Avamar:如何从 CLI 管理会话安全设置
요약: 本文介绍如何从命令行工具管理 Avamar 会话安全性设置。
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
지침
警告:对会话安全设置进行任何更改都需要重新启动管理控制台服务器 (MCS)。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
预检:
在更改会话安全性设置之前,最佳做法是执行以下作。
-
停止所有备份、复制,并确保没有维护正在运行(检查点/hfscheck/垃圾数据收集)。
-
检查 Avamar 上是否有有效的检查点可用。
概览:
以下脚本安装在每个 Avamar 网格上,用于管理会话安全性设置:
enable_secure_config.sh
提醒:脚本必须以根用户身份运行。
要显示当前的会话安全设置,请执行以下作:
enable_secure_config.sh --showconfig
目前有四种可能的受支持配置:
1.禁用
2.单一混合
3.单一身份验证
4.双重身份验证
显示 Disabled Session Security的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="false"
"secure_agent_feature_on" ="false"
"session_ticket_feature_on" ="false"
"secure_agents_mode" ="unsecure_only"
"secure_st_mode" ="unsecure_only"
"secure_dd_feature_on" ="false"
"verifypeer" ="no"
Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication.
Client Agent and Management Server Communication set to unsecure_only mode.
Secure Data Domain Feature is Disabled.
显示混合单会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="mixed"
"secure_st_mode" ="mixed"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Mixed mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to mixed mode.
Secure Data Domain Feature is Enabled.
显示经过身份验证的单个会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Authenticated mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
显示经过身份验证的双会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="yes"
Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
要更改会话安全性设置,请执行以下作:
要将会话安全性设置设置为已禁用,请运行以下命令:
enable_secure_config.sh --enable-all --undo
示例输出:
######################### #########################
######################### #########################
Disabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
要将会话安全性设置设置为 Mixed-Single,请运行以下两个命令:
enable_secure_config.sh --enable-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
示例输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
要将会话安全性设置设置为 Authenticated-Single,请运行以下两个命令:
enable_secure_config.sh --enable-secure-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
示例输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
要将会话安全性设置设置为 Authenticated-Dual,请运行以下命令:
enable_secure_config.sh --enable-secure-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
警告:如上所述,对会话安全设置进行任何更改都需要重新启动管理控制台服务器 (MCS)。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
해당 제품
Avamar문서 속성
문서 번호: 000222234
문서 유형: How To
마지막 수정 시간: 12 12월 2025
버전: 8
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.