When you enable ClusterCATS administration security for a cluster, only authorized users are able to access and administer the cluster, using ClusterCATS Explorer (Windows) or the ClusterCATS Web Explorer (UNIX). ClusterCATS provides these administration security settings for securing your server cluster environment:
BT_clustername
", where clustername is the exact name of the cluster you created with the ClusterCATS Explorer. The global administrators group must exist within the same domain as the clustered servers.This section describes the following:
The following sections describe how to enable authentication for your environment.
Local-user authentication lets ClusterCATS authenticate specific users per server. Local users of a server must have an account on the server where the web server resides.
For example, if a cluster includes several web servers and you have an account on only one, then you can only administer that server.
If your cluster members are NT servers, use the Windows User Manager utility to create your user accounts.
Note: If only one person will administer all cluster members in the cluster, be sure to create the same user account (identical user name and password) on each cluster member. The ClusterCATS Explorer will then prompt you only once for a user name and password. However, if you create multiple administrator accounts on each server, ClusterCATS Explorer will display user name and password prompts upon each attempt to access the servers from the ClusterCATS Explorer.
The Properties dialog box appears:
Note: ClusterCATS requires you to enter a valid user name and password after selecting the authentication type, so you do not inadvertently lock yourself out of the cluster.
Windows NT Domain authentication lets ClusterCATS authenticate administrators who have been added to a Windows NT domain user group.
Note: This authentication mode can be used only on NT servers and on Windows 2000 servers if the domain is using the Windows NT compatible domain controller model rather than the Active Directory model.
Before you can enable NT domain authentication on a cluster, you must create an NT global user group within the domain you want to secure. You can do this using the Windows NT User Manager for Domains utility. After you create a user group, add users to it, and enable the NT Domain authentication mode from the ClusterCATS Explorer, all users you add to that group are automatically authenticated to view and change the cluster. All servers in the cluster must reside in the same Windows NT domain unless a trusted relationship is set up between two or more domains.
A global group must exist in the domain from which the ClusterCATS Explorer is executed. Cluster members in other domains need only the trust relationship. ClusterCATS Explorer determines what servers exist in which NT domain by communicating with any Windows NT domain controller for the domain. You can view the list of servers that exist in the Windows NT domain with the Network Neighborhood Windows NT utility. If no trust relationship exists, then cluster members must be from the same Windows NT domain.
The New Global Group dialog box appears.
Your global group name must be BT_clustername, where clustername is the name of your ClusterCATS cluster.
The Add Users and Groups dialog box appears.
The Properties dialog box appears.
Note: ClusterCATS requires you to enter a valid user name and password after selecting the authentication type, so you do not inadvertently lock yourself out of the cluster.
Disabling authentication lets any user employ ClusterCATS Explorer to create, configure, or administer clusters. When a cluster is added, administrators have unrestricted access to the content in that cluster. Therefore, you should choose disabled mode only if security is not a concern (for example, in a development or QA environment).
By default, ClusterCATS administrator security is disabled. However, if you have previously configured the security mode for your cluster and now want to turn if off, perform the following procedure.
The Cluster Member List page appears.
The Cluster Authentication page appears:
ClusterCATS requires you to enter a valid user name and password after selecting the authentication type, so you do not inadvertently lock yourself out of the cluster.