This topic describes how to enable and disable Security Services. Do not edit the VCS configuration file main.cf to enable or disable VxSS.
To enable Symantec Product Authentication Service (AT), VCS requires a system in your enterprise that serves as a root broker. You can do one of the following:
Use an existing root broker system in your enterprise.
Set up a root broker system.
See the Veritas Cluster Server Installation Guide for instructions on setting up a root broker.
Configure one of the nodes in the cluster to serve as root broker.
When you enable AT on a VCS cluster using the installvcs program, the installer provides you an option to configure one of the nodes as root broker.
To enable Symantec Product Authentication Services on a VCS cluster
hasys -state
The output must show the SysState value as RUNNING.
Delete all the VCS users that were created for the non-secure cluster. This step restricts users from inadvertently availing any privileges in the secure cluster.
Note that user names in a secure cluster use the format user@domain.
See the Veritas Cluster Server Installation Guide for instructions.
/opt/VRTS/install/installvcs -security
The installer displays the directory where the logs are created.
1) Enable Symantec Security Services on a VCS Cluster 2) Disable Symantec Security Services on a VCS Cluster Select the Security option you would like to perform [1-2,q] 1
Enter the name of one system in the VCS Cluster that you would like to enable Veritas Security Services: sys1
The installer proceeds to verify communication with the node in the cluster.
The installer also verifies that VCS is running on all systems in the cluster.
Would you like to enable Symantec Security Services on this cluster? [y,n,q] (y) y
See the Veritas Cluster Server Installation and Configuration Guide for details on the configuration modes.
Based on the root broker system you plan to use, do one of the following:
The installer creates the Security service group, creates Authentication Server credentials on each node in the cluster and Web credentials for VCS users, and sets up trust with the root broker.
To disable Symantec Product Authentication Services on a VCS cluster
Delete all the VCS users that were created for the secure cluster. This step restricts users from inadvertently availing any privileges in the secure cluster.
Note that user names in a secure cluster use the format user@domain.
# /opt/VRTS/install/installvcs -security
The installer displays the directory where the logs are created.
1) Enable Symantec Security Services on a VCS Cluster 2) Disable Symantec Security Services on a VCS Cluster Select the Security option you would like to perform [1-2,q] 2
Enter the name of one system in the VCS Cluster that you would like to disable Symantec Security Services: sys1
Would you like to disable Symantec Security Services on this cluster? [y,n,q] (y) y