|
|
|
To use CA Access Control in a cluster environment, you must install CA Access Control on each node of the cluster. Define the same set of rules (quorum disk or network if you use network interception) for common resources on each node as well.
CA Access Control can detect that it is running in a cluster environment. If CA Access Control detects that the cluster has its own network with separate network adapters used for cluster internal communications only, network interception is disabled for these network adapters. For network interfaces that connect the cluster to the rest of the enterprise, network interception works as usual.
Note: This feature is not enabled if the cluster uses the same network interface for cluster internal communications and communication to the rest of the network.
Example
Suppose you have two nodes:
The cluster itself has an additional IP address of 192.168.0.3.
Network interception does not prevent NODE1 from connecting to NODE2 and vice versa as long as they do their communications using the internal cluster network IP addresses.
Network interception acts as defined by CA Access Control rules if NODE1 or NODE2 are contacted using outside network IP addresses.
In addition, network interception acts as defined by CA Access Control rules if the cluster is contacted at its 192.168.0.3 IP address.
| Copyright © 2012 CA. All rights reserved. |
|