Home > Articles > Operating Systems, Server > Solaris

Automating Sun Cluster 3.0 Data Service Setup

  • Print
  • + Share This
After installing Sun Cluster 3.0 software and performing basic cluster configuration, the next task is to set up the applications or data services for the application to run on the cluster. This procedure involves a number of steps, many of which need to be performed from the command line. Others such as creating a resource group, can be performed through the SunPlex GUI. Because these steps require executing complicated commands or traversing through several GUI screens, it is advantageous to write scripts that can simplify and automate the data service and configuration process. Scripts are also a valuable tool to capture work completed in a test environment to ensure consistent deployment on the production network. In addition, scripts are useful to enable less-experienced system administrators to perform complex configuration tasks, or to rebuild systems for multiple testing purposes. To highlight how to architect such scripts, this article illustrates best practices in deploying the HA-NFS data service, for which the agent is contained on the Sun Cluster 3.0 Data Services CD-ROM.
Like this article? We recommend

Sun™ Cluster 3.0 12/01 Security with the Apache and iPlanet™ Web and Messaging Agents

Sun™ Cluster 3.0 12/01 software is used by organizations to provide additional assurance that mission-critical services will be available despite unexpected hardware or software failures or usage requirements. The business criticality of Sun Cluster deployments requires that the nodes in a cluster be protected against unauthorized access and misuse by malicious individuals.

To provide a robust environment in which Sun Cluster 3.0 12/01 software can be deployed, very specific requirements have been placed on the configuration of the Solaris™ Operating Environment (Solaris OE) used on Sun Cluster 3.0 nodes. Before the release of Sun Cluster 3.0 12/01 software, no secured configurations were supported. This article takes a first step towards providing secured configurations that use Sun Cluster 3.0 12/01 software by describing how three specific agents can be deployed in a secured configuration that is supported by Sun Microsystems.

These security recommendations are specific to the three Sun Cluster 3.0 agents supported in secured environments: the iPlanet™ Web Server software, the Apache web server, and the iPlanet™ Messaging Server software.

This article contrasts the recommendations made in the Sun BluePrints™ OnLine article "Solaris™ Operating Environment Security: Updated for Solaris 8 Operating Environment" with the functionality required by the Sun Cluster software. This article also describes methods for simplifying the deployment of secured configurations across the potentially many nodes in a cluster and on automated mechanism to deploy them. Solaris™ Security Toolkit software, a free toolkit that automates the hardening of Solaris OE system, is used to harden the Solaris OE images running on the nodes, as well as to install the other security software recommended in this article.

The Solaris Security Toolkit software makes over 80 modifications to the OS of each cluster node. These modifications not only disable unneeded services but also enable optional Solaris OE security enhancements. Executing the Solaris Security Toolkit hardening scripts for Sun Cluster software on a running cluster significantly reduces the number of Solaris OE services and daemons, as well as the number of access points into the cluster.

By reducing access points, disabling unused services, enabling optional security features, and generally improving the overall security of the cluster nodes, you make it much more difficult for an intruder to gain access to the cluster and misuse its resources.

Software Versions

The Solaris OE security hardening recommendations and the security recommendations for the Sun Cluster 3.0 software secured configuration documented in this article are based on the Solaris 8 10/01 OE (Update 6).

The Sun Cluster software qualified to run in the secured environment is Sun Cluster 3.0 12/01 software using either the iPlanet Web Server, the Apache web server, or the iPlanet Messaging Server software. The Apache web server and the iPlanet Web Server software are supported in either scalable or failover modes, while the iPlanet Messaging Server software is only supported in failover mode.

  • + Share This
  • 🔖 Save To Your Account