Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
The administrative domain in PowerHA synchronizes security and configuration resources across cluster nodes in the environment. The system requires these objects at all times, so they do not make sense in an independent auxiliary storage pool (IASP). Common examples of these resources include User Profiles, Authorization Lists, Job Descriptions, Subsystem Descriptions, and Printer Device Descriptions.
When a cluster administrative domain is created, a list of nodes is supplied to indicate which nodes in the cluster make up the administrative domain. By default, all nodes will be automatically selected.
Monitored Resources
An administrative domain is made up of monitored resources, which are system resources and objects that are managed by the administrative domain. Changes that are made to a monitored resource are synchronized across nodes in the cluster administrative domain and applied to the resource on each active node. Monitored resources can be system objects like user profiles or job descriptions, or a monitored resource can also be a system resource that is not represented by a system object, such as a single system value or a system environment variable. These monitored resources are represented in the cluster administrative domain as monitored resource entries (MREs). The PowerHA administrative domain can monitor up to 200,000 MREs.
MRE Synchronization
When a change to a monitored resource is made on any node within the administrative domain, that change is propagated to other nodes within the administrative domain. When a node within a cluster administrative domain is inactive, the synchronization option controls the way changes are propagated throughout the cluster.
When the synchronization option is set to Last Change (the default), changes made to the resource on the inactive node are only discarded if there was a more recent change to the resource propagated in the cluster administrative domain.
When the synchronization option is set to Active Domain, any changes made to the resource on the inactive node are discarded when the node rejoins the cluster, and the changes are replaced with information from the administrative domain.
Supported MREs
Each supported monitored resource has specific attributes on the resource that can be monitored for changes. By default, when a resource is added to the administrative domain, all supported attributes for a resource are monitored. However, the administrative domain provides the flexibility of only monitoring specific attributes when adding a monitored resource.
The following attributes can be monitored for authorization lists:
Attribute Name
Description
Attribute Name
Description
AUT
Authority
OBJAUTE
Authority entry
OBJPGP
Primary group
OBJOWNER
Object owner
TEXT
Text description
The following attributes can be monitored for classes:
Attribute Name
Description
Attribute Name
Description
CPUTIME
Maximum CPU time
DFTWAIT
Default wait time
MAXTHD
Maximum threads
MAXTMPSTG
Maximum temporary storage
OBJAUTE
Authority entry
OBJAUTL
Authorization list
OBJOWNER
Object owner
OBJPGP
Primary group
RUNPTY
Run priority
TEXT
Text description
TIMESLICE
Time slice
The following attributes can be monitored for ethernet line descriptions:
Attribute Name
Description
Attribute Name
Description
ASSOCPORT
Associated port resource name
AUTOCRTCTL
Autocreate controller
AUTODLTCTL
Autodelete controller
CMNRCYLMT
Recovery limits
COSTBYTE
Relative cost per byte for sending and receiving data on the line
COSTCNN
Relative cost of being connected on the line
DUPLEX
Duplex
GENTSTFRM
Generate test frames
GRPADR
Group address
LINESPEED
Line speed
LINKSPEED
Link speed
MAXFRAME
Maximum frame size
MAXCTL
Maximum controllers
MSGQ
Message queue
OBJAUTE
Authority entry
OBJAUTL
Authorization list
OBJOWNER
Object owner
OBJPGP
Primary group
ONLINE
Online at IPL
PRPDLY
Propagation delay
RSRCNAME
Resource name
SECURITY
Security level of the physical line
SSAP
Source service access point (SSAP) information list
TEXT
Text description
USRDFN1
First user-defined
USRDFN2
Second user-defined
USRDFN3
Third user-defined
VRYWAIT
Vary on wait
The following attributes can be monitored for IASP device descriptions:
Attribute Name
Description
Attribute Name
Description
MSGQ
Message queue
OBJAUTE
Authority entry
OBJAUTL
Authorization list
OBJOWNER
Object owner
OBJPGP
Primary group
RDB
Relational database
RSRCNAME
Resource name
TEXT
Text description
The following attributes can be monitored for job descriptions:
Attribute Name
Description
Attribute Name
Description
ACGCDE
Accounting code
ALWMLTTHD
Allow multiple threads
DDMCNV
DDM conversation
DEVRCYACN
Device recovery action
ENDSEV
End severity
HOLD
Hold on job queue
INLASPGRP
Initial ASP group
INLLIBL
Initial library list
INQMSGRPY
Inquiry message reply
JOBMSGQFL
Job message queue full action
JOBMSGQMX
Job message queue maximum size
JOBPTY
Job priority (on JOBQ)
JOBQ
Job queue
LOG
Message logging
LOGCLPGM
Log CL program commands
OBJAUTE
Authority entry
OBJAUTL
Authorization list
OBJOWNER
Object owner
OBJPGP
Primary group
OUTPTY
Output priority (on OUTQ)
OUTQ
Output queue
PRTDEV
Print device
PRTTXT
Print text
RQSDTA
Request data or command
RTGDTA
Routing data
SPLFACN
Spooled file action
SWS
Job switches
SYNTAX
CL syntax check
TEXT
Text description
TSEPOOL
Time slice end pool
USER
User
The following attributes can be monitored for network attributes:
Attribute Name
Description
Attribute Name
Description
ALWADDCLU
Allow add to cluster
DDMACC
DDM/DRDA request access
NWSDOMAIN
Network server domain
PCSACC
Client request access
Note: Each network attribute is treated as its own monitored resource entry. The resource type and attribute names are identical for these.
Note: There are different types of network server configuration objects. Depending on the type, different attributes may be monitored.
The following attributes can be monitored for network server configurations for service processors:
Attribute Name
Description
Attribute Name
Description
EID
Enclosure identifier
INZSP
Initialize service processor
OBJAUTE
Authority entry
OBJAUTL
Authorization list
OBJOWNER
Object owner
OBJPGP
Primary group
SPAUT
Service processor authority
SPCERTID
Service processor certificate identifier
SPINTNETA
Service processor Internet address
SPNAME
Service processor name
TEXT
Text description
The following attributes can be monitored for network server configurations for remote systems:
Attribute Name
Description
Attribute Name
Description
BOOTDEVID
Boot device identifier
CHAPAUT
Target CHAP authentication
DELIVERY
Delivery method
DYNBOOTOPT
Dynamic boot options
INRCHAPAUT
Initiator CHAP authentication
OBJAUTE
Authority entry
OBJAUTL
Authorization list
OBJOWNER
Object owner
OBJPGP
Primary group
RMTIFC
Remote interfaces
RMTSYSID
Remote system identifier
SPNWSCFG
Service processor network server configuration that is used to manage the remote server
TEXT
Text description
The following attributes can be monitored for network server configurations for connection security:
Attribute Name
Description
Attribute Name
Description
IPSECRULE
IP security rules
OBJAUTE
Authority entry
OBJAUTL
Authorization list
OBJOWNER
Object owner
OBJPGP
Primary group
TEXT
Text description
Note: There are different types of network server description objects. Depending on the type, different attributes may be monitored.
The following attributes can be monitored for network server descriptions for integrated network servers:
Attribute Name
Description
Attribute Name
Description
ALWDEVRSC
Allowed device resources
CFGFILE
Configuration file
CODEPAGE
ASCII code page representing the character set to be used by this network server