Preparation for Scanning Commvault
StorageGuard collects configuration data from Commvault by opening an HTTPS and SSH connections to the Commvault proxy and running read-only REST-API calls and commands.
The following table lists the requirements for scanning Commvault systems:
# | Description |
1 | Provide the network name or IP address of the Commvault proxy. |
2 | Provide a user account and password. Note: See suggested procedures below. |
3 | Examples for read-only REST-API endpoints and commands used:
|
4 | Verify that IP connectivity through HTTPS (port 443) is available between the StorageGuard server and the Commvault proxy. |
Creating a User Account for Scanning Commvault
The following suggested methods can be used to create a user account with appropriate privileges:
Procedure for creating a read-only user for the scan:
- Log in to commvault web UI.
- On the navigation bar, search and filter for "security".
- Choose "Users" and click on "Add user" left to the search bar (top right side of the page).
- Choose "Single User" then "Local User" fill the form and click "ADD".
- Click on the newly added user choose "Associated entities" -> "Add association" -> "Entity type" -> "Role" -> "View” -> "ADD" and click "SAVE”.
NOTE: Running read-only SNMP & Audit Trail API's requires elevated rights. It's recommended to grant these rights to enable StorageGuard to perform a comprehensive risk analysis however it is not mandatory. Whether these rights are granted or not, StorageGuard will only run read-only APIs and commands.
Procedure for creating a user with elevated rights for read-only SNMP & Audit Trail API (Optional):
- Log in to commvault web UI.
- On the navigation bar, search and filter for "security".
- Choose "Roles" and "Add role".
- Name the role. Under "permission" search for "global", check the boxes of "View" & "Administrative Management", check the box "Visible to all" and click "ADD".
- Choose "Users" and click on "Add user" left to the search bar (top right side of the page).
- Choose "Single User", then choose "Local User", fill the form and click "ADD".
- Click on the newly added user, choose "Associated entities" -> "Add association" -> "Entity type" -> "Commcell" and write the Commcell name -> Select the custom role created earlier -> "ADD" and click "SAVE".
- Click on "Entity type” -> "Role" -> Select the custom role created earlier -> "ADD" and click "SAVE".
Comments
0 comments
Please sign in to leave a comment.