Loading...

Network: CommCell Network Requirements

Table of Contents

Overview

All the computers in a CommCell instance (CommServe, MediaAgent, and client) must be connected through a TCP/IP network. The guidelines on this page ensure that each computer can resolve the names of other CommCell computers.

Domain Name System (DNS) Environment

A DNS environment provides a centralized means of resolving computer names into their corresponding IP addresses. Refer to your operating system documentation for information on how to establish and manage your DNS.

Multi-Homed CommCell Computers

A multi-homed computer is one that has two or more network interface cards (NICs). To ensure correct name and IP address resolution for a multi-homed CommCell computer, each NIC in it needs its own unique name in the DNS.

For example, assume a CommCell computer named amber, having fully qualified host names of amber1.company.com and amber2.company.com. This example computer has two NICs, assigned these two IP addresses:

  • 150.128.4.78
  • 150.128.6.32

To ensure that both interfaces can be resolved, you could define these unique names in your DNS:

  • amber1.company.com 150.128.4.78
  • amber2.company.com 150.128.6.32

If a computer name resolves to multiple IP addresses, the software uses the first IP address that it resolves. However, if that first IP address becomes unreachable, the software will not be able to reach the computer using the other IP addresses in the list. In such a scenario, we recommend creating a hosts file that includes all the computer's reachable IP addresses.

WINS or Other Non-DNS Environment

If your network does not have DNS lookup or some other name resolution facility, the CommServe manager will provide the names and IP addresses of all the members in the CommCell group. The fully qualified computer name and IP address of the CommServe computer are stored in the hosts file of each CommCell client. The hosts file in the CommServe computer, in turn, stores the fully qualified computer name and IP addresses of all the members in the CommCell, thereby providing the lookup facility to all the members in the CommCell group. Depending on the operating system on your computer, the hosts file is located in one of the following directories:

  • On a Windows computer, the hosts file is located in system_root\system32\drivers\etc directory. (system_root is the Windows installation directory on your system.)
  • On a computer with a Unix operating system, the hosts file is located in the /etc/inet directory.

During installation of each CommCell member, the install program attempts to resolve the name of the CommServe to an IP address. If the resolution fails, the installation prompts you to enter the IP address of the CommServe computer.

Correct name-to-IP address resolution is essential for reliable network communications.

Reverse Lookup

Prior to performing any installation, confirm that the hostname and fully qualified domain name are reachable from the CommCell network, and that the IP addresses and host names resolve correctly by the DNS System.

Computers in a network use the Domain Name System to determine the IP address associated with a host/domain name. This process is also known as forward DNS resolution. Reverse DNS lookup is the inverse process, that is, resolving an IP address to its associated host/domain name. For network communication to work reliably and efficiently, forward and reverse IP address-to-host name resolution must work correctly.

If reverse DNS lookup is not enabled on a client computer, it will not be able to communicate with the remote computer using its host name.

Use these steps to perform a reverse lookup on an IP address:

  1. Log on to the client computer as an Administrator.
  2. Click Start, and then click Run.
  3. In the Open box, type cmd, and then click OK.
  4. From the command prompt, run:

    nslookup remote_computer_ip_address

    Example:

    C:\>nslookup 172.16.1.244

    Server: ingpdc01.gp.cv.company.com

    Address: 172.16.2.27

    Name: faraday.gp.cv.company.com

    Address: 172.16.1.244

In the above example, the first two lines returned show the server that provided the domain name, and that server's IP address. The next two lines shows the host name associated with the IP address that you passed to nslookup, and that host's IP address.

If the DNS service is not running on the setup, the above command returns one of these error messages:

  • No Response from Server
  • Timed Out
  • No Records
  • Server Failure

Enabling Reverse Lookup

Use these steps to enable Reverse DNS lookup on a client computer:

  1. Log on to the computer as an administrator.
  2. In the Windows Control Panel, locate the LAN connection, open its status dialog box, then click Properties.
  3. Select Internet Protocol Version 4 (TCP/IPv4), then click Properties.
  4. If you have a DHCP server in your network environment, confirm that Obtain DNS server address automatically is selected.
  5. If your network environment does not include a DHCP server, select Use the following DNS server addresses and enter these values:
    1. In the Preferred DNS server box, enter the IP Address of the DNS server.
    2. Optional: In the Alternate DNS server box, enter the IP Address of an alternate DNS server.
  6. Click Advanced.
    1. Click the DNS tab.
    2. Select Append these DNS suffixes (in order).
    3. Click Add, and in the Domain Suffix box, enter the domain suffix, then click Add. Repeat this step for each DNS suffix, being careful to observe order if required.
    4. Click OK or Close repeatedly until you have returned to the Network and Sharing Center dialog box, then close it, too.

If the DNS is not configured or not supported, the client computer will not be able to perform IP/name resolution, and will not be able to communicate with the remote computers by using the host names. You can overcome this temporarily by adding the IP addresses and the fully qualified domain names in the hosts file of the client computer. Adding hosts file entries is not the best solution, since they create communications control points that may impact other server operations, and are difficult to maintain and manage. They should be used only as temporary solutions until the larger network or DNS issues can be resolved.

You can use these steps to add entries to the hosts file of the client computer with a Windows operating system:

  1. Log on to the computer as an administrator.
  2. Click Start > Run.
  3. In the Open box, type drivers, and then click OK.
  4. Double-click the etc folder, then open the hosts file with a text editor.
  5. On one line, enter the IP address, fully qualified domain name, and host name of the remote computer, formatted as shown in the examples below. Add each entry on its own line. Save the hosts file after adding the entries.

    Example:

    172.32.63.5 dbwin1.idclab.loc dbwin1

    172.14.127.14 dbwin2.idclab.loc dbwin2

To enable reverse lookup on a remote computer, repeat these steps on the remote computer, adding the IP address of the client computer to the hosts file of the remote computer.

For more information, see: http://technet.microsoft.com/en-us/library/cc780585(WS.10).aspx

For a Unix computer, the entries should be added to /etc/hosts.

IPv6 Requirements

CommCell computers can operate using these Internet Protocol (IP) versions:

  • IPv4 on all Windows and Unix computers. By default the software uses IPv4, so no additional configuration is needed.
  • IPv6 as stated in the IPv6 Support section.

    The next sections describe how to configure CommCell components to function using IPv6.

    The CommServe computer requires IPv4 to obtain permanent licenses.

    However, the CommServe computer can have IPv4 and IPv6 protocols enabled on the same network interface.

    Also, if the client computers in the CommCell instance use IPv6 protocol, the CommServe and MediaAgent computers must also use the IPv6 protocol.

IPv6 Support

IPv6 is not supported for:

  • 1-Touch recovery of clients
  • Command Line Interface operations
  • Content Indexing and Search
  • Data Classification on Unix platforms
  • Unix computers running HP-UX 11.00

Also, consider that:

  • IPv6 support for AIX may require use the of /etc/hosts for IPv6 name resolution.
  • IPv6 support for HP-UX 11.11 requires the installation of the Transport Optional Upgrade Release (TOUR) 2.5 and OS patch PHCO29328.
  • For Linux computers, only varieties with a glibc of 2.3 or 2.4 are supported with IPv6.
  • For Solaris computers, only Solaris 9 and above are supported with IPv6.
  • For Windows computers, only Microsoft Windows Server 2003 varieties and above are supported with IPv6.
  • The Optimize for Concurrent LAN Backups option is not supported for AIX MediaAgents using the IPv6 protocol.

Configuring IPv6 for Windows Computers

These sections describe how to enable IPv6 on Windows computers.

Enabling IPv6 Support During Software Installation

Follow these steps before installing software components on a CommCell computer in an IPv6 environment.

Note: These steps must be performed on each computer in the CommCell group prior to installing any software components on them.

  1. Open the registry editor.
  2. Navigate to the following location:

    Windows

    HKEY_LOCAL_MACHINE\SOFTWARE\GalaxyInstallerFlags

    Unix

    /etc/CommVaultRegistry/

  3. Create the nOverridePreferredIPFamily DWORD key.
  4. Set the value as:
    • 0 for IPv4 and IPv6 support
    • 1 for IPv4 support only
    • 2 for IPv6 support only
  5. Close the registry editor for the changes to take effect.

Enabling CommCell Communication Using IPv6 After Installation

Use this procedure to configure CommCell computers in an IPv6 environment after installing the software.

Note: These steps must be performed on each computer in the CommCell instance after the software is installed.

  1. Open the registry editor.
  2. Navigate to the following location:

    Windows

    HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance\Session

    Unix

    /etc/CommVaultRegistry/Galaxy/Instance/Session/.properties

  3. Create the nPreferredIPFamily DWORD key.
  4. Set the value as:
    • 0 for IPv4 and IPv6 support
    • 1 for IPv4 support only
    • 2 for IPv6 support only
  5. Close the registry editor.
  6. Restart the NetApp services.

Configuring IPv6 for UNIX Computers

The following sections describe how to enable IPv6 on Unix computers.

Enabling IPv6 Support During Software Installation

Run this command to enable IPv6 during installation.

This step must be performed on each computer in the CommCell, prior to installing the software.

cvpkgadd -display-interface-family nPreferredIPFamily

Examples:

Use this command to apply both IPv4 and IPv6 support:

cvpkgadd -display-interface-family 0

Use this command to apply IPv4 support:

cvpkgadd -display-interface-family 1

Use this command to apply IPv6 support:

cvpkgadd -display-interface-family 2

Enabling CommCell Communication Using IPv6 After Installation

Use these steps to operate CommCell computers in an IPv6 environment after installing the software.

Note: These steps must be performed on each computer in the CommCell group once the software has been installed.

  1. From the CommCell Browser, expand Client Computers.
  2. Right-click the client > Properties > Advanced.
  3. Click the Additional Settings tab, then click Add.
  4. In the Name field, type nPreferredIPFamily.
  5. In the Value field, type 0 for IPv4 and IPv6 support, type 1 for IPv4 support only, type 2 for IPv6 support only.
  6. Click OK repeatedly until all dialog boxes are closed.
  7. Restart the NetApp services.

Enabling IPv6 for the CommCell Console

Running the CommCell Console as a Stand-Alone Application

By default, the CommCell Console always obtains an IPv4 address if the CommServe has both IPv4 and IPv6 protocols enabled.

To connect using an IPv6 address, add this parameter to the java/javaw command:

-Djava.net.preferIPv6Addresses=true

From the command line:

Open the command prompt, navigate to software_installation_directory/GUI, and run this command:

"C:\Program Files\Java\jre_version\bin\javaw.exe" -jar cv.jar commserve_host_name 8401 -oemid=1 -Djava.net.preferIPv6Addresses=true

where you replace commserve_host_name with your CommServe computer's host name, and the path to the Java file matches your installation. jre_version is the current version of the Java Runtime Environment software on your CommServe host.

From the SnapProtect application shortcut on your desktop:

Right-click the shortcut, then click Properties. From the Shortcut tab, add the -Djava.net.preferIPv6Addresses=true parameter to the Target field:

"C:\Program Files\Java\jre_version\bin\javaw.exe" -jar cv.jar commserve_host_name 8401 -oemid=1 -Djava.net.preferIPv6Addresses=true

where commserve_host_name is replaced with your CommServe computer's host name, and the path to the Java file matches your installation. jre_version is the current version of the Java Runtime Environment software on your CommServe host.

Running the CommCell Console as a Remote Web-Based Application

If you are running the CommCell Console as a remote web-based application, by default, you will always obtain an IPv4 address.

To run the CommCell Console as a Remote Web-Based Application in an IPv6 environment, the web alias must include either the IPv6 address, or a host name that resolves to the IPv6 address.

Enabling IPv6 for Macintosh Clients

By default, the software installation program will not display IP addresses that are not reverse-resolvable to a host name in the interface list.

To display such IP addresses, create this empty file prior to installing the software on the client:

/tmp/cvpkgadd_unlock_ipaddress

Configuring IPv6 for OnePass

Configuring IPv6 for Hitachi HNAS (BlueArc) File Server

If  OnePass for Hitachi HNAS (BlueArc) is installed on a computer using the IPv4 protocol and the File Share Archiver Client is installed on a computer using the IPv6 protocol, follow the steps given below to ensure that the connectivity between the two computers is not disrupted during stub recalls:
  1. From the CommCell Browser, expand Client Computers.
  2. Right-click the client, then click Properties > Advanced.
  3. Click the Additional Settings tab and then click Add.
  4. In the Name field, enter nPreferredIPFamily.
  5. In the Value field, type 0 for IPv4 and IPv6 support, type 1 for IPv4 support only, type 2 for IPv6 support only.
  6. Click OK repeatedly until all dialog boxes are closed.

Best Practices:

Note: The File Share Archiver Client computer may crash with a blue screen during stub recalls. This may happen when Celerra File Server has been configured as an additional resource for Hitachi HNAS (BlueArc) File Server where the File Share Archiver Client is using the IPv6 protocol and the service handling offline file restores is disabled or shut down.

Therefore, we recommended to ensure that the services handling stub file restores are running for File Share Archiver Client using the IPv6 protocol before it attempts to access the stub files on a Celerra file server.

Configuring IPv6 for NetApp File Server

FPolicy with NetApp ONTAP is not supported with IPv6 on Microsoft Windows Server 2008 platforms. Use the following steps to perform stub recalls in an IPv6 environment:

  1. From the CommCell Browser, expand Client Computers.
  2. Right-click the client, then click Properties > Advanced.
  3. Click the Additional Settings tab, then click Add.
  4. In the Name field, enter nPreferredIPFamily.
  5. In the Value field, type 0 for IPv4 and IPv6 support, type 1 for IPv4 support only, type 2 for IPv6 support only.
  6. Click OK repeatedly until all dialog boxes are closed.

Network TCP Port Requirements

TCP ports can be statically or dynamically assigned. SnapProtect software uses them as follows:

  • Static Ports

    Several services used by the software listen for incoming network traffic on predefined network ports. The CommServe system, MediaAgents, and iDataAgents within the CommCell group communicate with each other through these ports. Essential CommServe services are automatically assigned registered, static port numbers during installation. MediaAgents, iDataAgents, and other software components can use the same default static port numbers, or any static port numbers specified during installation.

    Default Static Ports

    The software registers these ports by default, for the services listed:

    Service Port Number Protocol
    NetApp Communications Service (GxCVD, found in all CommCell computers) 8400 TCP
    NetApp Server Event Manager (GxEvMgrS, available in CommServe) 8401 TCP
    NetApp Firewall (tunnel HTTP/HTTPS port) 8403 TCP
    Binding Services to Static Ports

    The operating system normally binds certain services to static ports, but some of these you can manually bind to static ports. Services that can be bound to static ports include:

    Service Name in Process Manager
    CMDLINE_SERVICE Commands Manager Service
    RecallService Client Manager Service
    AppManagernetwork access Application Manager
    MediaManager Media & Library Manager
    CvMountdServer Media Mount Manager
    JobManager Job Manager

    The name of the setting for each service is built from the service name and the IP family you are setting it for. The general format for each Additional Setting name is FIXED_servicename_ipfamily, where:

    • FIXED_ is literal
    • servicename is the name of the service
    • _ is literal
    • ipfamily is either v4 for IPv4 or v6 for IPv6

    For example, to set the port for CvMountdServer for IPv6, use the setting name FIXED_CvMountdServer_v6.

    To add this setting to a client, follow the procedure given in Add or Modify an Additional Setting, using these values:

    Name   The name of the setting, as described above.
    Category Session
    Type INTEGER
    Value The static port number for the service, in the range 0 to 65535.
  • Dynamic Ports
  • Dynamic ports are opened and closed by the running SnapProtect software as required to permit certain types of transient traffic.

    The GxCVD service dynamically uses free ports between 1024 and 65535 for communication during data protection and data recovery jobs. The system dynamically assigns a number of free ports to be used by each job to allow parallel data movement. Once the job is finished, if no other job is pending, the dynamic ports are released.

    Network TCP port requirements remain the same whether the IPv4 or IPv6 protocol family is used. Dynamic port range assignment can be restricted by using Binding Services to Open Ports.

    If you want to assign a static port to a service that is normally assigned a static port by the operating system, see Binding Static Ports to Services.

SQL Server Ports

The default instance of a SQL server listens for incoming network traffic using static ports (1433 and 1434). But named instances, such as those used by this software, are configured by default to listen for incoming network traffic using dynamic ports. If a SQL Server instance is configured to listen for network traffic using dynamic ports, the instance will obtain an available port from the operating system and create an endpoint for that port. Incoming connections must then request that port number in order to connect to the software.

You have the option of configuring named instances to use static ports. For instructions, see Microsoft's TechNet article, Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager). If you do configure static ports for SQL Server, be sure to configure your firewall to allow TCP on port 1433 and UDP on port 1434.

Since a dynamic port number can change each time SQL Server launches, the SQL server software provides the SQL Server Browser Service to monitor ports and direct incoming network traffic to the current port used by the default instance. This capability ensures that all port traffic between the SQL Server and the software can be traced at any given time, which is especially useful in network troubleshooting scenarios.

Changing this behavior manually may require additional configuration changes to the DSN (data source name) settings installed by the software. Therefore, we recommended that this behavior not be changed unless absolutely necessary.

Multi Instancing

Multi Instancing requires that each instance of the same agent (for example, the SQL Server iDataAgent) or MediaAgent have a unique set of static TCP port numbers assigned. For more information, see Considerations for Multi-Instance Installations.

Clusters

For a given cluster server, the MediaAgent, agent, or other software component installed on every physical node in a cluster that is configured to host that cluster server must have the same port numbers configured. If, for example, you have a cluster server named VS1, and three physical computers configured to host VS1, all three computers must have the same Network TCP port numbers configured for the network interface used by VS1. For greater detail, consider this example:

  • Node A is configured to host cluster server VS1. Instance001 has the Informix iDataAgent installed to protect Informix data on VS1. During install, Port 8502 was specified for the Communications Service (CVD).
  • Node B is also configured to host VS1. Instance003 has the Informix iDataAgent installed to protect Informix data on VS1. During the Agent install, Port 8502 must be specified for the Communications Service (CVD) to match the Network TCP port number configuration of Node A.

Firewall Ports

For CommCell components to communicate across a firewall, the network TCP port numbers you select must be configured on your firewall. This specifically includes tunnel ports and additional ports.

Tunnel Port: This is the incoming port number through which the CommServe receives tunnel connections. Port 8403 is the default for SnapProtect software, but it can be configured to another port number. To determine what the incoming connections port has been set to, see Setting up Incoming Ports on the CommServe and MediaAgent, the step that sets Listen for tunnel connections on port.

Additional Open Ports: You can speed up data transfer for components that handle it (such as MediaAgent or File System iDataAgent), by opening additional ports on the firewall, and configuring them as open in this dialog. Specify the range of ports in the Additional open ports area, in the From and To fields. Click Add to add the ports. To remove a port from the listing, select the port and click Delete. The ports must be within the range of 1024 - 65000. Ensure that the ports specified here are not used by other applications.

For more information on additional open ports, see Optimizing Backup and Restore using Additional Ports.

Considerations

  • When specifying Network TCP port numbers, it is essential to choose Network TCP ports that are unassigned and unused. The software requires the ability to open the same ports across when the operating system or applications are restarted, and these ports must not be in use by other resources. All effort should be made to ensure that no other resource expects the specified ports to be open, as a port conflict will cause an application failure.
  • When specifying a Network TCP Port Number other than 8400 for a MediaAgent's Communications Service (GxCVD), which may be necessary when more than one instance of the MediaAgent is installed on a computer, bear in mind that clients with an earlier release may not be able to communicate through that port. Therefore, when specifying a non-default port number in such cases, you should ensure that all clients using the MediaAgent support the Multi Instancing feature, and non-default network TCP port numbers.

Changing Port Numbers

Use this procedure to change network port numbers for a client or a MediaAgent after installing the software.

Important: The CVD port should not be changed on a CommServe. Use this procedure only on a MediaAgent or client computer.

  1. Stop the services on the client or MediaAgent computer. See Stopping a Service on Windows.
  2. Set the port number through which the GxCVD service communicates. The number must be unique (not used by any other service), and between 1000 and 65535.

    Follow the steps given in Add or Modify an Additional Setting, using these values:

    Name nCVDPORT
    Category Session
    Type Integer
    Value port_number
  3. If the client or MediaAgent is from a previous SnapProtect version, set the port number through which the GxClMgrS service communicates. The number must be unique (not used by any other service), and between 1000 and 65535.

    Follow the steps given in Add or Modify an Additional Setting, using these values:

    Name nEVMGRCPORT
    Category Session
    Type Integer
    Value port_number
  4. Start services again on the client or MediaAgent computer. See Starting a Service.

Post-Upgrade Considerations for Firewall

After upgrading the CommServe, MediaAgent and client computers, perform these steps:

  1. Configure firewall settings for the CommServe, MediaAgent and client computers by following the procedures explained in the Firewall - Getting Started pages.

    Push Firewall configuration for the CommServe, MediaAgent and all clients.

    If you need to configure multiple client computers, see Configuring Firewall on Multiple Clients Simultaneously.

  2. After configuring the new firewall settings described above, follow the steps outlined in Optimizing Backup and Restore using Additional Ports for enhancing data throughput.
  3. If the clients had V8 firewall configurations, you must delete the V8 firewall files from the clients by using one of the following methods:
    • Preferred Method: Download and run the Delete V8 Firewall Files from Clients workflow.

      For instructions, see Delete V8 Firewall Files from Clients.

    • Alternative Method: Delete the firewall files by running specific commands.

      Follow the instructions for the operating system of your clients:

      Windows
      Run the FirewallConfigDeprecated.exe tool located in the software_installation_path/Base folder on the CommServe, MediaAgent and client computers.
      Remove the client computer name from the old firewall configuration files.

      UNIX
      Run the config_fw_deprecated command in the opt/software_installation_path/Base/ folder.

      If you have problems running the command, delete the following files manually:

      • FwHosts.txt
      • FwPorts.txt
      • FwPeers.txt