Veritas Storage Foundation 5.1 SP1 Cluster File System Installation Guide (5900-1510, April 2011)
■ To use an external root broker, identify an existing root broker system in
your enterprise or install and configure root broker on a stable system.
See “Installing the root broker for the security infrastructure” on page 77.
■ To use one of the cluster nodes as root broker, the installer does not require
you to do any preparatory tasks.
When you configure the cluster in secure mode using the script-based
installer, choose the automatic mode and choose one of the nodes for the
installer to configure as root broker.
Symantec recommends that you configure a single root broker system for your
entire enterprise. If you use different root broker systems, then you must
establish trust between the root brokers.
For example, if the management server and the cluster use different root
brokers, then you must establish trust.
■ For external root broker, an authentication broker (AB) account for each node
in the cluster is set up on the root broker system.
See “Creating authentication broker accounts on root broker system”
on page 78.
■ The system clocks of the external root broker and authentication brokers must
be in sync.
The script-based installer provides the following configuration modes:
The external root broker system must allow remsh or ssh passwordless
login to use this mode.
Automatic mode
This mode requires encrypted files (BLOB files) from the AT
administrator to configure a cluster in secure mode.
The nodes in the cluster must allow remsh or ssh passwordless login.
Semi-automatic
mode
This mode requires root_hash file and the root broker information
from the AT administrator to configure a cluster in secure mode.
The nodes in the cluster must allow remsh or ssh passwordless login.
Manual mode
Figure 7-1 depicts the flow of configuring Storage Foundation Cluster File System
cluster in secure mode.
Preparing to configure SFCFS
Preparing to configure the clusters in secure mode
74