Avamar:從 CLI 管理工作階段安全性設定
Summary: 本文說明如何從命令列工具管理 Avamar 工作階段安全性設定。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
注意:若要進行任何工作階段安全性設定的變更,都必須重新啟動 MCS!
預先檢查
最佳做法是在更改會話安全性設置之前執行以下操作。
- 停止所有備份和複製,並確保沒有執行任何維護 (檢查點/hfscheck/垃圾收集)。
- 檢查 Avamar 上是否有有效的檢查點。
概述
安裝在每個 Avamar 伺服器上的下列指令檔會用於管理工作階段安全性設定。
以 根使用者身分執行指令檔。
enable_secure_config.sh
顯示目前設定:
enable_secure_config.sh --showconfig Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
在上述範例中,工作階段安全性已停用。
有四種可能的受支援配置:
- 已停用
- 混合單
- 經過驗證的單一
- 驗證雙重
已停用
以下輸出顯示禁用模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
如何將工作階段安全性設定為已停用:
命令:
enable_secure_config.sh --enable-all --undo
輸出:
######################### ######################### ######################### ######################### Disabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果設定已變更,則必須重新啟動 MCS。
混合單
以下輸出顯示了混合單模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="mixed" "secure_st_mode" ="mixed" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Mixed mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to mixed mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定為 Mixed Single:
Command:
enable_secure_config.sh --enable-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
輸出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果設定已變更,則必須重新啟動 MCS。
經過驗證的單一
以下輸出顯示了經過身份驗證的單一模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Authenticated mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定為 Authenticated-Single:
Command:
enable_secure_config.sh --enable-secure-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
輸出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果設定已變更,則必須重新啟動 MCS。
驗證雙重
以下輸出顯示身份驗證雙模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="yes" Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定設為 Authenticated-Dual:Command:
enable_secure_config.sh --enable-secure-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果設定已變更,則必須重新啟動 MCS。
註解
使用下列命令以 系統管理員使用者身分重新啟動 MCS 和備份排程器:
mcserver.sh --restart --force dpnctl start sched
Affected Products
AvamarArticle Properties
Article Number: 000222234
Article Type: How To
Last Modified: 12 Dec 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.