About Symantec Product Authentication Service (At) - Symantec Veritas Cluster Server Installation Manual

About Symantec Product Authentication Service (AT)

Typical VCS setup with optional components
Figure 1-4
VCS Management Console
management server
VCS cluster 1
VCS uses Symantec Product Authentication Service (AT) to provide secure
communication between cluster nodes and clients. It uses digital certificates for
authentication and SSL to encrypt communication over the public network to
secure communications.
AT uses the following brokers to establish trust relationship between the cluster
components:
Root broker
A root broker serves as the main registration and certification authority; it
has a self-signed certificate and can authenticate other brokers. The root
broker is only used during initial creation of an authentication broker.
A root broker can serve multiple clusters. Symantec recommends that you
install a single root broker on a utility system. The utility system, such as an
email server or domain controller, can be highly available.
Authentication brokers
Authentication brokers serve as intermediate registration and certification
authorities. Authentication brokers have root-signed certificates. Each node
in VCS serves as an authentication broker.
See Symantec Product Authentication Service documentation for more
information.
Introducing Veritas Cluster Server
About VCS optional components
Symantec Product
Authentication Service
root broker
Optional
VCS cluster 2
19