To migrate from non-secure to secure setup for CP server and VCS cluster

1. Stop VCS on all cluster nodes that use the CP servers.

   # hastop -all

2. Stop fencing on all the VCS cluster nodes of all the clusters.

   # /etc/init.d/vxfen stop

3. Stop all the CP servers using the following command on each CP server:

   # hagrp -offline CPSSG -any

4. Ensure that security is configured for communication on CP Servers as well as all the clients.

   See the Cluster Server Configuration and Upgrade Guide for more information.

5. • If CP server is hosted on an SFHA cluster, perform this step on each CP server.

     Bring the mount resource in the CPSSG service group online.

     # hares -online cpsmount -sys local_system_name

     Complete the remaining steps.

   • If CP server is hosted on a single-node VCS cluster, skip to step 8 and complete the remaining steps.

6. After the mount resource comes online, move the credentials directory from the default location to shared storage.

   # mv /var/VRTSvcs/vcsauth/data/CPSERVER /etc/VRTSvcs/db/

7. Create softlinks on all the nodes of the CP servers.

   # ln -s /etc/VRTScps/db/CPSERVER \
   /var/VRTSvcs/vcsauth/data/CPSERVER

8. Edit /etc/vxcps.conf on each CP server to set security=1.
9. Start CP servers by using the following command:

   # hagrp -online CPSSG -any

10. Edit /etc/VRTSvcs/conf/config/main.cf on the first node of the cluster and remove the UseFence=SCSI3 attribute.

    Start VCS on the first node and then on all other nodes of the cluster.

11. Reconfigure fencing on each cluster by using the installer.

    # /opt/VRTS/install/installer -fencing