Avamar: How to manage Session Security settings from the CLI
요약: This article shows how to manage the Avamar Session Security settings from the command-line tool.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
지침
Warning: A Management Console Server (MCS) restart is required for any changes to the Session Security Settings.
See Avamar: How to Restart Management Console Server for information about how to do this.
See Avamar: How to Restart Management Console Server for information about how to do this.
Pre-Checks:
It is best practice to perform the following before changing the Session Security settings.
-
Stop all backups, replication, and ensure that no maintenance is running (checkpoint/hfscheck/garbage collection).
-
Check that there is a valid checkpoint available on Avamar.
Overview:
The following script is installed on every Avamar grid and is used to manage the Session Security settings:
enable_secure_config.sh
Note: The script must be run as root.
To show the current Session Security settings:
enable_secure_config.sh --showconfig
There are four possible supported configurations:
1. Disabled
2. Mixed-Single
3. Authenticated-Single
4. Authenticated-Dual
Example output showing Disabled Session Security:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="false"
"secure_agent_feature_on" ="false"
"session_ticket_feature_on" ="false"
"secure_agents_mode" ="unsecure_only"
"secure_st_mode" ="unsecure_only"
"secure_dd_feature_on" ="false"
"verifypeer" ="no"
Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication.
Client Agent and Management Server Communication set to unsecure_only mode.
Secure Data Domain Feature is Disabled.
Example output showing Mixed-Single Session Security:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="mixed"
"secure_st_mode" ="mixed"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Mixed mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to mixed mode.
Secure Data Domain Feature is Enabled.
Example output showing Authenticated-Single Session Security:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Authenticated mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
Example output showing Authenticated-Dual Session Security:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="yes"
Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
To change the Session Security settings:
To set the Session Security settings to disabled, run the following command:
enable_secure_config.sh --enable-all --undo
Example Output:
######################### #########################
######################### #########################
Disabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
To set the Session Security settings to Mixed-Single, run the following two commands:
enable_secure_config.sh --enable-all
Example Output:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
Example Output:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
To set the Session Security settings to Authenticated-Single, run the following two commands:
enable_secure_config.sh --enable-secure-all
Example Output:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
Example Output:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
To set the Session Security settings to Authenticated-Dual, run the following command:
enable_secure_config.sh --enable-secure-all
Example Output:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
Warning: As stated above, a Management Console Server (MCS) restart is required for any changes to the Session Security Settings.
See Avamar: How to Restart Management Console Server for information about how to do this.
See Avamar: How to Restart Management Console Server for information about how to do this.
해당 제품
Avamar문서 속성
문서 번호: 000222234
문서 유형: How To
마지막 수정 시간: 12 12월 2025
버전: 8
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.