Loading...

Network Router in the Cloud for Global Repository Cell (GRC): Remote CommServe

A Remote CommServe is one of two CommServe hosts that can communicate using a network router (a SnapProtect proxy) placed in the perimeter network (which is logically in the cloud). To set up this feature, you create pseudo clients, then configure the SnapProtect firewalls to communicate through the router that you have placed in the cloud.

Creating the Pseudo Clients

  1. From the CommCell Console for the remote CommServe host, right-click Client Computers > New Client > File System > Windows.
  2. Enter the Client Name and Host Name for the proxy computer, then click Next.
  3. Review the Summary information, then click Finish. A pseudo client for the proxy computer now appears under Client Computers. (Its gray icon indicates that it is a pseudo client.)
  4. Right-click Client Computers > New Client > File System > Windows.
  5. Enter the Client Name and Host Name for the datacenter CommServe host, then click Next.
  6. Review the Summary information, then click Finish. A pseudo client for the datacenter CommServe host appears under Client Computers.

    Once you have completed the setup procedures, the remote CommServe host communicates with the datacenter CommServe host using the proxy computer.

Configuring the Firewalls

After creating the two pseudo clients, configure the SnapProtect firewalls between each pseudo client and the Remote CommServe by following this procedure:

  1. Right-click the proxy_client > Properties > Network.

  2. On the Firewall Configuration tab, select Configure Firewall Settings > Advanced. Read the warning and click OK.
  3. On the Incoming Connections sub-tab, click Add.
    1. In From, select the datacenter_CommServe.
    2. In State, select RESTRICTED.
    3. Click OK.
  4. Click Add again.
    1. In From, select the remote_CommServe.
    2. In State, select RESTRICTED.
    3. Click OK.
  5. Click the Incoming Ports sub-tab and review the port number in the Listen for tunnel connections on port box. This port will be used for communication between the proxy client and the datacenter CommServe host. Change it if necessary.
  6. (Optional) If you need more than the one port in Listen for tunnel connections on port , enter a From port number (and a To port number if you are adding a range of ports), then click Add. Repeat this until all required ports are listed under Additional open ports.
  7. Click the Options tab, then select This computer is in DMZ and will work as a proxy.
  8. If required, change these default values:
    • Keep-alive Interval, seconds: 600
    • Tunnel Init interval, seconds: 30
    • Default Outgoing Tunnel Protocol: Regular
  9. Click OK repeatedly until you have closed all dialog boxes.
  10. Under Client Computers, right-click the remote_CommServe > Properties > Network.
  11. On the Firewall Configuration tab, confirm that Configure Firewall Settings is selected.
  12. On the Incoming Connections sub-tab, click Add.
    1. In From, select the proxy_client.
    2. In State, select BLOCKED.
    3. Click OK.
  13. Click Add again.
    1. In From, select the datacenter_CommServe.
    2. In State, select BLOCKED.
    3. Click OK.
  14. Click the Outgoing Routes tab, then click Add.
    1. In Remote Group/Client, select the proxy_client.
    2. Click OK.
  15. Click Add again.
    1. In Remote Group/Client, select the datacenter_CommServe.
    2. For Route Type, select Via Proxy.
    3. Select the proxy_client from the Remote Proxy list, then click OK.
  16. Under Client Computers, right-click the datacenter_CommServe > Properties > Network.
  17. On the Firewall Configuration tab, select Configure Firewall Settings.
  18. Click Add.
    1. In From, select the proxy_client.
    2. In State, select BLOCKED.
    3. Click OK.
  19. Click Add.
    1. In From, select the remote_CommServe.
    2. In State, select BLOCKED.
    3. Click OK.
  20. Click the Outgoing Routes tab, then click Add.
    1. In the Remote Group/ Client list, select the proxy_client.
    2. Click OK.
  21. Click Add again.
    1. In the Remote Group/ Client list, select the remote_CommServe.
    2. For Route Type, select Via Proxy.
    3. In the Remote Proxy list, select the proxy_client.
    4. Click OK.
  22. Under Client Computers, right-click the remote_CommServe , then click All Tasks > Push Firewall Configuration.