Configuring secure connections for high-availability clusters

For a high-availability cluster to function, the database servers must establish trusted connection with each other. Secure connections between cluster servers by using a trusted-host file on each cluster server and including the connection security option in sqlhosts file entries.

About this task

The secure ports that are specified in sqlhosts files are used only for communication between database servers. Client applications cannot connect to secure ports.

Procedure

To configure a trusted environment for replication, complete the following steps for each cluster server:
  1. Edit the sqlhosts file on each host that contains a cluster server:
    1. Add an entry for each cluster server that is running on that host, and include the s=6 option.
    2. Add an entry for each other cluster server that participates in the cluster, and do not include the s=6 option.
  2. Set the nettype field of the sqlhosts file or registry and the NETTYPE configuration parameter to a network protocol such as ontlitcp or onsoctcp so that the database servers on two different computers can communicate with each other.
    Do not specify a non-network protocol such as onipcshm, onipcstr, or onipcnmp.
  3. Specify trusted-host information.
    Trusted-host information can be specified in the following ways:
    • Create a hosts.equiv file in the $ONEDB_HOME/etc directory, and then manually add entries to the file.
    • Create a trusted-host file in the $ONEDB_HOME/etc directory, and then manually add entries to the file. You must set the REMOTE_SERVER_CFG configuration parameter to the trusted-host file's name and set the S6_USE_REMOTE_SERVER_CFG configuration parameter to 1.
    • Run the admin() or task() function with the cdr add trustedhost argument, and specify trusted-host information. Trusted-host information that is specified by the cdr add trustedhost argument propagates to all servers in the high-availability cluster. Do not run this function if you have manually entered trusted-host information on any of the database servers in a high-availability cluster or Enterprise Replication domain.
  4. Create a server alias for running utilities and client applications.
    For example, set the ONEDB_SERVER environment variable to the alias to run utilities such as onstat and client applications such as DB-Access.