The following procedure describes how to migrate from a non-secure to secure set up for the coordination point server (CP server) and VCS cluster. The procedure is only applicable to Symantec Product Authentication Services (AT)-based communication between CP servers and VCS cluster.
To migrate from non-secure to secure setup for CP server and VCS cluster
# hastop -all
# /etc/init.d/vxfen stop
# hagrp -offline CPSSG -any
See the Cluster Server Configuration and Upgrade Guide for more information.
If CP server is hosted on an SFHA cluster, perform this step on each CP server.
Bring the mount resource in the CPSSG service group online.
# hares -online cpsmount -sys local_system_name
Complete the remaining steps.
If CP server is hosted on a single-node VCS cluster, skip to step 8 and complete the remaining steps.
credentials
directory from the default location to shared storage.# mv /var/VRTSvcs/vcsauth/data/CPSERVER /etc/VRTSvcs/db/
# ln -s /etc/VRTScps/db/CPSERVER \ /var/VRTSvcs/vcsauth/data/CPSERVER
/etc/vxcps.conf
on each CP server to set security=1.# hagrp -online CPSSG -any
/etc/VRTSvcs/conf/config/main.cf
on the first node of the cluster and remove the UseFence=SCSI3 attribute. Start VCS on the first node and then on all other nodes of the cluster.
# /opt/VRTS/install/installer -fencing