English en
2022E (11.28)

Configuring One-Way Network Communication from Tenants (Self-Service Deployments)

Updated

On this page

In most multi-tenant configurations, tenant networks use RFC 1918 addressing with Network Address Translation (NAT) to connect to a service provider services network. You must configure Commvault to route all client communications over a one-way tunnel from the tenant network towards the CommServe system (port 8403) and associated infrastructure.

This is a one-time setup task that applies to all tenants automatically.

With this configuration, tenant infrastructure can have overlapping IP addressing without affecting backup and recovery services.

To configure Commvault to accept only incoming connections from tenant infrastructure, create server groups for the tenant and the service provider, and then create a Commvault network topology based on the underlying network design. The following steps create the following server groups:

  • MSP.IO - Infrastructure

  • Network - All tenant_name Infrastructure

    where tenant_name is the name of the tenant.

Procedure

  1. From the navigation pane, go to Manage > Server groups.

    The Server groups page appears.

  2. Add the service provider infrastructure group:

    1. Click Add.

    2. Name the group MSP.IO - Infrastructure.

    3. Select Manual association.

    4. From the Servers list, select all servers that reside in the MSP restricted (non-tenant) network space.

    5. Click Save.

  3. Add the tenant infrastructure group:

    1. Click Add.

    2. Name the group Network - All tenant_name Infrastructure, where tenant_name is the name of the tenant.

    3. Select Automatic association.

    4. Click Add rule.

    5. From the Select rule for list, select Package Installed.

    6. From the Which matches with list, select any in.

    7. From the Values list, select File System Core.

    8. Click Save.

    9. Click Add rule.

    10. From the Select rule for list, select Associated client group.

    11. From the Which matches with list, select not equal to.

    12. From the Values list, select MSP.IO - Infrastructure.

    13. Click Save.

    14. Click Add rule.

    15. From the Select rule for list, select Company Client Provider Associations.

    16. From the Which matches with list, select equal to.

    17. From the Values list, select the tenant company.

    18. Click Save.

    19. Click Preview and verify that all tenant servers are listed.

      The list should not include the CommServe system.

    20. Click Save.

  4. Create the network topology:

    1. From the navigation pane, go to Manage > Network.

    2. Click the Network Topologies tile.

      The Network topologies page appears.

    3. Click Add topology.

    4. In the Name box, enter Ensure one-way traffic from tenants.

    5. From the Client type list, select Servers.

    6. From the Topology type list, select One-way.

    7. From the (1) Servers list, select the Network - All tenant_name Infrastructure server group.

    8. From the (2) DMZ Servers list, select the MSP.IO - Infrastructure server group.

    9. Click Save.

      The Network topologies page appears.

  5. From the Actions column for the network topology you just created, select Push configuration.

Creating your PDF

Your PDF is being created and will be ready soon.

We can send you a link when your PDF is ready to download.