Avamar:从 CLI 管理会话安全设置
Riepilogo: 本文介绍如何从命令行工具管理 Avamar 会话安全性设置。
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Istruzioni
提醒:对于会话安全设置的任何更改,需要重新启动 MCS!
预检
在更改会话安全性设置之前,最佳做法是执行以下操作。
- 停止所有备份和复制,并确保没有维护正在运行(检查点/hfscheck/垃圾数据收集)。
- 检查 Avamar 上是否有有效的检查点可用。
概述
每台 Avamar Server 上安装的以下脚本用于管理会话安全性设置。
以 root 用户身份运行脚本。
enable_secure_config.sh
显示当前设置:
enable_secure_config.sh --showconfig Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
在上面的示例中,会话安全性处于禁用状态。
有四种可能的受支持配置:
- Disabled
- 混合单人房 (Mixed-Single)
- 经过身份验证的单个
- 经过身份验证的双重
禁用
以下输出显示了已禁用模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
如何将会话安全性设置设置为已禁用:
命令:
enable_secure_config.sh --enable-all --undo
输出:
######################### ######################### ######################### ######################### Disabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果设置已更改,则必须重新启动 MCS。
混合单人房 (Mixed-Single
)以下输出显示了混合单模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="mixed" "secure_st_mode" ="mixed" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Mixed mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to mixed mode. Secure Data Domain Feature is Enabled.
如何将会话安全性设置设置为 Mixed-Single:
命令:
enable_secure_config.sh --enable-all
输出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果设置已更改,则必须重新启动 MCS。
经过身份验证的单个
以下输出显示了经过身份验证的单个模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Authenticated mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何将会话安全性设置设置为 Authenticated-Single:
Command:
enable_secure_config.sh --enable-secure-all
输出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果设置已更改,则必须重新启动 MCS。
经过身份验证的双重
以下输出显示了经过身份验证的双重模式的设置。
命令:
enable_secure_config.sh --showconfig
输出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="yes" Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何将会话安全性设置设置为 Authenticated-Dual:
命令:
enable_secure_config.sh --enable-secure-all
输出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果设置已更改,则必须重新启动 MCS。
注意
使用以下命令以 管理员用户身份重新启动 MCS 和备份计划程序:
mcserver.sh --restart --force dpnctl start sched
Prodotti interessati
AvamarProprietà dell'articolo
Numero articolo: 000222234
Tipo di articolo: How To
Ultima modifica: 12 dic 2025
Versione: 8
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.