Advantages of using Commvault WorkFlow

 

I created too many important workflows on Commvault. The use cases where I used workflows are as follows:

  • Repetitive restore tests,
  • Conditional backup that makes some operations before it,
  • Create snapshots and mount snap disks to hosts from Hitachi, EMC, and HPE storages.
  • They have been working without problems for years. So, I would like to talk about the advantages of using a Workflow.

First of all, the biggest advantage is the central management. Usually, snap scripts are distributed on different folders in different management servers. You can find them in “Task Scheduler” or “Crontab” if you are a little bit clever and lucky. But, it is a big deal in some environments. Also, the second deal is to find related files and figure out connections. If you use Commvault Workflow, all authorized employees can find and change scripts easily. And, to understand and see the big picture is very easy. You need a little time ( maybe minutes) to understand. On the other hand, in normal scripts, it can take hours, maybe days.

Read More


Protect Commvault Disk Libraries from Ransomware

To protect disk libraries from Ramsomware, you can activate Ramsomware Protection on properties of Commvault Media agent

http://documentation.commvault.com/commvault/v11/article?p=features/disk_library/t_enable_ransomware_mediaagent.htm

Another important feature, you can get alert if commvault backed up encrypted ransomware files

http://documentation.commvault.com/commvault/v11/article?p=features/disk_library/r_ransomware_protection.htm


Security Tips for Storage and Backup Admins

1. EMC Networker: Change “remote access” option *@*  on every client” –> http://sysarticles.com/emc-networker-security-exploit-that-remote-access/

2. Veritas Netbackup: Remove No.Restrictions file –> http://sysarticles.com/security-expolit-on-netbackup-no-restrictions/

3. EMC VMAX: Change default password of SMC user in unisphere (take snapshot or backup before changing. If you would get “Failed to authenticate user.” error, there is no way to fix except restore or reinstall. And, If you reinstall unisphere you will loose performance database. There is a trick to not get this error.)

4. EMC VPLEX: Change default passwords of VPLEX. Default passwords of VPLEX is already complex, but anyone can find default passwords of service, admin and root users in the documents.

5. Commvault: Activate Ransomware Protection –> http://documentation.commvault.com/commvault/v11/article?p=features/disk_library/t_enable_ransomware_mediaagent.htm


Security expolit on Netbackup (No.Restrictions)

Sometimes we or some consultants put No.Restrictions file in “INSTALL DIR\netbackup\db\altnames” directory, this option  makes our work easier. But it is a security risk, because of every netbackup client on the your network can restore data from any other clients. So, anybody can restore data of your important servers, then they can lookup and/or copy your important datas. To close this security exploit, you must delete the file No.Restrictions.


EMC Networker security exploit that “Remote access”

If you didn’t care when you installed EMC networker software, some consultants enter an option *@* for every client, this means that every networker client on the your network can restore data from any other clients. So, anybody can restore data of your important servers, then they can lookup and/or copy your important datas.

Read More