 | ||
| Securing communication between the wide-area connectors | ||
|---|---|---|
| Prev | Configuring clusters for global cluster setup | Next |
| ||
| Securing communication between the wide-area connectors | ||
|---|---|---|
| Prev | Configuring clusters for global cluster setup | Next |
Perform the following steps to configure secure communication between the wide-area connectors.
To secure communication between the wide-area connectors
For more information, see the Veritas Cluster Server Installation Guide.
For example in a VCS global cluster environment with two clusters, perform the following steps to establish trust between the clusters:
On each node of the first cluster, enter the following command:
export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC; /opt/VRTSvcs/bin/vcsat setuptrust -b IP_address_of_any_node_from_the_second_cluster:14149 -s high
The command obtains and displays the security certificate and other details of the root broker of the second cluster.
If the details are correct, enter y at the command prompt to establish trust.
For example:
The hash of above credential is b36a2607bf48296063068e3fc49188596aa079bb Do you want to trust the above?(y/n) y
On each node of the second cluster, enter the following command:
export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC /opt/VRTSvcs/bin/vcsat setuptrust -b IP_address_of_any_node_from_the_first_cluster:14149 -s high
The command obtains and displays the security certificate and other details of the root broker of the first cluster.
If the details are correct, enter y at the command prompt to establish trust.
Alternatively, if you have passwordless communication set up on the cluster, you can use the installvcs -securitytrust option to set up trust with a remote cluster.
hares -offline wac -sys node_where_wac_is_online
haconf -makerw hares -modify wac StartProgram \ "/opt/VRTSvcs/bin/wacstart -secure" hares -modify wac MonitorProcesses \ "/opt/VRTSvcs/bin/wac -secure" haconf -dump -makero
hares -online wac -sys systemname