Edit Cluster Advanced Properties

Use the Edit Advanced Properties task to change the Resources, Security, and Other options for a cluster.

Fields

Resources
The Resources section contains the repository disk and node names, the controlling node name, and multicast IP address for the selected cluster.
Cluster multicast address
Displays the IP address that is used by the PowerHA™ SystemMirror software to send messages to peer nodes when a node failure occurs in a cluster.
Controlling node
Displays the default controlling node. You can select a different node to use as the communications link between a cluster and the Director UI. All actions performed with the Director UI are performed on the controlling node. For those changes to become effective on the other nodes in a cluster, you must synchronize the cluster. For additional information about synchronizing a cluster, see Verify and Synchronize a Cluster.
Repository
Displays the location that is used by PowerHA SystemMirror software to store configuration data.
Security
The Security section contains the security level and type of security certificate. The security settings that you configure determine the security level and methods that are used to secure cluster communications.
Security level
Select a security level from the menu.
Security node identify
Indicates the type of certificate and associated key that the cluster uses for authentication and to provide secure communications. Select one of the following security node identity types for the new cluster:
  • PowerHA Certificate/Key - Selecting this option indicates that the nodes in the cluster are to use certificates and their associated public/private key pairs that are self-generated. This is the default setting.
  • SSH Certificate/Key - Selecting this option indicates that the nodes within the cluster are to use certificates and associated public/private key pairs that were obtained from a public Certificate Authority, such as VeriSign.
  • Custom Certificate/Key - Selecting this option indicates that the cluster is to use a certificate and associated encryption key. When you select this option you must also specify the absolute path and file names for the Certificate and the associated Key.
Symmetric algorithm
Specifies the algorithm that is used to generate a symmetric key that is shared among the nodes in the cluster to encrypt communications within the cluster. Select one of the following algorithms to use for symmetric key generation:
  1. DES (Data Encryption Standard) - Generates a 56-bit symmetric key. This is the default setting.
  2. 3DES (Triple Data Encryption Algorithm) - Uses three DES keys to generate a longer, more secure symmetric key.
  3. AES (Advanced Encryption Standard) - Generates a symmetric key with a minimum size of 128 bits and provides the strongest encryption security.
Asymmetric algorithm
Displays the asymmetric algorithm type.
Grace period (days)
Specifies the number of days in which messages from an outdated symmetric or public key are valid and accepted by nodes within the cluster. An encryption key, whether a symmetric key or a public key from a certificate, is outdated when a new key is generated based on the periodic refresh rate. The grace period is the number of days that a message remains valid if it was encrypted with the prior key. The default is 24 days.
Periodic refresh rate (days)
Specifies the length of time before the certificates and keys for the nodes in the cluster are refreshed or regenerated. The default is 24 days.
Automatically distribute certificates
Specifies whether certificates for the nodes within the cluster are to be distributed automatically.
Other
The Other section contains verification and synchronization information.
Event timeout (seconds)
The Event timeout option is used to configure the expected time, in seconds, that is required to run a cluster event. After the Event timeout time expires, config_too_long informational messages are sent to a /tmp/hacmp.out file and the console. These messages indicate that the event required more run time than expected.
Automatically verify cluster configuration
To automatically verify a cluster configuration, select the Yes option from the pull-down menu. When the Yes option is selected, the automatic verification occurs once each day.
Hour (00-23)
To specify the hour when the cluster configuration is automatically verified, select the hour from the menu; where 00 is 12:00 a.m. and 23 is 11:00 p.m.