Managing the Product in a Single System Image Complex

A VM Single System Image (SSI) complex is a multisystem environment. An SSI enables you to manage separate VM systems as if they were a single computing resource. cacc maintains a consistent view of system administration definitions across all members of an SSI complex.
vmx32besp
A VM Single System Image (SSI) complex is a multisystem environment. An SSI enables you to manage separate VM systems as if they were a single computing resource.
VM:Secure
maintains a consistent view of system administration definitions across all members of an SSI complex.
The presentation of a consistent view of system administration across an SSI complex requires that
VM:Secure
support the following environment characteristics:
  • The CP Object Directory is identical on every member system. A USER directory entry defines a user ID that can log in any member system (one at a time). The virtual machine definitions are identical. An IDENTITY directory entry defines a user ID that can log in multiple members simultaneously. The member-specific definitions in a SUBCONFIG directory entry can tailor each logon instance.
  • The
    VM:Secure
    Rules Facility provides Resource access control, and the same authorizations for a virtual machine, wherever it is running in the complex.
  • VM:Secure
    provides identical access to the directory management or resource access control administration interfaces from all members of the complex. You can enter product commands in the same way from any member system.
Change virtual machine definitions, configuration file statements, or access control rules simultaneously in every member system. This synchronization preserves the single system image. To accomplish this synchronization in real time,
VM:Secure
operates as a set of distributed servers, one on each member system. These servers communicate with each other. Each server runs in one of the following two modes:
A
master server
runs on one member node to perform the following functions of a non-SSI
VM:Secure
server:
  • Processing commands 
  • Updating and compiling Configuration files
  • Updating and compiling CP Directory Entries
  • Updating and Compiling RULE files
  • Responding to External Security Manager Access Control Interface requests from CP
An
agent server
runs on every other member node to perform the following subset of the functions of the master
VM:Secure
server:
  • Compiling Configuration files
  • Compiling CP Directory Entries
  • Compiling RULE files
  • Responding to External Security Manager Access Control Interface requests from CP
  • An agent server implements the following new functions:
    • Responding to synchronization requests from the master server
    • Converting itself to replace a master when the master server has an outage.