Introducing Veritas Cluster Server

19

About VCS optional components

 

Figure 1-4

Typical VCS setup with optional components

Symantec Product Authentication Service root broker

VCS Management Console management server

Optional

VCS cluster 1

VCS cluster 2

About Symantec Product Authentication Service (AT)

VCS uses Symantec Product Authentication Service (AT) to provide secure communication between cluster nodes and clients. It uses digital certificates for authentication and SSL to encrypt communication over the public network to secure communications.

AT uses the following brokers to establish trust relationship between the cluster components:

Root broker

A root broker serves as the main registration and certification authority; it has a self-signed certificate and can authenticate other brokers. The root broker is only used during initial creation of an authentication broker.

A root broker can serve multiple clusters. Symantec recommends that you install a single root broker on a utility system. The utility system, such as an email server or domain controller, can be highly available.

Authentication brokers

Authentication brokers serve as intermediate registration and certification authorities. Authentication brokers have root-signed certificates. Each node in VCS serves as an authentication broker.

See Symantec Product Authentication Service documentation for more information.

Page 19
Image 19
Symantec 5 manual About Symantec Product Authentication Service AT