Avamar: How to manage Session Security settings from the CLI

Summary: This article shows how to manage the Avamar Session Security settings from the command-line tool.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Warning: A Management Console Server (MCS) restart is required for any changes to the Session Security Settings.
See Avamar: How to Restart Management Console Server for information about how to do this.
 

Pre-Checks:

It is best practice to perform the following before changing the Session Security settings.
  • Stop all backups, replication, and ensure that no maintenance is running (checkpoint/hfscheck/garbage collection).
  • Check that there is a valid checkpoint available on Avamar.
 

Overview:

The following script is installed on every Avamar grid and is used to manage the Session Security settings:

enable_secure_config.sh
Note: The script must be run as root.
 

To show the current Session Security settings:

enable_secure_config.sh --showconfig
 
There are four possible supported configurations:
1. Disabled
2. Mixed-Single
3. Authenticated-Single
4. Authenticated-Dual
 

Example output showing Disabled Session Security:

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="false"
"secure_agent_feature_on"                               ="false"
"session_ticket_feature_on"                             ="false"
"secure_agents_mode"                                    ="unsecure_only"
"secure_st_mode"                                        ="unsecure_only"
"secure_dd_feature_on"                                  ="false"
"verifypeer"                                            ="no"

Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication.
Client Agent and Management Server Communication set to unsecure_only mode.
Secure Data Domain Feature is Disabled.
 

Example output showing Mixed-Single Session Security:

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="true"
"secure_agent_feature_on"                               ="true"
"session_ticket_feature_on"                             ="true"
"secure_agents_mode"                                    ="mixed"
"secure_st_mode"                                        ="mixed"
"secure_dd_feature_on"                                  ="true"
"verifypeer"                                            ="no"

Client and Server Communication set to Mixed mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to mixed mode.
Secure Data Domain Feature is Enabled.
 

Example output showing Authenticated-Single Session Security:

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="true"
"secure_agent_feature_on"                               ="true"
"session_ticket_feature_on"                             ="true"
"secure_agents_mode"                                    ="secure_only"
"secure_st_mode"                                        ="secure_only"
"secure_dd_feature_on"                                  ="true"
"verifypeer"                                            ="no"

Client and Server Communication set to Authenticated mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
 

Example output showing Authenticated-Dual Session Security:

Current Session Security Settings
----------------------------------
"encrypt_server_authenticate"                           ="true"
"secure_agent_feature_on"                               ="true"
"session_ticket_feature_on"                             ="true"
"secure_agents_mode"                                    ="secure_only"
"secure_st_mode"                                        ="secure_only"
"secure_dd_feature_on"                                  ="true"
"verifypeer"                                            ="yes"

Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
 

To change the Session Security settings:

To set the Session Security settings to disabled, run the following command:

enable_secure_config.sh --enable-all --undo
 

Example Output:

#########################  #########################
#########################  #########################
Disabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done
 

To set the Session Security settings to Mixed-Single, run the following two commands:

enable_secure_config.sh --enable-all
 

Example Output:

#########################  #########################
#########################  #########################
Enabling Avamar Security Features

Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done
  
avmaint config --ava verifypeer=no
 

Example Output:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
 

To set the Session Security settings to Authenticated-Single, run the following two commands:

enable_secure_config.sh --enable-secure-all
 

Example Output:

#########################  #########################
#########################  #########################
Enabling Avamar Security Features

Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done
  
avmaint config --ava verifypeer=no
 

Example Output:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>

To set the Session Security settings to Authenticated-Dual, run the following command:

enable_secure_config.sh --enable-secure-all
 

Example Output:

#########################  #########################
#########################  #########################
Enabling Avamar Security Features

Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Done
 
Warning: As stated above, a Management Console Server (MCS) restart is required for any changes to the Session Security Settings.
See Avamar: How to Restart Management Console Server for information about how to do this.

Affected Products

Avamar
Article Properties
Article Number: 000222234
Article Type: How To
Last Modified: 12 Dec 2025
Version:  8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.