Versions Compared

Version Old Version 3 New Version Current
Changes made by

Brian Nordland

Brian Nordland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Background

...

For secure by default, IBM i systems are shipped to not allow adding of systems to a cluster. This setting must be changed on all nodes so that a system can be a part of a cluster. There are two options for allowing nodes to be added to a cluster:

  • Recommended: Allowing any system to add this node as a node in a cluster, only if the request is authenticated.

Expand
titleAllowing Any System to Add This Node to a Cluster only if the Request is Authenticated

This option uses X.509 digital certificates to verify cluster nodes are trusted before allowing them to be added into the cluster. This requires the following software products are installed on the systems:

  • IBM i Option 34 (Digital Certificate Manager)

  • IBM i Option 35 (CCA Cryptographic Services Provider)

  1. Run the following command: CHGNETA ALWADDCLU(*ANYRQSAUT).

  2. In Digital Certificate Manager, assign a certificate to the QIBM_QCST_CLUSTER_SECURITY application.

  3. If using a self-signed certificate, ensure that the certificate authorities for all nodes are trusted by all the nodes in the cluster.

  4. Repeat steps 1-3 for all nodes in the cluster.

...