Sun Fire 15K Server
 
Sun Fire E20K Server
 
Sun Fire E25K Server
 
Sun Fire 12K Server
 

PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: SF-Exxk
 
_Old GCS Categories>Sun Microsystems>Servers>High-End Servers
 

Applies to:

Goal

This document addresses nfs.server and tftpboot services may be open on a System Controller that has Solaris[TM] Security Toolkit software installed or System Management Services 1.5 with Secure by Default.

After following the document: "Securing the Sun Fire[TM] 12K and 15K System Controllers" at

http://docs.oracle.com/cd/E19957-01/817-1358-10/817-1358-10.pdf,

and using the "Solaris[TM] Security Toolkit"

http://download.oracle.com/docs/cd/E19056-01/sec.tk42/

your System Controller can still be used as your domain's Operating System installation server, but will leave open tftp and nfs.server until all clients have been removed.

--- Additional  SF15K/12K/20K/25K Security or "securing" references: -----

Securing Sun Fire 12K and 15K Domains
http://docs.oracle.com/cd/E19957-01/817-1357-10/817-1357-10.pdf

Securing the Sun Fire 12K and 15K System Controller
http://docs.oracle.com/cd/E19957-01/817-1358-10/817-1358-10.pdf

Part I: Minimizing Domains for Sun Fire V1280, 6800, 12K, and 15K Systems
http://www.oracle.com/technetwork/systems/archive/a11-005-minimizing-domains-p1-438967.pdf

Part II: Minimizing Domains for Sun Fire V1280, 6800, 12K, and 15K Systems
http://www.oracle.com/technetwork/systems/archive/a11-006-minimizing-domains-p2-438969.pdf

Solaris Security Toolkit 4.2
http://docs.oracle.com/cd/E19056-01/sec.tk42/
Solaris Security Toolkit 4.2 Release Notes
Solaris Security Toolkit 4.2 Administration Guide
Solaris Security Toolkit 4.2 Reference Manual
Solaris Security Toolkit 4.2 Man Page Guide

Sun Fire E25K Server - documentation
http://docs.oracle.com/cd/E19065-01/servers.e25k/index.html

----------------

Solution

Since the Starcat platform has an internal network to each of its domains, the System Controller is the perfect place to create a Solaris JumpStart[TM] software server.
If your platform is secure, you will have no problems using your System Controller as a boot server, but after you run "add_install_client" for the first time, this will turn on nfs.server, and tftp. After you are finished with installing Solaris[TM] Operating System(OS), you can stop these services by running the rm_client script for each client. This script will remove the
/tftpboot files for this domain and remove the entry from the /etc/bootparams file.

If this domain is the last machine-client the system has, it will also unshare the installation directory, remove the entry from the dfstab file for nfs.server, remove the /etc/bootparams file, and remove the /tftpboot directory.

If you do not remove the clients, the System Controller will still run these services until either this script is run, or the changes are made manually. Even after system reboots with "Solaris Security Toolkit" installed, these services will be restarted.

Internal Section

System Management Services(SMS) 1.5 and above will be "Secure by Default", so the Solaris Security Toolkit will be already configured out of the box. Most installations do use the System Controller(SC) as a jumpstart server, so this will effect all installations that have SMS 1.5 installed.

Keywords: starcat, jass, security, jumpstart, secure by default

Previously Published As 79971

Product_uuid
d842dd03-059b-11d8-84cb-080020a9ed93|Sun Fire E25K Server
1404a2d3-059a-11d8-84cb-080020a9ed93|Sun Fire E20K Server
29e4659c-0a18-11d6-9fa1-e67bbc033df8|Sun Fire 15K Server
077fd4c5-df8f-4320-ad69-7d01603a674d|Sun Fire 12K Server

This solution has no attachment