Prerequisites for Adding Data Collectors (Commvault Simpana) Version 10.3.00P13

Pre-Installation Setup for Commvault Simpana > Prerequisites for Adding Data Collectors (Commvault Simpana)

Version 10.3.00P13

Prerequisites for Adding Data Collectors (Commvault Simpana)

• 64-bit OS. See the APTARE IT Analytics Certified Configurations Guide for supported operating systems.

• Support Java Runtime Environment (JRE) 10.0.2.

• For performance reasons, do not install Data Collectors on the same server as the APTARE IT Analytics Portal. However, if you must have both on the same server, verify that the Portal and Data Collector software do not reside in the same directory.

• Install only one Data Collector on a server (or OS instance).

• For most Backup Manager systems, install the Data Collector on a server that is in the same time zone as the backup server from which you are collecting data. For Veritas NetBackup and IBM Spectrum Protect (TSM) collection, the Data Collector server and backup server can be in different time zones.

• Open TCP/IP access to the Commvault database on a static port (1433 recommended). See Open TCP/IP Access to the Commvault Database.

• MS SQL Server needs to be accessible to the collector on a static TCP Port (1433 recommended), requiring a restart of the SQL database service, if not already configured.

• MS SQL Server must be set to Mixed-mode authentication, and the login to be used for collection must be using SQL authentication. See https://msdn.microsoft.com/en-us/library/ms188670.aspx.

• WMI Proxy access requires the following: Port 135 is required for skipped files collection and 445 for CIFS over TCP. A fixed port can be configured for WMI as specified at: http://msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx

• The Data Collector should be installed on the same server as the WMI proxy server.

• Read-only user configured on the CommServe server. See Set Up a Read-Only User in the CommServe Server.

• If you want to load historical data from a CommServe database, use the utility described in Load Historical Data Prior to Initial Data Collection.

• One Data Collector can include all of these backup products: Commvault Simpana, EMC Avamar, EMC NetWorker, EMC Data Domain, Veritas Backup Exec, Veritas NetBackup, HP Data Protector, IBM Spectrum Protect (TSM), and Generic Backup products. And, you also can include other enterprise objects, such as storage arrays, in this Data Collector.

Upgrade Troubleshooting: Microsoft SQL Server and Java 10

With release version 10.3 introducing support for Java 10, older versions of MS SQL Server may encounter compatibility issues. The following section covers potential workarounds. Collection occurs from the Microsoft SQL Server database used by the system the data collector is collecting from. The version of Java used by APTARE IT Analytics version 10.3 disables some insecure TLS algorithms by default. If collection fails with the following error in the collector logs, the version of MS SQL Server may be incompatible and not allow collection using the TLS algorithms enabled by default with Java 10.

Failed to establish JDBC connection to: jdbc:jtds:sqlserver://...

java.sql.SQLException: Network error IOException: null

at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:437)

Upgrade MS SQL Server to the latest version to enable secure collection. Your MS SQL Server version may not be supported for APTARE IT Analytics version 10.3. If upgrade is not possible, a workaround can be attempted to restore compatibility. If the following steps do not resolve the issue, your version of MS SQL Server is not supported.

Use the following steps to modify the enabled algorithms to allow communication with the data collector:

1. Edit <collector install dir>/jre/conf/security/java.security.

2. Search for jdk.tls.disabledAlgorithms.

3. Copy the existing lines and comment (to have a backup for easy restore).

#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

4. Remove 3DES_EDE_CBC.

#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

EC keySize < 224, DES40_CBC, RC4_40

5. Save the file.

6. Run checkinstall and verify collection succeeds.

If checkinstall does not succeed, each of the following algorithms can be individually re-enabled in an attempt to restore compatibility.

7. If checkinstall does not succeed, restore, remove RC4_40, save, re-run checkinstall.

#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

EC keySize < 224, DES40_CBC, 3DES_EDE_CBC

8. If checkinstall does not succeed, restore, remove DES40_CBC, save, re-run checkinstall.

#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

EC keySize < 224, RC4_40, 3DES_EDE_CBC

9. If checkinstall does not succeed, restore, change the DH keySize as follows, save, re-run checkinstall.

#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \

# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 768, \

EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

10. After a working configuration is found, restart the collector service.