HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Configuration Overview
Appendix G330
Configuration Overview
Requirements
To use HP-UX IPSec with Serviceguard, your topology must meet the
following requirements:
• The same version of HP-UX IPSec (A.01.07 or A.02.00) must be
installed on all cluster nodes. (For information on using HP-UX
IPSec A.01.07 with Serviceguard, refer to the HP-UX IPSec A.01.07
product documentation.)
• Serviceguard version A.11.16 or later must be installed on all cluster
nodes.
• All cluster nodes must have the same HP-UX IPSec configuration
database file.
• If you are using certificate-based IKE authentication (RSA
signatures), all cluster nodes must have the same HP-UX IPSec
password.
Serviceguard Heartbeat Requirement and
Recommendation
• You must allow Serviceguard heartbeat messages to pass in clear
text. Do not use HP-UX IPSec to encrypt or authenticate
Serviceguard heartbeat and control messages exchanged between
the cluster nodes. The overhead for establishing IKE and IPsec
Security Associations (SAs), and for encrypting or authenticating
heartbeat messages may cause unnecessary cluster reformations.
• When using HP-UX IPSec to secure a cluster, HP recommends that
you have at least one network dedicated for Serviceguard heartbeat
messages (one network used only to send and receive Serviceguard
heartbeat messages).