For more security you can make your cluster use encryption for inter-node communication with no downtime.  Otherwise operations are allowed or rejected based on IP address, hostname, and the cluster rhosts file.  And, C-SPOC operations are not encrypted one of the important ones being password changes.  Possibly an even better option would be to create a IPsec VPN tunnel between nodes, but I haven’t tested that.

For more security you can make your cluster use encryption for inter-node communication with no downtime.\u00a0 Otherwise operations are allowed or rejected based on IP address, hostname, and the cluster rhosts file.\u00a0 And, C-SPOC operations are not encrypted one of the important ones being password changes.\u00a0 Possibly an even better option would be to create a IPsec VPN tunnel between nodes, but I haven’t tested that.
\n
\nInstall rsct.crypt.3des from the expansion pack.<\/p>\n

On all nodes:<\/strong>
\nEnable key distribution on all nodes.
\n<pre><code># \/usr\/es\/sbin\/cluster\/utilities\/clkeygen -e’Enabled’
\n0513-077 Subsystem has been changed.
\n0513-044 The clcomdES Subsystem was requested to stop.
\n0513-059 The clcomdES Subsystem has been started. Subsystem PID is
\n315598.
\nThe key distribution was Enabled<\/code><\/pre><\/p>\n

On one node:<\/strong>
\nGenerate and distribute a key
\n<pre><code># \/usr\/es\/sbin\/cluster\/utilities\/clkeygen -g’md5_3des’ ‘-d'<\/code><\/pre><\/p>\n

Activate the key
\n<pre><code># \/usr\/es\/sbin\/cluster\/utilities\/clkeygen -kc<\/code><\/pre><\/p>\n

Set HACMP to use Message Authentication and Encryption
\n<pre><code># \/usr\/es\/sbin\/cluster\/utilities\/clchclstr -m ‘md5_3des’ -e<\/p>\n

Cluster Name: test_cluster
\nCluster Connection Authentication Mode: Standard
\nCluster Message Authentication Mode: md5_3des
\nCluster Message Encryption: Enabled
\nUse Persistent Labels for Communication: No<\/code><\/pre><\/p>\n

Synchronize the cluster \u2013 Done!
\n<pre><code># \/usr\/es\/sbin\/cluster\/utilities\/cldare -rtV normal<\/code><\/pre><\/p>\n

The key files\u00a0 are in \/usr\/es\/sbin\/cluster\/etc named key_md5_<symmetric algorithm><\/p>\n

Keys can also be copied manually using scp if you don’t trust your network.<\/p>","protected":false},"excerpt":{"rendered":null,"protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,1],"tags":[],"class_list":["post-147","post","type-post","status-publish","format-standard","hentry","category-hacmp-notes","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/posts\/147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/comments?post=147"}],"version-history":[{"count":0,"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/posts\/147\/revisions"}],"wp:attachment":[{"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/media?parent=147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/categories?post=147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rootuser.ninja\/index.php\/wp-json\/wp\/v2\/tags?post=147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}