Veritas Storage Foundation 5.1 SP1 for Oracle RAC Administrator"s Guide (5900-1512, April 2011)
The cp server process (vxcpserv) uses its own user (_CPS_SERVER_) which is
added to the local authentication broker during server startup.
■ Getting credentials from authentication broker:
The cpsadm command tries to get the existing credentials from authentication
broker running on the local node. If this fails, it tries to authenticate itself
with the local authentication broker.
The vxcpserv process tries to get the existing credentials from authentication
broker running on the local node. If this fails, it tries to authenticate itself
with the local authentication broker and creates a principal for itself .
■ Communication between CP server and SF Oracle RAC cluster nodes:
Once the CP server is up after establishing its credential, it becomes ready to
receive data from the clients. Once authenticated with the local authentication
broker, cpsadm connects to the CP server. Data is passed over to the CP server.
■ Validation:
On receiving data from a particular SF Oracle RAC cluster node, vxcpserv
validates its credentials by consulting the local authentication broker. If
validation fails, then the connection request data is rejected.
Security configuration details on CP server and SF Oracle RAC cluster
This section discusses the security configuration details for the CP server and SF
Oracle RAC cluster.
Settings in secure mode
The following are the settings for secure communication between the CP server
and SF Oracle RAC cluster:
■ CP server settings:
A user gets created in the local authentication broker during CP server startup
with the following values:
■ username: _CPS_SERVER_
■ domainname: _CPS_SERVER_DOMAIN@FQHN
■ domaintype: vx
where, FQHN is Fully Qualified Host Name of the client node
Run the following command on the CP server to verify the settings:
# /opt/VRTScps/bin/cpsat showcred
69Overview of Veritas Storage Foundation for Oracle RAC
About preventing data corruption with I/O fencing