Configuring cluster security
PowerHA® SystemMirror® secures communications between cluster nodes for PowerHA SystemMirror operations in several different ways.
These methods include providing:
- Connection authentication for each new connection request
- (Optional) Message authentication
Messages are signed on the sending node, and this signature is verified on the receiving node.
- (Optional) Message encryption.
Messages are encrypted on the sending node and decrypted on the receiving node, using a common, shared (symmetric) key.
A Cluster Communications daemon (clcomd) runs on each PowerHA SystemMirror node to transparently manage inter-node communications for PowerHA SystemMirror. This daemon consolidates communication mechanisms in PowerHA SystemMirror and decreases management traffic on the network. This communication infrastructure requires only one common communication path, rather than multiple TCP connections, between each pair of nodes.
The Cluster Communications daemon logs information about all attempted connections (those accepted and those rejected) to clcomd.log.
Although most components communicate through the Cluster Communications daemon, the following PowerHA SystemMirror components use a different mechanism for inter-node communications:
| Component | Communication Method |
|---|---|
| Cluster Manager | RSCT |
| Cluster Information Program (Clinfo) | SNMP |