Avamar:如何从 CLI 管理会话安全设置
Summary: 本文介绍如何从命令行工具管理 Avamar 会话安全性设置。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
警告:对会话安全设置进行任何更改都需要重新启动管理控制台服务器 (MCS)。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
预检:
在更改会话安全性设置之前,最佳做法是执行以下作。
-
停止所有备份、复制,并确保没有维护正在运行(检查点/hfscheck/垃圾数据收集)。
-
检查 Avamar 上是否有有效的检查点可用。
概览:
以下脚本安装在每个 Avamar 网格上,用于管理会话安全性设置:
enable_secure_config.sh
提醒:脚本必须以根用户身份运行。
要显示当前的会话安全设置,请执行以下作:
enable_secure_config.sh --showconfig
目前有四种可能的受支持配置:
1.禁用
2.单一混合
3.单一身份验证
4.双重身份验证
显示 Disabled Session Security的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="false"
"secure_agent_feature_on" ="false"
"session_ticket_feature_on" ="false"
"secure_agents_mode" ="unsecure_only"
"secure_st_mode" ="unsecure_only"
"secure_dd_feature_on" ="false"
"verifypeer" ="no"
Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication.
Client Agent and Management Server Communication set to unsecure_only mode.
Secure Data Domain Feature is Disabled.
显示混合单会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="mixed"
"secure_st_mode" ="mixed"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Mixed mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to mixed mode.
Secure Data Domain Feature is Enabled.
显示经过身份验证的单个会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Authenticated mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
显示经过身份验证的双会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="yes"
Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
要更改会话安全性设置,请执行以下作:
要将会话安全性设置设置为已禁用,请运行以下命令:
enable_secure_config.sh --enable-all --undo
示例输出:
######################### #########################
######################### #########################
Disabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
要将会话安全性设置设置为 Mixed-Single,请运行以下两个命令:
enable_secure_config.sh --enable-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
示例输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
要将会话安全性设置设置为 Authenticated-Single,请运行以下两个命令:
enable_secure_config.sh --enable-secure-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
示例输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
要将会话安全性设置设置为 Authenticated-Dual,请运行以下命令:
enable_secure_config.sh --enable-secure-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
警告:如上所述,对会话安全设置进行任何更改都需要重新启动管理控制台服务器 (MCS)。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
Affected Products
AvamarArticle Properties
Article Number: 000222234
Article Type: How To
Last Modified: 12 Dec 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.