Manuals / Brands / Computer Equipment / Laptop / IBM / Computer Equipment / Laptop

IBM SG24-5131-00 Inside the RS/6000 SP, server, principals, Kerberos server, Key Distribution Center, client, The Enlarged Devils Dictionary

1 240

Download 240 pages, 1.62 Mb

188 IBM Certification Study Guide AIX HACMP

The following is simply a shortened description on how kerberos works. For

more details, the redbook

Inside the RS/6000 SP

, SG24-5145, covers the

subject in much more detail.

When dealing with authentication and Kerberos, three entities are involved:

the

client

, who is requesting service from a

server

; the second entity, and the

Key Distribution Center

or

Kerberos server

, which is a machine that manages

the database, where all the authentication data is kept and maintained.

Kerberos is a third-party system used to authenticate users or services that

are known to Kerberos as

principals

. The very first action to take regarding

Kerberos and principals is to register the latter to the former. When this is

done, Kerberos asks for a principal’s password, which is converted to a

principal (user or service) 56-bit key using the DES (Data Encryption

Standard) algorithm. This key is stored in the Kerberos server database.

When a client needs the services of a server, the client must prove its identity

to the server so that the server knows to whom it is talking.

Tickets are the means the Kerberos server gives to clients to authenticate

themselves to the service providers and get work done on their behalf on the

services servers. Tickets have a finite life, known as the ticket life span.

In Kerberos terms, to make a Kerberos authenticated service provider work

on behalf of a client is a three-step process:

• Get a ticket-granting ticket.

• Get a service ticket.

• Get the work done on the service provider.

The main role of the ticket-granting ticket service is to avoid unnecessary

password traffic over the network; so, the user should issue his password

only once per session. What this ticket-granting ticket service does is to give

the client systems a ticket that has a certain time span, whose purpose is to

Also spelled Cerberus - The watchdog of Hades, whose duty was to guard

the entrance (against whom or what does not clearly appear); it is known to

have had three heads.

- Ambrose Bierce,

The Enlarged Devil’s Dictionary

Kerberos

Contents

Main Page Page Page Contents Page Page Page Page Page Figures Page Tabl es Page Preface real world The Team That Wrote This Redbook Comments Welcome Page Chapter 1. Certification Overview 1.1 IBM Certified Specialist - AIX HACMP 1.2 Certification Exam Objectives Section 1 - Preinstallation Section 2 - HACMP Implementation Section 3 - System Management 1.3 Certification Education Courses Page Page Chapter 2. Cluster Planning 2.1 Cluster Nodes no single point of failure 2.1.1 CPU Options 2.1.2 Cluster Node Considerations Page Page 2.2 Cluster Networks 2.2.1 TCP/IP Networks Page Page 2.2.2 Non-TCPIP Networks Page Target-mode SCSI Target-mode SSA 2.3 Cluster Disks 2.3.1 SSA Disks Monitoring and Managing IBM SSA Disk Subsystems, initiator target HOST M s B s Page Page Page Page RAID Technology RAID Level 0 RAID Level 1 RAID Levels 2 and 3 RAID Level 4 RAID Level 5 RAID on the 7133 Disk Subsystem Page 2.3.2 SCSI Disks Disks Dual Active 2.4 Resource Planning 2.4.1 Resource Group Options Inactive Takeover true false 2.4.2 Shared LVM Components Hot-Standby Configuration Rotating Standby Configuration Mutual Takeover Configuration Third-Party Takeover Configuration 2.4.3 IP Address Takeover Single Network Dual Network Point-to-Point Connection only Network Name Network Attribute Adapter Label Adapter Function should not Page 2.4.4 NFS Exports and NFS Mounts NFS cross mount 2.5 Application Planning HACMP for 2.5.1 Performance Requirements HACMP for AIX Planning Guide 2.5.2 Application Startup and Shutdown Routines 2.5.3 Licensing Methods 2.5.4 Coexistence with other Applications must not 2.5.5 Critical/Non-Critical Prioritizations 2.6 Customization Planning 2.6.1 Event Customization multiple HACMP for AIX, Version 4.3: Installation Guide 2.6.2 Error Notification Page Page 2.7 User ID Planning 2.7.1 Cluster User and Group IDs 2.7.2 Cluster Passwords 2.7.3 User Home Directory Planning Page Chapter 3. Cluster Hardware and Software Preparation 3.1 Cluster Node Setup Adapters, Devices, and Cable Information for Multiple Bus Systems PCI Adapter Placement Reference Guide, 3.1.1 Adapter Slot Placement Page Page Page 3.1.3 AIX Prerequisite LPPs 3.1.4 AIX Parameter Settings AIX Performance Monitoring & Tuning Guide HACMP for AIX, Version 4.3: Planning Guide, SC23-4277 Page 3.2 Network Connection and Testing 3.2.1 TCP/IP Networks fail_standby swap_adapter Page must HACMP for AIX, Version 4.3: Concepts and Facilities, SC23-4276 3.2.2 Non TCP/IP Networks Page Page 3.3 Cluster Disk Setup 3.3.1 SSA Adapter Router Adapter Definitions Disk Definitions Diagnostics A Practical Guide to SSA for AIX Upgrade Instructions Page 3.3.2 SCSI SCSI Adapters RAID Enclosures Page Page 76 Page Page Page Page 3.4 Shared LVM Component Configuration 3.4.1 Creating Shared VGs Creating a Concurrent Access Volume Group on Serial Disk concurrent-capable Creating a Concurrent Access Volume Group on RAID Disk 3.4.2 Creating Shared LVs and File Systems Renaming a jfslog and Logical Volumes on the Source Node Adding Copies to Logical Volume on the Source Node x , Testing a File System 3.4.3 Mirroring Strategies 3.4.4 Importing to Other Nodes Page 3.4.5 Quorum Quorum Enabled Quorum Disabled all Forcing a Varyon Quorum in Non-Concurrent Access Configurations 3.4.6 Alternate Method - TaskGuide Page Page Chapter 4. HACMP Installation and Cluster Definition AIX Version 4.3: Migration Guide HACMP for AIX, Version 4.3: Installation 4.1 Installing HACMP 4.1.1 First Time Installs Page Page The installation of CRM requires the following software: Install Server Nodes HACMP for AIX Version 4.3: Installation Guide, HACMP for AIX, Version 4.3: Installation Guide, Rebooting Servers Upgrade AIX on One Node HACMP for AIX, Version 4.3: HACMP for AIX, Version 4.3: Administration Guide, AIX Installation Guide, Install HACMP 4.3 for AIX on Node A 4.1.1, First Time Installs on page 93 Check Upgraded Configuration Client-only Migration 4.1.2.2 Upgrading from Version 4.2.2 on AIX 4.3.2 to HACMP Version 4.3 HACMP for AIX, Version 4.3: Administration Guide, HACMP for AIX, Version 4.3: Administration Guide, 4.2 Defining Cluster Topology HACMP for AIX, Version 4.3: Concepts and Facilities, 4.2.1 Defining the Cluster 4.2.2 Defining Nodes HACMP for AIX, Version 4.3: Administration Guide, Adding or Changing a Node Name after the Initial Configuration 4.2.3 Defining Adapters service boot HACMP Installation Guide should not standby HACMP for AIX, Version 4.3:Planning Guide Adding or Changing Adapters after the Initial Configuration HACMP for AIX, Version 4.3: 4.2.4 Configuring Network Modules Fibrillate Count, 4.2.5 Synchronizing the Cluster Definition Across Nodes Page 4.3 Defining Resources 4.3.1 Configuring Resource Groups Page Page 4.4 Initial Testing 4.4.1 Clverify 4.4.2 Initial Startup 4.4.3 Takeover and Reintegration 4.5 Cluster Snapshot HACMP for AIX, Version 4.3: Concepts and Facilities 4.5.1 Applying a Cluster Snapshot Page Page Chapter 5. Cluster Customization 5.1 Event Customization 5.1.1 Predefined Cluster Events Page Page Page Page 5.1.2 Pre- and Post-Event Processing 5.1.3 Event Notification 5.1.4 Event Recovery and Retry Retry 5.1.5 Notes on Customizing Event Processing notification objects. 5.1.6 Event Emulator HACMP for AIX, Version 4.3: Concepts and Facilities, 5.3 Network Modules/Topology Services and Group Services HACMP/ES Installation and Administration Guide HACMP/ES Installation and Administration Guide 5.4 NFS considerations 5.4.1 Creating Shared Volume Groups Shared Volume Group/File System (Non-Concurrent Access) HACMP for AIX, Version 4.3: Planning Guide, SC23-4277 5.4.2 Exporting NFS File Systems 5.4.3 NFS Mounting 5.4.4 Cascading Takeover with Cross Mounted NFS File Systems Caveats about Node Names and NFS 5.4.5 Cross Mounted NFS File Systems and the Network Lock Manager Page 130 Chapter 6. Cluster Testing 6.1 Node Verification 6.1.1 Device State 6.1.2 System Parameters 6.1.3 Process State 6.1.4 Network State 6.1.5 LVM State 6.1.6 Cluster State 6.2 Simulate Errors 6.2.1 Adapter Failure Page Page 6.2.2 Node Failure / Reintegration 6.2.3 Network Failure 6.2.4 Disk Failure Page 6.2.5 Application Failure Page Chapter 7. Cluster Troubleshooting 7.1 Cluster Log Files 144 dd mm 7.2 config_too_long 7.3 Deadman Switch 7.3.1 Tuning the System Using I/O Pacing AIX Performance Monitoring & Tuning xxxxx 7.3.2 Extending the syncd Frequency 7.3.3 Increase Amount of Memory for Communications Sub system 7.3.4 Changing the Failure Detection Rate only Node isolation HACMP for AIX, Version 4.3: Administration Guide, SC23-4279 7.4 Node Isolation and Partitioned Clusters 7.5 The DGSP Message 7.6 User ID Problems 7.7 Troubleshooting Strategy Page Chapter 8. Cluster Management and Administration 8.1 Monitoring the Cluster SMIT Show Cluster Services 8.1.1 The clstat Command 8.1.2 Monitoring Clusters using HAView 8.1.3 Cluster Log Files HACMP for AIX, Version 4.3: Troubleshooting Guide, dd mm mmdd 8.2 Starting and Stopping HACMP on a Node or a Client 8.2.1 HACMP Daemons 8.2.2 Starting Cluster Services on a Node Start Cluster Services SMIT Start Cluster Services SMIT 8.2.3 Stopping Cluster Services on a Node HACMP for AIX Stop Cluster Services SMIT all intentional failover. 8.2.4 Starting and Stopping Cluster Services on Clients 8.3 Replacing Failed Components 8.3.1 Nodes 8.3.2 Adapters 8.3.3 Disks Page 8.4 Changing Shared LVM Components 8.4.1 Manual Update 8.4.2 Lazy Update 8.4.3 C-SPOC HACMP for AIX, Version 4.3: Administration Guide, SC23-4279 Page 8.4.4 TaskGuide 8.5 Changing Cluster Resources 8.5.1 Add/Change/Remove Cluster Resources HACMP for AIX, Version 4.3: Concepts and Facilities 8.5.3 DARE Resource Migration Utility Sticky Resource Migration Non-Sticky Resource Migration Node Name Default Location Stop Location Stopping Resource Groups 8.6 Applying Software Maintenance to an HACMP Cluster Page 8.7 Backup Strategies AIX Commands Reference Version 4.3 8.7.1 Split-Mirror Backups Page 8.7.2 Using Events to Schedule a Backup node_down_remote node_up_remote node_down_remote HACMP/6000 Customization Examples 8.8.1 Listing Users On All Cluster Nodes 8.8.2 Adding User Accounts on all Cluster Nodes 8.8.3 Changing Attributes of Users in a Cluster 8.8.4 Removing Users from a Cluster 8.8.5 Managing Group Accounts HACMP for AIX, Version 4.3: Administration Guide 8.8.6 C-SPOC Log Page Chapter 9. Special RS/6000 SP Topics 9.1 High Availability Control Workstation (HACWS) IBM Parallel System Support Programs for AIX Installation and Migration Guide IBM RS/6000 SP Planning Volume 2, Control Workstation and Software Environment 9.1.1 Hardware Requirements 9.1.2 Software Requirements 9.1.3 Configuring the Backup CWS secondary authentication server authentication client 9.1.4 Install High Availability Software HACMP for AIX, Version 4.3: Installation HACMP for 9.1.5 HACWS Configuration HACMP for 9.1.6 Setup and Test HACWS 9.2 Kerberos Security Inside the RS/6000 SP server principals Kerberos server Key Distribution Center 9.2.1 Configuring Kerberos Security with HACMP Version 4.3 9.3 VSDs - RVSDs 9.3.1 Virtual Shared Disk (VSDs) buddy buffer IBM Parallel System Support Programs for AIX Managing Shared Disks Undefined Defined Stopped Suspended Active 9.3.2 Recoverable Virtual Shared Disk Fas t IP Netw ork Node Y Node X Node Z Page 9.4 SP Switch as an HACMP Network 9.4.1 Switch Basics Within HACMP private 9.4.2 Eprimary Management 9.4.3 Switch Failures network_down Page Page Chapter 10. HACMP Classic vs. HACMP/ES vs. HANFS 10.1 HACMP for AIX Classic 10.2 HACMP for AIX / Enhanced Scalability 10.2.1 IBM RISC System Cluster Technology (RSCT) HACMP for AIX, Version 4.3: Enhanced Scalability Installation and Administration Guide 10.2.2 Enhanced Cluster Security 10.3 High Availability for Network File System for AIX 10.4 Similarities and Differences 10.5 Decision Criteria HACMP Enhanced Scalability Page Appendix A. Special Notices Page Page Page Appendix B. Related Publications B.1 International Technical Support Organization Publications B.2 Redbooks on CD-ROMs B.3 Other Publications How to Get ITSO Redbooks How IBM Employees Can Get ITSO Redbooks 212 How Customers Can Get ITSO Redbooks IBM Redbook Order Form Page List of Abbreviations 216 Index Symbols A B C D E F G H I P R S T U V X ITSO Redbook Evaluation