Preparing to configure the clusters in secure mode


Preparing to configure the clusters in secure mode
Prev	Preparing to install VCS	Next

You can set up Symantec Product Authentication Service (AT) for the cluster during the VCS installation or after the installation.

If you want to enable AT in a cluster at a later time, refer to the Veritas Cluster Server User's Guide for instructions.

The prerequisites to configure a cluster in secure mode are as follows:

A system in your enterprise is configured as root broker (RB).

If a root broker system does not exist, install and configure root broker on a system.
An authentication broker (AB) account for each node in the cluster is set up on the root broker system.

See Creating authentication broker accounts on root broker system.
The system clocks of the root broker and authentication brokers must be in sync.

The installvcs program provides the following configuration modes:

Automatic mode

The root broker system must allow remsh or ssh passwordless login to use this mode.

Semi-automatic mode

This mode requires encrypted files (BLOB files) from the AT administrator to configure a cluster in secure mode.

The nodes in the cluster must allow remsh or ssh passwordless login.

Manual mode

This mode requires root_hash file and the root broker information from the AT administrator to configure a cluster in secure mode.

The nodes in the cluster must allow remsh or ssh passwordless login.

Figure: Workflow to configure VCS cluster in secure mode depicts the flow of configuring VCS cluster in secure mode.

Figure: Workflow to configure VCS cluster in secure mode

Table: Preparatory tasks to configure a cluster in secure mode lists the preparatory tasks in the order which the AT and VCS administrators must perform.

Table: Preparatory tasks to configure a cluster in secure mode

Tasks	Who performs this task
Decide one of the following configuration modes to set up a cluster in secure mode: Automatic mode Semi-automatic mode Manual mode	VCS administrator
Install the root broker on a stable system in the enterprise.	AT administrator
On the root broker system, create authentication broker accounts for each node in the cluster. See Creating authentication broker accounts on root broker system. AT administrator requires the following information from the VCS administrator: Node names that are designated to serve as authentication brokers Password for each authentication broker	AT administrator
To use the semi-automatic mode, create the encrypted files (BLOB files) for each node and provide the files to the VCS administrator. AT administrator requires the following additional information from the VCS administrator: Administrator password for each authentication broker Typically, the password is the same for all nodes.	AT administrator
To use the manual mode, provide the root_hash file (/opt/VRTSat/bin/root_hash) from the root broker system to the VCS administrator.	AT administrator
Copy the files that are required to configure a cluster in secure mode to the system from where you plan to install and configure VCS. See Preparing the installation system for the security infrastructure.	VCS administrator

Prev	Up	Next
About preparing to install VCS	Home	Installing the root broker for the security infrastructure