The following requirements must be met for a CP server installation:
For the basic hardware requirements for the VCS/SFHA cluster to host the CP server, refer to the appropriate VCS or SFHA installation and configuration guide.
Table: CP server hardware requirements lists additional requirements for hosting the CP server.
Table: CP server hardware requirements
Table: CP server supported operating systems and versions displays the CP server supported operating systems and versions.
Table: CP server supported operating systems and versions
CP server |
Operating system and version |
---|---|
CP server hosted on a VCS single node cluster or CP server hosted on an SFHA cluster |
|
For networking requirements, Symantec recommends that network access from the VCS clusters to the CP servers should be made highly-available and redundant. The network connections require either a secure LAN or VPN.
The CP server uses the TCP/IP protocol to connect to and communicate with the VCS cluster(s) by these network paths. The CP server listens for messages from the VCS cluster(s) using TCP port 14250. This is the default port that can be changed during a CP server configuration.
When placing the CP server (s) within a specific network configuration, the number of hops from the different VCS cluster nodes to the CP server (s) should be taken into consideration. As a best practices procedure, Symantec recommends that the number of hops from the different VCS cluster nodes to the CP server(s) should be equal. This ensures that if an event occurs that results in an I/O fencing scenario, there is no bias in the race due to the number of hops between the nodes.
For secure communications between the VCS cluster and CP server, be sure to consider the following requirements and suggestions:
If security is configured, both VCS and the customized fencing framework can use secure channels for communication. Configuring VCS in secure mode and CP server or VCS cluster in non-secure mode is supported, but configuring VCS in non-secure mode and CP server in secure mode is not supported.
In a secure communication environment, all CP servers that are used by the VCS cluster must be configured with security enabled. A configuration where the VCS cluster uses some CP servers running with security enabled and other CP servers running with security disabled is not supported.
The CP server and VCS clusters should also use the same root broker. If the same root broker is not being used, then trust can be established between the cluster nodes and CP server for the secure communication. Trust can be established by the installer when configuring fencing.
For non-secure communication between CP server and VCS clusters, there is no need to configure Symantec Product Authentication Service. In non-secure mode, authorization is still provided by CP server for the VCS cluster users. The authorization that is performed only ensures that authorized users can perform appropriate actions as per their user privileges on the CP server.
For additional information, see Veritas Cluster Server Administrator's Guide.