Veritas Cluster Server (VCS) 6.0 simplifies the installation and configuration of secure clusters. Security components are installed as a part of the product package. When you upgrade a secure cluster from VCS 5.x to VCS 6.0 and later, the upgrade process does not migrate the old broker configuration to the new configuration. To learn more about secure cluster upgrade considerations, see:
This post and the links seem to use broker and root broker interchangably, but these are not the same, so in your post it says:
When you upgrade a secure cluster from VCS 5.x to VCS 6.0 and later, the upgrade process does not migrate the old root broker
But link About upgrading secure VCS 5.x clusters to VCS 6.0 and later does not say "root" broker:
When you upgrade a secure VCS 5.x cluster to VCS version 6.0 and later, the upgrade does not migrate the old broker configuration to the new configuration because of the change in architecture
The HA commands that you run in VCS 6.0 and later are processed by the new broker by default. To ensure that the HA commands are processed by the old broker, set the VCS_REMOTE_BROKER environment variable as follows:# export VCS_REMOTE_BROKER=RootBrokerIPaddress,2821
In VCS 5.x you have to have Authentication brokers (AB) installed locally, but you can additionally have a remote AB to authenticate the user, so the paragraph above starts off by describing one of these, not sure which, but it is definately NOT describing a root broker as a root broker does not do any authentication or processing of HA commands - it just allows you to create new ABs. But then the VCS_REMOTE_BROKER variable is shown being set to ROOT broker IP.
So I'm very confused by all of this, can you clarify in respect of:
Hi Mike, I made small updates to the post and requested the engineer to further clarify on this forum. If need be, I can further update the post.
Thanks for pointing this out. Varad is updating the document to make it more consistent.
Before 6.0, we used to have one Root borker and all the nodes used to be authentication brokers. However 6.0 onwards this achitecture is changed to have all the nodes to act as root+authentication broker. During upgrade, we do not remove the old root or authentication broker from the nodes, as the customer might have setup old for LDAP users.
So if the customer does not want to migrate to new broker for authenticating its users, he can export VCS_REMOTE_BROKER to the old broker.