVNetworkProxyAppliance).

        This name is used for the client computer entry for the appliance in the CommCell Browser.

      • Client Hostname: Host name or IP address for the client.

        The CommServe system uses this name to reach the VM. Enter a value if the VM has a static IP address and the hostname is already defined.

        If you do not enter a value, the IP address of the management network is used as the host name.

      • New root password: Password for the root user of the virtual machine.

        Make a note of the password.

      • Client Group Name: Name of a client computer group to include the Network Proxy Appliance. The name is case sensitive.

        The client group is used to associate a network topology for the appliance.

      • Automatic OS updates: Select this option to enable automatic OS updates.

        By default, automatic updates are applied daily for security updates. To make changes after the appliance has been deployed, see Modifying the Security Level.

    • IP Configuration: For each management and tenant network, select DHCP or provide the static IP address, netmask, and gateway. If you enter a static IP address, provide a gateway for only one of the networks.

      Note: The following fields need to be entered when the Network Proxy Appliance is being deployed using a static IP address, or with DHCP if there is a possibility that the DHCP server in your environment provides incorrect or incomplete DNS information. The fields below override any DNS configuration that is obtained from the DHCP servers.

      • Mgmt ntwk: Use DHCP: Select this option or enter values for the Static IP Address, Netmask, and Gateway.

      • DNS Search Suffix: Identifiers for domains to be supported. You can enter multiple search suffixes separated by whitespaces.

      • Name Server 1: IP address for the primary name server.

      • Name Server 2: IP address for the secondary name server.

      • Tenant ntwk: Use DHCP: Select this option or enter values for the Static IP Address, Netmask, and Gateway.

    • Firewall Configuration: Indicate whether the CommServe system is behind a firewall and enter values for Option 1, Option 2, or Option 3:

      • Is CS behind a firewall?: Select this option if a firewall is enabled on the CommServe system.

      • [Option 1] CS f/w tunnel port (client can connect to CS): Enter the tunnel port number the client can use to open a connection to the CommServe system.

      • [Option 2] Client f/w tunnel port (CS can connect to client): Enter the tunnel port number the CommServe system can use to open a connection toward the client.

      • For Option 3, enter all of the following values:

        [Option 3] Proxy Hostname (CS reachable via proxy)

        [Option 3] Proxy Clientname (CS reachable via proxy)

        [Option 3] Proxy Port number (CS reachable via proxy)

      • If an HTTP proxy is used for communication between the CommServe host and the Network Proxy Appliance, provide the following information:

        HTTP Proxy Hostname

        HTTP Proxy Port

  19. After verifying the information, click Next.

    The Ready to Complete page appears.

  20. Review the deployment options and click Finish.

Note: If you still experience connection issues after deployment, you can also add fully qualified host names and IP addresses for the Network Proxy Appliance and the CommServe system to the /etc/hosts files for both machines to ensure that both systems can resolve host names locally.

What To Do Next

Perform the following additional tasks:

  1. From the CommCell Console, right-click the CommServe node and choose All Tasks > Add/Remove Software > Software Cache Configuration, and then verify that the client for the appliance is listed as a remote software cache. Before performing any remote installations, download and sync the latest feature release, and then verify that the Package Status for the cache is Valid.

    For more information, see Software Cache Configuration (Remote Software Cache).

  2. Create a new client computer group that includes all machines in the tenant network that have Commvault packages installed.

    You can define rules to add client computers to a smart group automatically.

  3. Create a network topology configuration to ensure that each client computer on the tenant network can access use the tenant network IP address to access the management IP address by using the appliance as a gateway.

    For more information, see Setting Up Network Gateway Connections Using a Predefined Network Topology.

  4. To install Commvault packages on remote computers, see Installing Commvault Remotely Using the CommCell Console. Use the remote software cache on the appliance when performing remote installs.

Creating your PDF

Your PDF is being created and will be ready soon.

We can send you a link when your PDF is ready to download.