Avamar:從 CLI 管理工作階段安全性設定
요약: 本文說明如何從命令列工具管理 Avamar 工作階段安全性設定。
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
지침
注意:若要進行任何工作階段安全性設定的變更,都必須重新啟動 MCS!
預先檢查
最佳做法是在更改會話安全性設置之前執行以下操作。
- 停止所有備份和複製,並確保沒有執行任何維護 (檢查點/hfscheck/垃圾收集)。
- 檢查 Avamar 上是否有有效的檢查點。
概述
安裝在每個 Avamar 伺服器上的下列指令檔會用於管理工作階段安全性設定。
以 根使用者身分執行指令檔。
enable_secure_config.sh
顯示目前設定:
enable_secure_config.sh --showconfig Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
在上述範例中,工作階段安全性已停用。
有四種可能的受支援配置:
- 已停用
- 混合單
- 經過驗證的單一
- 驗證雙重
已停用
以下輸出顯示禁用模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="false" "secure_agent_feature_on" ="false" "session_ticket_feature_on" ="false" "secure_agents_mode" ="unsecure_only" "secure_st_mode" ="unsecure_only" "secure_dd_feature_on" ="false" "verifypeer" ="no" Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication. Client Agent and Management Server Communication set to unsecure_only mode. Secure Data Domain Feature is Disabled.
如何將工作階段安全性設定為已停用:
命令:
enable_secure_config.sh --enable-all --undo
輸出:
######################### ######################### ######################### ######################### Disabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果設定已變更,則必須重新啟動 MCS。
混合單
以下輸出顯示了混合單模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="mixed" "secure_st_mode" ="mixed" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Mixed mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to mixed mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定為 Mixed Single:
Command:
enable_secure_config.sh --enable-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
輸出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果設定已變更,則必須重新啟動 MCS。
經過驗證的單一
以下輸出顯示了經過身份驗證的單一模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="no" Client and Server Communication set to Authenticated mode with One-Way/Single Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定為 Authenticated-Single:
Command:
enable_secure_config.sh --enable-secure-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
命令:
avmaint config --ava verifypeer=no
輸出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <gsanconfig verifypeer="yes"/>
如果設定已變更,則必須重新啟動 MCS。
驗證雙重
以下輸出顯示身份驗證雙模式的設置。
命令:
enable_secure_config.sh --showconfig
輸出:
Current Session Security Settings ---------------------------------- "encrypt_server_authenticate" ="true" "secure_agent_feature_on" ="true" "session_ticket_feature_on" ="true" "secure_agents_mode" ="secure_only" "secure_st_mode" ="secure_only" "secure_dd_feature_on" ="true" "verifypeer" ="yes" Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication. Client Agent and Management Server Communication set to secure_only mode. Secure Data Domain Feature is Enabled.
如何將工作階段安全性設定設為 Authenticated-Dual:Command:
enable_secure_config.sh --enable-secure-all
輸出:
######################### ######################### ######################### ######################### Enabling Avamar Security Features Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Restart MCS for security features changes to take effect. INFO: Administrator Server ping successful. Setting Mutual server/client authentication Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml Done
如果設定已變更,則必須重新啟動 MCS。
註解
使用下列命令以 系統管理員使用者身分重新啟動 MCS 和備份排程器:
mcserver.sh --restart --force dpnctl start sched
해당 제품
Avamar문서 속성
문서 번호: 000222234
문서 유형: How To
마지막 수정 시간: 12 12월 2025
버전: 8
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.