A global cluster is created in non-secure mode by default. You may continue to allow the global cluster to run in non-secure mode or choose to establish secure communication between clusters.
The following prerequisites are required for establishing secure communication within a global cluster:
The clusters within the global cluster must be running in secure mode.
You must have Administrator privileges for the domain.
The following information is required for adding secure communication to a global cluster:
The active host name or IP address of each cluster in the global configuration.
The user name and password of the administrator for each cluster in the configuration.
If the local clusters do not point to the same root broker, the host name and port address of each root broker.
Adding secure communication involves the following tasks:
Taking the ClusterService-Proc (wac) resource in the ClusterService group offline on the clusters in the global environment.
Adding the -secure option to the StartProgram attribute on each node.
Establishing trust between root brokers if the local clusters do not point to the same root broker.
Bringing the ClusterService-Proc (wac) resource online on the clusters in the global cluster.
To take the ClusterService-Proc (wac) resource offline on all clusters
To add the -secure option to the StartProgram resource
For example:
"C:\Program Files\Veritas\Cluster Server\bin\wac.exe" -secure
To establish trust between root brokers if there is more than one root broker
Log on to the root broker for each cluster and set up trust to the other root brokers in the global cluster.
The complete syntax of the command is:
vssat setuptrust --broker host:port --securitylevel [low|medium|high] [--hashfile fileName | --hash rootHashInHex]
For example, to establish trust with a low security level in a global cluster comprised of Cluster1 pointing to RB1 and Cluster2 pointing to RB2 use the following commands:
From RB1, type:
vssat setuptrust --broker RB2:14141 --securitylevel low
From RB2, type:
vssat setuptrust --broker RB1:14141 --securitylevel low
To bring the ClusterService-Proc (wac) resource online on all clusters