A server MUST perform appropriate server-side initialization of the protocol so that it can accept client requests by using the RPC interface when it is an active node of a cluster. A node becomes an active node of a cluster through implementation-specific mechanisms between servers.
ClusAPI Protocol message sequences begin with a client establishing an RPC connection to a server. Before the server responds to any methods that are issued by the client, the server MUST validate that the client has appropriate permission. First, the identity of the client MUST be established by using the RPC Authentication Service, as specified in section 2.1. Then, the server MUST use the cluster security descriptor to validate that the authenticated client is permitted to call methods in the RPC interface. If the client is not permitted, the server MUST return a nonzero error code and terminate the RPC connection.