Solved: Use Single Sign-on for Windows

eu22106 · ‎10-20-2011

Hi all,

We want to install the "single sign-on" solution on SFWHA 5.1 SP2 CP3 (Windows) and need therefor a "Root"-server. But as we already have VOM-server (W2K8 R2 64b), we were wondering if It is possible to install the Root service on that VOM-server

Best,

Ivo

mikebounds · ‎10-20-2011

You may find you already have a root broker on the VOM server - to test - on the VOM server run:

 vssat list pd

or

 vssat showallbrokerdomains

If you see a domain starting "root@", then you have a root broker installed and therefore you should just be able to select the VOM server as the existing root broker when you configure VCS for "secure cluster" (single sign on).

The predecessor to VOM was SFM (Storage Foundation Manager) and this required a root broker. When SFM became VOM, I am not sure if Symantec move to an "embedded vxat" config, meaning you might not have a root broker or the root broker is still installed, but it doesn't tell you. If you do not see a root broker on the VOM server you should NOT install a root broker until you have spoken to Symantec or asked this query on the VOM forum (which I suggest you do if you do not see a root broker on the VOM server)

A few years ago there were lots of compatibility issues and if you installed 2 different legacy Veritas products on the same server , then vxat often broke, which is why you need to be cautious as you could break VOM if you install a root broker on there

Mike

View solution in original post

mikebounds · ‎10-20-2011

You may find you already have a root broker on the VOM server - to test - on the VOM server run:

 vssat list pd

or

 vssat showallbrokerdomains

If you see a domain starting "root@", then you have a root broker installed and therefore you should just be able to select the VOM server as the existing root broker when you configure VCS for "secure cluster" (single sign on).

The predecessor to VOM was SFM (Storage Foundation Manager) and this required a root broker. When SFM became VOM, I am not sure if Symantec move to an "embedded vxat" config, meaning you might not have a root broker or the root broker is still installed, but it doesn't tell you. If you do not see a root broker on the VOM server you should NOT install a root broker until you have spoken to Symantec or asked this query on the VOM forum (which I suggest you do if you do not see a root broker on the VOM server)

A few years ago there were lots of compatibility issues and if you installed 2 different legacy Veritas products on the same server , then vxat often broke, which is why you need to be cautious as you could break VOM if you install a root broker on there

Mike

Wally_Heim · ‎10-20-2011

Hi eu22106,

Mike is right about multiple vxat installations on the same server with the 5.x and 4.x product lines can cause compatibility issues. The issues typically revolve around one product upgrading or removing vxat services without the other one knowing about it. In other words, it would break the one that was not aware of the change.

However, when you run VCW to setup single sign-on, you can point it to use an existing root broker in your enviornment or you can have it use one of the nodes for the root broker.

VOM does requires vxat services and should be setup as a root broker and authentication broker. You can have all of your clusters use the same root broker that VOM is using.

FYI - we are addressing this with the next release of SFW-HA by embeding a private copy of vxat servcies on each node of the cluster. This embeded version will only handle authentication services for that node. This will eleminate any compatibility issues with SFW-HA and other Symantec products that are installed on the server.

Thanks,

Wally

VOX

Use Single Sign-on for Windows