Enabling and disabling Security Services
Prev	Administering the cluster from the command line	Next

---

Enabling and disabling Security Services

This section describes how to enable and disable Security Services. Do not edit the VCS configuration file main.cf to enable or disable VxSS.

To enable Symantec Product Authentication Service (AT), VCS requires a system in your enterprise that serves as a root broker. You can do one of the following:

• Use an existing root broker system in your enterprise.
• Set up a root broker system.

  See the Veritas Cluster Server Installation Guide for instructions on setting up a root broker.

• Configure one of the nodes in the cluster to serve as root broker.

  When you enable AT on a VCS cluster using the installvcs program, the installer provides you an option to configure one of the nodes as root broker.

To enable Symantec Product Authentication Services on a Veritas Cluster Server cluster

1. Make sure that all nodes in the cluster are running.

   # hasys -state

   The output must show the SysState value as RUNNING.

2. If you want to use an external root broker system, verify you have a root broker configured.

   See the Veritas Cluster Server Installation Guide for instructions.

3. Start the installvcs program with the -security option.

   # /opt/VRTS/install/installvcs -security

   The installer displays the directory where the logs are created.

4. Enter 1 to enable the Authentication Service on the cluster.

   1) Enable Symantec Security Services on a VCS Cluster

   2) Disable Symantec Security Services on a VCS Cluster

   Select the Security option you would like to perform [1-2,q] 1

5. If Veritas Cluster Server is not configured in the system from where you started the installvcs program, enter the name of a node in the cluster that you want to enable the Authentication Service.

   Enter the name of one system in the VCS Cluster that you would like to enable Veritas Security Services: north

   The installer proceeds to verify communication with the node in the cluster.

6. Review the output as the installer verifies whether Veritas Cluster Server configuration files exist.

   The installer also verifies that Veritas Cluster Server is running on all systems in the cluster.

7. Press Enter to confirm that you want to enable the Authentication Service.

   Would you like to enable Symantec Security Services on this cluster? [y,n,q] (y) y

8. Proceed with the configuration tasks.

   See the Veritas Cluster Server Installation Configuration Guide for details on the configuration modes.

   Based on the root broker system you plan to use, do one of the following:

    

   External root broker system

   Enter the root broker name at the installer prompt. For example:  If you already have an external RB(Root Broker) installed and configured, enter the RB name, or press Enter to skip: [b] venus

   One of the nodes as root broker

   Press Enter at the installer prompt:  If you already have an external RB(Root Broker) installed and configured, enter the RB name, or press Enter to skip: [b] If AT is not already configured on any of the nodes, the installer asks you to choose a node to use as root broker:  Do you want to configure galaxy as RAB, and other nodes as AB? [y,n,q,b] (y) Based on the node you choose, the installer configures the node to run in RAB (Root+Authentication Broker) mode. The installer configures the other nodes as authentication brokers.

9. Review the output as the installer modifies the Veritas Cluster Server configuration files to enable the Authentication Service, and starts Veritas Cluster Server in a secure mode.

   The installer creates the Security service group, creates Authentication Server credentials on each node in the cluster and Web credentials for Veritas Cluster Server users, and sets up trust with the root broker.

To disable Symantec Product Authentication Services on a Veritas Cluster Server cluster

1. Verify you have a root broker configured.

   See the Veritas Cluster Server Installation Guide for instructions.

2. Start the installvcs program with the -security option.

   # /opt/VRTS/install/installvcs -security

   The installer displays the directory where the logs are created.

3. Enter 2 to disable the Authentication Service on the cluster.

   1) Enable Symantec Security Services on a VCS Cluster

   2) Disable Symantec Security Services on a VCS Cluster

   Select the Security option you would like to perform [1-2,q] 2

4. If Veritas Cluster Server is not configured in the system from where you started the installvcs program, enter the name of a node in the cluster that you want to disable the Authentication Service.

   Enter the name of one system in the VCS Cluster that you would like to disable Symantec Security Services: north

5. Review the output as the installer proceeds with a basic verification.
6. Press Enter at the prompt to confirm that you want to disable the Authentication Service.

   Would you like to disable Symantec Security Services on this cluster? [y,n,q] (y) y

7. Review the output as the installer modifies the Veritas Cluster Server configuration files to disable the Authentication Service and starts Veritas Cluster Server.