Avamar:從 CLI 管理工作階段安全性設定
Riepilogo: 本文說明如何從命令列工具管理 Avamar 工作階段安全性設定。
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Istruzioni
注意:若要進行任何工作階段安全性設定的變更,都必須重新啟動 MCS!
預先檢查
最佳做法是在更改會話安全性設置之前執行以下操作。
- 停止所有備份和複製,並確保沒有執行任何維護 (檢查點/hfscheck/垃圾收集)。
- 檢查 Avamar 上是否有有效的檢查點。
概述
安裝在每個 Avamar 伺服器上的下列指令檔會用於管理工作階段安全性設定。
以 根使用者身分執行指令檔。
enable_secure_config.sh
顯示目前設定:
enable_secure_config.sh --showconfig Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
在上述範例中,工作階段安全性已停用。
有四種可能的受支援配置:
- 已停用
- 混合單
- 經過驗證的單一
- 驗證雙重
已停用
以下輸出顯示禁用模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
如何將工作階段安全性設定為已停用:
命令:
enable_secure_config.sh --enable-all --undo
輸出:
######################### ######################### ######################### ######################### Disabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果設定已變更,則必須重新啟動 MCS。
混合單
以下輸出顯示了混合單模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="mixed" "secure_st_mode" ="mixed" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Mixed mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to mixed mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定為 Mixed Single:
Command:
enable_secure_config.sh --enable-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
輸出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果設定已變更,則必須重新啟動 MCS。
經過驗證的單一
以下輸出顯示了經過身份驗證的單一模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Authenticated mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定為 Authenticated-Single:
Command:
enable_secure_config.sh --enable-secure-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
輸出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果設定已變更,則必須重新啟動 MCS。
驗證雙重
以下輸出顯示身份驗證雙模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="yes" Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定設為 Authenticated-Dual:Command:
enable_secure_config.sh --enable-secure-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果設定已變更,則必須重新啟動 MCS。
註解
使用下列命令以 系統管理員使用者身分重新啟動 MCS 和備份排程器:
mcserver.sh --restart --force dpnctl start sched
Prodotti interessati
AvamarProprietà dell'articolo
Numero articolo: 000222234
Tipo di articolo: How To
Ultima modifica: 12 dic 2025
Versione: 8
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.