Avamar:如何从 CLI 管理会话安全设置
摘要: 本文介绍如何从命令行工具管理 Avamar 会话安全性设置。
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
说明
警告:对会话安全设置进行任何更改都需要重新启动管理控制台服务器 (MCS)。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
预检:
在更改会话安全性设置之前,最佳做法是执行以下作。
-
停止所有备份、复制,并确保没有维护正在运行(检查点/hfscheck/垃圾数据收集)。
-
检查 Avamar 上是否有有效的检查点可用。
概览:
以下脚本安装在每个 Avamar 网格上,用于管理会话安全性设置:
enable_secure_config.sh
提醒:脚本必须以根用户身份运行。
要显示当前的会话安全设置,请执行以下作:
enable_secure_config.sh --showconfig
目前有四种可能的受支持配置:
1.禁用
2.单一混合
3.单一身份验证
4.双重身份验证
显示 Disabled Session Security的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="false"
"secure_agent_feature_on" ="false"
"session_ticket_feature_on" ="false"
"secure_agents_mode" ="unsecure_only"
"secure_st_mode" ="unsecure_only"
"secure_dd_feature_on" ="false"
"verifypeer" ="no"
Client and Server Communication set to Default (Workflow Re-Run) mode with No Authentication.
Client Agent and Management Server Communication set to unsecure_only mode.
Secure Data Domain Feature is Disabled.
显示混合单会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="mixed"
"secure_st_mode" ="mixed"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Mixed mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to mixed mode.
Secure Data Domain Feature is Enabled.
显示经过身份验证的单个会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="no"
Client and Server Communication set to Authenticated mode with One-Way/Single Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
显示经过身份验证的双会话安全性的输出示例:
Current Session Security Settings
----------------------------------
"encrypt_server_authenticate" ="true"
"secure_agent_feature_on" ="true"
"session_ticket_feature_on" ="true"
"secure_agents_mode" ="secure_only"
"secure_st_mode" ="secure_only"
"secure_dd_feature_on" ="true"
"verifypeer" ="yes"
Client and Server Communication set to Authenticated mode with Two-Way/Dual Authentication.
Client Agent and Management Server Communication set to secure_only mode.
Secure Data Domain Feature is Enabled.
要更改会话安全性设置,请执行以下作:
要将会话安全性设置设置为已禁用,请运行以下命令:
enable_secure_config.sh --enable-all --undo
示例输出:
######################### #########################
######################### #########################
Disabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
要将会话安全性设置设置为 Mixed-Single,请运行以下两个命令:
enable_secure_config.sh --enable-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
示例输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
要将会话安全性设置设置为 Authenticated-Single,请运行以下两个命令:
enable_secure_config.sh --enable-secure-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
avmaint config --ava verifypeer=no
示例输出:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gsanconfig verifypeer="yes"/>
要将会话安全性设置设置为 Authenticated-Dual,请运行以下命令:
enable_secure_config.sh --enable-secure-all
示例输出:
######################### #########################
######################### #########################
Enabling Avamar Security Features
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart MCS for security features changes to take effect.
INFO: Administrator Server ping successful.
Setting Mutual server/client authentication
Editing /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Done
警告:如上所述,对会话安全设置进行任何更改都需要重新启动管理控制台服务器 (MCS)。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
请参阅 Avamar:如何重新启动 Management Console Server ,了解有关如何执行此作的信息。
受影响的产品
Avamar文章属性
文章编号: 000222234
文章类型: How To
上次修改时间: 12 12月 2025
版本: 8
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。