Copy of Network Topologies - Commvault Command Center

Network topologies provide a simplified template to deploy network route configurations to CommCell^® components. There are three network topology groups to configure: One-Way, Two-Way, or Via Proxy. Once the simplified topology is configured, advanced network route settings remain available at the client group and client levels to further configure settings if desired.

To use network typologies, client computers groups must be created first.

Network topologies for client computer groups:

For One-Way Network Topology

• Infrastructure Client Group
• DMZ Client Group

For Two-Way Network Topology

• Client Group 1
• Client Group 2

For Proxy Network Topology

• Trusted Client Group 1
• Trusted Client Group 2
• Proxy/DMZ Group

One-Way Network Topology Groups

• Infrastructure Client Group – The clients in the client groups can be the CommServe server, MediaAgents, or client components. By default, there is a system created computer group called Infrastructure that can be leveraged for network topologies. When creating a network topology, the Infrastructure Client Group has restricted communication on a specific port with the DMZ Client Group.

• DMZ Client Group – These are the systems located in the untrusted networks, such as the DMZ. When implementing the network topology, the DMZ Client Group has blocked communication with the Infrastructure Client Group.

One-Way Network topology client computer groups

Two-Way Firewall Topology Groups

• Client Group 1 – These are the systems on the first side of the firewall. When implementing the network topology, Client Group 1 has restricted communication on a specific port with Client Group 2.
• Client Group 2 – These are the systems on the other side of the firewall. When implementing the network topology, Client Group 2 has restricted communication on a specific port with Client Group 1.

Two-Way Network topology client computer groups

Proxy Network Topology Groups

• Trusted Client Group 1 – These are the clients that are using the proxy to reach the Trusted Client Group 2 on the internal network. It has restricted communication on a specific port with the Proxy/DMZ Group but has blocked communication with the Trusted Client Group 2.
• Trusted Client Group 2 – These are your CommCell^® components such as the CommServe^® server and the MediaAgents. By default, there is a system created computer group called Infrastructure that can be leveraged for network topologies. When creating a network topology, the Trusted Client Group 2 has restricted communication on a specific port with the Proxy/DMZ Group but has blocked communication with the Trusted Client 1.
• Proxy/DMZ Group – These are the systems that acts as proxies in the DMZ to relay any communication between Trusted Client Group 1 and Trusted Client Group 2. When creating a network topology, the Proxy/DMZ Group has blocked communication with both the Trusted Client Group 1 and Trusted Client Group 2. By default, there is a system created Proxy Clients group. Any system that are defined to act as proxies are automatically associated with this group.

Proxy Network topology client computer groups

Configure a Network Topology

Before configuring a topology, create the required server groups if needed. You can then launch the network topology configuration wizard.

Automatic Tunneling

Since service pack 15, the network configuration is easier than ever. The Commvault^® components communicate using the traditional communication port and dynamic ports. If the system notices that the dynamic ports are blocked and therefore unavailable, it automatically encapsulates data transfers through a tunnel port. There is no need to configure any network topologies in Commvault^® software.

The only requirement is that the communication port (8400) and tunnel port (8403) are opened and accessible between the components.

Automatic tunneling requirements