Previous  |  Next  >  
Product: Cluster Server Guides   
Manual: Cluster Server 4.1 User's Guide   

Security Services

VCS uses VERITAS Security Services (VxSS) to provide secure communication between cluster nodes and clients, including the Java and the Web consoles. VCS uses digital certificates for authentication and uses SSL to encrypt communication over the public network.

When running in secure mode, VCS uses platform-based authentication; VCS does not store user passwords. All VCS users are system and domain users and are configured using fully-qualified user names. For example, administrator@vcsdomain. VCS provides a single sign-on mechanism, so authenticated users need not sign on each time to connect to a cluster.

VCS requires a system to be configured as a root broker. Additionally, all nodes in the cluster must be configured as authentication brokers.

  • A root broker serves as the main registration and certification authority; it has a self-signed certificate and can authenticate other brokers. VERITAS recommends configuring a system outside the cluster as the root broker.
  • Authentication brokers reside one level below the root broker. Authentication brokers serve as intermediate registration and certification authorities. They can authenticate clients, such as users or services, but cannot authenticate other brokers. Authentication brokers have certificates signed by the root.

For secure communication, VCS components acquire credentials from the VxSS authentication broker configured on the local system. The acquired certificate is used during authentication and is presented to clients for the SSL handshake. VCS and its components specify the account name and the domain in the following format:

  • HAD Account

    • name = _HA_VCS_(systemname)
    domain = HA_SERVICES@(fully_qualified_system_name)
  • CmdServer

    • name = _CMDSERVER_VCS_(systemname)
    domain = HA_SERVICES@(fully_qualified_system_name)

For instructions on how to set up Security Services while setting up the cluster, see the VERITAS Cluster Server Installation Guide. For instructions on enabling and disabling Security Services manually, see Enabling and Disabling VERITAS Security Services.

 ^ Return to Top Previous  |  Next  >  
Product: Cluster Server Guides  
Manual: Cluster Server 4.1 User's Guide  
VERITAS Software Corporation
www.veritas.com