HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
G HP-UX IPSec and Serviceguard
HP-UX IPSec can secure HP-UX Serviceguard network traffic. This appendix describes how to
configure HP-UX IPSec as an Serviceguard package service so a package will fail or fail over if
HP-UX IPSec terminates. This appendix contains the following sections:
• “Introduction” (page 194)
• “Configuration Overview” (page 196)
• “Step 1: Configuring HP-UX Host IPsec Policies for Serviceguard” (page 197)
• “Step 2: Configuring HP-UX IPSec IKE policies” (page 206)
• “Step 3: Configuring Authentication Records for Preshared Keys” (page 206)
• “Step 4: Configuring Authentication Records for Certificates” (page 208)
• “Step 5: Verifying and Testing the HP-UX IPSec Configuration” (page 210)
• “Step 6: Configuring HP-UX IPSec Start-up Options” (page 211)
• “Step 7: Distributing HP-UX IPSec Configuration Files” (page 211)
• “Step 8: Configuring Serviceguard” (page 212)
• “Step 9: Starting HP-UX IPSec and Serviceguard” (page 213)
NOTE: You cannot use HP-UX IPSec as a resource for Serviceguard system multi-node packages.
HP-UX IPSec can be a package service only.
Introduction
An Serviceguard cluster is a networked group of HP 9000 or Integrity servers (host systems known
as nodes) with redundant hardware and software so that a single point of failure does not
significantly disrupt service. Application packages (individual HP-UX processes) can be grouped
together in failover packages . If a single service, node, network or other resource fails, Serviceguard
can automatically transfer, or fail over , control of the package to another node (an adoptive node
) within the cluster.
Figure 23 Serviceguard Cluster
dedicated heartbeat.LAN
Node 1
15.98.98.98
10.1.1.1
15.4.4.4
Client 1
10.2.2.2
pkgA
shared heartbeat.LAN
Node 2 Node 3
15.99.99.99
pkgB
10.3.3.3
15.5.5.5
Client 2
15.1.1.1 15.2.2.2 15.3.3.3
194 HP-UX IPSec and Serviceguard