You can set up Symantec Product Authentication Service (AT) for the cluster during the VCS installation or after the installation.
If you want to enable AT in a cluster at a later time, refer to the Veritas Cluster Server User's Guide for instructions.
The prerequisites to configure a cluster in secure mode are as follows:
A system in your enterprise is configured as root broker (RB).
If a root broker system does not exist, install and configure root broker on a system.
An authentication broker (AB) account for each node in the cluster is set up on the root broker system.
See Creating authentication broker accounts on root broker system.
The system clocks of the root broker and authentication brokers must be in sync.
The installvcs program provides the following configuration modes:
Figure: Workflow to configure VCS cluster in secure mode depicts the flow of configuring VCS cluster in secure mode.
Table: Preparatory tasks to configure a cluster in secure mode lists the preparatory tasks in the order which the AT and VCS administrators must perform.
Table: Preparatory tasks to configure a cluster in secure mode
Tasks |
Who performs this task |
---|---|
Decide one of the following configuration modes to set up a cluster in secure mode:
|
VCS administrator |
Install the root broker on a stable system in the enterprise. |
AT administrator |
On the root broker system, create authentication broker accounts for each node in the cluster. See Creating authentication broker accounts on root broker system. AT administrator requires the following information from the VCS administrator:
|
AT administrator |
To use the semi-automatic mode, create the encrypted files (BLOB files) for each node and provide the files to the VCS administrator. AT administrator requires the following additional information from the VCS administrator:
|
AT administrator |
To use the manual mode, provide the root_hash file (/opt/VRTSat/bin/root_hash) from the root broker system to the VCS administrator. |
AT administrator |
Copy the files that are required to configure a cluster in secure mode to the system from where you plan to install and configure VCS. See Preparing the installation system for the security infrastructure. |
VCS administrator |