All rights reserved. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice. Device Streams Copy-based Encryption Vault Tracker Enterprise

Author:Goltibar Molrajas
Language:English (Spanish)
Published (Last):16 January 2006
PDF File Size:16.9 Mb
ePub File Size:15.59 Mb
Price:Free* [*Free Regsitration Required]

All rights reserved. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners.

All specifications are subject to change without notice. Device Streams Copy-based Encryption Vault Tracker Enterprise List and describe the prescribed means to secure and access the CommCell Management Interface.

Understand the purpose for CommCell User Group and how they are created and managed. Create a CommCell User group with capabilities and associate it to an Object for administration. List and describe common CommCell Management Interface settings and options for basic administration tasks.

To be independent and applicable to all operating systems, a CommCell User has no association with users and security of the host operating system. Using Java Web Start, which allows access to the CommCell console remotely via any computer running a supported platform with a java-enabled platform. This allows remote CommCell Console sessions to be active, so multiple users can access the CommServe simultaneously.

Web-based During the installation of the CommServe component - if the Internet Information Server IIS is installed and running on the same host - you are offered an option to configure the CommServe for web administration. If the CommServe computer does not have IIS installed, or was not configured for web administration during installation, you can at anytime enable local web administration or.

User Administration - 11 configure web administration via an alternate IIS host. Once configured for web administration, any java enabled browser can be used to access the Java applet and perform remote administration. The web-based version of the CommCell Console has the same appearance and functionality as the installable CommCell Console Java application. There are no host or network privileges assigned. Passwords assigned to the CommCell User account can be aged to provide for periodic password changes to prevent long-term brute force hacks.

When a username is entered with a domain name, the CommServe Server automatically recognizes that the password information must be authenticated by the external domain server. When enabled for an associated AD domain. To bypass Single Sign On in order to login as a different user, click Cancel at the CommCell Login prompt window and enter the alternate username and password. Outlook User CommCell authentication is required for end-users using the DataArchiver Outlook Add-In to perform advanced message recovery operations such as find recoveries and browse recoveries from Outlook.

Once the key is enabled, refresh the CommCell Console. This group is automatically created with associations to all CommCell objects. If necessary, change this configuration in the User Group Properties General dialog box. Once Single Sign-On has been configured, then Outlook users may perform find and browse recoveries of archived messages without the need to enter CommCell authentication credentials. Using this approach, a CommCell administrator can provide users with the exact capabilities they are required.

These requirements can vary, depending on the tasks each user needs to perform. A CommCell administrator can also restrict the CommCell objects that a user can view, by restricting the CommCell objects that a user's member user group has an association with. Each group can be assigned one or more capabilities necessary to perform needed tasks.

The group is then associated with objects on which these tasks may then be performed. Users derive their ability to perform tasks on objects by membership in a group. Multiple associations are possible. As such, both an External and CommCell user can be members of multiple CommCell User groups with different capabilities and managed object association.

Capabilities are privileges that allow users to perform a variety of functions within a CommCell. These functions include performing data protection, data recovery, and administration operations, such as license administration and administering user accounts.

When assigning capabilities to a CommCell User group, the capabilities you assign should match the functions you want the users of that CommCell User group to perform within the CommCell.

CommCell Objects are levels in the CommCell that a user group can be associated with. CommCell User groups must be given permissions to these objects. CommCell object associations enable members of a group to perform operations on a specific object. The nature of those operations depends on the capabilities assigned to the group.

If an object, such as a client computer or higher level object is not associated with a given CommCell User group, then the users of that group cannot perform any operations involving that client computer. Each of these objects support specific functions within the CommCell. Two default and two permanent groups exist. Users who are not members of the View All group can only see those objects, jobs, and events to which their CommCell User Group s have been associated.

By default, new users are automatically added to the View All group. This default characteristic can be changed in the Security tab of the CommCell level properties page.

Configuration No special configuration is required to use the command line interface. The commands are integrated with the software, and are therefore available on all computers which have any CommServe, Media Agent, or Agent software installed. In order for the commands to function, the Galaxy Commands Manager service should be up and running on the CommServe. This service is installed by default with the CommServe and is responsible for handling command line requests.

Log in Sessions Using the Qlogin command you can start a single user login session on a component host. This removes the need to log in for every command window or shell instance. Once logged in, the authorized session remains valid until you explicitly log out using the Qlogout command. User Administration - 19 Encrypted password Starting a command line session requires an encrypted password.

The -p argument of the qlogin command provides for this purpose. You can obtain this encrypted value by saving any supported operation i. This creates the qlogin string and encrypted password for the user that is currently logged on to the CommCell Console. You can then copy and reuse the encrypted password from that script in other scripts. Since the CommServe does allow remote administration via the Web, IIS security must also be managed to prevent unauthorized access.

Host administrators should restrict executable access to this directory to minimize local brute force attacks against the CommCell using the CommCell Console login prompt. Restricting access to Web Administration While having web administration capability provides a degree of freedom for the administrators and users to log in from any java-enabled browser, it could expose the CommCell to unwanted login attempts.

IIS Administrators need to apply appropriate security controls such as requiring domain access first or restricting what systems can access the web administration site. CommCell Console access from outside a firewall can be limited by restricting this port. Once access to CommServe is allowed, CommCell security limits task execution and resource visibility of validated CommCell Users via CommCell User Groups with assigned functional capabilities and associated object management.

Using Computer Client Groups A client computer group is a logical grouping of client computers that serves as a single CommCell object in which selected options can apply to all member clients.

Hence, the need to configure options for individual clients is minimized once those clients are members of the group. A task configured for a client computer group will affect all the clients within the client computer group, e. Client Computer Groups allow an administrator to scale down the CommCell Browser navigational requirements and manage multiple clients at the same time.

A client can be a member of multiple groups. For example, an Exchange server may be a member of the Chicago site group and also a member of the Exchange Server groups. All clients within the CommCell User group and any clients added to the group can be managed by member users of the CommCell User Group.

Administrators can control multiple clients in a logical grouping with a single activity control. The greatest advantage to Client Computer Groups lies in the area of reporting and alerts. Scheduled reports and alerts can be created for each client group. As clients are added or removed from the CommCell or group, there is no need to revise the report or alert. The standard Mail Server Port is 25 but has been know to change for security reasons in some companies.

The support for separate IIS hosts for Books Online and Reports is based upon expressed customer security requirements for distinct access ability and separation. Alternate JAVA capable web browsers for viewing reports are supported. By default, 10, events are logged and the most recent are displayed. A max of events can be configured for display in the User Preference applet.

However, the more events selected for display, the longer the CommCell Console takes to initiate, and the more memory is required to maintain the CommCell Console session.

Note that during Event Log search action, all 10, events are included regardless of how many events are initially displayed. Obviously, updating many CommCell Consoles displays can impact performance.

While the database growth rate is low, the impact of having insufficient disk space can be severe. Events are generated and sent to the Event viewer when the database disk space is below the defined Information, Minor, Major, and Critical thresholds.

The Disk Space Low alert, if configured, is only generated when the CommServe Database disk space falls below the defined Critical threshold. Changes to the Database Space Check Interval take effect immediately. User Preferences User preferences are configurable for each user login session and are retained for subsequent sessions.

Reports Microsoft Internet Explorer is the default browser used to view reports. You are able to change the browser to any other preferred browser i. In an environment where most jobs are performed off hours and alerts or reports are used for monitoring the results, reducing the display time can improve GUI performance.

In an active environment, limiting the displayed events to major and critical, or just critical can clear the display of unnecessary information and improve GUI response times.

Window Settings 7. The configuration of the three primary windows — CommCell Browser, Job Controller, and Event Viewer can be saved for subsequent sessions. Automatic Update Configuration The Automatic Update feature allows for quick and easy installation of updates in your CommCell, ensuring that the software is up-to-date. This feature includes a cache for holding update packages.


Assign SQL SysAdmin Role Workflow

This variety gives you many options for how your backups work, but it can be confusing to understand all the different possibilities for what can be configured and who can restore data. Commvault supports all of these use cases and is very flexible - it can back up virtual machines either through VMware directly or with software installed in the system. Full-system backups are performed within VMware. It is possible to use both VM-based and file-based backups on the same VM, though this is only useful in special circumstances. Note that in some of these cases, some data would have double backups at additional cost. These are not generally offered by UCBackup, but may be available - in general, UCBackup will allow them but not support them - you are on your own for setup and management.







Related Articles