Avamar:从 CLI 管理会话安全设置
Summary: 本文介绍如何从命令行工具管理 Avamar 会话安全性设置。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
提醒:对于会话安全设置的任何更改,需要重新启动 MCS!
预检
在更改会话安全性设置之前,最佳做法是执行以下操作。
- 停止所有备份和复制,并确保没有维护正在运行(检查点/hfscheck/垃圾数据收集)。
- 检查 Avamar 上是否有有效的检查点可用。
概述
每台 Avamar Server 上安装的以下脚本用于管理会话安全性设置。
以 root 用户身份运行脚本。
enable_secure_config.sh
显示当前设置:
enable_secure_config.sh --showconfig Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
在上面的示例中,会话安全性处于禁用状态。
有四种可能的受支持配置:
- Disabled
- 混合单人房 (Mixed-Single)
- 经过身份验证的单个
- 经过身份验证的双重
禁用
以下输出显示了已禁用模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
如何将会话安全性设置设置为已禁用:
命令:
enable_secure_config.sh --enable-all --undo
输出:
######################### ######################### ######################### ######################### Disabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果设置已更改,则必须重新启动 MCS。
混合单人房 (Mixed-Single
)以下输出显示了混合单模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="mixed" "secure_st_mode" ="mixed" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Mixed mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to mixed mode. Secure Data Domain Feature is Enabled.
如何将会话安全性设置设置为 Mixed-Single:
命令:
enable_secure_config.sh --enable-all
输出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果设置已更改,则必须重新启动 MCS。
经过身份验证的单个
以下输出显示了经过身份验证的单个模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Authenticated mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何将会话安全性设置设置为 Authenticated-Single:
Command:
enable_secure_config.sh --enable-secure-all
输出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果设置已更改,则必须重新启动 MCS。
经过身份验证的双重
以下输出显示了经过身份验证的双重模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="yes" Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何将会话安全性设置设置为 Authenticated-Dual:
命令:
enable_secure_config.sh --enable-secure-all
输出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果设置已更改,则必须重新启动 MCS。
注意
使用以下命令以 管理员用户身份重新启动 MCS 和备份计划程序:
mcserver.sh --restart --force dpnctl start sched
Affected Products
AvamarArticle Properties
Article Number: 000222234
Article Type: How To
Last Modified: 12 Dec 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.