Manualshelf

HP Serviceguard Version A.11.20 Release Notes, April 2011

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software
31323334353637383940
release at the same patch level, and the 11i v3 nodes should all be running the same 11i v3
Fusion release at the same patch level.
Keep in mind that Serviceguard A.11.20 is supported only on HP-UX 11i v3.
All nodes should be at the same Serviceguard patch level.
CAUTION: If you introduce a node running a lower patch level than that of the existing
nodes, any new functionality introduced in the higher-level patch will cease to be available
until that higher-level patch is installed on all nodes.
All nodes should be running the same patch levels for other products used by the cluster.
Compatibility with Storage Devices
For the matrix of currently supported storage devices and volume managers, see http://
h71028.www7.hp.com/enterprise/downloads/External-SG-Storage6.pdf.
Bastille Compatibility
To ensure compatibility between Serviceguard (and Serviceguard Manager) and Bastille, do the
following, depending on your environment. The files (host.config, for example) are under
/etc/opt/sec_mgmt/bastille/defaults/configs/.
If Bastille is started using Sec10Host (host.config) level lock down, change
SecureInetd.deactivate_ident=Y to SecureInetd.deactivate_ident="N"
If you are using the Serviceguard SNMP subagent, set MiscellaneousDaemons.snmpd="N"
If Bastille is started using Sec20MngDMZ (mandmz.config) level lock down, change
SecureInetd.deactivate_ident=Y to SecureInetd.deactivate_ident=N
If you are using the Serviceguard SNMP subagent, set MiscellaneousDaemons.snmpd="N"
If you are using the Serviceguard WBEM Provider, set IPFilter.block_wbem="N" (default)
If you are using Serviceguard IP Monitoring, set IPFilter.block_ping="N" (default)
If Bastille is started using SIM.config, change SecureInetd.deactivate_ident=Y to
SecureInetd.deactivate_ident=N
If you are using the Serviceguard SNMP subagent, set MiscellaneousDaemons.snmpd="N"
If Bastille is started using Sec30DMZ (dmz.config) level lock down, change
SecureInetd.deactivate_ident=Y to SecureInetd.deactivate_ident=N
If you are using the Serviceguard SNMP subagent, set MiscellaneousDaemons.snmpd="N"
If you are using the Serviceguard WBEM Provider, set IPFilter.block_wbem="N" (default)
If you are using Serviceguard IP Monitoring, set IPFilter.block_ping="N" (default)
Add the following rules to ipf.customrules:
pass in quick proto tcp from any to any port = 2301
pass in quick proto tcp from any to any port = 2381
pass in quick from <clusternodes> to any
pass out quick from any to <clusternodes>
In the above rules, <clusternodes> are all nodes in the cluster, including the local node.
The ipf.customrules file is located under the Bastille directory itself.
IPFilter-Serviceguard rules are documented in the latest HP-UX IPFilter Administrator’s Guide, which
you can find under http://www.hp.com/go/hpux-security-docs > HP-UX IPFilter Software
Compatibility Information and Installation Requirements 39