Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
241242243244245246247248249250
HP-UX IPSec and MC/ServiceGuard
Configuration Overview
Chapter 8240
Configuration Overview
Requirements
To use HP-UX IPSec with MC/ServiceGuard, your topology must meet
the following requirements:
The same version of HP-UX IPSec (A.01.07 or A.02.00) must be
installed on all cluster nodes. (For information on using HP-UX
IPSec A.01.07 with MC/ServiceGuard, refer to the HP-UX IPSec
A.01.07 product documentation.)
MC/ServiceGuard version A.11.16 or later must be installed on all
cluster nodes.
All cluster nodes must have the same HP-UX IPSec configuration
database file.
If you are using certificate-based IKE authentication (RSA
signatures), all cluster nodes must have the same HP-UX IPSec
password.
MC/ServiceGuard Heartbeat Requirement and
Recommendation
You must allow MC/ServiceGuard heartbeat messages to pass in
clear text. Do not use HP-UX IPSec to encrypt or authenticate
MC/ServiceGuard heartbeat and control messages exchanged
between the cluster nodes. The overhead for establishing ISAKMP
and IPSec Security Associations (SAs), and for encrypting or
authenticating heartbeat messages may cause unnecessary cluster
reformations.
When using HP-UX IPSec to secure a cluster, HP recommends that
you have at least one network dedicated for MC/ServiceGuard
heartbeat messages (one network used only to send and receive
MC/ServiceGuard heartbeat messages).