3 symantec. VERITAS Cluster Server for UNIX, Fundamentals (Lessons) HULU UU(COURSE DEVELOPERS ge Gerrits Siobhan Seeger LEAD SUBJECT MATTER EXPERTS Pete Toemmes Brad TECHNICAL, CONTRIBUTORS AND REVIEWERS Geoff Bergren Margy Cassidy Tomer Gurantz Gene Henriksen Kleber Saldanha right © 2006 Symantec Corporation, All rights reserved. Symantec the Symantec Logo, and VERITAS are trademarks or registered ‘ademarks of Symantee Corporation or its affl ates in the U.S. and other countries. Other names may be trademarks of their respective owners. ‘THIS PUBLICATION IS PROVIDED AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON- INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT ‘THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION. THE INFORMATION CONTAINED HEREIN IS SUBJECT TO CHANGE WITHOUT NOTICE, [No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. VERITAS Cluster Server for UNIX, Funcdamenals Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 Igp://www:symantec.com Printed in CanadaTable of Contents Course Introduction VERITAS Cluster Server Curriculum .. e cove Intro? Cluster Design. Intro Lab Design for the Course Intro-5 Lesson 1: High Availability Concepts High Availability Concepts... enemies 193 Clustering Concepts. eee 17 Clustering Prerequisites. 114 Lesson 2: VCS Building Blocks VCS Terminology. - 23 Cluster Communication. aoaeneeeeeneeee eed 12 VCS Architecture. - sevseneeis BAT Lesson 3: Preparing a Site for VCS Hardware Requirements and Recommendations eee 33 Software Requirements and Recommendations. eoitinnisenee 96! Preparing Installation Information «rns: intent : cannes OB Lesson 4: Installing VCS Using the VERITAS Product Installer..... eaeeenresrrencene 43 VCS Configuration Files. z seve 47 Viewing the Default VCS Configuration. seonennnnnnensenn 410 Other Installation Considerations... sveensenes 412 Lesson 5: VCS Operations Managing Applications in a Cluster Environment,.....c.snsssiestne 53 ‘Common VCS Operations. Using the VCS Simulator Lesson 6: VCS Configuration Methods Starting and Stopping VCS 63 Overview of Configuration Methods... 67 Online Configuration 2 69 Offline Configuration 6-16 Controlling Access to VCS 6-19 Lesson 7: Preparing Services for VCS Preparing Applications for VCS... 13 Performing One-Time Configuration Tasks... 75 Testing the Application Service... 740 Stopping and Migrating an Application Service. TAB Lesson 8: Online Configuration Online Service Group Configuration... Sree] Adding Resources. oe on 86 Solving Common Configuration Errors: cone, 845 Testing the Service GrOUP ..cnnmnunene eninsensee BAD Table of Contents i Cer 0208 Syme Caton ats ssoLesson 9: Offline Configuration Offine Configuration Procedures Solving Offiine Configuration Problems .. Testing the Service Group .. Lesson 10: Sharing Network interfaces Parallel Service Groups Sharing Network Interfaces. Using Parallel Network Service Groups Localizing Resource Attributes. Lesson 11: Configuring Notification Notification Overview Configuring Notification Using Triggers for Notification. Lesson 12: Configuring VCS Response to Resource Faults VCS Response to Resource Faults .... Determining Failover Duration ... Controlling Fault Behavior. Recovering from Resource Faults. Fault Notification and Event Handling Lesson 13: Cluster Communications VCS Communications Review Cluster Membership : Cluster Interconnect Configuration. Joining the Cluster Membership... : Changing the Interconnect Configuration. Lesson 14: System and Communication Faults Ensuring Data Integrity... Cluster Interconnect Failures Lesson 15: /O Fencing Data Protection Requirements WO Fencing Concepts and Components... WO Fencing Operations... VIO Fencing Implementation... Configuring 1/0 Fencing Stopping and Recovering Fenced Systems... Lesson 16: Troubleshooting Monitoring VCS...... Troubleshooting Guide. Archiving VCS-Related Files. 93 9-13 9417 10-3 10-7 10-11 10-14 1-3 11-6 W411 123 129 12-43 1247 12-49 13-3 13-6 13.8 2 1314, 13-19 143 146 we 153 - 15-8 15-11 15-19 15-25 15-28 16-3 16-7 16-9 i VERITAS Cluster Server ior UNIX, FundamentalsCourse IntroductionVERITAS Cluster Server Curriculum Learning Path VERITAS ‘Fundamentals | ‘custer Server, Custos VERITAS Cluster Server Curriculum The VERITAS Cluster Server curriculum is a series of courses that are designed to provide a full range of expertise with VERITAS Cluster Server (VCS) high availability solutions—from design through disaster recovery. VERITAS Cluster Server, Fundamentals This course covers installation and configuration of common VCS configurations, focusing on two-node clusters running application and database services. + VERITAS Cluster Server, Implementing Local Clusters This course focuses on multinode VCS clusters and advanced topics related to more complex cluster configurations, + High Availability Design and Customization Using VERITAS Cluster S ver This course enables participants to translate high availability requirements into a VCS design that can be deployed using VERITAS Cluster Server. + Disaster Recovery Using VVR and Global Cluster Option This course covers cluster configurations across remote sites, including VERITAS Volume Replicator and the Global Cluster Option for wide-area clusters. intro-2 VERITAS Cluster Server for UNIX, FundamentalsCourse Overview Lesson 1: High Availability Concepts Lesson 2: VCS Building Blocks Lesson 3: Preparing a Site for VCS Lesson 4: Installing VCS Lesson 5: VCS Operations Lesson 6: VCS Configuration Mothods Lesson 7: Proparing Services for VCS. Lesson 8: Online Configuration Lesson 9: Offline Configuration Lesson 10: Sharing Network Interfaces Lesson 11: Configuring Notification Lesson 12: Configuring VCS Response to Faults, Lesson 13: Cluster Communications Lesson 14: System and Communication Faults Lesson 15: 0 Fencing Lesson 16: Troubleshooting Course Overview This training provides comprehensive instruction on the installation and initial configuration of VERITAS Cluster Server (VCS). The course covers principles and methods that enable you to prepare, create, and test VCS service groups and resources using tools that best suit your needs and your high availability environment. You learn to configure and test failover and notification behavior, cluster additional applications, and further customize your cluster according to specified design criteria. Course Introduction Intro-3 Ceniah © 200 Sane Caran gharWeb Server e x Web Service Start up on system SI IP Address Mount + Restart Web server 192.168.3.132 dweb process 3 times before + + Faulting it Feil over to 52 if any Nic Volume resource faults erid ‘WebVol Notify patg@company.com if any resource faults. + Disk Group Webbs ‘Components required to provide the Web servi Cluster Design Sample Cluster Design Input A VCS design can be presented in many different formats with varying levels of detail, In some cases, you may have only the information about the application services that need to be clustered and the desired operational behavior in the cluster. For example, you may be told that the application service uses multiple network ports and requires local failover capability among those ports before it fails over to another system, In other cases, you may have the information you need as a set of service dependency diagrams with notes on various aspects of the desired cluster operations If you receive the design information that does not detail the resource information, develop a detailed design worksheet before starting the deployment. Using a design worksheet to document all aspects of your high availability environment helps ensure that you are well-prepared to start implementing your cluster design, In this course, you are provided with a design worksheet showing sample values as a tool for implementing the cluster design in the lab exercises. You can use a similar format to collect all the information you need before starting deployment at your site. intro VERITAS Cluster Server for UNIX, FundamentalsFormate: mS BB twoirnameset 1G ter nares | your_names@t \\ your_namesG2 Lab Design for the Course The diagram shows a conceptual view of the cluster design used as an example throughout this course and implemented in hands-on lab exercises. Each aspect of the cluster configuration is described in greater detail, where applicable, in course lessons. The cluster consists of: ‘Two nodes Five high availability services; four failover service groups and one parallel network service group Fibre connections to SAN shared storage from each node through a switch ‘Two private Ethernet interfaces for the cluster interconnect network Ethernet connections to the public network Additional complexity is added to the design to illustrate certain aspects of cluster configuration in later lessons. The design diagram shows a conceptual view of the cluster design described in the worksheet. Course introduction Tntro-S Conyigh 208 Sta Cert I eta etti Lab Naming Conventions Service Group | Sample Definition Value Resource Definition | Sample Value Group wameSG || Service Group Name | naSG ‘Required Attributes Resource Name nana ‘SGAttributet | value Resource Type P SGAttribute2 | value Required Attributes Optional Attributes ResAttributet SGattributes [value ResAttribute2 ‘Substitute your name, or a nickname, wherever tables or instructions indicate am in labs. Following this convention: Simplifies lab instructions = Helps prevent naming conflicts with your lab partner Lab Naming Conventions To simplify the labs, use your name or a nickname as a prefix for cluster objects created in the lab exercises. This includes Volume Manager objects, such as disk groups and volumes, as well as VCS service groups and resources. Following this convention helps distinguish your objects when multiple students are working on systems in the same cluster and helps ensure that each student uses unique names. The lab exercises represent your name with the word name in italics. You substitute the name you select whenever you see the name placeholder in a lab step. intro-6 VERITAS Cluster Server for UNIX, Fundamentals, xp ©2008 symanoe argon rt saneYour Value ‘Subnet Domain name ‘Software Location ‘Your Value VCS installation dir Lab files directory Use the classroom values provided by your instructor at the beginning of each lab exercise. Lab tables are provided in the lab appendixes to record these values. Your instructor may also hand out printed tables. If sample values are provided as guidelines, substitute your classroom-specific values provided by your instructor. Classroom Values for Labs Your instructor will provide the classroom-specific information you need to perform the lab exercises. You can record these values in your lab books using the tables provided, or your instructor may provide separate handouts showing the classroom values for your location. In some lab exercises, sample values may be shown in tables as a guide to the types of values you must specify. Substitute the values provided by your instructor to ensure that your configuration is appropriate for your classroom. If you are not sure of the configuration for your classroom, ask your instructor Course Introduction Intro? capt 205 Syma Caer igh tat‘Typographic Conventions Used in This Course The following tables describe the typographic conventions used in this course ‘Typographic Conventions in Text and Commands Convention | Element Examples Courier New, | Command input, | To display the robot and drive configuration: bold both syntax and tpconfig -2 rami To display disk information vxdisk -o alldgs list CourierNew, | + Command output | In the output plain + Command protocol minimum: 40 names. directory | protocoi_maximum: 60 names, file protocel_current: 0 ‘names, path Locate the altnames directory od Goto nt m names, passwords, URLs | Enter the value 300 when used within | Log on as regular text paragraphs Courier New, | Variables in To install the media server: Italie. bold or | command syntax, | /corom cirectory/install plain re To access a manual page: + Variables in command input " . are Halic, plain, | To display detailed information for a disk: Variables in command output, are Italic. bold. vxdisk -g disk 7 disk_name up list ‘Typographic Conventions in Graphical User Interface Descriptions ‘Convention Element Examples Arrow Menu navigation paths | Select File—>Save. Initial capitalization Buttons, menus, windows, | Select the Next button. options, and other interface | Oper the Task Status elements window Clear the checkmark from the Print File check box. Quotation marks Interface elements with | Mark the “Include long names subvolumes in object view window” check box. intro-8 VERITAS Cluster Server for UNIX, Fundamentals Conon 9200 Symantec Cargernon re stsLesson 1 High Availability Concepts+ Lesson + Lesson 4 + Lesson 1 + Lesson 1 + Lesson 1: + Lesson 4 + Lesson 1 + Lesson 1 - = + Lesson 3: Preparing a Site for VCS + Lesson 4: Installing VCS. + Lesson 5: VCS Operations + Lesson 6: VCS Configuration Methods + Lesson 7: Preparing Sorvices for VCS + Lesson 8: Online Configuration Lesson Topics and Objectives Offline Configuration, ): Sharing Network Interfaces 11: Configuring Notification 2: Configuring VCS Response to Faults 3: Cluster Communications '4: System and Communication Faults 5: UO Fencing 6: Troubleshooting = symantec. Topic ‘After completing this lesson, you will be able to: High Availability Concepts Describe the merits of high availability in the data center environment. ‘Clustering Concepts Describe how clustering is used to implement high availability. High Availability Application Services Describe how applications are managed in a high availability environment. Clustering Prerequisites Describe key requirements for a clustering environment. oor ©2085 VERITAS Cluster Server for UNIX, FundamentalsWhat is running in my data center? Who is making changes? Am | in compliance? How do | track usage and align withthe business? a How can | automate mundane tasks? How do | maintain standards? How can I pool servers and decouple apps? How do I reduce planned and unplanned downtime’ How do I meet my disaster recovery requirements? How do I track & deliver against SLAs? High Availability Concepts Challenges in the Data Center Managing a data center presents many challenges, which can be roughly split into three categories: + Visibility: Viewing and tracking the components in the data center + Control: Managing these components + Availability: Keeping critical business applications available Availability can be considered as the most important aspect of data center management. When critical business applications are offline, the loss of revenue and reputation can be devastating. Lesson 4 High Availability Concepts 13 Conah © 200 Sana aga ArgentClient <1% LANIWAN Equipment <1% Prescheduled Downtime 30%/ Causes of Downtime Downtime is defined as the period of time in which a user is unable to perform tasks in an efficient and timely manner due to poor system performance or system failure, ‘The data in the graph shows reasons for downtime from a study published by the International Electric and Electronic Engineering Association. It shows that hardware failures are the cause of only about 10 percent of total system downtime, As much as 30 percent of all downtime is prescheduled, and most of this time is required due to the lack of system tools to enable online administration of systems. Another 40 percent of downtime is due to software errors. Some of these errors are as simple as a database running out of space on disk and storping its operations a a result Downtime can be more generally classified as either planne¢ or unplanned + Examples of unplanned downtime include events such as server damage or application failure. + Examples of planned downtime include times when the system is shut down to add additional hardware, upgrade the operating system, rearrange or repartition disk space, or clean up log files and memory. With an effective HA strategy, you can significantly reduce the amount of planned downtime. With planned hardware or software maintenance, a high availability product can enable manual failover while upgrade or hardware work is performed. 4 VERITAS Cluster Server for UNIX, Fundamentals ony 2008 Sana Coram Arar etnCosts of Downtime Actual unplanned downtime per month: * Hours: 9 * Cost per hour: $106k to $183K * Total cost: $954,000 to 1,647,000 Dat LURE Goal for monthly unplanned downtime: = Hours: 3 = Cost savings: $636,000 to $1,098,000 Gartner User Survey: High Availabilty and Mission Critical Services, North America 2005 Costs of Downtime ‘A Gartner study shows that large companies experienced a loss of between $954,000 and $1,647,000 (USD) per month for nine hours of unplanned downtime. In addition to the monetary loss, downtime also results in loss of business opportunities and reputation Planned downtime is almost as costly as unplanned. Planned downtime can be significantly reduced by migrating a service to another server while maintenance is performed. Given the magnitude of the cost of downtime, the case for implementing a high availability solution is clear Lesson 1 High Availabilty Concepts +sLevels of Availability J rats coting 600 remote repicaton VR local elurtringYOS Geta avaiabilty VVMIVXFS. eo ty beckuP NetBackup Levels of Availability Data centers may implement different levels of availability depending on their requirements for availability + Backup: At minimum, all data needs to be protected using an effective backup solution, such as VERITAS NetBackup, + Data availability: Local mirroring provides real-time data availability within the local data center. Point-in-time copy solutions protect against corruption. Online configuration keeps data available to applications while storage is expanded to accommodate growth. + Local clustering: After protecting, the next level is using a clustering solution, such as VERITAS Cluster Server (VCS), for application and server availability. + Remote replication: After implementing local availability, you can further ensure data availability in the event of a site failure by replicating data to a remote site, Replication can be application-, host-, or array-based + Remote clustering: Implementing remote clustering ensures that the applications and data can be started at a remote site. The VCS Global Cluster Option supports remote clustering with automatic site failover capability. VERITAS Cluster Server for UNIX, Fundamentals Coot 208 Symone Crean AI ars snTypes of Clusters * Cluster is a broadly-used term: — High availability (HA) clusters ~ Parallel processing clusters — Load balancing clusters — High performance computing clusters — Fault tolerant clusters * VCS is primarily an HA cluster with support for: | — Parallel processing applications, such as Oracle RAC ~ Application workload balancing Clustering Concepts The term cluster refers to multiple independent systems connected into a management framework. Types of Clusters A variety of clustering sol ions are available for various computing purposes. + HA clusters: Provide resource monitoring and automatic startup and failover + Parallel processing clusters: Break large computational programs into smaller 1 s executed in parallel on multiple systems + Load balancing clusters: Monitor system load and distribute applications automatically among systems according to specified criteria *+ High performance computing clusters: Use a collection of computing resources to enhance application performance + Fault-tolerant clusters: Provide uninterrupted application availability Fault tolerance guarantees 99.9999 percent availability, or approximately 30 seconds of downtime per year. Six 9s (99.9999 percent) availabili but the costs of this solution are well beyond the affordability of most companies. In contrast, high availability solutions can achieve five 9s (99.999 percent availability—less than five minutes of downtime per year) ata fraction of the cost. is appealing, The focus of this course is VERITAS Cluster Server, which is primarily used for high availability, although it also provides some support for parallel processing and load balancing. Lesson 1 High Availability Concepts 7Naot Not Rao Local Cluster Configurations Depending on the clustering solution you deploy, you may be able to implement a variety of configurations, enabling you to deploy your clustering solution to best suit your HA requirements and utilize existing hardware. + Active/Passive In this configuration, an application runs on a primary or master server and a dedicated redundant server is present to take over on any failover. + Active/Active In this configuration, each server is configured to run specific applications or services, and essentially provides redundancy for its peer + N-to-1 In this configuration, the applications fail over to the spare when a system crashes. When the server is repaired, applications must be moved back to their inal systems. * N+1 Similar to N-to-1, the applications restart on the spare after a failure. Unlike the N-to-1 configuration, after the failed server is repaired, it can become the redundant server. + Neto-N This configuration is an active/active co uration that supports multiple application services running on multiple servers. Each application service is the cluster. capable of being failed over to different server 138 VERITAS Cluster Server for UNIX, FundamentalsF oroniec ce Globai Cluster Configurations BM Campus Cluster Campus and Global Cluster Configurations Cluster configurations that enable data to be duplicated among multiple physical sites protect against site-wide failures. ‘Campus Clusters ‘The campus or stretch cluster environment is a single cluster stretched over multiple locations, connected by an Ethernet subnet for the cluster interconnect and a fiber channel SAN, with storage mirrored at each location. Advantages of this configuration are: + Itprovides local high availability within each site as well as protection against site failure. + Itis a cost-effective solution; replication is not required. + Recovery time is short. * The data center can be expanded. + You can leverage existing infrastructure. Global Clusters Global clusters, or wide-area clusters, contain multiple clusters in different geographical locations, Global clusters protect against site failures by providing data replication and application failover to remote data centers, Global clusters are not limited by distance because cluster communication uses TCP/IP. Replication can be provided by hardware vendors or by a software solution, such as VERITAS Volume Replicator, for heterogeneous array support. Lesson 1 High Availability Concepts 3HA Applica’ HA Application Services * Collection of all hardware and software components required to provide a service All components moved together Components started, stopped in order Examples: Web servers, databases, and 4 + Database applications 1 + IP addross | = Database requires file systems | * File systems require volumes i Volumes require disk groups n Services An application service is a collection of hardware and software components required to provide a service, such as a Web site an end-user may access by connecting to a particular network IP address or host name. Each application service typically requires components of the following three types: + Application binaries (executables) + Network + Storage Ifan application service needs to be switched to another system, all of the components of the application service must migrate together to re-create the service on another system. ‘These are the same components that the administrator must manually move from a failed server to a working server to keep the service available to clients in a nonelustered environment. Application service examples include: + A Web service consisting of a Web server program, IP addr network interfaces used to allow access into the Web site, a containing Web data files, and a volume and disk group containing the file system, + A database service may consist of one or more IP addresses, database management software, a file system containing data files, a volume and disk group on which the file system resides, and a NIC for network access. VERITAS Cluster Server or UNIX, Fundamentals,FJ srronie Local Application Service Failover Cluster management software performs a series of tasks in order for clients to access a service on another server in the event a failure occurs. The software must: + Ensure that data stored on the disk is available to the new server, if shared storage is configured (Storage). * Move the IP address of the old server to the new server (Network). + Start up the application on the new server (Application). The process of stopping the application services on one system and starting it on another system in response to a fault is referred to as a failover Lesson 1 High Availability Concepts 1ES omanec] a i Local and Global Failover Site Migration Replication. Local and Global Failover Ina global cluster environment, the application services are generally highly available within a local cluster, so faults are first handled by the HA software, which performs a local failover. When HA methods such as replication and clustering are implemented across geographical locations, recovery procedures are started immediately at a remote location when a disaster takes down a site. VERITAS Cluster Server for UNIX, Fundamentals eeygh 208 Symantec Canter agreed= ae symantec. plication Requirements for Clustering Function | Requirement Start? | Restarted to a known state after a failure restart Stop ‘Stopped using a defined procedure Clean | Cleaned up after operational failures Monitor | Monitored periodically Node- | Not tied to a particular host due to licensing constraints indepen- | or host name dependencies dent Application Requirements for Clustering The most important requirements for an application to run in a cluster are cr h tolerance and host independence. This means that the application should be able to recover after a crash to a known state, in a predictable and reasonable time. on two or more hosts. Most commercial applications today satisfy this requirement. More specifically, an application is considered well-behaved and can be controlled by clustering software if it meets the requirements shown in the slide, Lesson 1 High Availabilty Concepts‘Two independent links connecting nodes ‘Two independent links from each server to storage Clustering Prerequisites Hardware and Infrastructure Redundancy All failovers cause some type of client disruption. Depending on your configuration, some applications take longer to fail over than others, For this reason, good design dictates that the HA software first try to fail over within the system, using agents that monitor local resources. Design as much resiliency as possible into the individual servers and components so that you do not have to rely on any hardware or software to cover a poorly configured system or application. Likewise. try to use all resources to make individual servers as reliable as possible. Single Point of Failure Analysis Determine whether any single points of failure exist in the hardware, software, and infrastructure components within the cluster environment. Any single point of failure becomes the weakest link of the cluster. The application is equally inaccessible if a client network connection fails, or ifa server fails Also consider the location of redundant components. Having redundant hardware equipment in the same location is not as effective as placing the redundant component in a separate location. In some cases, the cost of redundant components outweighs the risk that the component will become the cause of an outage. For example, buying an additional expensive storage array may not be practical. Decisions about balancing cost versus availability need to be made according to your availability requirements. 14 VERITAS Cluster Server for UNIX, Fundamentals,External Dependencies * Avoid dependence on services ey outside the a cluster, where \ possible, * Ensure redundancy of —_Switeh external services, if required. External Dependen Whenever possible. it is good practice to eliminate or reduce reliance by high availability applications on external services. If it is not possible to avoid outside dependencies, ensure that those services are also highly available. For example, network name and information services, such as DNS (Domain Name System) and NIS (Network Information Service), are designed with redundant capabilities. Lesson 1 High Availability Concepis 115Lesson Summary = Key Points — Clustering is used to make business-critical applications highly available. — Local and global clusters can be used together to provide disaster recovery for data center sites. = Reference Materials - High Availability Design and Customization Using VERITAS Cluster Server course — VERITAS High Availability Fundamentals Web- based training High Availability References these references as resources for building a complete understanding of high availability environments within your organization. = The Resilient Enterpris This book explains the nature of disasters and their impacts on enterprises, organizing and training recovery teams, acquiring and provisioning recovery sites, and responding to disasters. © Blueprints for High Availability: Designing Resilient Distributed Systems This book provides a step-by-step guide for building systems and networks with high availability, resiliency, and predictability. * High Availability Design, Techniques, and Processes This guide describes how to create systems that are easie- to maintain, and defines ongoing availability strategies that account for business change. + Designing Storage Area Networks The text offers practical guidelines for using diverse SAN technologies to solve existing networking problems in large-scale corporate networks. With this book, you learn how the technologies work and how to organize their components into an effective, scalable design. + Storage Area Network Essemtials: A Complete Guide to Understanding and Implementing SANs (VERITAS Series) This book identifies the properties, architectural concepts, technologies, benefits, and pitfalls of storage area networks (SANS). Recovering Information Services from Disasters VERITAS Gluster Server for UNIX, Fundamentals,Lesson 2 VCS Building BlocksLesson 1 Lesson Lesson 4 Lesson 1 Lesson 1; Lesson 1: Lesson 1: + Lesson 1 + Lesson 4 Lesson Introduction Lesson 2: VCS Building Blocks Lesson 4: Installing VCS. Lesson $: VCS Operations Lesson 6: VCS Configuration Methods Lesson 7: Preparing Services for VCS Lesson 8: 1 Lesson 9: Offline Configuration |: High Avallability Concepts Configuration 0: Sharing Network Interfaces 11: Configuring Notification 12: Configuring VCS Response to Faults 3: Cluster Communications 4: System and Communication Faults 5: UO Fencing 16: Troubleshooting Topic ‘After completing this lesson, you will be able to: VCS Terminology Define VCS terminology. Cluster Communication Describe VCS cluster communication mechanisms. VES Architecture Describe the VCS architecture. VERITAS Cluster Server for UNIX, FundamentalsVCS clusters consist of: = Up to 32 systems (nodes) + An interconnect for cluster ‘communication + A public network for client connections + Shared storage accessible by each system & one serves & ottine sevice Hyp Cluster Interconnect! VCS Terminology VCS Cluster A VCS cluster is a collection of independent systems working together under the VCS management framework for increased service availability. VCS clusters have the following components: + Upto 32 systems—sometimes referred to as nodes or servers Each system runs its own operating system. * A cluster interconnect, which allows for cluster communications + A public network, connecting each system in the cluster to a LAN for client access + Shared storage (optional), accessible by each system in the cluster that needs to run the application Lesson 2 VCS Building Blocks 23 Cony 20s Sana Copan gestssymantec] A service group is a container that enables VCS to manage an application service as a unit. A service group is defined by: + Resources: Components required to provide the service + Dependencies: Relationships between components @ Diskcroup + attributes: Behaviors for startup and failure conditions B Mount Volume @ Service Groups A service group is a virtual container that enables VCS to manage an application service as a unit, The service group contains all the hardware and software components required to run the service. The service group enables VCS to coordinate failover of the application service resources in the event of failure or at the administrator's request. A service group is defined by these attributes: + The cluster-wide unique name of the group + The list of the resources in the service group, usually determined by which resources are needed to run a specific application service + The dependency relationships between the resources + The list of cluster systems on which the group is allowed to run + The list of cluster systems on which you want the group to start automatically VERITAS Cluster Server for UNIX, Fundamentals ey 200 mane Crean. Aaa eer.7 Laz symantec. Service Group Types = Failover ~ Online on only one cluster system at a time = Most common type = Parallel ~ Online on multiple cluster systems simultaneously ~ Example: Oracle Real Application Cluster (RAC) * Hybrid Special-purpose service group used in replicated data clusters (RDCs) using VERITAS Volume Replicator Service Group Types Service groups can be one of three types: + Failover This service group runs on one system at a time in the cluster. Most application services, such as database and NFS servers, use this type of group. + Parallel This service group runs simultaneously on more than one system in the cluster, This type of service group requires an application that can be started on more than one system at a time without threat of data corruption. + Hybrid (4.x and later) A hybrid service group is a combination of a failover service group and a parallel service group used in VCS 4.x (and later) replicated data clusters (RDC), which use replication between systems at different sites instead of shared storage. This service group behaves as a failover group within a defined set of systems, and a parallel service group within a different set of systems. RDC configurations are described in the High Availability Using VERITAS Cluster Server for UNIX, Implementing Remote Clusterscourse. Lesson 2 VCS Building Blocks 25Resources VCS resources: Correspond to the hardware or software components of an application service Have unique names throughout the cluster Are always contained within service groups Are categorized as: — Persistent: Always on ~ Nonpersistent: Turned on and off Recommendation: Choose names that reflect the service {group name to easily identify all resources in that group; for Resources Resources are VCS objects that correspond to hardware or software components, such as the application, the networking components, and the storage components, VCS controls resources through these actions: + Bringing a resource online (starting) + Taking a resource offline (stopping) + Monitoring a resource (probing) Resource Categories + Persistent — None VCS can only monitor persistent resources—these resources eannot be brought online or taken offline. The most common example of a persistent resource is a network interface card (NIC), because it must be present but cannot be stopped. FileNone and ElifNone are other examples. — On-only VCS brings the resource online if required but does not stop the resource if the associated service group is taken offline. ProcessOnOnly is a resource used to start, but not stop a process such as daemon, for example. + Nonpersistent, also known as on-off Most resources fall into this category, meaning that VCS brings them online and takes them offline as required. Examples are Mount, IP, and Process. FileOnOff is an example of a test version of this resource. 26 VERITAS Cluster Server for UNIX, Fundamentals Cape 9 208 Syrates Carton lg anessymantec. Resource Dependencies Resources dependencies: * Determine online and offline order * Have parentichild relationships; parent depends on child * Cannot be cyclical Ottne order | JApp Parent Pg Mount Parent/child Nic volume Porsistent resources, such as NIC, cannot be parents, DiskGroup oxcer Chile Resource Dependencies Resources depend on other resources because of application or operating system requirements. Dependencies are defined to configure VCS for these requirements Dependency Rules These rules apply to resource dependencies: + A parent resource depends on a child resource. In the diagram, the Mount resource (parent) depends on the Volume resource (child). This dependency illustrates the operating system requirement that a file system cannot be mounted without the Volume resource being available. + Dependencies are homogenous. Resources can only depend on other resources. * No cyclical dependencies are allowed. There must be a clearly defined starting point. Lesson 2 VCS Building Blocks 27 ‘Sepygh © 208 Syma Capoten ie mansymantec, Resource Attributes Resource attributes: = Define individual resource properties * Are used by VCS to manage the resource = Can be required or optional * Have values that match actual components Online mount -F vats /dov/vx/dsk/WebDG/WebVol /Web Resource Attributes Resources attributes define the specific characteristics on individual resources. As shown in the slide, the resource attribute values for the sampie resource of type Mount correspond to the UNIX command line to mount a specific file system, VCS uses the attribute values to run the appropriate command or system call to perform an operation on the resource. Each resource has a set of required attributes that must be defined in order to enable VCS to manage the resource. For example, the Mount resource on Solaris has four required attributes that must be defined for each resource of type Mount: + The directory of the mount point (MountPoint) + The device for the mount point (BlockDevice) + The type of file system (FSType) + The options for the scx command (FsckOpt) ‘The first three attributes are the values used to build the UNIX mount command shown in the slide. The FsckOpt attribute is used if the mour-t command fails. In this case, VCS runs fsck with the specified options (-y, which means answer yes to all fsck questions) and attempts to mount the file system again, Some resources also have additional optional attributes you can define to control how VCS manages a resource. In the Mount resource example, MountOpt is an optional attribute you can use to define options to the UNIX mount command. For example, if this is a read-only file system, you can specify -ro as the MountOpt value. VERITAS Cluster Server for UNIX, Fundamentals ett ©2008 Symantec Cnpernton Al ge esrsymantec. Resource Types Resources types: * Are classifications of resources = Specify the attributes needed to define a resource = Are templates for defining resource instances HIRE [Boone [CF F5type] [options] Block device out point] mount [cP Fetypel_leptions] block device some point] Resource Types and Type Attributes Resources are classified by resource type. For example, disk groups, network interface cards (NICs), IP addresses, mount points, and databases are distinct types of resources. VCS provides a set of predefined resource types—some bundled, some add-ons—in addition to the ability to create new resource types. Individual resources are instances of a resource type. For example, you may have several IP addresses under VCS control. Each of these IP addresses individually is a single resource of resource type IP. A resource type can be thought of as a template that defines the characteristics or attributes needed to define an individual resource (instance) of that typ. You can view the relationship between resources and resource types by comparing the mount command for a resource on the previous slide with the mount syntax on this slide, The resource type defines the syntax for the mount command, The resource attributes fill in the values to form an actual command line. Lesson 2 VCS Building Blocks 23 Conyah ©208 Sate penn A etsAgents: How VCS Controls Resources Each resource type has a corresponding agent that manages all resources of that type. * Agents have one or more entry points. + Entry points perform set actions on resources. * Each system runs one agent for each active resource type. 1 8 OO UR & a a a monitor clean Agents: How VCS Controls Resources Agents are processes that control resources. Each resource type has a corresponding agent that manages all resources of that resource type. Each cluster system runs only one agent process for each active resource type, no matter how many individual resources of that type are in use. Agents control resources using a defined set of actio The four entry points common to most agents are: + Online: Resource startup + Offline: Resource shutdown + Monitor: Probing the resource to retrieve status + Clean: Killing the resource or cleaning up as necessary when a resource fails to be taken offline gracefully also called entry points. The difference between offline and clean is that offline is an orderly termination and clean is a forced termination. In UNIX. this can be thought of as the difference between exiting an application and sending the ki11 -9 command to the process. Each resource type needs a different way to be controlled. To accomplish this, each agent has a set of predefined entry points that specify how to perform each of the four actions. For example, the startup entry point of the Mount agent mounts a block device on a directory, whereas the startup entry point of the IP agent uses the command to set the IP address on a unique IP alias on the network interface. VCS provides both predefined agents and the ability to create custom agents. VERITAS Cluster Server for UNIX, Fundamentals ang 2008 Symi Caen lt eaa 5 = "VERITAS Cluster Server Bundled Agents Reference Guide Saas Veritas™ Cluster Server Bundled Agents Reference symantec. [* Defines all VCS resource types || Su'de for all bundied agents + Includes all supported UNIX sone platforms | + Downloadable from | nttoisuoport veritas.com . ae Ye ey VERITAS Cluster Server Bundled Agents Reference Guide The VERITAS Cluster Server Bundled Agents Reference Guide describes the agents that are provided with VCS and defines the required and optional attributes for each associated resource type. VERITAS also provides additional application and database agents in an Agent Pack that is updated quarterly. Some examples of these agents are: + Oracle + NetBackup + Informix + iPlanet Select the Agents and Options link on the VERITAS Cluster Server page at waw. veritas .com fora complete list of agents available for VCS. To obtain PDF versions of product documentation for VCS and agents, sce the ‘Support Web site at http: //support .veritas con. Lesson 2 VCS Building Blocks 2 enygh ©2005 Se Carperaton AL areneCluster Communication The cluster interconnect provides a communication channel between nodes. The interconnect: Determines which nodes are affiliated by cluster ID Uses a heartbeat mechanism Maintains cluster membership: Assingle view of the state of each cluster node Is also referred to as the private network Cluster Communication VCS requires a cluster communication channel between systems in a cluster to serve as the cluster imerconnect. This communication channel is also sometimes referred to as the private nenwork because itis often implemented using @ dedicated Ethernet network VERITAS recommends that you use a minimum of two dedicated communication channels with separate infrastructures—for example, multiple NICs and separate network hubs—to implement a highly available cluster interconnect. The cluster interconnect has two primary purposes: + Determine cluster membership: Membership in a cluster is determined by systems sending and receiving heartbeats (signals) on the cluster interconnect. This enables VCS to determine which systems are active members of the cluster and which systems are joining or leaving the cluster. In order to take corrective action on node failure, surviving members must gree when a node has departed. This membership needs to be accurate and coordinated among active members—nodes can be rebooted, powered off, ulted, and added to the cluster at any time. + Maintain a distributed configuration: Cluster configuration and status information for every resource and service group in the cluster is distributed dynamically to all systems in the cluster. Cluster communication is handled by the Group Membership Services/Atomic Broadcast (GAB) mechanism and the Low Latency Transport (LLT) protocol, as described in the next sections. VERITAS Cluster Server for UNIX, Fundamentals, enyon 200 Symantec Capon Al pha esetTransport (LLT) LLT is a high-performance, low-latency protocol for cluster communication, Cor = Sends heartbeat messages = Transports cluster ‘communication traffic * Balances traffic load across multiple network links. = Is a proprietary protocol Runs on an Ethernet network Low-Latency Transport Clustering technologies from Symantec use a high-performance, low-latency protocol for communications. LLT is designed for the high-bandwidth and low= latency needs of not only VERITAS Cluster Server, but also VERITAS Cluster File System, in addition to Oracle Cache Fusion traffic in Oracle RAC configurations, LLT runs directly on top of the Data Link Provider Interface (DLPI) layer over Ethernet and has several major functions + Sending and receiving heartheats over network links + Monitoring and transporting network traffic over multiple network links to every active system Balancing the cluster communi mn load over multiple links + Maintaining the state of communication Providing a transport mechanism for cluster communications Lesson 2 VCS Building Blocks 243 Capp 9205 Symi Camo. ts seveGroup Mei Broadcast (GAB) GAB is a proprietary broadcast protocol that uses LLT as its transport mechanism. GAB: + Manages cluster membership—GAB membership Is a proprietary broadcast protocol ‘Sends and receives configuration information Uses the LLT transport mechanism Group Membership Services/Atomic Broadcast (GAB) GAB provides the following: + Group Membership Services: GAB maintains the overall cluster membership by way of its group membership services function. Cluster membership is determined by tracking the heartbeat messages sent and received by LLT on all systems in the cluster over the cluster interconnect. GAB messages determine whether a system is an active member of the cluster, joining the cluster, or leaving the cluster. If a system stops sending heartbeats, GAB determines that the system has departed the cluster. + Atomic Broadcast: Cluster configuration and status information are distributed dynamically to all systems in the cluster using GAB's atomic broadcast feature. Atomic broadcast ensures that all active systems receive all messages for every resource and service group in the cluster. VERITAS Cluster Server for UNIX, FundamentalsTF smanes vo ing lO fencing is a mechanism to prevent uncoo! access to shared storage. ated VO fencing: * Monitors GAB for cluster membership changes * Prevents simultaneous access to shared storage (fences off nodes) * Is implemented as a kernel driver * Coordinates with Volume Manager = Requires hardware with SCSI-3 PR support The Fencing Driver The fencing driver prevents multiple systems from accessing the same Volume Manager-controlled shared storage devices in the event that the cluster interconnect is severed. In the example of a two-node cluster displayed in the diagram, if the cluster interconnect fails, each system stops receiving heartbeats from the other system. GAB on each system determines that the other system has failed and passes the cluster membership change to the fencing module. The fencing modules on both systems contend for control of the disks according to an internal algorithm. The losing system is forced to panic and reboot. The \winning system is now the only member of the cluster, and it fences off the shared data disks so that only systems that are still part of the cluster membership (only ‘one system in this example) can access the shared storage. The winning system takes corrective action as specified within the cluster configuration, such as bringing service groups online that were previously running on the losing system. Lesson 2 VCS Building Blocks 245 apg © 205 Symain Capon ts enHigh Availability Daemon (HAD) HAD is the VCS engine, which manages all resources and tracks all configuration and state changes. HAD: + Runs on each cluster node Maintains resource configuration and state information Manages agents and service groups Is monitored by the hashadow daemon The High Availability Daemon ‘The VCS engine, also referred to as the high availability daemon (had), is the primary VCS process running on each cluster system. HAD tracks all changes in cluster configuration and resource status by communicating with GAB. HAD manages all application services (by way of agents) whether the cluster has one or many systems. Building on the knowledge that the agents manage individual resources, you can think of HAD as the manager of the agents. HAD uses the agents to monitor the status of all resources on all nodes. This modularity between had and the agents allows for efficiency of roles + HAD does not need to know how to start up Oracle or any other applications that can come under VCS control + Similarly, the agents do not need to make cluster-wide decisions. This modularity allows a new application to come under VCS control simply by adding a new agent—no changes to the VCS engine are required. On each active cluster system, HAD updates all the other cluster systems with changes to the configuration or status. In order to ensure that the had daemon is highly available, a companion daemon, hashadow, monitors had, and if had fails, hashadow attempts to restart had, Likewise, hac restarts hashadow if hashadow stops. VERITAS Cluster Server lor UNIX, Fundamentals epee 208 marae Coat As onesVCS Architecture Maintaining the Cluster Configuration France HAD maintains the cluster configuration in memory on each node. Configuration changes are broadcast by HAD to all systems. The configuration is preserved on disk (main.cf). HAD maintains configuration and state information for all cluster resources in memory on each cluster system. Cluster state refers to tracking the status of all resources and service groups in the cluster. When any change to the cluster configuration occurs, such as the addition of a resource to a service group, HAD on the initiating system sends a message to HAD on each member of the cluster by way of GAB atomic broadcast, to ensure that each system has an identical view of the cluster. Atomic means that all systems receive updates, or all systems are rolled back to the previous state, much like a database atomic commit. ‘The cluster configuration in memory is created from the main. the case where HAD is not currently running on any cluster system: file on disk in 5, so there is no configuration in memory. When you start VCS on the first cluster system, HAD. builds the configuration in memory on that system from the n.cé file. Changes to a running configuration (in memory) are saved to disk in main. when certain operations occur. These procedures are described in more detail later the course. Lesson 2 VCS Building Blocks epg 0200 Symaia CapraFiles /ete/VRTSves /cont/confighnain.cf VCS Configuration Gnclude “types cluster vos web ( UsezNianes = { admin = ElafighinlinnkunGlj } Adninistrators = { admin }) Gounterinverval = 5 = = 5 [cluster configuration stored in text] system 51 ( [fil on disk | , system 52 ( ) group Webss ( ‘Systembist = ( si ) Mount WebMount ( MountPoint = "/Web" BlockDavice = "/dev/vx/dsk/WebDG/WebVoL” FStype = vats Fsckopt = "-y' ) a) VCS Configuration Files Configuring VCS means conveying to VCS the definitions of the cluster, service groups, resources, and resource dependencies. VCS uses two configuration files in a default configuration: + Themain.cf file defines the entire cluster, including the cluster name, systems in the cluster, and definitions of service groups and resources, in addition to service group and resource dependencies. + The types ct file defines the resource types. Additional files similar to types . c£ may be present if agents have been added. For example, if the Oracle enterprise agent is added, a resource types file, such as OracleTypes . cf, is also present. The cluster configuration is saved on disk in the /etc/VRTS config directory, so the memory configuration can be re-created after systems are restarted. VERITAS Cluster Server for UNIX, Fundamentals convo 82008 SmaresComertn A opis eeavetsymantec. Lesson Summary = Key Points | - HADis the primary VCS process, which manages resources by way of agents. ~ Resources are organized into service groups. ~ Each system in a cluster has an identical view of the state of resources and service groups. = Reference Materials ~ High Availability Design and Customization Using VERITAS Cluster Server course - VERITAS Cluster Server Bundled Agents Reference Guide ~ VERITAS Cluster Server User's Guide Next Steps Your understanding of basic VCS architecture enables you to prepare your site for installing VC Lesson 2 VCS Building Blocks2-20 VERITAS Cluster Server for UNIX, FundamentalsLesson 3 Preparing a Site for VCSLesson Introduction + Lesson High Availity Concepts + Lesson 2: Ve8 Bulding Blocks + Lesson 3: Proparing aSitefor ves ‘Lesson 4 Installing VES «Lesson 5: VOS Operations + Lasson 6 VCS Configuration Methods + Lenton 7: Preparing Service for VOS| + Laston 8 Online Configuration * Lesson 9 Oftine Consguration + Liason 10: Sharing Network ntraces * Laston 11 Configuring Notfestion + Lnsson 12 Coniguing VS Response to Fults + Laston 13: Custer Communications * Lesson 14 System and Communication Fauts + Lesson 15:10 Fencing + Laston 16: Troubleshoting Lesson Topics and Objectives Topic ‘After completing this lesson, you will be able to: Hardware Requirements | Describe general VCS hardware and Recommendations _| requirements. Software Requirements | Describe general VCS software and Recommendations _| requirements. Preparing Installation Collect cluster design information to Information prepare for installation. 32 VERITAS Cluster Server for UNIX, Fundamentals Con 208 Sane Coen AI a see3 symantec Hardware Compatibility List (HCL) Minimum configur — Memory — Disk space Cluster interconnect: — Redundant interconnect links ~ Separate infrastructure (hubs, switches) = No single point of failure Systems installed and verified Hardware Requirements and Recommendations Hardware Requirements See the hardware compatibility list (HCL) at the VERITAS Web site for the most recent list of supported hardware for VERITAS products by Symantec. Cluster Interconnect VERITAS Cluster Server requires a minimum of two heartocat channels for the luster interconnect Loss of the cluster interconnect results in downtime, and in nonfencing environments, can result in split brain condition (described in detail later in the course). Configure a minimum of two physically independent Ethemet connections on cach node for the cluster interconnect + Two-node clusters can use crossover cables. * Clusters with three or more nodes require hubs or switches. + You can use layer 2 switches; however, this is not a requirement, For clusters using VERITAS Cluster File System or Oracle Real Application Cluster (RAC), Symantec recommends the use of multiple gigabit interconnects, and gigabit switches. Lesson 3 Preparing a Site for VCS 33ep 3 symantec. Hardware Recommendations = No single points of failure Redundancy for: — Public network interfaces and infrastructures — HBAs for shared storage (Fibre or SCSI) Identically configured systems: — System hardware — Network interface cards ~ Storage HBAs Networking For a highly available configuration, each system in the cluster should have a minimum of two physically independent Ethernet connections for the public network. Using the same interfaces on each system simplifies configuring and managing the cluster. Shared Storage VCS is designed primarily as a shared data high availability product: however, you can configure a cluster that has no shared storage For shared storage clusters, consider these recommendations. + One HBA minimum for shared and nonshared (boot) disks: > To climinate single points of failure, it is recommended to have two HBAs to connect to disks and to use a dynamic multipathing software, such as VERITAS Volume Manager DMP. > Use multiple single-port HBAs or SCSI controllers rather than multiport interfaces to avoid single points of failure. + Shared storage on a SAN must reside in the same zone as all cluster nodes. + Data should be mirrored or protected by a hardware-based RAID mechanism. + Use redundant storage and paths. + Include all cluster-controlled data in your backup planning, implementation, and testing, For information about configuring SCSI shared storage, see the SCSI Controller Configuration for Shared Storage section in the “Job Aids” appendix. VERITAS Cluster Server for UNIX, Fundamentals Cros 9208 Syste Captian Al ngs saesymantec. Software Requirements + Determine supported software: — Operating system — Patch level + entsuppott lnyaantad fom = Volume management __release notes and installation guide | ~ File system ~ Applications + Obtain VCS license key +vlicense veritas.com + Sales representative + Technical Support for upgrades Software Requirements and Recommendations Software Requirements Ensure that the sofiware meets requirements for installing VCS. * Verify that the required operating system patches are installed on the systems before installing VCS. For the latest software requirements, refer to the VERITAS Cluster Server Release Notes and the VERITAS Support Web site. + Verify that storage management software versions are supported. Using storage management software, such as VERITAS Volume Manager and VERITAS File System, enhances high availability by enabling you to mirror data for redundancy and change the configuration or physical disks without interrupting services * Obtain VCS license keys. You must obtain license keys for each cluster system to complete the license process. For new installations, use the vLicense Web site, ht License. veritas .com, or contact your VERITAS/Symantec sales representative for license keys. For upgrades, contact Technical Support. Also, verify that you have the required licenses to run applications on all systems where the corresponding service ean run. Lesson 3 Preparing a Site for VCS 35Software Recommendations * Identical system software configuration: — Operating system version and patch level — Kernel and networking — Configuration files — User accounts = Identical application configuration: ~ Version and patch level ~ User accounts — Licenses Software Recommendations Follow these recommendations to simplify installation, configuration, and management of the cluster: + Operating system: Although it is not a strict requirement to run the same operating system version on all cluster systems, doing so greatly reduces the complexity of installation and ongoing cluster maintenance, + Configuration: Setting up identical configurations on each system helps ensure that your application services can fail over and run properly on all cluster systems + Application: Verify that you have the same revision level of each application you are placing under VCS control, Ensure that any application-specific ust accounts are created identically on each system. Ensure that you have appropriate licenses to enable the applications to run on any designated cluster system. VERITAS Cluster Server for UNIX, FundamentalsSolaris symantec. Before beginning VCS installation: * Add /sbin, /usr/sbin, /opt/VRTSvcs/bin to PATE. * Verify that systems are accessible using fully qualified host names. = Create an alias for the abort—>go sequence (Solaris). Configure ssh or rsh. | procedure | + No prompting permitted: ssh: Set publiciprivate keys +xoh: Set /chosts “Move /etc/issue or similar type files | + Can install systems individually if remote access is |_not allowed ‘System and Network Preparation Perform these tasks before starting VCS installation. + Add directories to the PATH variable, if required. For the PATH settings the Installation guide for your platform. + Verify that administrative IP addresses are configured on your public network interfaces and that all systems are accessible on the public network using fully qualified host names. For details on configuring administrative IP addresses, see the “Job Aids’ appendix. ee + Consider disabling the go sequence after Stop-A on Solaris systems. When a Solaris system in a VCS cluster is halted with the abort sequence (STOP-A), it stops producing VCS heartbeats. This causes other systems to consider this a failed node. Ensure that the only action possible after an abort is a reset. To ensure that you never issue a go function after an abort, create an alias for the go function that displays a message. See the VERITAS Cluster Server Installation Guide for the detailed procedure + Enable sh or rsh to install all cluster systems from one system. If' you cannot enable secure communications, you can instal] VCS on each system separately. Lesson 3 Preparing a Site for VCS a7 epyon0 208 Syma Carton, Meera = symantec. Required Installation Input Collect required installation information: System (node) names License keys Cluster name Cluster ID (0 - 64K) Network interfaces for cluster interconnect links Preparing Installation Information Required Installation Input Verify that you have the information necessary to install VCS. Be prepared to supply: + Names of the systems that will be members of the cluster + A name for the cluster, beginning with a letter of the alphabet (a-z, A~Z) + Auunique ID number for the cluster in the range 0 to 64K Avoid using 0 because this is the default setting and can lead to conflicting cluster numbers if other clusters are added later using the default setting. All clusters sharing a private network infrastructure (including connection to the sme public network if used for low-priority links) must have a unique ID. + Device names of the network interfaces used for the cluster interconnect a8 VERITAS Cluster Server for UNIX, Fundamentals coy 9 2008 Sane: Capen tedae 2 a Cluster Configuration Options Prepare for configuring options: VCS user names and passwords Managed host (Cluster Management Console) Local CMC (Web GUI): * Network interface for CMC Web GUI * Virtual IP address for CMC Web GUI SMTP server name and e-mail addresses SNMP Console name and message levels Root broker node for security Default account: | User name: admin Ls Password: password You can opt to configure additional cluster services during installation. + VCS user accounts: Add accounts or change the default admin account. + Managed host: Add cluster nodes to a Cluster Management Console management server as described in the “Managed Hosts” section. + Local Cluster Management Console (Web GUI): Specify a network interface and virtual IP address on the public network to configure a highly available Web management interface for local cluster administration. + Notification: Specify SMTP and SNMP information during installation to configure the cluster notification service. + Broker nodes (4.1 and later): VCS can be configured to use VERITAS Security Services (VxSS) to provide secure communication between cluster nodes and clients, as described in the “VERITAS Security Services” section. Lesson 3 Preparing a Site for VCS 38 onyign ©2008 Syria agen MermanManaged Hosts A managed hos + Can be any 4.x or 5.0 cluster system, any platform Is under control of 5.0 CMC Runs a console connector that . cme Fi , Cluster Management Console (MC) communicates with es cmc ‘This course covers local cluster management only. Managed Hosts During VCS installation, you are prompted to select whether the systems in this cluster are managed hosts in a Cluster Management Console environment. Cluster Management Console (CMC) is a Web-based interface for managing multiple clusters at different physical locations, with cluster systems running on any operating system platform supported by VCS 4.x or 5.0 You can also use the CMC in local mode to manage only the local cluster. This is similar to the Web GUI functionality in pre-5.0 versions of VCS. Alternately. you can place cluster systems under CMC control by configuring a cluster connector, which enables the systems to be CMC-managed hosts. ‘You can select the type of CMC functionality (or none at all) during VCS installation, or configure this after installation, During installation: + Ifyou select to use CMC for local cluster management, you must provide: — A public NIC for each node A virtual IP address and netmask + Ifyou configure the cluster nodes as managed hosts, you must also configure the cluster connector by providin; ~The IP address or fully-qualified host name for the CMC server — The CMC service account password — The root hash of the management server This course covers local cluster management only. Refer to the product documentation for information about managed hosts and CMC. 340 VERITAS Cluster Server for UNIX, Fundamentals appt 2008 mene Cera AI rs een+ Provides secure communication: — Among cluster systems — Between VCS interfaces and cluster systems, Uses digital certificates for authentication Uses Secure Socket Layer (SSL) for encryption Provides user authentication (single sign-on) Requires one root broker node to be running Requires all cluster systems to be authentication brokers Formerly named VERITAS Security Services (VxSS) | Symantec recommends using a system outside | L the cluster to serve as the root broker node. | Pee chee peermpar the rent heokernot Symantec Product Authentication Service VCS versions 4.1 and later can be configured to use Symantec Product Authentication Service (formerly named VERITAS Security Services or VxSS) to provide secure communication between cluster nodes and clients, including the Java and the Web consoles. VCS uses digital certificates for authentication and uses SSL to encrypt communication over the public network In the secure mode, VCS uses platform-based authentication; VCS does not store user passwords. All VCS users are system users. After a user is authenticated, the account information does not need to be provided again to connect to the cluster (single sign-on). Note: Security Services are in the process of being implemented in all VERITAS products. ee VxSS requires one system to act as a root broker node. This system serves as the main registration and certification authority and should be a system that is not a member of the cluster. Alll cluster systems must be configured as authentication broker nodes, which can authenticate clients. Security can be configured after VCS is installed and running. For additional information on configuring and running VCS in secure mode, see “Enabling and Disabling VERITAS Security Services” in the VERITAS Cluster Server User's Guide. Lesson 3 Preparing a Site for VCS =n epg 0 208 Syma Canton Al gts seeUsing a Design Worksheet Validate installation input'ae you luster Definition Value propare the site, Cluster Name ves_wet Required Attributes UserNames __[adminspassword ClusterAddress | 192.168.3.01 ‘Administrators [admin System Definition | Value System 31 System [sz Using a Design Worksheet ‘You may want to use a design worksheet to collect the information required to install VCS as you prepare the site for VCS deployment. You can then use this, worksheet later when you are installing VCS, a2 VERITAS Cluster Server for UNIX, FundamentalsLesson Summary = Key Points — Verify hardware and software compatibility and record information in a worksheet. ~ Prepare cluster configuration values before you begin installation. = Reference Materials — VERITAS Cluster Server Release Notes ~ VERITAS Cluster Server Installation Guide ~ http: //entsupport. symantec.com ~ http://vlicense.veritas.com 93 symantec + Visually inspect the classroom lab site. + Complete and validate the design works! ‘System Definition | Sample Value | Your Value System aint System train? See the next slide for lab assignments, J Labs and solutions for this lesson are located on the following pages. + “Lab 3: Validating Site Preparation." page A-3 “Lab 3 Solutions: Validating Site Preparation," page B-3. Lesson 3 Preparing a Site for VCS enymgn ©2008 Smee Copeaton raises 28a4 VERITAS Cluster Server for UNIX, Fundamentals, Cony 22008 Sane Cnpraon A phi ase