Manuals / IBM / Computer Equipment / Laptop

IBM SG24-5131-00 Enhanced Cluster Security, High Availability for Network File System for AIX

Models: SG24-5131-00

1 240

Download 240 pages 48.89 Kb

Page 219

See Part 4 of HACMP for AIX, Version 4.3: Enhanced Scalability Installation and Administration Guide, SC23-4284, for more information on these services.

10.2.2 Enhanced Cluster Security

With HACMP Version 4.3 comes an option to switch security Mode between Standard and Enhanced.

Standard Synchronization is done through the /.rhosts remote command facilities. To avoid the compromised security that the presence of this file presents, the administrator is strongly encouraged to remove these files after the synchronization/verification is done.

Enhanced Kerberos authentication is used for remote commands. That means the kerberos daemons can decide whether a remote host is who they claim to be. This is done by granting access on the basis of tickets, which are provided only to those hosts having the correct identification.

10.3 High Availability for Network File System for AIX

The HANFS for AIX software provides a reliable NFS server capability by allowing a backup processor to recover current NFS activity should the primary NFS server fail.

The HANFS for AIX software supports only two nodes in a cluster.

HANFS for AIX is based on High Availability Cluster Multi-Processing for AIX, Version 4.3 (HACMP for AIX Classic) product architecture, which ensures that critical resources, configured as part of a cluster, are highly available for processing. The HANFS for AIX software extends HACMP for AIX by taking advantage of AIX extensions to the standard NFS functionality that enable it to handle duplicate requests correctly and restore lock state during NFS server failover and reintegration.

Note

A cluster cannot be mixed, that is, have some nodes running the HANFS for AIX software and other nodes running the HACMP for AIX software. A single cluster must either have all nodes running the HANFS for AIX software or all nodes running the HACMP for AIX software. Distinct HANFS and HACMP clusters, however, are allowed on the same physical network.

HACMP Classic vs. HACMP/ES vs. HANFS 201

Image 219

IBM SG24-5131-00 manual Enhanced Cluster Security, High Availability for Network File System for AIX

Contents

AIX Hacmp Page AIX Hacmp Take Note Contents Iv IBM Certification Study Guide AIX Hacmp Page Vi IBM Certification Study Guide AIX Hacmp Vii Appendix A. Special NoticesViii IBM Certification Study Guide AIX Hacmp Figures IBM Certification Study Guide AIX Hacmp Tables Xii IBM Certification Study Guide AIX Hacmp Xiii PrefaceTeam That Wrote This Redbook Your comments are important to us Comments WelcomeXvi IBM Certification Study Guide AIX Hacmp Recommended Prerequisites Certification OverviewIBM Certified Specialist AIX Hacmp Certification Requirement two TestsPreinstallation Certification Exam ObjectivesHacmp Implementation System Management Certification Education Courses Following table outlines information about the next course IBM Certification Study Guide AIX Hacmp Cluster Planning Cluster NodesCPU Options Cluster Node Considerations Cluster Planning Switch adapter is onboard and does not need an extra slot Cluster Networks 1 TCP/IP NetworksSupported TCP/IP Network Types Special Network Considerations Slip SoccCluster Planning Supported Non-TCP/IP Network Types Non-TCPIP NetworksSerial RS232 Special ConsiderationsTarget-mode SSA Cluster DisksSSA Disks Target-mode ScsiHost Specification 1.2 Supported and Non-Supported Adapters Disk CapacitiesRules for SSA Loops Cluster Planning RAID Level RAID vs. Non-RAID RAID TechnologyRAID Levels 2 RAID on the 7133 Disk Subsystem Advantages Scsi Disks DisksSubsystems Advantages Disadvantages Resource Group Options Resource PlanningCluster Planning Shared LVM Components Hot-Standby ConfigurationHot-Standby Configuration Rotating Standby ConfigurationMutual Takeover Configuration Mutual Takeover ConfigurationThird-Party Takeover Configuration Third-Party Takeover ConfigurationIP Address Takeover Concurrent Disk Access ConfigurationsSingle Network Network TopologyPoint-to-Point Connection Dual NetworkNetworks Network NameNetwork Attribute Network Adapters Adapter LabelAdapter Function Cluster Planning Defining Hardware Addresses Application Planning NFS Exports and NFS MountsApplication Startup and Shutdown Routines Performance RequirementsLicensing Methods Coexistence with other ApplicationsCritical/Non-Critical Prioritizations Event Notification Customization PlanningEvent Customization Special Application RequirementsPredictive Event Error Correction Error NotificationSample Screen for Add a Notification Method Application Failure NotificationCluster User and Group IDs User ID PlanningNFS-Mounted Home Directories Cluster PasswordsHome Directories on Shared Volumes User Home Directory PlanningNFS-Mounted Home Directories on Shared Volumes Rootvg Mirroring Cluster Node SetupAdapter Slot Placement Cluster Hardware and Software PreparationIBM Certification Study Guide AIX Hacmp Procedure This is so that the Quorum OFF functionality takes effect Necessary Apar Fixes AIX Prerequisite LPPs4.1 I/O Pacing AIX Parameter SettingsChecking Network Option Settings Cron and NIS Considerations Editing the /.rhosts File Cabling Considerations Network Connection and TestingIP Addresses and Subnets Connecting Networks to a HubTesting Non TCP/IP Networks Configuring Target Mode Scsi Configuring RS232Testing RS232 and Target Mode Networks Configuring Target Mode SSACluster Disk Setup 1 SSACabling Adapter Router AIX ConfigurationDisk Definitions Adapter Definitions#lsdev -Cc disk grep SSA DiagnosticsMicrocode Loading Upgrade InstructionsCluster Hardware and Software Preparation Scsi Configuring a RAID on SSA DisksConnecting RAID Subsystems Scsi AdaptersRAID Enclosures 110 RAIDiant Arrays Connected on Two Shared 8-Bit Scsi Buses Cluster Hardware and Software Preparation #2416 Adapter Scsi ID and Termination change Termination F1=Help F2=Refresh # chdev -l scsi1 -a id=6 -P Change/Show Characteristics of a Scsi Adapter Shared LVM Component ConfigurationCreating VGs for Concurrent Access Creating Shared VGsCreating Non-Concurrent VGs Physical Volume Names Creating Shared LVs and File Systems Renaming a jfslog and Logical Volumes on the Source NodeAdding Copies to Logical Volume on the Source Node Testing a File System Mirroring StrategiesImporting to Other Nodes Changing a Volume Group’s Startup Status Quorum at Vary On QuorumDisabling and Enabling Quorum Quorum EnabledQuorum Disabled Quorum after Vary OnForcing a Varyon Quorum in Non-Concurrent Access ConfigurationsQuorum in Concurrent Access Configurations Alternate Method TaskGuideStarting the TaskGuide IBM Certification Study Guide AIX Hacmp Hacmp Installation and Cluster Definition Installing HacmpFirst Time Installs Cluster.base.server.utils Cluster.hc Install Server Nodes Rebooting ServersUpgrading From a Previous Version Upgrade AIX on One Node Check Upgraded Configuration Install Hacmp 4.3 for AIX on Node aClient-only Migration Defining Cluster Topology Defining Nodes Defining the ClusterDefining Adapters Hacmp Installation and Cluster Definition Node Name Adding or Changing Adapters after the Initial Configuration Configuring Network ModulesSynchronizing the Cluster Definition Across Nodes Ignore Cluster Defining Resources Configuring Resource GroupsService IP Label Configuring Resources for Resource GroupsDefining Application Servers Configuring Run-Time ParametersInitial Testing ClverifySynchronizing Cluster Resources Takeover and Reintegration Initial StartupCluster Snapshot Applying a Cluster Snapshot Hacmp Installation and Cluster Definition IBM Certification Study Guide AIX Hacmp Predefined Cluster Events Cluster CustomizationNodeupremote AcquireserviceaddrAcquiretakeoveraddr GetdiskvgfsNodedownremote ReleaseserviceaddrSequence of nodedown Events NodedownlocalNetworkupcomplete StartserverNetwork Events Networkdown NetworkupSwapadapter ConfigtoolongReconfigtopologystart Network Adapter EventsEvent Notification Event Recovery and RetryConfiguration Resources Cluster Events Change/Show Cluster Pre- and Post-Event ProcessingEvent Emulator Network Modules/Topology Services and Group Services NFS considerations Creating Shared Volume GroupsCreating NFS Mount Points on Clients Exporting NFS File SystemsNFS Mounting Cascading Takeover with Cross Mounted NFS File SystemsNFS Cross Mounts Caveats about Node Names and NFSCross Mounted NFS File Systems and the Network Lock Manager SLEEP=2 Done 131 Cluster TestingNode Verification Device StateSystem Parameters Process StateNetwork State Cluster State LVM StateSimulate Errors Adapter FailureEthernet or Token Ring Interface Failure Ethernet or Token Ring Adapter or Cable Failure Switch Adapter FailureRe-attach the cables Failure of a 7133 AdapterNode Failure / Reintegration AIX CrashCPU Failure 2.3 TCP/IP Subsystem Failure Network FailureMirrored rootvg Disk hdisk0 Failure Disk FailureMirrored 7133 Disk Failure 4.2 7135 Disk FailureApplication Failure IBM Certification Study Guide AIX Hacmp Cluster Troubleshooting Cluster Log Files143 Daemons ConfigtoolongDeadman Switch Tuning the System Using I/O Pacing Extending the syncd FrequencyIncrease Amount of Memory for Communications Subsystem Node Isolation and Partitioned Clusters Changing the Failure Detection RateDgsp Message Troubleshooting Strategy User ID ProblemsIBM Certification Study Guide AIX Hacmp Cluster Management and Administration Monitoring the Cluster151 Monitoring Clusters using HAView Clstat Command3.3 /usr/sbin/cluster/history/cluster.mmdd System Error Log3.1 /var/adm/cluster.log 3.2 /tmp/hacmp.outStarting and Stopping Hacmp on a Node or a Client Cluster Lock Manager daemon cllockd Hacmp DaemonsCluster Manager daemon clstrmgr Cluster Smux Peer daemon clsmuxpdCluster Information Program daemon clinfo Starting Cluster Services on a NodeCluster Topology Services daemon topsvcsd Cluster Group Services daemon grpsvcsdAutomatically Restarting Cluster Services Stopping Cluster Services on a NodeForced When to Stop Cluster servicesTypes of Cluster Stops GracefulMaintaining Cluster Information Services on Clients Starting and Stopping Cluster Services on ClientsReplacing Failed Components NodesAdapters Disks 3.1 SSA/SCSI Disk Replacement RAIDSync the volume group smit clsyncvg Changing Shared LVM Components Manual UpdateLazy Update Spoc IBM Certification Study Guide AIX Hacmp TaskGuide Changing Cluster ResourcesTaskGuide Requirements Synchronize Cluster Resources 1 Add/Change/Remove Cluster ResourcesDare Resource Migration Utility Resource Migration Types Sticky Resource MigrationNon-Sticky Resource Migration Default Location LocationsNode Name Stop Location Using the cldare Command to Migrate ResourcesStopping Resource Groups Using the clfindres CommandApplying Software Maintenance to an Hacmp Cluster Fallover System a Rejoins Cluster Split-Mirror Backups Backup StrategiesHow to do a split-mirror backup User Management Using Events to Schedule a BackupAdding User Accounts on all Cluster Nodes Listing Users On All Cluster NodesRemoving Users from a Cluster Changing Attributes of Users in a ClusterSpoc Log Managing Group AccountsIBM Certification Study Guide AIX Hacmp 183 Special RS/6000 SP TopicsHigh Availability Control Workstation Hacws Hardware RequirementsSoftware Requirements Configuring the Backup CWSHacws Configuration Install High Availability SoftwareSetup and Test Hacws Kerberos Security Ambrose Bierce, The Enlarged Devil’s Dictionary Configuring Kerberos Security with Hacmp Version Virtual Shared Disk VSDs VSDs RVSDsSpecial RS/6000 SP Topics Undefined D e Z Recoverable Virtual Shared DiskRsvd Daemons Switch Basics Within Hacmp SP Switch as an Hacmp NetworkEprimary Management Switch FailuresSpecial RS/6000 SP Topics IBM Certification Study Guide AIX Hacmp 199 Hacmp Classic vs. HACMP/ES vs. HanfsHacmp for AIX Classic Hacmp for AIX / Enhanced ScalabilityIBM Risc System Cluster Technology Rsct High Availability for Network File System for AIX Enhanced Cluster SecurityDecision Criteria Similarities and DifferencesHacmp Classic vs. HACMP/ES vs. Hanfs IBM Certification Study Guide AIX Hacmp 205 Appendix A. Special NoticesSP1 Special Notices IBM Certification Study Guide AIX Hacmp 209 Appendix B. Related PublicationsInternational Technical Support Organization Publications Redbooks on CD-ROMsOther Publications How to Get Itso Redbooks How IBM Employees Can Get Itso Redbooks211 Ibmmail How Customers Can Get Itso Redbooks213 IBM Redbook Order FormIBM Certification Study Guide AIX Hacmp 215 List of AbbreviationsNetbios 217 Index SymbolsHACMP/ES NIS 219Vgda Vgsa 221 Itso Redbook EvaluationIBM Certification Study Guide AIX Hacmp SG24-5131-00