Complete the following prerequisite tasks before you use
this wizard:
Federated security is
a security configuration that provides separation between the service
that a client accesses and the authentication and authorization procedures
for accessing the service.
To implement federated security for PowerHA SystemMirror, you must configure
the following items:
- Encrypted File Systems (EFS)
- By using EFS, you can enable users to encrypt their data through
the use of credentials in a keystore specific to that user. When a
process opens a protected EFS file, PowerHA SystemMirror verifies these
credentials against file protection settings. Upon successful verification,
the process is able to decrypt the file key and decrypt the file content,
making that content accessible to the user.
- LDAP
- LDAP provides a method for storing centralized security authentication
and user and group access information. This LDAP configuration provides
a common base for authenticating and granting access to applications
and information across the cluster. However, if an LDAP environment
is not available, you can store the relevant information in the local
file system.
- Role Based Access Control (RBAC)
- AIX role based access control
(RBAC) provides the means for you to configure PowerHA SystemMirror roles. You
can use these roles to control the tasks and information that users
can access. You can assign PowerHA SystemMirror tasks and services
to predefined roles or to new roles that you create. You then can
associate these roles with specific users and groups to configure
their authorization for accessing tasks and information.
PowerHA SystemMirror provides the
following predefined roles:
- ha_op (provides authorization to a limited set of tasks and information)
- ha_admin (provides full administrator authorization to tasks and
information)
- ha_view (provides authorization to view information only)
- ha_mon (provides authorization to monitoring tasks and information
only)
For more information about managing federated security,
see the Federated security topic in the AIX Information Center.