Manualshelf

Veritas Storage Foundation 5.1 SP1 Cluster File System Installation Guide (5900-1510, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Volume Management (LVM/VxVM) Software
41424344454647484950
Symantec recommends that network access from the application clusters to
the CP servers should be made highly-available and redundant. The network
connections require either a secure LAN or VPN.
The CP server uses the TCP/IP protocol to connect to and communicate with
the application clusters by these network paths. The CP server listens for
messages from the application clusters using TCP port 14250. This is the
default port that can be changed during a CP server configuration.
The CP server supports either Internet Protocol version 4 or version 6 (IPv4
or IPv6 addresses) when communicating with the application clusters. If the
CP server is configured to use an IPv6 virtual IP address, then the application
clusters should also be on the IPv6 network where the CP server is being hosted.
When placing the CP servers within a specific network configuration, you must
take into consideration the number of hops from the different application
cluster nodes to the CP servers. As a best practice, Symantec recommends that
the number of hops from the different application cluster nodes to the CP
servers should be equal. This ensures that if an event occurs that results in an
I/O fencing scenario, there is no bias in the race due to the number of hops
between the nodes.
For secure communications between the SFCFS cluster and CP server, consider
the following requirements and suggestions:
In a secure communication environment, all CP servers that are used by the
application cluster must be configured with security enabled. A configuration
where the application cluster uses some CP servers running with security
enabled and other CP servers running with security disabled is not supported.
The CP server and application clusters should also use the same root broker.
If the same root broker is not being used, then trust can be established between
the cluster nodes and CP server for the secure communication. Trust can be
established by the installer when configuring fencing.
For non-secure communication between CP server and application clusters,
there is no need to configure Symantec Product Authentication Service. In
non-secure mode, authorization is still provided by CP server for the application
cluster users. The authorization that is performed only ensures that authorized
users can perform appropriate actions as per their user privileges on the CP
server.
For information about establishing secure communications between the application
cluster and CP server, see the Veritas Storage Foundation Cluster File System
Administrator's Guide.
47System requirements
I/O fencing requirements