Symantec Product Authentication Service authenticates user accounts and secures communication between cluster nodes and client software, including the Cluster Management Console. The Symantec Product Authentication Service uses digital certificates for user account authentication and SSL to encrypt communication over the public network.
Clusters that use the Symantec Product Authentication Service are said to be configured in secure mode.
The following are the main components of the Symantec Product Authentication Service:
Authentication brokers serve as intermediate user account registration and certification authorities. An authentication broker is installed on every management server and every cluster node in a secure-mode cluster. Every login to a management server or to a secure-mode cluster verifies the user account against an authentication broker.
A root broker serves as the main user account registration and certification authority. The root broker maintains a unique identification data sequence called a root hash. When you create an authentication broker, the root broker uses the root hash to create an authenticated (signed) certificate for that authentication broker. This is the only role that the root broker has for authentication. The authentication broker subsequently propagates the certificate to its registered users.
If you create two authentication brokers under the same root, a user that is registered in one can still log in through the other. The other authentication broker recognizes the certificate from the common root broker and permits the login.
Symantec recommends that you install and configure only one root broker in the enterprise. Root brokers are usually installed on standalone systems.
Note Symantec recommends that you configure only one root broker in the enterprise. You can configure multiple authentication brokers to use one root broker. Each operating system in the enterprise requires at least one authentication broker. Configuring all authentication brokers to use one root enables authentication across all operating systems.
The installation and configuration topics provide extensive practical setup information.
See Setting up the security infrastructure: overview of tasks.
See Configuring a peer management server.