Use the Edit Advanced Properties task
to change the Resources, Security,
and Other options for a cluster.
Fields
- Resources
- The Resources section contains the repository
disk and node names, the controlling node name, and multicast IP address
for the selected cluster.
- Cluster multicast address
- Displays the IP address that is used by the PowerHA™ SystemMirror software to
send messages to peer nodes when a node failure occurs in a cluster.
- Controlling node
- Displays the default controlling node. You can select a different
node to use as the communications link between a cluster and the Director
UI. All actions performed with the Director UI are performed on the
controlling node. For those changes to become effective on the other
nodes in a cluster, you must synchronize the cluster. For additional
information about synchronizing a cluster, see Verify and Synchronize a Cluster.
- Repository
- Displays the location that is used by PowerHA SystemMirror software to
store configuration data.
- Security
- The Security section contains the security
level and type of security certificate. The security settings that
you configure determine the security level and methods that are used
to secure cluster communications.
- Security level
- Select a security level from the menu.
- Security node identify
- Indicates the type of certificate and associated key that the
cluster uses for authentication and to provide secure communications.
Select one of the following security node identity types for the new
cluster:
- PowerHA Certificate/Key
- Selecting this option indicates that the nodes in the cluster are
to use certificates and their associated public/private key pairs
that are self-generated. This is the default setting.
- SSH Certificate/Key - Selecting this option indicates that the
nodes within the cluster are to use certificates and associated public/private
key pairs that were obtained from a public Certificate Authority,
such as VeriSign.
- Custom Certificate/Key - Selecting this option indicates that
the cluster is to use a certificate and associated encryption key.
When you select this option you must also specify the absolute path
and file names for the Certificate and the
associated Key.
- Symmetric algorithm
- Specifies the algorithm that is used to generate a symmetric key
that is shared among the nodes in the cluster to encrypt communications
within the cluster. Select one of the following algorithms to use
for symmetric key generation:
- DES (Data Encryption Standard) - Generates a 56-bit symmetric
key. This is the default setting.
- 3DES (Triple Data Encryption Algorithm) - Uses three DES keys
to generate a longer, more secure symmetric key.
- AES (Advanced Encryption Standard) - Generates a symmetric key
with a minimum size of 128 bits and provides the strongest encryption
security.
- Asymmetric algorithm
- Displays the asymmetric algorithm type.
- Grace period (days)
- Specifies the number of days in which messages from an outdated
symmetric or public key are valid and accepted by nodes within the
cluster. An encryption key, whether a symmetric key or a public key
from a certificate, is outdated when a new key is generated based
on the periodic refresh rate. The grace period is the number of days
that a message remains valid if it was encrypted with the prior key.
The default is 24 days.
- Periodic refresh rate (days)
- Specifies the length of time before the certificates and keys
for the nodes in the cluster are refreshed or regenerated. The default
is 24 days.
- Automatically distribute certificates
- Specifies whether certificates for the nodes within the cluster
are to be distributed automatically.
- Other
- The Other section contains verification
and synchronization information.
- Event timeout (seconds)
- The Event timeout option is used to configure the expected time,
in seconds, that is required to run a cluster event. After the Event
timeout time expires, config_too_long informational
messages are sent to a /tmp/hacmp.out file and
the console. These messages indicate that the event required more
run time than expected.
- Automatically verify cluster configuration
- To automatically verify a cluster configuration, select the Yes option
from the pull-down menu. When the Yes option is
selected, the automatic verification occurs once each day.
- Hour (00-23)
- To specify the hour when the cluster configuration is automatically
verified, select the hour from the menu; where 00 is
12:00 a.m. and 23 is 11:00 p.m.