Creating encrypted files for the security infrastructure
Prev Preparing to configure the clusters in secure mode Next

Creating encrypted files for the security infrastructure

Create encrypted files (BLOB files) only if you plan to choose the semiautomatic mode that uses an encrypted file to configure the Authentication Service. The administrator must create the encrypted files on the root broker node. The administrator must create encrypted files for each node that is going to be a part of the cluster before you configure the Authentication Service for VCS.

To create encrypted files

  1. Make a note of the following root broker information. This information is required for the input file for the encrypted file:

    hash

    The value of the root hash string, which consists of 40 characters. Execute the following command to find this value:

    venus> # vssat showbrokerhash

    root_domain

    The value for the domain name of the root broker system. Execute the following command to find this value:

    venus> # vssat showalltrustedcreds

  2. Make a note of the following authentication broker information for each node. This information is required for the input file for the encrypted file:

    identity

    The value for the authentication broker identity, which you provided to create authentication broker principal on the root broker system.

    This is the value for the --prplname option of the addprpl command.

    See Creating authentication broker accounts on root broker system.

    password

    The value for the authentication broker password, which you provided to create authentication broker principal on the root broker system.

    This is the value for the --password option of the addprpl command.

    See Creating authentication broker accounts on root broker system.

    broker_admin_password

    The value for the authentication broker password for Administrator account on the node. This password must be at least five characters.

  3. For each node in the cluster, create the input file for the encrypted file.

    The installer presents the format of the input file for the encrypted file when you proceed to configure the Authentication Service using encrypted file. For example, the input file for authentication broker on galaxy resembles:

    [setuptrust]
broker=venus.symantecexample.com
hash=758a33dbd6fae751630058ace3dedb54e562fe98
securitylevel=high

[configab]
identity=galaxy
password=password
root_domain=vx:root@venus.symantecexample.com
root_broker=venus.symantecexample.com:2821
broker_admin_password=ab_admin_password
start_broker=false
enable_pbx=false

  4. Back up these input files that you created for the authentication broker on each node in the cluster.

    Note that for security purposes, the command to create the output file for the encrypted file deletes the input file.

  5. For each node in the cluster, create the output file for the encrypted file from the root broker system using the following command.

    RootBroker> # vssat createpkg \
--in /path/to/blob/input/file.txt \
--out /path/to/encrypted/blob/file.txt \
--host_ctx AB-hostname

    For example:

    venus> # vssat createpkg --in /tmp/galaxy.blob.in \
--out /tmp/galaxy.blob.out --host_ctx galaxy

    Note that this command creates an encrypted file even if you provide wrong password for "password=" entry. But such an encrypted file with wrong password fails to install on authentication broker node.

  6. After you complete creating the output files for the encrypted file, you must copy these files to the installer node.

Prev Up Next
Creating authentication broker accounts on root broker system Home Preparing the installation system for the security infrastructure