HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

221

222

223

224

225

226

227

228

229

230

Introduction

An Serviceguard cluster is a networked group of HP 9000 or Integrity servers (host systems

known as nodes) with redundant hardware and software so that a single point of failure does

not significantly disrupt service. Application packages (individual HP-UX processes) can be

grouped together in failover packages . If a single service, node, network or other resource fails,

Serviceguard can automatically transfer, or fail over , control of the package to another node (an

adoptive node ) within the cluster.

Figure G-1 Serviceguard Cluster

dedicated heartbeat.LAN

Node 1

15.98.98.98

10.1.1.1

15.4.4.4

Client 1

10.2.2.2

pkgA

shared heartbeat.LAN

Node 2 Node 3

15.99.99.99

pkgB

10.3.3.3

15.5.5.5

Client 2

15.1.1.1 15.2.2.2 15.3.3.3

Serviceguard periodically sends heartbeat messages to determine if a cluster node is available.

When using Serviceguard with HP-UX IPSec, HP recommends that you have at least one network

dedicated to sending and receiving heartbeat messages. In Figure G-1, the interface addresses

10.1.1.1, 10.2.2.2 and 10.3.3.3 are attached to a network used only for heartbeat messages. The

cluster nodes also send and receive heartbeat messages on interfaces attached to the second

network (the 15.*.*.* LAN), which used for both heartbeat and data packets.

Each package can have one or more unique package addresses . A package address is a relocatable

IP address that is dynamically assigned to the cluster node on which the package is currently

running. In Figure G-1, the package pkgA is currently running on Node1 , and its relocatable

package address, 15.98.98.98, is assigned to an interface on Node1 . The package clients connect

to or access the packages using the package addresses.

If Node1 fails or a resource on Node1 fails, pkgA can fail over to another node in the cluster,

such as Node2 . The address for pkgA , 15.98.98.98, will be re-assigned to an interface on Node2

. The package clients can continue to access pkgA using address 15.98.98.98.

Using HP-UX IPSec with Serviceguard

HP-UX IPSec can provide the following functions when used with Serviceguard:

• HP-UX IPSec can secure Serviceguard network traffic. If a package fails over to an adoptive

node and package clients are using HP-UX IPSec A.01.07 or later, the package clients will

222 HP-UX IPSec and Serviceguard