Loading...

Client Computer Groups - Online Help

The following sections provide context-sensitive help information related to this feature.

General

Use this dialog box to create a new client group or to add and remove clients from  the selected group.

Group Name

From Properties, displays the name of the selected client group. From New Group command, specify the name of the group being created.

Description

Specify any helpful information regarding this group.

Manual Association

Use this option to manually add client computers to the group.

  • All clients

    Displays the clients available within this CommServe.

  • Clients in this group

    Displays clients selected for inclusion in this group.

Automatic Association

Use this option to automatically add existing or new client computers to a client computer group.

  • Create As

    The creator of the client computer group.

    The creator of the smart client computer group must have the following permissions:

    • The Agent Management permission on the client computers that will be automatically added to the smart client computer group.

      If the creator does not have permission on a client, the client is not added to the smart client group even if it meets the criteria defined in the rules. If you create a client group but you do not have the correct permissions, you can assign another user or a user group to be the creator. If you assign a user as the creator, you must enter the user's password.

    • The Change security settings permission is required to add clients to a client group when associations are listed on the Security tab.

    Best Practice: Assign a user group as the creator of the client group. Because the required permissions are at the user group level, the client group is not affected if an individual user is deleted or has permissions removed.

  • Rule Group

    Displays the list of rules used to create a client computer group that adds clients through automatic associations. For descriptions of the available rules, see Rules Available for Smart Client Computer Groups.

    Operators:

    • Contains

      This operator searches for a character, string, word or phrase in the client name or operating system name and list those client computers.

    • Does Not Contain

      This operator searches for a character, string, word or phrase in the client name or operating system name, and inverts the result of the comparison.

    • Is

      This operator is used in exact string comparisons with pattern matching.

    • Is Not

      This operator inverts the result of a string comparisons with pattern matching.

    • Starts With

      This operator is used in character, string comparisons with pattern matching.

    • Ends With

      This operator is used in character, string comparisons with pattern matching.

    • Equal To

      This operator lists the client computers that have specific agent installed.

    • Not Equal To

      This operator inverts the result of a comparison and provides those client computers. The specified condition must be false in order to view the result.

    Values:

    The values you can use in the rule change depending on the matching option you chose from the first column. For example, if you chose Client, you can chose types of clients from the values list.

Create As

Use this dialog box to assign a new creator to a client computer group that uses automatic associations. For more information on the Create As option, see Create As.

Advanced Settings

Use this dialog box to set up additional advanced settings for the client computer group.

Database Agent Authentication

The options below allow you to provide a valid user account to access the SQL Server to perform all operations, such as backup and restore.

  • Override Higher Levels Settings

    Select to override the account settings configured at the Control Panel and Client Group levels for the selected SQL iDataAgent.

  • Use Local System Account

    The Windows account configured to run the Communications Service (GxCVD) service and which is used by the system to perform all operations, including backup, restore and browse.  By default, this is the Local System Account.

  • Impersonate User

    Select to enter a user name and password for the Windows User Account that has permission to perform all operations, including backup, restore and browse. The account must already be set up on the client and must have Local administrator privileges and be a member of the SQL sysadmin fixed server role for the instance.

  • User Name

    Use this space to type the name of the Windows user account that will have permission to execute the desired commands.

  • Password

    Use this space to type the corresponding password for the account.

Web Server

Displays the Web Server computers that you can associate to the client computer group. Search operations of content indexed data will be processed by the selected Web Server.

Enable CvAccounts SSO Login

Use this option to setup single sign-on (SSO) between Web Consoles in the client computer group.

  • CvAccounts SSO Login URL

    Use this option to define the Web Console that is the identity provider (IdP). When you access Web Consoles that are part of the single sign-on (SSO) client group and you are not logged on, you are redirected to the IdP Web Console to log on. After you log on, you are returned to the Web Console you first accessed, and you can access any Web Console that is part of the SSO client group without logging on again.

SLA

These options allow you to configure the time range for the SLA (Service Level Agreement) percentage that appears in dashboards and reports. The formula used to calculate SLA is: Number of Clients that Met SLA / Total Number of Clients. A client meets SLA when all of its subclients and databases are protected by at least one successful full, incremental, differential, or log backup job during the specified time range. A client misses SLA when there are no successful jobs run during the specified time range.

  • Use CommCell level settings

    Allows you to specify that the CommCell level setting will be used. This is the default setting.

  • SLA for last N Days

    Allows you to specify the time range for calculating SLA for the clients in this client group.

  • Exclude from SLA

    Allows you to exclude all of the clients in this client group from SLA calculations in dashboards and reports.

Quota Limit

Set a quota in gigabytes to limit the size of data that is backed up for a client computer group. When the quota is exceeded, backup jobs are placed in a waiting state and are tagged with an error code and error description: Client group capacity quota is exceeded.

Activity Control

Data Management and Recovery Activity

Use this dialog box  to enable or disable data management and data recovery operations on selected client computer group.

  • Enable Backup

    Specifies whether Backups will occur from this client computer group.

  • Enable Restore

    Specifies whether Restores will occur from this client computer group.

  • Enable Data Aging

    When selected, data aging operations are allowed on the Client or Client Group. When cleared, data aging operations are skipped on a client or client group, and:

    • The Enable after a Delay button is displayed next to this operation activity. Use the button to specify the date and time when data-aging operations on a client or client group can begin on the CommCell.

Firewall Configuration

Use this dialog box to configure firewall settings for the selected CommCell entity, which can be a CommServe, MediaAgent, client computer or client group.

Configure Firewall Settings

Select this option to configure firewall settings on the client or client group that you selected.

If you configure firewall on a client group, all the clients that are associated with the client group will inherit the firewall configurations that you set on the group. The clients that are part of the client group will display a note indicating that firewall is inherited from the client group.

Remember: If a client is inheriting the firewall settings from a client group, you do not need to select the Configure Firewall Settings check box. However, you can select the option if you want to configure additional (or different) firewall settings on the client.

Use the following options to establish connectivity to and from CommCell entities separated by a firewall.

By default, the firewall properties at the CommCell level only display the Advanced options.

Basic

Select this option to quickly configure direct tunnel connection or proxy connection between the selected CommCell component and the CommServe or MediaAgent.

Use the following tabs to specify the type of firewall configuration:

Advanced

Select this option to configure any type of connection route between the CommCell components (entities) to establish connectivity across the firewall.

Use the following tabs to provide the firewall configuration details:

CommServe Connectivity

Visible when Firewall Configuration is set to Basic. Use this tab to select the type of firewall configuration between the selected CommCell component and the CommServe.

This Computer is

Specifies whether this computer is in the same network as the CommServe.

  • Always in the same network as CommServe

    Click to specify that this computer connects directly to the CommServe (no firewall between them). CommCell services of this computer and the CommServe can directly communicate.

  • Always outside of CommServe network

    Click to specify that this computer will always connect to the CommServe from a remote site. This option allows you to configure direct tunnel connections and proxy connections.

  • May travel outside of CommServe network

    Click to specify that this computer will occasionally connect to the CommServe from a remote site. This option is recommended for laptops and other mobile devices that routinely move in and out of the network.

    When connecting to the CommServe, this option will first attempt to establish a direct connection (same CommServe network scenario). If it fails, the direct tunnel connection or proxy will be used.

When connecting from outside

Available when This Computer is is set to Always outside of CommServe network or May travel outside of CommServe network. Sets the type of firewall configuration that this computer will use to connect to the CommServe.

  • Open tunnel directly to CommServe

    Click to enable this computer to connect to the CommServe through a direct tunnel connection. By default, the CommServe will use port 8403 to receive connections from the computer.

  • Use remote proxy

    Click to enable this computer to connect to the CommServe using a proxy.

MediaAgent Connectivity

Visible when Firewall Configuration is set to Basic. Use this tab to select the type of firewall configuration between the selected CommCell component and its associated MediaAgent.

This Computer is

Indicates whether this computer is in the same network as the MediaAgent.

  • Always in the same network as MediaAgent

    Click to specify that this computer connects directly to the MediaAgent (no firewall between them). CommCell services of this computer and the MediaAgent can directly communicate.

  • Always outside of MediaAgent network

    Click to specify that this computer will always connect to the MediaAgent from a remote site. This option allows you to configure direct tunnel connections and proxy connections.

  • May travel outside of MediaAgent network

    Click to specify that this computer can connect to the MediaAgent from a remote site. This option is recommended for laptops and other mobile devices that routinely move in and out of the network.

    When connecting to the MediaAgent, this option will first attempt to establish a direct connection (same CommServe network scenario). If it fails, the direct tunnel connection or proxy will be used.

When connecting from outside

Available when This Computer is is set to Always outside of MediaAgent network or May travel outside of MediaAgent network. Indicates the type of firewall configuration that this computer will use to connect to the MediaAgent.

  • Open tunnel directly to MediaAgent

    Click to enable this computer to connect to the MediaAgent through a direct tunnel connection.

  • Use remote proxy

    Click to enable this computer to connect to the MediaAgent using a proxy.

Incoming Connections

Visible when Firewall Configuration is set to Advanced. Use this tab to add or modify the connection status of remote clients or client groups that cannot open direct connections to this CommCell component.

Entity

Displays the list of clients or client groups (entities) that cannot open direct connections or can open connections only on restricted ports to this CommCell component (see Restricting or Blocking Connections).

State

Indicates the type of connection from the client or client group.

Actions

  • Add

    Click Add to add a client or client group. This opens the Connections to dialog box.

  • Edit

    Select a client or client group, then click Edit to change the details.

  • Delete

    Select a client or client group, then click Delete to remove it from the list.

Incoming Ports

Visible when Firewall Configuration is set to Advanced. Use this tab to specify the port numbers for incoming communication. Network TCP Port Requirements provides a list of incoming ports.

Tunnel HTTP/HTTPS Port

  • Listen for tunnel connections on port

    Specifies the port on which the incoming tunnel connections are received.

Additional Open Ports

Specify additional ports or range of ports that are open for incoming connections to facilitate faster data transport.

From

The starting number in the range of ports that are open.

To

The ending number in the range of ports that are open.

  • Add

    Click Add to include the additional ports.

  • Delete

    Select a port or range of ports, then click this button to remove them from the list.

Outgoing Routes

Visible when Firewall Configuration is set to Advanced. Use this tab to define the connectivity type and port numbers that are open for outgoing communication from this CommCell component.

Remote Entity

Displays the list of remote clients or client groups that are only reachable through a firewall.

Route Settings

Displays the outgoing route to reach the remote client or client group.

  • Add

    Click Add to add outgoing route to reach a remote client or client group. Provide the details in the Route Settings dialog box.

  • Edit

    Select a remote client or client group and click Edit to change the route settings.

  • Delete

    Select a remote client or client group and click Delete to remove it from the list.

Options

Visible when Firewall Configuration is set to Advanced. Use this tab to configure additional firewall configuration options.

Keep-alive Interval, seconds

The interval for sending keep-alive packets, to maintain the session if backup traffic has an extended pause.

Tunnel Init Interval, seconds

The interval at which tunnel initialization must be attempted.

Default Outgoing Tunnel Protocol

This option sets the outgoing tunnel protocol for any route that uses a proxy to communicate with a locked-down CommServe host, when installing a software components onto a client for which there is no applicable entry on the Outgoing Routes tab to specify a protocol.

Force SSL authentication in incoming tunnel connections

Select this option to force all incoming tunnel connections to use HTTPS protocol. Communication between other CommCell components will be authenticated through Secure Socket Layer (SSL).

Bind all services to open ports only

Select this option to bind all services to the list of incoming ports configured for the client using TCP/IP filtering.

This computer is in DMZ and will work as a proxy

Select this option to designate this computer as a proxy computer for CommCell communications through firewall.

Force per-client certificate based authentication

Visible only when This computer is in DMZ and will work as a proxy is selected. Selecting this option prevents clients that do not have certificates from communicating with a locked-down CommServe host through this computer when it is acting as a proxy. If this option is selected, you will have to generate a temporary authentication certificate to install new clients through the proxy. For more information, see Enforcing Authentication of Client Certificates during Installations, and Renew a Revoked Certificate in a Locked Down CommCell.

Roaming client

Select this option to designate a client computer as roaming client. The roaming feature intelligently determines the best route for the client to communicate with the CommServe computer. This is useful for clients that constantly change their geographical location, such as laptop clients.

When the option is selected, the client will try to reach the CommServe computer directly, without the use of firewall routes (outgoing routes are bypassed). If the CommServe computer cannot be reached, the client will continue to use the configured firewall routes.

Network Proxy Settings

These settings are visible when configuring a CommCell. They allow you to configure third-party port mappings.

  • Access GUI Server (EvMgrS) via following proxy

    Select this option to enable port 8401 on the CommServe computer.

    • Remote Proxy lists the proxy computers that you can use to access the CommServe.
    • Port Number specifies a local port used by the proxy computer which will be mapped to port 8401.
  • Access Web Server via following proxy

    Select this option to enable port 81 on the computer where the Web Server is installed.

    • Remote Proxy lists the proxy computers that you can use to access the Web Server.
    • Port Number specifies a local port used by the proxy computer which will be mapped to a dynamic IIS port.
  • Access Reports via following proxy

    Select this option to enable port 80 on the CommServe computer.

    • Remote Proxy lists the proxy computers that you can use to access the Report database.
    • Port Number specifies a local port used by the proxy computer, which will be mapped to a dynamic IIS port.
  • Access Custom Reports Engine via following proxy

    Select this option to specify the proxy through which this Web Console instance communicates with the Custom Reports Engine.

    • Remote Proxy lists the proxy computers that provide access to the Custom Reports Engine service.
    • Port Number specifies the port the Web Console will use to access the Custom Reports Engine (commonly running on the Web Server). This is a local port on the computer hosting the Web Console that is mapped to the Web Server.

Summary

This tab displays a summary of the firewall configuration created using the other tabs. This tab is not available at the client group level.

Network Throttle

Enable Network Throttling

Select this option to enable network throttling.

Remote Clients or Client Group

Here you select the entities (groups and clients) whose traffic will be throttled when communicating with the group or client you are configuring.

All clients share allocated bandwidth

Select this option to enable all clients in this client group to share allocated bandwidth.

Throttling Schedule

Displays the scheduled job for network throttling.

  • Add

    Click to create a new schedule.

  • Modify

    Click to modify the schedule.

  • Delete

    Click to delete the schedule.

Additional Settings

Use this dialog box to set additional settings for the selected component. Additional settings are advanced options that can be used to perform troubleshooting and other environment specific configurations. Additional Settings can be added to the following CommCell entities:

  • CommServe
  • MediaAgent
  • Clients
  • Client Groups
  • Users (CommServDB.Console settings only)
  • User Groups (CommServDB.Console settings only)
  • Domains (CommServDB.Console settings only)

Note: In a clustered environment, you must specify the additional settings on the physical nodes (client computers), and not on the cluster server.

Additional settings created for this component are displayed in this dialog box.

  • Name

    Displays the name of the additional setting.

  • Category

    Displays the relative location of the additional setting in the instance (from the registry key tree).

  • Type

    Displays the additional setting value type. For example, the value can be an integer or a string.

  • Value

    Displays the value of the additional setting. Depending on the type, could be numerical, a character string or a boolean value.

  • Enable

    Displays whether the additional setting is currently enabled or not.

  • Defined in

    Lists the CommCell entity where the additional setting is defined.

Add

Click to add a new additional setting.

Edit

Select an additional setting and click Edit to modify it.

Delete

Select an additional setting and click Delete to remove it.

User Preferences (Client Computer Group Filter)

Use this dialog box to set your viewing preferences for the Client Computer Group node in the CommCell Browser.

Show Unlicensed with software (Restore only Clients)

Displays Restore-only clients in the CommCell.

Show Unlicensed without software

Displays those clients that have been deconfigured in the CommCell.

Show Virtual Server Discovered Clients

Displays Virtual Server Discovered clients in the CommCell.

Show EDC Discovered Clients

Displays EDC Discovered clients in the CommCell.

Show Outlook/Lotus Notes Add-in Clients

Displays the Outlook/Lotus Notes Add-in clients in the CommCell.