VCS uses the Symantec Product Authentication Service to provide secure communication between cluster nodes. VCS uses digital certificates for authentication and uses SSL to encrypt communication over the public network.
In secure mode:
VCS uses platform-based authentication.
VCS does not store user passwords.
All VCS users are system and domain users and are configured using fully-qualified user names. For example, administrator@vcsdomain. VCS provides a single sign-on mechanism, so authenticated users do not need to sign on each time to connect to a cluster.
For secure communication, VCS components acquire credentials from the authentication broker that is configured on the local system. In VCS 6.0 and later, a root and authentication broker is automatically deployed on each node when a secure cluster is configured. The acquired certificate is used during authentication and is presented to clients for the SSL handshake.
VCS and its components specify the account name and the domain in the following format:
For instructions on how to set up Security Services while setting up the cluster, see the Cluster Server installation documentation.