Securing communication between the wide-area connectors
Prev Configuring clusters for global cluster setup Next

Securing communication between the wide-area connectors

Perform the following steps to configure secure communication between the wide-area connectors.

To secure communication between the wide-area connectors

  1. Verify that security is configured in both the clusters. You can use the installvcs -security command to configure security.

    For more information, see the Cluster Server Configuration and Upgrade Guide.

  2. Establish trust between the clusters.

    For example in a VCS global cluster environment with two clusters, perform the following steps to establish trust between the clusters:

    • On each node of the first cluster, enter the following command:

      # export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC;
/opt/VRTSvcs/bin/vcsat setuptrust -b 
IP_address_of_any_node_from_the_second_cluster:14149 -s high

      The command obtains and displays the security certificate and other details of the root broker of the second cluster.

      If the details are correct, enter y at the command prompt to establish trust.

      For example:

      The hash of above credential is
		b36a2607bf48296063068e3fc49188596aa079bb
		Do you want to trust the above?(y/n) y

    • On each node of the second cluster, enter the following command:

      # export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC
/opt/VRTSvcs/bin/vcsat setuptrust -b 
IP_address_of_any_node_from_the_first_cluster:14149 -s high

      The command obtains and displays the security certificate and other details of the root broker of the first cluster.

      If the details are correct, enter y at the command prompt to establish trust.

      Alternatively, if you have passwordless communication set up on the cluster, you can use the installvcs -securitytrust option to set up trust with a remote cluster.

    • Skip the remaining steps in this procedure if you used the installvcs -security command after the global cluster was set up.

    • Complete the remaining steps in this procedure if you had a secure cluster and then used the gcoconfig command.

    On each cluster, take the wac resource offline on the node where the wac resource is online. For each cluster, run the following command:
    # hares -offline wac -sys node_where_wac_is_online
  4. Update the values of the StartProgram and MonitorProcesses attributes of the wac resource:
    # haconf -makerw
hares -modify wac StartProgram \
"/opt/VRTSvcs/bin/wacstart -secure"
hares -modify wac MonitorProcesses \
"/opt/VRTSvcs/bin/wac -secure"
haconf -dump -makero
  5. On each cluster, bring the wac resource online. For each cluster, run the following command on any node:
    # hares -online wac -sys systemname
Prev Up Next
Installing and configuring VCS at the secondary site Home Configuring remote cluster objects