About symantec product authentication service (at), About symantec product authentication service, Figure 1-4 – Symantec Veritas 5 User Manual

Figure 1-4

Typical VCS setup with optional components

Symantec Product
Authentication Service
root broker

VCS cluster 1

VCS cluster 2

VCS Management Console
management server

Optional

About Symantec Product Authentication Service (AT)

VCS uses Symantec Product Authentication Service (AT) to provide secure
communication between cluster nodes and clients. It uses digital certificates for
authentication and SSL to encrypt communication over the public network to
secure communications.

AT uses the following brokers to establish trust relationship between the cluster
components:

■

Root broker

A root broker serves as the main registration and certification authority; it
has a self-signed certificate and can authenticate other brokers. The root
broker is only used during initial creation of an authentication broker.

A root broker can serve multiple clusters. Symantec recommends that you
install a single root broker on a utility system. The utility system, such as an
email server or domain controller, can be highly available.

■

Authentication brokers

Authentication brokers serve as intermediate registration and certification
authorities. Authentication brokers have root-signed certificates. Each node
in VCS serves as an authentication broker.

See Symantec Product Authentication Service documentation for more
information.

19

Introducing Veritas Cluster Server

About VCS optional components