Avamar：如何從 CLI 管理工作階段安全性設定

預先檢查：

• 停止所有備份和複寫，並確保沒有執行任何維護 （檢查點/hfscheck/垃圾收集）。
• 檢查 Avamar 上是否有有效的檢查點。

概觀：

下列指令檔會安裝在每個 Avamar 格線上，並用於管理工作階段安全性設定：

enable_secure_config.sh

要顯示目前工作階段安全性設定，請執行以下操作：

enable_secure_config.sh --showconfig

顯示已停用工作階段安全性的輸出範例：

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="false"
"secure_agent_feature_on"                               ="false"
"session_ticket_feature_on"                             ="false"
"secure_agents_mode"                                    ="unsecure_only"
"secure_st_mode"                                        ="unsecure_only"
"secure_dd_feature_on"                                  ="false"
"verifypeer"                                            ="no"

Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication.
Client Agent and Management Server Communication set to unsecure_only mode.
Secure Data Domain Feature is Disabled. 

顯示混合-單一工作階段安全性的範例輸出：

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="true"
"secure_agent_feature_on"                               ="true"
"session_ticket_feature_on"                             ="true"
"secure_agents_mode"                                    ="mixed"
"secure_st_mode"                                        ="mixed"
"secure_dd_feature_on"                                  ="true"
"verifypeer"                                            ="no"

Client and Server Communication set to Mixed mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to mixed mode.
Secure Data Domain Feature is Enabled.

顯示 Authenticated-Single 工作階段安全性的範例輸出：

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="true"
"secure_agent_feature_on"                               ="true"
"session_ticket_feature_on"                             ="true"
"secure_agents_mode"                                    ="secure_only"
"secure_st_mode"                                        ="secure_only"
"secure_dd_feature_on"                                  ="true"
"verifypeer"                                            ="no"

Client and Server Communication set to Authenticated mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.

顯示 Authenticated-Dual Session Security 的輸出範例：

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="true"
"secure_agent_feature_on"                               ="true"
"session_ticket_feature_on"                             ="true"
"secure_agents_mode"                                    ="secure_only"
"secure_st_mode"                                        ="secure_only"
"secure_dd_feature_on"                                  ="true"
"verifypeer"                                            ="yes"

Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled. 

要更改工作階段安全性設定，請執行以下操作：

若要將工作階段安全性設定設為停用，請執行下列命令：

enable_secure_config.sh --enable-all --undo

範例輸出：

#########################  #########################
#########################  #########################
Disabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done 

若要將工作階段安全性設定設為混合單一，請執行下列兩個命令：

enable_secure_config.sh --enable-all

範例輸出：

#########################  #########################
#########################  #########################
Enabling Avamar Security Features

Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done

avmaint config --ava verifypeer=no

範例輸出：

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>

若要將工作階段安全性設定設為 Authenticated-Single，請執行下列兩個命令：

enable_secure_config.sh --enable-secure-all

範例輸出：

#########################  #########################
#########################  #########################
Enabling Avamar Security Features

Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done

avmaint config --ava verifypeer=no

範例輸出：

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>

若要將工作階段安全性設定設為 Authenticated-Dual，請執行下列命令：

enable_secure_config.sh --enable-secure-all

範例輸出：

#########################  #########################
#########################  #########################
Enabling Avamar Security Features

Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done