Commvault®

Professional
Advanced
Student Guide
Module 1 – Deployment

Page 1 of 106 11.26.2

Copyright
Information in this document, including URL and other website references, represents the current view of Commvault
Systems, Inc. as of the date of publication and is subject to change without notice to you.
Descriptions or references to third party products, services or websites are provided only as a convenience to you and
should not be considered an endorsement by Commvault. Commvault makes no representations or warranties, express
or implied, as to any third-party products, services or websites.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious.
Complying with all applicable copyright laws is the responsibility of the user. This document is intended for distribution to
and use only by Commvault customers. Use or distribution of this document by any other persons is prohibited without the
express written permission of Commvault. Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Commvault Systems, Inc.
Commvault may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering
subject matter in this document. Except as expressly provided in any written license agreement from Commvault, this
document does not give you any license to Commvault’s intellectual property.
COMMVAULT MAKES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE INFORMATION
CONTAINED IN THIS DOCUMENT.
©1999-2023 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the "C hexagon” logo,
Commvault Systems, Solving Forward, SIM, Singular Information Management, Commvault HyperScale, ScaleProtect,
Commvault OnePass, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor,
VaultTracker®, InnerVault, Quick Snap, QSnap, IntelliSnap, Recovery Director, CommServe, CommCell, APSS,
Commvault Edge, Commvault GO, Commvault Advantage, Commvault Complete, Commvault Activate, Commvault
Orchestrate, and CommValue are trademarks or registered trademarks of Commvault Systems, Inc. All other third-party
brands, products, service names, trademarks, or registered service marks are the property of and used to identify the
products or services of their respective owners. All specifications are subject to change without notice.
Confidentiality
The descriptive materials and related information in the document contain information that is confidential and proprietary
to Commvault. This information is submitted with the express understanding that it will be held in strict confidence and will
not be disclosed, duplicated or used, in whole or in part, for any purpose other than evaluation purposes. All right, title and
intellectual property rights in and to the document is owned by Commvault. No rights are granted to you other than a
license to use the document for your personal use and information. You may not make a copy or derivative work of this
document. You may not sell, resell, sublicense, rent, loan or lease the document to another party, transfer or assign your
rights to use the document or otherwise exploit or use the Manual for any purpose other than for your personal use and
reference. The document is provided "AS IS" without a warranty of any kind and the information provided herein is subject
to change without notice.

©1999-2023 Commvault Systems, Inc. All rights reserved

Page 2 of 106 11.26.2

Page 3 of 106 Module 1 - Deployment
Course Overview

Page 4 of 106 11.26.2

Commvault Education Career Path

The Commvault platform provides capabilities and functionality for the performance, security, compliance, and economic
benefits of a holistic data management strategy. The key concepts covered in this first step learning module highlight the
core features of the platform. To realize the full value of these features, Commvault provides multiple levels of education
and certification for users at all levels.

Page 5 of 106 Module 1 - Deployment

Commvault Certification

Commvault's Certification Program validates expertise and advanced knowledge in topics, including Commvault
Professional, Engineer and Expert technologies. Certification is a valuable investment for both a company and the IT
professional. This program provides certification based on a career path, and enables advancement based on an
individual’s previous experience and area of focus.

Page 6 of 106 11.26.2

Cloud Resources

Go to http://cloud.commvault.com for resources to help you manage and maintain your Commvault environment.
Download Center – lets you download feature releases, hot fixes, and binaries for new installations.
Forms and Store – allows new features and components like workflow or custom reports to be downloaded and
installed into an existing installation. Commvault regularly releases updates to product. In addition to new features
and functionality, Commvault may retire some components or features.
Documentation – provides a link to Commvault’s technical documentation site
For the new customer, the Quick Start section of the documentation site guides you through steps to review prerequisites
and steps to install and configure Commvault components.
The documentation site is divided into two sections: Essential and Expert. To view Expert information, you must log into
with your Maintenance Advantage credentials.

Page 7 of 106 Module 1 - Deployment

Page 8 of 106 11.26.2
CommCell® Console Overview

The CommCell console is the interface used to configure and manage the CommCell environment, monitor, and control
active jobs, and view events related to all activities. The console is accessed using local CommCell accounts or by using
Active Directory integrated account authentication.
1. The CommCell browser displays all CommCell components in an easy-to-navigate tree structure
2. Tabbed windows include details of item selected in CommCell browser, Job Controller, and Event Viewer
3. The toolbar provides access to CommCell configuration settings

Page 9 of 106 Module 1 - Deployment

CommCell® Console Browser Window

The browser provides two views: Browser (default) view and Agents. The navigation is hierarchical, and most settings are
customizable.
1. Hierarchical structure showing all CommCell components
2. Select the Agents view to displays a categorized view of agents in the CommCell environment
3. The browser displays all agents categorized by type

Page 10 of 106 11.26.2

Content and Summary Window

1. Content View - Displays detailed information based on what is selected in the CommCell browser window
2. Summary View - Can be selected to display summarized information
o Extended Summary – When specific objects in the browser are selected, the extended summary view
provides greater detail than the summary view
o Feature View – Displays feature related to the selected object

Page 11 of 106 Module 1 - Deployment

Job Controller

The Job Controller provides monitoring functionality for all active jobs within the CommCell environment. Jobs remain in
the Job Controller for five minutes after the job completes, fails, or is killed. The default time jobs are maintained after they
finish and can be modified in User Preferences applet in the Control Panel.
1. Currently active jobs and job status are displayed in the Job Controller
2. Add or apply Job Controller filters if needed
3. Pause and play buttons are used to freeze and unfreeze the Job Controller window refresh, but do not pause the
actual jobs
4. CommCell summary data for all active jobs and streams is displayed here

Page 12 of 106 11.26.2

Event Viewer

All Commvault software related events are reported in the Event Viewer. By default, 200 events are displayed in the event
viewer, but the event log can maintain up to 10,000 events or 7 days of events. These options are configured in the
System Settings applet in the Control Panel.
1. Select the tab for All Events or Focused Events
2. Set a time range for the Focused Events tab
3. These icons indicate job severity
4. The main window displays event details

Page 13 of 106 Module 1 - Deployment

 5. Pause and play buttons to freeze and unfreeze Event Viewer window refresh
6. This is the maximum number of events that will be displayed

Page 14 of 106 11.26.2

Customize the CommCell® Console

Hide the CommCell Browser

The CommCell Browser is hidden by unpinning the browser window. This can free up space in the console to view more
information in the Job Controller and Event Viewer windows. Once hidden, the browser window can be temporarily
displayed by hovering the mouse over the browser tab on the left side of the window. To lock the browser window back,
double-click the pin button on the right side of the browser window.
1. Click CommCell Browser pin
2. Hover over the hidden browser title bar to view browser and click the pin to browser in the window

Page 15 of 106 Module 1 - Deployment

Move Tabbed Windows

Tabbed windows can be rearranged in any order by dragging and dropping the tab. This is beneficial when many windows
are open at the same time.
1. Click and drag the tab to the tab location
2. Tabs are reordered in console

Page 16 of 106 11.26.2

Float Windows

Use float windows for improved visibility and access.

1. Click and drag the tab to an empty space in window
2. Alternatively, right-click the tab > Floating
3. The floating window is not bound to the CommCell Console

Page 17 of 106 Module 1 - Deployment

Customize the Job Controller
The Job Controller is the most effective tool for managing and troubleshooting all active jobs within the CommCell
environment. Fields can be customized.
 Move a field – Click and drag the field to the location in the Job Controller
 Resize the field – Click the outer edge of the field and drag to the correct size
 Sort the field – Click on the field and an arrow on the right side appears. You can sort in order or reverse order
for the field
 Add/remove field – Fields can be added and removed by using the menu arrow in the upper-right corner
 Number of readers in use – displays the number of streams per job that are being used for the operation
Note that the 'readers in use' field only displays a number during the backup phase.
 Current throughput – displays the current throughput in GB per hour
 Priority – displays the job priority for the operation

Page 18 of 106 11.26.2

View Job Details

Each job includes information about the job status, data path, and media usage or job errors.
1. Right-click on the job and select Detail or double-click the job
2. Details for job are displayed here

Page 19 of 106 Module 1 - Deployment

Change Job Status – Single Job Control

1. Right-click the job

2. Choose to suspend, resume, or kill the job
3. For a kill, enter an explanation click Yes to confirm

Page 20 of 106 11.26.2

Change Status – Multi-Job Control

1. [SHIFT + click] or [CTRL + click] to select multiple job

2. Right-click and select suspend, resume, or kill
3. For a kill, enter an explanation click Yes to confirm

Page 21 of 106 Module 1 - Deployment

Change Job Status for Groups of Jobs

1. Right-click in the job controller > Multi-Job Control

2. Choose all jobs or specific jobs
3. Choose to suspend, resume, or kill

Page 22 of 106 11.26.2

Apply Job Controller Filters

1. Click the drop-down to apply an existing filter

2. Click + and select the icon to add, delete, or edit a filter
3. Enter a name for the filter
4. Create one or many rules and add to the list
5. Specify if it is required to meet ALL or ANY of the rules created above

Page 23 of 106 Module 1 - Deployment

Set Job Controller Retention Time

By default, a job remains in the Job Controller for five minutes after it has completed successfully, failed, or was killed by
the administrator.
1. Tools tab > User Preferences
2. Define how long you want to retain jobs

Page 24 of 106 11.26.2

Modify Job Update Intervals

To reduce communication traffic during normal operations, the job status in the Job Controller updates every five minutes.
Unless required for a specific job type, it is NOT recommended to decrease these values as it could have a negative
impact on backup or restore performance. However, in certain situations where job status must be closely monitored, the
update intervals can be modified.
1. Configuration tab > Job Management
2. Select the Job Updates tab to modify protection and recovery operations for different agents

Page 25 of 106 Module 1 - Deployment

Customize the Event Viewer

The Event Viewer window displays events reported based on conditions within the CommCell environment. By default, the
event viewer displays the most recent 200 events. This number can be increased up to 1,000. The event log maintains up
to 10,000 events or 7 days of events.
1. Click to see all events or focused events
2. Set a time range for the Focused Events tab
3. Job severity icons allows to quickly gauge events
4. Event details are displayed

Page 26 of 106 11.26.2

Filter the Event Viewer

The event viewer can be filtered based on the available fields to quickly locate specific events.
1. Click the double down arrow to expand Event Viewer menu
2. Select Filter to enable Event Viewer filtering
3. Filter fields using the drop-down arrow

Page 27 of 106 Module 1 - Deployment

Search Event Log

The event viewer displays up to 1,000 events, but the entire event log can be searched from the event viewer. The default
total number of events retained is 10,000. Search events by time range, severity, and job ID. Common searches can be
saved as a query and run at any time.
1. Right-click in the Events window > Search Events
2. Define search criteria to display all relevant events in the event log
3. Check to save the query to run it as needed
4. Click OK

Page 28 of 106 11.26.2

Set Event Log Retention

By default, the event log retains 10,000 events or 7 days of events. When the event logs reach their upper limit, the oldest
events are pruned from the event logs. These options can be customized.
1. Home tab > Control Panel
2. In the CommCell category > System
3. Set the event retention criteria
4. Modify the Database space check interval
5. Click OK

Page 29 of 106 Module 1 - Deployment

Page 30 of 106 11.26.2
Phases of a Deployment

Installing Commvault software is a straightforward process. However, it is important to note that a full CommCell
deployment must be well-planned and executed. This section presents the high-level steps and best practices for
deploying a CommCell environment.

Page 31 of 106 Module 1 - Deployment

Planning a Deployment

Assess the Current Environment

If there is a backup environment already in place, it is important to collect as much information as possible. This helps to
determine what is currently in place and identify gaps that the new solution must address.
It is also important to decide what will become of the old backup environment. Is there a cutoff date where once the new
system is in place and the old system is decommissioned? Does the old system need to be phased out by keeping the old
hardware for a period of time? Or will the tape library be partitioned between the old and the new systems to allow
restores of old data? Considering all questions ensures a seamless transition of your current backup environment.

Assess Data Protection Requirements

The protection requirements must be properly established for all data types during the planning phase. This includes the
following factors:
 Recovery Time Objective (RTO)
 Recovery Point Objectives (RPO) for systems
 Required retention and copies of the different datasets
To help design the new environment, metrics on the size of datasets requiring protection must also be collected. For
instance, 50TB of virtual machines, 20TB of physical machines, 15TB of SQL databases and so on. This information is
used in the design phase to accurately size CommCell resources. A common mistake is referencing sizing metrics from
the old backup system. Quite often the old backup system, being limited in resources, is not protecting all systems which
require protection.

Page 32 of 106 11.26.2

Design the CommCell Environment
This phase determines what options, features, and protection methods will be used to design and document the new
CommCell environment. Designing a CommCell environment that fits a company's needs is not an exact science. It
requires experience and knowledge of the software and available options.
Options to address in the design:
 CommServe server, hardware requirements, and high availability
 Number and size of MediaAgents and related hardware requirements
 Libraries that will be used (disk, tape, cloud), and related hardware requirements
 Protection agents and methods that will be used (e.g., Virtual Server Agent, SQL agent)
 Storage policies and schedule policies

Procure and Install Hardware

Once the CommCell environment is designed, the next step is to establish hardware requirements of every component
and to procure and install the required hardware. If hardware is missing, determine if the deployment phase should be
postponed. For instance, if a MediaAgent is missing the SSD drives for the Deduplication Database (DDB), it might be
preferable to wait instead of placing the DDB on the C:\ drive. Even if the database can be moved later, it could lead to a
drive that fills up before the SSD drives are received. It can also significantly underperform, therefore impacting backup
performances.

Coordinate with the Change Management Team

Completing any necessary paperwork and following procedures avoids major impacts, such as avoiding a reboot or
inhibiting network usage during peak hours.

Page 33 of 106 Module 1 - Deployment

Download Commvault Software
Installing Commvault software is a straight-forward process. However, it is important to note that a full CommCell
deployment must be well-planned and executed. Components such as the network, hardware, operating systems, and
applications all play a significant role in creating a sound data protection strategy. This section presents the high-level
steps and best practices for deploying a CommCell environment.

Deployment Sequence
 Planning
 Downloading the Commvault software
 Installing the CommServe server and executing post-install tasks
 Installing the MediaAgents and executing post-install tasks
 Configuring storage and deduplication
 Configure solutions
 Apply security
Commvault offers several methods for obtaining the software installation media required for installing a CommCell
environment. The Commvault software installation media is available for download from the Maintenance Advantage
website or from the Commvault Software Cloud Services download center.
The Commvault Maintenance Advantage website or Commvault Cloud website provides the latest version of the
Commvault installation media. Select the Downloads & Packages tile to access the most current software installations
and feature releases or select a previous version.

Download Options
 Resumable Download Manager – Based on the bootstrapper download manager; select the required files from
the list and then click Launch Download Manager at the bottom of the screen.
 Bootstrapper Direct Download – This option reduces deployment time by selecting only the required
Commvault software components and download of installation media.

Page 34 of 106 11.26.2

Download from Maintenance Advantage

1. Click the Downloads tile

Page 35 of 106 Module 1 - Deployment

 2. Click the Software Distribution Kit download icon under to download the media kits including the most recent
feature release
3. Click the Maintenance Release/Hotfix Pack download icon to download the hot fixes that were launched after the
latest feature release

Page 36 of 106 11.26.2

 4. Click to launch the downloader

Page 37 of 106 Module 1 - Deployment

Download from cloud.commvault.com

1. Click the Download Center tile

Page 38 of 106 11.26.2

 2. Click Download for the desired version

Page 39 of 106 Module 1 - Deployment

Run the Setup.exe Command

1. Once the file is downloaded, extract the contents into a directory and run the Setup.exe as administrator
2. Follow the prompts to install the CommCell, MediaAgent, and optional agents

Page 40 of 106 11.26.2

Page 41 of 106 Module 1 - Deployment
CommServe® Server Installation Overview

When deploying Commvault software, it is important to note that every environment is different relative to the available
infrastructure, technology, budget, culture, and requirements of the organization. Whether performing a new installation,
an upgrade, or expanding an existing environment, a good amount of planning should take place prior to installing
Commvault software. The more emphasis put into planning, the more likely the deployment will go smoothly.
 Commvault software must be downloaded prior to installation. Plan for routinely downloading updates and for
uploading log files from the CommServe host. If the CommServe will not have internet access, alternate methods
should be discussed and documented.
 Determine the location for a local and remote software cache. The software cache is a directory where
Commvault updates and software packages are stored. These position the software to be routinely accessible
throughout the organization and are essential for disaster recovery.
 Verify the hardware and system requirements.
 Assess the size of the environment to allow for adequate resource availability for the CommServe server.
o Based on the sizing assessment, determine if the CommServe server will be physical or virtual.
o Determine if the CommServe server needs to be deployed in a clustered configuration for high
availability.
 Ensure the operating system meets the Commvault specifications and patched with updates prior to the
installation.
 Determine if the method of deployment requires additional considerations for Disaster Recovery. For example,
configuring a 'Floating Host Name' for the CommServe server.
 Evaluate additional components such as metrics reporting or if the workflow engine will be installed on the
CommServe server.
 Determine the methods for accessing the CommCell console and/or Commvault Command Center. These are
installed by default along with the CommServe components.

Page 42 of 106 11.26.2

  IIS is required for the Web Server and Web Console and are automatically installed when IIS is enabled on the
CommServe server.
 Although not always required, reboots may be required to complete an installation or update. The organization
may require the changes be implemented after hours.
 Document the firewall and network configurations. Unless performing a decoupled install, all software
components must communicate with the CommServe server during installation.
 Identify any monitoring, security, or anti-virus software that will be installed on the same systems as Commvault
software. Installation and Operations may be blocked, or performance severely degraded by such software. This
can be avoided by applying the appropriate exceptions or filters for the Commvault software in advance.
 Configure service and administrative accounts before the installation. The account type and permissions required
are determined by the components being deployed. A thorough review of the deployment will help determine the
needs.
 For the CommServe server, an account with local Administrator privileges is required for the software installation.
 A password for the CommCell 'admin' account is configured during the installation. This password should be a
complex password and the primary administrator should always use this account when managing the
environment.
 A permanent license file must be applied after the CommServe software is installed. Ensure that any pending
purchase agreements are completed prior to the deployment of the Commvault software.

Page 43 of 106 Module 1 - Deployment

Prepare for Installation

Proper documentation of the CommCell components being installed is essential for a smooth deployment. The following
chart provides a sample of the information that must be obtained for the CommServe deployment. Having this information
in advance will help the deployment go quicker, bring any shortcomings to the surface, aid in verifying site readiness, and
serve as a template for post deployment documentation.

Page 44 of 106 11.26.2

Install the CommServe® Server

1. Accept the license agreement

2. Select to install packages on this computer
3. Select the CommServe package as well as any other required components
4. Define the installation directory for Commvault software
5. If the MediaAgent package was also selected, enter the location for the Index Directory
6. Enter the location where the Microsoft SQL software will be installed

Page 45 of 106 Module 1 - Deployment

 7. Select the folder in which the CommServe Server database will be created. It is recommended to use a dedicated
volume
8. Define the location to store the CommServeDR backup exports. It is recommended to use a network location,
preferably offsite
9. If you plan on using email archiving, check to configure IIS for recalls
10. Define the CommServe server name as displayed in the GUI
11. Provide the host name to use to reach the CommServe server
12. If Windows Firewall is enabled, define if it must be disabled or not
13. During a new install, select Create New Database, or select Use Existing Database during a disaster recovery
or staging scenario

Page 46 of 106 11.26.2

 14. Enter an email address and a password for the built-in admin account
15. Click Finish

Page 47 of 106 Module 1 - Deployment

Software Cache Options
During the installation, the software packages and updates are copied to local disk. This software cache can be leveraged
to push Client Agent software and updates to other servers in the environment. These settings can be changed at any
time.

Cluster Setup Options

If the CommServe server is being installed in a cluster, log into the active node with an administrative account and then
run Setup.exe from the installation media. The Cluster Setup Install Option page is displayed during the installation. After
completing the selections on the active node, it may be necessary to log into the remaining cluster nodes and repeat the
installation process. The installation will apply the missing components to the cluster node.

To assist in troubleshooting installation errors, check the following log:

%allusersprofile%\Commvault Systems\Galaxy\LogFiles\Install.log.
If the error occurs after the summary page, check the installation logs in the Software_Installation_Directory\Log Files
directory.

Page 48 of 106 11.26.2

CommServe® Server Post Installation Tasks
Platform releases and maintenance updates are available for download from the Maintenance Advantage website. They
are also included as automatic updates via the Commvault software update cache process approximately two weeks after
initial availability. Platform releases should be deployed when available.
Additional hotfixes may follow the release of a feature release to address critical issues. The hotfixes, included in
maintenance releases, should also be applied as soon as they are available. Subsequently, if a new platform release or
maintenance release hotfix conflicts with an older installed hotfix, the installation process removes them automatically.
By default, the system creates automatic schedules that download and install updates on Commvault servers, as well as
on clients. These schedules can be modified as needed.

Page 49 of 106 Module 1 - Deployment

Configure the Main Software Cache

1. Tools tab > Add/Remove Software > Software Cache Configuration

2. CommServe Software Cache tab > Browse to specify the local path to store software and updates

Page 50 of 106 11.26.2

Configure a Remote Software Cache

1. Tools tab > Add/Remove Software > Software Cache Configuration

2. Remote Software Cache tab > Add to add the machine used as a remote cache
3. Select the client that will host the remote software cache
4. Click Browse to define the folder in which to store the packages
5. Configure the packages to sync
6. Define clients that will get updated from this cache

Page 51 of 106 Module 1 - Deployment

Populate the Software Cache

1. Tools tab > Add/Remove Software > Download Software

2. Choose the platform release level
3. Click Advanced to open the advanced download and sync cache options
4. Choose agent types to download

Page 52 of 106 11.26.2

Configure Automatic Updates

Automatic update schedules are as follows:

 System Created Download Software – Download the updates automatically in the software cache once a week
if new updates are available.
 System Created Install Software – Automatically install updates on Commvault servers and clients once a week
if required. For instance, many companies have change control procedures in place. Installing updates
automatically on servers might go against these procedures. In this case, the System Created Install Software
schedule can be modified or simply disabled.

Steps for Configuration

1. Right-click the CommServe Server > View > Schedules
2. Indication of schedule that automatically downloads updates in the cache
3. Indication of schedule that automatically installs updates on servers
4. Right-click to edit, disable, or execute immediately

Page 53 of 106 Module 1 - Deployment

Install Updates to the CommServe® Server

1. Tools tab > Add/Remove Software > Update Software

2. Choose the clients or client group
3. Choose either to install immediately or schedule for later

Page 54 of 106 11.26.2

Email Settings

Configure the email server to allow Commvault software to send alert notification or reports by email. If your corporate
mail server is secured, it is important to understand the level of security. Commvault software uses SMTP which must be
allowed on the mail server for the CommServe server IP address. Refer to your software vendor documentation for more
information about SMTP relay and the mail server.
1. Home tab > Control Panel
2. Maintenance section > Email, Web, and FTP Server
3. Enter the email server name
4. Define the SMTP port to use
5. Enter the sender’s name and email address displayed to recipients
6. Click Test Mail to send a test email to the user currently logged in

Page 55 of 106 Module 1 - Deployment

User Accounts and Security
Commvault software uses two types of accounts to login to the CommCell console: Commvault user account or Active
Directory integrated account. When the system is installed, a Commvault administrative account, named 'Admin' is
created. This account has all privileges and permissions in the Commvault software. It cannot be disabled, and its
permissions cannot be modified. This account is used to login to the CommCell environment in case of a disaster of the
domain controller that prevents the use of Active Directory integrated accounts.
Additional accounts and roles can be created to allow users to perform specific tasks in the system. For instance, a role
allowing only backup and restore operations can be created and assigned to the SQL servers and DBA Active Directory
account. The result is that a DBA can now connect to the console and only see SQL servers, on which he or she could
only run backups and restores.

Security Best Practices

 In addition to the Admin account, create at least one CommCell account having all privileges.
 Ensure primary administrators always use local accounts when managing Commvault software.
 Document the passwords of these two accounts with the DR plan.
 Create an Active Directory connection to allow the use of Active Directory integrated accounts.
 When creating a role and security rule, use a test user first to validate if the rule is properly created and gives the
expected result.
Each administrator should have their own account. This helps keep track of changes made by each user.

Page 56 of 106 11.26.2

CommServe® Server Database Maintenance
It is crucial to ensure that the CommServe server is maintained for maximum productivity. Access DBMaintenance.exe to
optimize the CommServe server database.

Maintenance Modes
 Full – Performs a full maintenance on the database. It includes CheckDB, ReindexAll and ShrinkDB commands.
It is recommended to run this twice each year.
 Recommended – Performs a recommended maintenance including ShrinkDB and ReindexRecommended
commands. It is recommended to run this maintenance mode every two weeks. By default, a system created
schedule will execute it on every other Sunday.
 CheckDB – Validates the consistency of the CommServe database by running an integrity check.
 ReindexRecommended – Re-indexes the largest and most frequently used tables of the database.
 ReindexAll – Re-indexes all tables of the database.
 ShrinkDB – If table re-indexing creates a significant amount of fragmentation, the ShrinkDB command will
reclaim that space by shrinking the database.

Page 57 of 106 Module 1 - Deployment

Run the DBMaintenance Tool

1. From the base directory, execute DBMaintenance.exe

Page 58 of 106 11.26.2

 2. It provides the correct syntax and options for the tool, such as the maintenance mode

Page 59 of 106 Module 1 - Deployment

DB Maintenance Workflow and DB Maintenance Schedule

The System Created DB Maintenance schedule runs every other Sunday at 3:00 PM and executes a recommended
maintenance. The Full maintenance is not automatically scheduled. It is therefore recommended to either run it manually
or schedule it twice a year. This schedule executes a workflow called ‘DBMaintenance,’ which executes the maintenance
based on the mode that is selected in the schedule. The workflow also contains email components that can be modified to
send a result notification on failure or success.
1. Right-click the CommServe server > View > Schedules
2. Right-click the System Created DBMaintenance schedule > Edit

Page 60 of 106 11.26.2

 3. The DBMaintenance runs every two weeks on Sunday afternoon by default
4. By default, it runs in recommended mode, but a different mode can be manually selected

Page 61 of 106 Module 1 - Deployment

Recovery Assistant

The CommServe Recovery Assistant tool is used to restore the CommServe database from the DR backup. The tool is
used to rebuild the CommServe server on the same or different computer, change the name of the CommServe host, and
update the CommCell license.
1. From the installation directory, execute CSRecoveryAssistant.exe
2. Choose the operation type
3. Click Browse to provide the location of the DR Backup

Page 62 of 106 11.26.2

 4. Click Browse to provide the location where to restore the database and logs
5. Click Start Recovery to start the recovery

Page 63 of 106 Module 1 - Deployment

 6. Status of recovery steps are displayed
7. Once recovery is completed, click Next

Page 64 of 106 11.26.2

 8. If restoring to an alternate server, the CommServe server name is changed
9. A license file can be provided
10. Once completed, click Finish

Page 65 of 106 Module 1 - Deployment

Page 66 of 106 11.26.2
MediaAgent Installation Overview
The next component to install is the MediaAgent. MediaAgents move and retrieve protected data from disk, tape, and
cloud storage. The MediaAgent software is pushed to a server directly from the software cache using the CommCell
Console.

Page 67 of 106 Module 1 - Deployment

Install the MediaAgent Package

1. Tools tab > Add/Remove Software > Install Software

2. Choose the platform to use
3. Choose Manually select computers
4. Enter the MediaAgent server names, one per line
5. Enter credentials that have administrative rights on the systems

Page 68 of 106 11.26.2

 6. Check the box for MediaAgent
7. Choose Reboot if required
8. Provide the location for the Index directory
9. Change the installation directory

Page 69 of 106 Module 1 - Deployment

 10. Check this box if there is a firewall between the MediaAgent and the CommServe server, and network routes are
configured
11. Installation can be executed immediately or scheduled
12. Click Finish
13. Installation job appears in the Job Controller window

Page 70 of 106 11.26.2

Access the Index Directory

The index directory must be located on a dedicated high-speed disk, preferably solid-state drives. Index directory
performance is critical when streaming a high number of jobs to a MediaAgent and when conducting DASH full
operations. When MediaAgent software is first deployed to a server, the location of the index directory will be on the
system drive. It is recommended to change the location to a dedicated drive prior to any jobs running.
1. Right-click the MediaAgent hosting the Index Directory > Properties. From the Properties window select the
Catalog tab
2. Click Browse to change the location of the Index Directory
3. Set the index retention thresholds
Note: Days and percentage apply to V1 indexing clients only.

Page 71 of 106 Module 1 - Deployment

Apply Updates to the MediaAgents

1. Check the status of updates by selecting the client computers in the CommCell Browser
2. Product version, Service Pack or Platform Release level, and update status will be displayed in the Contents /
Summary window

Page 72 of 106 11.26.2

Configure Parallel Data Transfer Operations

A MediaAgent can receive and handle a certain amount of parallel data transfer operations, or streams. This is based on
hardware resources of the MediaAgent, as well as the Commvault Online Documentation. By default, a MediaAgent has
100 set as a maximum of streams it can receive. After proper evaluation, this number can be increased or decreased.
1. Right-click the MediaAgent > Properties
2. Defines the maximum number of streams received by the MediaAgent

Page 73 of 106 Module 1 - Deployment

Network Throttling Rules

In some cases, it can be useful to limit the bandwidth used by a MediaAgent when it communicates with clients during
backups and/or another MediaAgent to replicate data, especially when the network is shared with other systems and
users. A network throttling rule determines now the bandwidth is controlled and the time range of the day or the days of
the week for which the rule is enforced.
1. Right-click the MediaAgent > Properties
2. Check the box to enable the use of network throttling
3. Click Add to create a rule to limit bandwidth usage
4. Define when throttling will be enforced
5. Set an absolute or a relative throttling rule
6. Choose computers or computer group to which the rule will be applied

Page 74 of 106 11.26.2

Disable a MediaAgent vs. Mark MediaAgent Offline

If maintenance is required on the MediaAgent or hardware, it is possible to disable or mark a MediaAgent offline for
maintenance. It is important to understand the differences between disabling a MediaAgent and marking it offline for
maintenance.

Page 75 of 106 Module 1 - Deployment

 1. Right-click the MediaAgent > Properties
2. Choose to enable or disable the MediaAgent
3. Choose to mark the MediaAgent as offline for maintenance

Page 76 of 106 11.26.2

Page 77 of 106 Module 1 - Deployment
Agent Installation Overview
Deploying agents can be achieved with a push install, interactive install, or custom package.

Agent Deployment Best Practices

 If DNS names are used, ensure the DNS is properly resolving the name forward and reverse.
 If deploying an agent on a remote site, consider using a remote software cache or transfer a custom package.
 If the client is behind a firewall blocking ports, set network configurations to tunnel communication in a port.

Agent Requirements
Prerequisites will vary. W\Always confirm as it may change when a new service pack is released, even for components
that you frequently deploy. Pay particular attention to:
 Operating system version
 Application version (for application agents)
 Service account with specific privileges

Page 78 of 106 11.26.2

Push Installation

The CommCell console is used to push the Commvault software to clients. The following ports are used to achieve the
install:
 Commvault base services – Ports 8400 and 8401
 Linux – port 22
 Windows — ports 135, 139, and 445

Execute a Push Install

1. Tools tab > Add/Remove Software > Install Software
2. Click Next to continue
3. Choose the operating system

Page 79 of 106 Module 1 - Deployment

 4. Select option to manually specify computers or to automatically discover servers
5. Enter the computer names or IP addresses, one per line
6. Use the tools to select computers in bulk
7. Enter a domain account that has administrative privileges on the target systems to install software
8. Select the agent(s) and component(s) to install

Page 80 of 106 11.26.2

 9. If required, choose client group and storage policy to use for default subclients
10. Review and select any additional install options
11. If required, change the default install path or default port
12. If there is a firewall, set network route to communicate with the CommServe server

Page 81 of 106 Module 1 - Deployment

 13. The installation task can be executed immediately or scheduled
14. Review the summary and Click Finish to launch the job
15. From the Job Controller window, double-click the job
16. Choose the client status tab to see every client's status

Page 82 of 106 11.26.2

Interactive Installation

It is possible to download the packages on a client machine by using the download bootstrapper. Once downloaded, start
the installation by executing Setup.exe.
1. Download the packages or remotely reach the Software Cache > Execute Setup as an administrator
2. Select the Language
3. Check the box to agree with the License Agreement
4. Choose to install packages on this computer
5. Browse through categories to display the different agents
6. Select agent(s) and component(s) to install

Page 83 of 106 Module 1 - Deployment

 7. Use the default path or enter a different drive and installation path
8. If there is a firewall, set rules to communicate with the CommServe
9. Enter the client display name
10. If there are multiple network interfaces, select the DNS name or type the IP address used to communicate from
this server to the CommServe

Page 84 of 106 11.26.2

 11. Enter the CommServe DNS name or IP address, and eave empty for a Decoupled Install
12. Select to disable local server firewall if required
13. If it is a locked down CommCell, provide the certificate file
14. Provide user account with CommCell Security Role having installation permissions
15. Select the appropriate data management plan

Page 85 of 106 Module 1 - Deployment

 16. Click Finish to complete the installation
17. Click Client Computers and press [F5 key] to refresh the view
18. View the newly installed client in the CommCell Browser window

Page 86 of 106 11.26.2

Create a Custom Package

A custom package is a lightweight agent package created by the Commvault administrator. A typical agent installation
requires many questions to be answered. The custom package has all these questions pre-answered. It also is useful to
run silent installations. If an enterprise level deployment solution is in place, such as Microsoft SCCM, it can be leveraged
to silently push the package to multiple machines.
1. Download the packages or remotely reach the Software Cache > Execute Setup as an administrator
2. Select the Language
3. Check the box to accept the license agreement
4. Choose to create a package for installation on a different computer

Page 87 of 106 Module 1 - Deployment

 5. Choose the server architecture
6. Select New Installations to install new agent(s) on a server
7. Select Upgrades to upgrade installed agents to a new version
8. Select Service Pack Installations to update agent(s) to the latest service pack
9. Choose Select Packages to select the agents to include in the package
10. Choose the folder to store the created custom package

Page 88 of 106 11.26.2

 11. Browse through categories to display the different agents
12. Check each box to select agent(s) and component(s) to install
13. Select to include .NET Framework
14. Select to create a self-extracting custom package, or deselect to create a silent install package with response file
15. Select to include user answers in the package
16. Choose to create a new instance or use existing instance
17. Use the default installation folder or type or browse to a different installation directory

Page 89 of 106 Module 1 - Deployment

 18. If there is a firewall in place, set rules to communicate with the CommServe to provide interaction for this section
at time of install
19. Provide CommServe DNS name or IP address, or leave empty for a Decoupled Install to provide interaction for
this section at time of install
20. Select to disable local server firewall if required or to provide interaction for this section at time of install
21. If it is a locked down CommCell, provide the certificate file to provide interaction for this section at time of install

Page 90 of 106 11.26.2

 22. Select a server plan to manage client jobs
23. Enter a user account with CommCell permissions to add client to CommCell
24. Click Finish to create the package
25. If the ‘Create a self-extracting executable’ option was selected, it will create a custom package
26. If the ‘Create a self-extracting executable’ option was not selected, it will create a silent install folder structure

Page 91 of 106 Module 1 - Deployment

Page 92 of 106 11.26.2
Encryption Overview

Encrypting data is an essential part of data protection, especially when data is entrusted to a third party for storage. Equal
consideration must be paid to backup and archive data. If an unencrypted tape is stolen with sensitive information on it,
there is no way to prevent someone from accessing that data. Simple security measures such as password protection
may only delay access to the data. Preventing intrusion into your production environment requires a front-line defense that
is costly and time consuming.

Commvault software offers three methods to encrypt data:

 Inline encryption – Secures data during the data protection job. Inline encryption is performed on the client or
MediaAgent or is used for network transmission.
 Offline encryption – Secures data during auxiliary copy jobs. Offline encryption is performed on the source
MediaAgent.
 Hardware encryption – Encrypts data when writing to tape drives that support hardware encryption. Hardware
encryption is supported on LTO 4 and above tape drives which support and are licensed for encryption by the
vendor.
Commvault software is certified for the US DoD/Canadian DND FIPS encryption accreditation for information securit

Encryption Key Generation and Management

Both software and hardware encryption keys use a proprietary algorithm and are maintained in the CommServe database.
Encryption keys can optionally be written to storage media. In the event of the loss of the CommServe database,
encrypted data may be recovered using tools provided by Commvault Support. Encryption keys are destroyed when the
job is aged and deleted from the CommServe database. This provides complete end-to-end encryption key management.

Page 93 of 106 Module 1 - Deployment

Third Party Key Management
Commvault software also supports third party key management. Data is encrypted using Commvault encryption keys,
which are stored in the CommServe database. These keys are encrypted using a third-party master key. The third-party
system and the keys are required for any restore operations.

Page 94 of 106 11.26.2

Software Encryption

Advantages
 Data can be encrypted on the client during initial data protection providing complete end-to-end security.
 Different encryption ciphers are used based on security requirements.
 In certain cases, software encryption can provide a performance benefit by distributing the load of data encryption
to multiple systems as opposed to hardware encryption, where all data encryption is handled on the tape drive.
 Data can selectively be encrypted using inline encryption by configuring encryption settings at the subclient level.
This can further improve performance by only encrypting data that requires encryption.
 Restore operations always decrypt data at the destination location.

Page 95 of 106 Module 1 - Deployment

Inline Encryption

Inline encryption is used to encrypt data during primary protection operations. The encryption can take place on the client
or the MediaAgent. Encryption is enabled for Commvault software through the storage policy primary copy or at the client
level. Encryption can further be configured at the subclient level. Subclient level encryption provides the flexibility of
defining only that data which requires encryption. By default, when encryption is enabled on a client, encryption is enabled
on all subclients.

Inline Encryption Best Practices

 Only encrypt the data that has such a requirement.
 Isolate encrypted data in a different storage policy than unencrypted data.
 To achieve these goals, turn off encryption on the default subclient and create a dedicated subclient with the
folders or files requiring encryption defined as content.
 Turn on encryption on that subclient only and associate it with the dedicated storage policy.
 A storage policy primary copy is used to enable encryption on all subclients associated with the storage policy.
Ensure the client's encryption settings are configured to 'Use Storage Policy Settings.

Configure Inline Encryption

1. Expand the storage policy > Right-click the storage policy Primary copy > Properties
2. On a primary copy, enable encryption
3. Set cipher, key length, and location for storing keys

Page 96 of 106 11.26.2

Enable Encryption for a Client

When encryption is enabled on a client, the cipher and key length must be set. The default cipher used is blowfish 128 bit.
The 'Direct Media Access' setting determines whether encryption keys are stored on the media. The 'Via Media Password'
option puts the keys on the media. The 'No Access' option only stores the keys in the CommServe database. If the keys
are stored on the media, data can be recovered using Commvault software's 'catalog' feature, or in the case of Disaster
Recovery data, the Media Explorer tool. Encryption keys are always stored in the CommServe database.
DR Data recovery using Media Explorer requires the user to provide the Media Password used when the data was written.
The default Media Password is blank. If the media password is not known, contact Commvault Support to assist in
recovering the password.
1. Expand Client Computers > Right-click the client > Properties
2. Click Advanced to configure client properties
3. Enable the use of encryption
4. Define the cipher and key length
5. Define if the encryption keys should be stored on the media

Page 97 of 106 Module 1 - Deployment

Subclient Encryption Settings

When encryption is enabled for a client, the default subclient encryption setting 'Client and MediaAgent' encrypts all data
on the client and the data remains encrypted when written to storage.
1. Expand client > Right-click the subclient > Properties
2. Click Advanced to configure the subclient properties
3. Define where to apply encryption

Page 98 of 106 11.26.2

Offline Encryption

Offline encryption uses Commvault software encryption to secure data during auxiliary copy jobs.
In some cases, encrypted source data will be decrypted first then re-encrypted when storing deduplicated data or
changing encryption ciphers. By default, encrypted data is preserved during an auxiliary copy operation.
1. Expand the storage policy > Right-click the storage policy copy > Properties
2. Advanced tab > Re-encrypt Data and configure the cipher and media access key

Page 99 of 106 Module 1 - Deployment

Hardware Encryption

Commvault software can enable or disable an encryption operation on the drive and manage encryption keys for tape
drives that support hardware encryption. Keys are stored in the CommServe database.
Commvault software writes data in chunks. Tape media uses 8GB chunks for indexed-based backups and 16GB chunks
for database backups. When encryption is enabled for data protection jobs writing to tape media with 'hardware
encryption' enabled, each chunk has a separate encryption key seeded by a random number generator and other factors.
Generating keys at the chunk level provides an enhanced level of security and greatly reduces the potential of data
compromise.

Configure Hardware Encryption

1. Right-click the storage policy tape copy > Properties
2. Select the path to the drives and click Properties
3. Enable the use of hardware encryption
4. Define if the encryption keys should be stored on the media

Page 100 of 106 11.26.2

Encryption Considerations
Media Password

The Media Password is used when recovering data through Media Explorer or when the 'Catalog Media' option for tape is
used. A media password is essential when using hardware encryption or Commvault software copy-based encryption
(with the 'Direct Media Access' option set to 'Via Media Password').
By default, the password is set for the entire CommCell environment in the System applet in Control Panel. The default
password is blank. Storage policy level media passwords can be set to override the CommCell password settings. For
higher level of security or if a department requires specific passwords, use the 'Policy level' password setting which is
configured in the Advanced tab of the storage policy properties.
1. Home tab > Control Panel
2. CommCell section > System
3. Enable and set Media Password

Page 101 of 106 Module 1 - Deployment

Enable Storage Policy Media Password

1. Expand Storage Policies > Right-click the policy > Properties

2. Enable the use of Media Password for the storage policy
3. Define the Media Password

Page 102 of 106 11.26.2

Erase Data Feature
Commvault administrators can mark individual objects as unrecoverable within the CommCell environment.
Administrators can browse or search for data through the CommCell console and mark the data as unrecoverable.
Erase Data is a CommCell-level license. Once it is applied you need to enable 'erase data' in the General tab of the
storage policy. Once this license is applied, the 'Catalog' option cannot be used to recover backup data managed by the
storage policy. This is because random binaries are written to the OML header in the media password location. The
password cannot be used, and you always get a decryption error when using these tools.
If the erase data operation is something that would be of value to your organization, then it may be worth the risks
previously described. If you are not sure, then it is recommended that you do not use it. If you have capacity-based
licensing arrangements with Commvault software, check to see if this license is installed. If it is, you may want to disable
'erase data' in all storage policies within the CommCell environment.

How Erase Data Works

When the erase data license is implemented, it is only effective when writing jobs to new or recycled media. The license
cannot be retroactively applied to jobs already in storage. If the license is removed, it is only effective when writing to new
or recycled media. All jobs written to media for the storage policy when the license was being used cannot be recovered
through Media Explorer or the 'Catalog' option.
It is technically not possible to erase specific data from within a job. Erase data works by logically marking the data
unrecoverable. If a Browse and Restore or Find operation is conducted, the data does not appear. For this feature to be
effective, any media managed by a storage policy with erase data enabled will not be able to be recovered through Media
Explorer or the 'Catalog' option.

Erase Media
To ensure encryption keys are destroyed in the CommServe database when tapes are aged, the 'Erase Media' option is
used. Erase Media is a physical operation that mounts the tape and overwrites the OML header. Once the header is
overwritten, data cannot be recovered using any method Commvault software provides. This is considered a destructive
operation so it cannot be performed on any tapes where jobs are actively being retained. The option to erase media is
available in all logical media groups except the Assigned Media group.

There are two methods for erasing a tape:

1. Manually erasing a tape in the Spare Media Group.
2. Automatically erasing tapes that are returned to the Spare Media Group (configured through the storage policy
copy).

Page 103 of 106 Module 1 - Deployment

Manually Erase a Tape

1. Right-click tape > Options > Erase Spare Media

2. Select Quick Erase or Full Erase
3. Click Yes to confirm the operation
4. Erase media operations will appear in the Job Controller

Page 104 of 106 11.26.2

Set Automatic Erase Operations

When tapes are recycled, they can automatically be marked to be erased. This is done by selecting the 'Erase Media'
check box in the Media tab of a storage policy copy. An erase media operation must be scheduled for the library, which
physically loads each marked tape and overwrites the OML header.
When the 'Mark Media to be Erased' option is enabled for storage policy copies, erase media operations must be
scheduled for any library where media is marked for erasing.
1. Right-click Library > Erase Spare Media
2. Set the erase operation to be quick (overwrite OML header) or full (overwrite entire tape)
3. Choose to start the erase operation immediately
4. Alternatively, click Save As Script to save as a script

Page 105 of 106 Module 1 - Deployment

Erase Media Storage Policy Settings

The option 'Mark Media to be Erased After Recycling' in the Media tab of the storage policy copy marks all tapes
managed by the policy to be erased once all jobs have aged. A schedule must then be set up at the tape library to erase
the media. The erase media operation mounts the tape and write a new OML header to the tape. This makes the data
completely unrecoverable through the CommCell console, Media Explorer, or through a tape catalog operation. It is
important to note that the data on the tape is not actually erased. As such, it is recommended to encrypt all tapes.
1. Right-click a storage policy copy > Properties
2. In the pop-up window, from the Media tab, check the box for Mark Media to be Erased After Recycling
3. Click Yes to confirm

Page 106 of 106 11.26.2