Learn more about setting up federated security

Complete the following prerequisite tasks before you use this wizard:

Ensure that you completed the following prerequisite tasks:

start of changeend of change

For more information about configuring federated security, including all prerequisite and planning requirements, see the PowerHA SystemMirror federated security topic in the AIX® Information Center.

Federated security is a security configuration that provides separation between the service that a client accesses and the authentication and authorization procedures for accessing the service.

To implement federated security for PowerHA SystemMirror, you must configure the following items:

Encrypted File Systems (EFS)
By using EFS, you can enable users to encrypt their data through the use of credentials in a keystore specific to that user. When a process opens a protected EFS file, PowerHA SystemMirror verifies these credentials against file protection settings. Upon successful verification, the process is able to decrypt the file key and decrypt the file content, making that content accessible to the user.
LDAP
LDAP provides a method for storing centralized security authentication and user and group access information. This LDAP configuration provides a common base for authenticating and granting access to applications and information across the cluster. However, if an LDAP environment is not available, you can store the relevant information in the local file system.
Role Based Access Control (RBAC)
AIX role based access control (RBAC) provides the means for you to configure PowerHA SystemMirror roles. You can use these roles to control the tasks and information that users can access. You can assign PowerHA SystemMirror tasks and services to predefined roles or to new roles that you create. You then can associate these roles with specific users and groups to configure their authorization for accessing tasks and information.
PowerHA SystemMirror provides the following predefined roles:
  • ha_op (provides authorization to a limited set of tasks and information)
  • ha_admin (provides full administrator authorization to tasks and information)
  • ha_view (provides authorization to view information only)
  • ha_mon (provides authorization to monitoring tasks and information only)

For more information about managing federated security, see the Federated security topic in the AIX Information Center.