Yes this is very possible. You need to set up network configuration between the CS and client (where HANA iDA will be installed). I have set up several clients this way and typically use a 1-way firewall setup (As I like to refer to it where the CS can access the client, but the client cannot access the CS.) For HANA the OS required is Linux, so using port 22 (ssh) it is possible to "push" the install directly from the CS once the network configuration is complete. You also need an additional port to use for the tunnel. Not knowing how your IT organization has configured your firewall I can only go by the way I did this through my firewall configuration.
From a FW perspective, my CS can connect to the internet using ports 22 (for ssh) as well as 443 (for https). Everything else outbound is blocked, and all inbound is blocked.
The VM in the Azure cloud has an internal IP and an external IP. I pinned the external IP to that VM to make it consistent on restarts (otherwise I would have to update hosts files every time I needed to restart the VM) I also set up the firewall rules for that client’s external network to allow inbound connections for ports 22 & 443 from our corporate’s external IP. (More secure this way) ;)
In Commvault you need to create a “dummy” client as a place holder so that you can pre-configure the network communications. One nice feature in Commvault is the ability to use a client group to set up communications. This way, once the configuration is set, it is possible to add more clients by simply adding them to the appropriate group that has the network configuration set.
As far as the network configurations, you need to set up a 1-way tunnel where the CS can reach the client using the “open” port. In my case that was port 443… (My client is not using/running any web services so that port is open--not bound to any process).
You want to add your client into the hosts file on the CS so that it can resolve the client using the “EXTERNAL” IP defined in Azure. If you are planning on hosting a MediaAgent in Azure, you would add that VM’s IP to the Commserver’s host file as well. From the client side you don’t need to add the CS into the hosts file since the CS will be initiating the connection thru the tunnel. If the MediaAgent is also in Azure you need to set up either DNS or use hosts files so the client and MediaAgent can resolve each other by name using the “Internal IP” addresses. If the MediaAgent is on-prem, then you need to add the client’s “EXTERNAL” IP to the mediaagent’s hosts file and make sure that the mediaagent is in the same group (for the network configs) as the commserver.
Once the network configurations are complete you can then “push” the iDA (HANA Agent) install directly to the client in Azure. Once the install completes successfully, you can configure the HANA Pseudo-Client as normal and run your backups. If you have intellisnap, you can also configure the HANA client to use snapshots as well. For the array, select AMAZON Web Services as the available snap engine.
In order to keep this post from getting to large, I’ve tried to prevent myself from getting too deep into the weeds on this, but let us know if this helps, or if you get stuck or have any additional questions.
Ernst F. Graeler
Senior Engineer III