Site Preparation Guide

Ops Center Site PreparationGuide

Part No: 999–0001March 2010

Copyright ©2010 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and withoutlimitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries.

U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisionsof the FAR and its supplements.

This distribution may include materials developed by third parties.

Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and othercountries, exclusively licensed through X/Open Company, Ltd.

Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, JavaHelp, J2EE, JumpStart, Solstice, Sun Blade, SunSolve,SunSpectrum, ZFS, Sun xVM hypervisor, OpenSolaris, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S.and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and othercountries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. DLT is claimed as a trademark of QuantumCorporation in the United States and other countries. Netscape and Mozilla are trademarks or registered trademarks of Netscape Communications Corporation inthe United States and other countries.

The OPEN LOOK and SunTM Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering effortsof Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox tothe Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written licenseagreements.

Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws inother countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Exportor reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and speciallydesignated nationals lists is strictly prohibited.

DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANYIMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TOTHE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Copyright ©2010 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. Tous droits réservés.

Sun Microsystems, Inc. détient les droits de propriété intellectuelle relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier,et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Uniset dans d'autres pays.

Cette distribution peut comprendre des composants développés par des tierces personnes.

Certaines composants de ce produit peuvent être dérivées du logiciel Berkeley BSD, licenciés par l'Université de Californie. UNIX est une marque déposée auxEtats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd.

Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coffee Cup, docs.sun.com, Java, JavaHelp, J2EE, JumpStart, Solstice, Sun Blade, SunSolve,SunSpectrum, ZFS, Sun xVM hypervisor, OpenSolaris et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc., ou ses filiales, auxEtats-Unis et dans d'autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARCInternational, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems,Inc. Quantum Corporation riclame DLT comme sa marque de fabrique aux Etats-Unis et dans d'autres pays. Netscape et Mozilla sont des marques de NetscapeCommunications Corporation aux Etats-Unis et dans d'autres pays.

L'interface d'utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts depionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique. Sun détientune licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l'interfaced'utilisation graphique OPEN LOOK et qui, en outre, se conforment aux licences écrites de Sun.

Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations etpeuvent être soumis au droit d'autres pays dans le domaine des exportations et importations. Les utilisations finales, ou utilisateurs finaux, pour des armes nucléaires,des missiles, des armes chimiques ou biologiques ou pour le nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ouréexportations vers des pays sous embargo des Etats-Unis, ou vers des entités figurant sur les listes d'exclusion d'exportation américaines, y compris, mais de manièrenon exclusive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services quisont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement designés, sont rigoureusement interdites.

LA DOCUMENTATION EST FOURNIE "EN L'ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITESSONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIEIMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON.

100314@23474

Contents

Preface ...................................................................................................................................................11

1 Architecture ..........................................................................................................................................13Architecture Introduction .................................................................................................................. 13Enterprise Controller .......................................................................................................................... 14Proxy Controller .................................................................................................................................. 15

Example of a Co-Located Deployment Architecture .............................................................. 15Example of a Deployment Architecture with Multiple Proxy Controllers ........................... 15

Agents ................................................................................................................................................... 16Management Network ........................................................................................................................ 17Data Network ....................................................................................................................................... 17

2 Decision: Connected Mode or Disconnected Mode? ..................................................................... 19Connected Mode ................................................................................................................................. 19Disconnected Mode ............................................................................................................................ 20Semi-Disconnected Mode .................................................................................................................. 21

3 Decision: Allow Automatic Updates to the Enterprise Controller? ............................................. 23The Auto-Update Option ................................................................................................................... 23

4 Decision: Does Your Site Require High Availability? ..................................................................... 25Requirements ....................................................................................................................................... 26Limitations ........................................................................................................................................... 26Configuring Storage for High Availability ........................................................................................ 26

Example Storage Configuration ................................................................................................. 27

3

5 Decision: What Type of Deployment For Proxy Controllers? ....................................................... 29Restrictions for Logical Domains ...................................................................................................... 29

6 Decision: What Type of Deployment for Agent Software? ........................................................... 31To Install a Ops Center Agent Manually .......................................................................................... 31

7 Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? ........... 33Ops Center System Requirements ..................................................................................................... 33

Ops Center Enterprise Controller Requirements .................................................................... 33Ops Center Proxy Controller Requirements ............................................................................ 34Ops Center Agent Requirements ............................................................................................... 35

Firmware Requirements ..................................................................................................................... 36Supported Systems Matrix ................................................................................................................. 40Supported Operating Systems ........................................................................................................... 44

Supported Operating System by Feature ................................................................................... 45Supported Operating Systems for Logical Domains ............................................................... 46

Supported Browsers ............................................................................................................................ 46Cache Planning .................................................................................................................................... 47

Cache Recommendations for Connected Mode Configurations ........................................... 48Cache Requirements for Disconnected Mode Configurations .............................................. 49

System Scaling ...................................................................................................................................... 50Enterprise Controller Matrix ...................................................................................................... 51Proxy Controller Matrix .............................................................................................................. 51

8 About SPARC Enterprise Server Support ......................................................................................... 53Requirements ....................................................................................................................................... 54Supported Features in Ops Center .................................................................................................... 54What Is Not Supported ....................................................................................................................... 54

9 Decision: What Type of Network Configuration? ........................................................................... 55Network Port Requirements and Protocols ..................................................................................... 55

Network Requirements and Data Flow ..................................................................................... 55List of Ports and Protocols .......................................................................................................... 56

Network Switch Configuration .......................................................................................................... 57

Contents

Ops Center Site Preparation Guide • March 20104

Reference Configurations ................................................................................................................... 58Separate Management, Provisioning, and Data Networks ............................................................. 58Combined Management and Provisioning Network and a Separate Data Network .................. 60Combined Provisioning, Data, and Management Network .......................................................... 62Combined Provisioning and Data Network and a Separate Management Network .................. 64

10 Decision: How Will You Use Ops Center? .......................................................................................... 67Ops Center Operations ....................................................................................................................... 67

11 Provision an OS ....................................................................................................................................69Provision an OS Introduction ............................................................................................................ 69

12 Provision Firmware .............................................................................................................................71Provision Firmware Introduction ..................................................................................................... 71

13 About Updating an OS ........................................................................................................................73Managing Systems ............................................................................................................................... 73Obtaining Patches ............................................................................................................................... 74Local Content (Solaris and Linux OS only) ...................................................................................... 74Reports .................................................................................................................................................. 74System Catalogs (Solaris and Linux OS only) .................................................................................. 75Update Job ............................................................................................................................................ 75

Solaris OS Patching ...................................................................................................................... 76Linux OS Patching ....................................................................................................................... 77Windows OS Patching ................................................................................................................. 77Using Profiles and Policies to define and control the job (Solaris and Linux only) ............. 77

14 Virtualization .......................................................................................................................................79Logical Domains .................................................................................................................................. 79Solaris Containers ............................................................................................................................... 80

15 Using Groups ........................................................................................................................................81User-Defined Groups .......................................................................................................................... 81

Contents

5

Smart Groups ....................................................................................................................................... 81

16 Decision: Who Will Use Ops Center? ................................................................................................. 83Defining User Roles ............................................................................................................................ 83

17 Roles and Authorizations ...................................................................................................................85Roles and Authorizations Introduction ............................................................................................ 85Enterprise Controller Admin Role .................................................................................................... 86All Assets Admin Role ........................................................................................................................ 86Group Roles .......................................................................................................................................... 87Notifications ......................................................................................................................................... 87

18 Getting Ready ......................................................................................................................................89Getting Ready Introduction ............................................................................................................... 89

19 Tasks for Preparing a Site ................................................................................................................... 91Tasks for Preparing a Site Introduction ............................................................................................ 91Determine System Requirements ...................................................................................................... 93Map Your Network ............................................................................................................................. 93Connect the Hardware ........................................................................................................................ 93Prepare the Agents .............................................................................................................................. 93Install and configure the operating system on the Enterprise Controller's and Proxy Controller'sserver. .................................................................................................................................................... 94

20 Verifying Account Access ....................................................................................................................95Verifying Your Sun Online Account ................................................................................................. 95

Creating a Sun Online Account .................................................................................................. 95Setting a Team Name ................................................................................................................... 95

Verifying Your Red Hat Network or Novell Account ..................................................................... 96

21 OC Doctor ..............................................................................................................................................97Utility Download ................................................................................................................................. 97

OC Doctor Version 1.11 (March 12 2010) ................................................................................ 97

Contents


Running the OCDoctor ...................................................................................................................... 97Options ................................................................................................................................................. 99

Pre-Installation ............................................................................................................................. 99Troubleshooting and Tuning ................................................................................................... 100Auto-Update ............................................................................................................................... 101

22 Verifying Solaris OS System Resources .......................................................................................... 103Before You Begin ............................................................................................................................... 104To Check the Operating System Release ........................................................................................ 104To Check the Installed Software Group .......................................................................................... 104To Check the Zone Identity .............................................................................................................. 104To Check the Available Disk Space ................................................................................................. 105To Check Swap Space ........................................................................................................................ 106To Verify the Amount of System Memory ..................................................................................... 106To Verify the Amount of Shared Memory ..................................................................................... 106To Verify the webservd User and Group ........................................................................................ 107To Verify That an Alternate Administrative User Exists .............................................................. 107Ops Center Users and Groups ......................................................................................................... 108To Verify the umask Value ................................................................................................................ 109To Verify the Locations of ssh Binaries .......................................................................................... 109To Verify Correct IP Address Resolution ....................................................................................... 110To Verify That /usr/local Is Writeable ........................................................................................ 110To Verify the Date and Time ............................................................................................................ 110To Verify Online cryptosvc and gss Services .............................................................................. 111To Remove the SMClintl Package .................................................................................................. 111To Verify Network Access to Required Web Sites ......................................................................... 111To Verify ssh Access for the root User .......................................................................................... 114To Verify Network Port Access ........................................................................................................ 114

23 Verifying Linux System Resources ..................................................................................................115Before You Begin ............................................................................................................................... 116To Check the Operating System Release ........................................................................................ 116To Check the Available Disk Space ................................................................................................. 116To Verify the Amount of System Memory and Swap Space ......................................................... 117To Verify the SELinux Setting .......................................................................................................... 117

Contents

7

To Verify the umask Value ................................................................................................................ 118Ops Center Users and Groups ......................................................................................................... 119To Verify That Required Packages Are Installed ........................................................................... 120To Verify Correct IP Address Resolution ....................................................................................... 121To Verify the Locations of ssh Binaries .......................................................................................... 121To Verify That /usr/local Is Writeable ........................................................................................ 121To Verify the Date and Time ............................................................................................................ 122To Verify Network Access to Required Web Sites ......................................................................... 122To Verify Network Port Access ........................................................................................................ 125Verifying kernel.shmall and kernel.shmmax Values ................................................................ 125

24 Verifying Resources for Agent Installation ................................................................................... 127Solaris OS: To Verify Required Packages and Devices .................................................................. 128Linux OS: To Verify Required Packages ......................................................................................... 130To Verify ssh Installation ................................................................................................................. 131To Verify Patches on Solaris 10 Systems With Non-Global Zones Installed ............................. 131To Verify Unique Service Tags ........................................................................................................ 132

To Identify and Remove Duplicate Service Tags .................................................................... 132To Create Flash Archives and Exclude Service Tags .............................................................. 134

Agent Patch Dependencies ............................................................................................................... 135To Verify the umask Value ................................................................................................................ 135Solaris OS: To Verify cryptosvc and gss Services ........................................................................ 136

25 Obtaining the Software ....................................................................................................................137Obtaining the Software Introduction ............................................................................................. 137

26 Vendor Download Sites ....................................................................................................................139Vendor Download Sites Introduction ............................................................................................ 139

27 Terminology ...................................................................................................................................... 141Agent ................................................................................................................................................... 141Appliance ............................................................................................................................................ 141Assets .................................................................................................................................................. 141Automatic Discovery ........................................................................................................................ 141

Contents


Baseline ............................................................................................................................................... 142Black List ............................................................................................................................................. 142Boot environment ............................................................................................................................. 142Channel .............................................................................................................................................. 142Connected Mode ............................................................................................................................... 142Control Domain ................................................................................................................................ 142Critical file system (Solaris OS) ........................................................................................................ 143Custom Discovery ............................................................................................................................. 143Declare Assets .................................................................................................................................... 143Disconnected Mode .......................................................................................................................... 143Domain ............................................................................................................................................... 143Enterprise Controller ........................................................................................................................ 143Global zone ......................................................................................................................................... 144Group .................................................................................................................................................. 144Guest ................................................................................................................................................... 144Guest Operating System ................................................................................................................... 144Host name .......................................................................................................................................... 144Hypervisor .......................................................................................................................................... 145JMX ..................................................................................................................................................... 145Library ................................................................................................................................................ 145Logical Domain ................................................................................................................................. 145Network .............................................................................................................................................. 145Non-global zone ................................................................................................................................ 146Policy ................................................................................................................................................... 146Profile .................................................................................................................................................. 146Proxy ................................................................................................................................................... 146Root file system .................................................................................................................................. 146Root directory .................................................................................................................................... 147Solaris Containers ............................................................................................................................. 147Static Route ........................................................................................................................................ 147Sun Service Tag .................................................................................................................................. 147SCCM .................................................................................................................................................. 147Unclassified assets ............................................................................................................................. 147Virtual Disk Image ............................................................................................................................ 148Virtual Pool ........................................................................................................................................ 148Virtual Server Image ......................................................................................................................... 148

Contents

9

Virtualization Host ............................................................................................................................ 148White List ........................................................................................................................................... 148WS-Management .............................................................................................................................. 148zone ..................................................................................................................................................... 149ZFS ...................................................................................................................................................... 149

Contents


Preface

Ops Center is a data center life-cycle management tool that enables you to provision, patch, andmonitor the managed hardware, storage, and software, or assets, in one or more of your datacenters from a single browser user interface. The remote management capabilities are designedto help increase availability and utilization and minimize downtime.

The user interface displays a consolidated view of all the discovered and managed resources inyour data centers, including SPARC? and x86 systems, Linux and Solaris Operating Systems(Solaris OS), and Solaris Containers and zones.

The following are some of the tasks that you can perform from the Ops Center console:

■ Provision bare metal systems with Solaris, Red Hat, or SUSE Linux operating systems■ Provision systems with Solaris or Linux operating systems■ Automate patching and updates for Solaris and Linux OS■ Update firmware■ Manage and monitor your assets■ Generate a variety of reports

Components■ Enterprise Controller - The Enterprise Controller is the central server that consolidates the

data about the managed systems in your datacenters. You use the Enterprise Controller'sbrowser user interface (BUI) to view and administer the managed systems. The EnterpriseController connects to the managed systems through one or more Proxy Controllers.

■ Proxy Controller - The Proxy Controller increases the scale of the Enterprise Controller'soperations. In a simple deployment or small datacenter, you can install the EnterpriseController and Proxy Controller on the same system (co-located). In a larger, more complexdata center, you can install multiple proxy controllers to manage your assets.

■ Agent software - An agent is deployed on an asset so that the Enterprise Controller canidentify the asset. When the agent is installed on the hardware or software, the asset appearsin the Managed Assets section of the Navigation panel.

11

■ Managed Assets - Assets that have been discovered and have agent software. The agentsoftware responds to commands from the Enterprise Controller, allowing the asset to beidentified and managed.

■ Virtualization Controller - The Virtualization Controller is a specialized agent thatidentifies and manages Solaris 10 OS global zones. Solaris 8, 9, and 10 OS, includingnon-global zones in Solaris 10, and the Linux OS use the Agent software.

Preface


Architecture

Architecture IntroductionThe three-tier architecture consists of the Enterprise Controller, Proxy Controller and themanaged systems. This illustration gives a typical data center scenario of the managed systemsconnected to the Enterprise Controller. You can also have one proxy controller to manage boththe management and data networks.

1C H A P T E R 1

13

Enterprise ControllerThe Enterprise Controller is the central server that consolidates the management systems. Thisis where you manage the connected systems using the new user-friendly browser basedinterface. The Enterprise Controller connects to the managed systems through ProxyControllers that are deployed for each network.

In Connected mode, the Enterprise Controller has Internet access to download the patchinformation from Sun Knowledge Services, and to download patches from different softwarevendors such as Sun, Oracle, Red Hat, and Novell. You can choose to use the software indisconnected mode.

Enterprise Controller


Proxy ControllerThe Enterprise Controller requires one or more proxies to handle the managed systems. ProxyControllers increase the scale of the Enterprise Controller's operations. In a simple data center,one Proxy Controller is co-located with the Enterprise Controller.

A proxy controller manages the flow of actions and data between the Enterprise Controller andthe managed systems. You can only perform actions on a subset of the managed systems at anyone time. The actions are placed in a job queue in chronological order. When a job stops, thenext job in the queue is started.

If you anticipate having a large number of concurrent, parallel jobs, consider using multipleproxy controllers to improve performance and scalability.

Example of a Co-Located Deployment ArchitectureThe basic architecture for a co-located Enterprise Controller and Proxy Controller locates themanaged systems on a shared subnet and the Proxy Controller software is installed on the samesystem as the Enterprise Controller.

Example of a Deployment Architecture with MultipleProxy ControllersProxy Controllers manage different aspects of the data. One Proxy Controller is designated tothe Management Network and the other is designated to the Data Network.

Proxy Controller

Chapter 1 • Architecture 15

AgentsAgent software is deployed on an asset so that the Enterprise Controller can identify the assetand manage it. Agents communicate with a specific Proxy Controller; they do not communicatewith the Enterprise Controller directly.

Agents


Some Ops Center features, such as firmware provisioning, do not use agents. Other features,such as operating system updates, rely on agents to perform tasks within the operating systemon managed systems.

Management NetworkIn management network, the physical networks are managed separately. You can remotelycontrol the physical systems that are discovered and managed by Ops Center. You can do thefollowing functions through this network:

■ Power on or off■ Power usage■ Firmware update■ OS provisioning■ Locator lights information■ Boot device information■ Hardware variable information such as temperature and fan speed■ Boot parameters

Data NetworkIn data network, the OS running on the managed systems are managed separately. A separateproxy is required to manage this network. You can do the following functions through thisnetwork:

■ Provision an OS (using manual net boot option during OS provisioning).■ Patch, or update, an OS■ Reboot an OS■ Obtain OS information such as type and version■ Obtain CPU, memory and network usage information■ Obtain zone-related information, such as representation of global and non-global zones.

Common information that is available through both networks includes:

■ MAC address information■ Physical memory information■ Firmware information■ Reboot action■ UUID information■ Supported boot devices

Data Network

Chapter 1 • Architecture 17

Decision: Connected Mode or DisconnectedMode?

Ops Center software downloads operating system patches and other new software usingInternet access, a mode of operation called Connected mode. By default, Ops Center is inConnected mode. Before beginning an installation, consider whether you want Ops Center toaccess the Internet. In Disconnected mode, the Enterprise Controller cannot be updatedautomatically so all updates must be scheduled and managed according to a site policy formanual procedures. After you have completed the Ops Center installation, you can changemodes.

Connected ModeIn Connected mode, Ops Center uses an Internet connection to access patches and patchinformation. This mode is useful for most datacenters.

2C H A P T E R 2

19

Disconnected ModeIn Disconnected mode, Ops Center can be used in a secured environment that does not allowInternet access. You must load the patches and other new software from a media device, such asa CD or DVD, onto the Enterprise Controller. To obtain the software, you run a harvester scripton a system that is connected to the Internet and you downlosf the software to a CD or DVD.

Disconnected Mode


Semi-Disconnected ModeYou can use a combination of Connected and Disconnected modes to maintain your datacenter. In the semi-disconnected mode, you run your data center in Disconnected mode until

Semi-Disconnected Mode

Chapter 2 • Decision: Connected Mode or Disconnected Mode? 21

you need to need to access the knowledge base or third-party vendors. For example, when youwant to check for patches, you switch the Enterprise Controller to Connected Mode, connect tothe Internet to get the needed information, then switch the Enterprise Controller back toDisconnected Mode.

See “Cache Planning” on page 47 for more information about configuring the EnterpriseController for these Connection modes.

Semi-Disconnected Mode


Decision: Allow Automatic Updates to theEnterprise Controller?

The Auto-Update OptionIn Connected mode, you can configure the Enterprise Controller software to use the AutoUpdate option so that the software is updated automatically or you can update the softwaremanually.

In Disconnected mode, the Auto Update option is not available.

Be aware that some software updates cause the Enterprise Controller to reboot or run insingle-user mode.

If you enable the Auto Update option after the initial configuration of the Enterprise Controller,you must also perform the following procedures:

1. Configure the co-located Proxy Controller.2. Install and configure agent software on the Enterprise Controller.

3C H A P T E R 3

23

Decision: Does Your Site Require HighAvailability?

Your High Availability (HA) architecture must consider all single points of failure, such aspower, SAN and other storage, and network connectivity in addition to the Ops Center system.

The Ops Center High Availability capability consists of the transfer of Enterprise Controllerfunctions from one system to another system. The secondary Enterprise Controller takes overmuch of the primary Enterprise Controller's identity, including its host name, its IP addresses,its ssh keys, and its Ops Center data and role.

In an HA configuration, the primary Enterprise Controller has Ops Center software installed,configured, and operational. The secondary Enterprise Controller has Ops Center softwareinstalled, but not configured, and not operational. In the failover procedure, the data that issaved on the primary Enterprise Controller is transferred to the secondary EnterpriseController to duplicate the primary Enterprise Controller's configuration.

However, root user passwords on the primary and secondary Enterprise Controllers are notchanged.

When the primary Enterprise Controller fails, you initiate the failover to the secondaryEnterprise Controller by:

■ Shutting down the primary Enterprise Controller, if possible■ Preparing the secondary Enterprise Controller for failover■ Transferring the storage asset that holds the /var/opt/sun/xvm directory structure from

the primary Enterprise Controller to the secondary Enterprise Controller■ Restoring the Ops Center configuration on the secondary Enterprise Controller■ Rebooting the secondary Enterprise Controller and starting Ops Center operations

Only one Enterprise Controller, either primary or secondary, can be operational at anygiven time.

4C H A P T E R 4

25

RequirementsUse two systems of the same model that are configured identically:■ Processor class (SPARC or x86)■ Operating system (Solaris or RHEL 5.0)■ Ops Center software version, including updates■ Set of network interfaces that are cabled identically to the same subnets■ Use transportable storage

Add an asset tag to identify the primary Enterprise Controller and to distinguish it from thesecondary Enterprise Controller.

If you use ZFS to provide the file system that mounts as /var/opt/sun/xvm, avoid using the ZFSsharenfs command to share /var/opt/sun/xvm/osp/share/allstart. This allows the OpsCenter software to use legacy NFS sharing tools to share the/var/opt/sun/xvm/osp/share/allstart directory.

Limitations■ User accounts and data that are not associated with Ops Center are not part of the failover

process. Only Ops Center data is moved between the primary and secondary EnterpriseControllers.

■ BUI sessions are lost on failover.

■ The HA configuration applies only to the Enterprise Controller and its co-located ProxyController and not to other standalone Proxy Controllers.

Configuring Storage for High AvailabilityYou have many options for configuring storage devices to support high availability (HA) in OpsCenter. Storage that you use in an HA configuration must meet these requirements:

■ Storage must offer data redundancy capability, such as mirroring or RAID 5■ Storage must be transferable between the primary and secondary Enterprise Controller

systems■ Storage must offer performance that is sufficient to support Ops Center operations■ Storage must have the capacity to hold the data that Ops Center stores in the

/var/opt/sun/xvm directory structure

A wide variety of storage solutions can meet these criteria, including hardware RAID arrays andexternal JBODs. Storage can be attached to the Enterprise Controllers using various means,including Storage Area Networks, or directly connected Fibre Channel (FC) or SCSI interfaces.

Requirements


You must determine what storage solution offers the capacity, performance, connectivity, andredundancy capabilities required for use with Ops Center. Configuration procedures varygreatly among the available storage solutions, and between operating systems.

Note ? You must configure the transferable storage on the system that you want to use as theprimary Enterprise Controller before you install Ops Center software on that system.

Example Storage ConfigurationThis example uses a JBOD array and ZFS on Solaris systems to provide the required transferablestorage. The example configuration includes the following components and connections:

■ One Sun StorEdge 3510 Fibre Channel (FC) array (JBOD configuration) with 2 FCinterfaces, and 12 146 Gbyte disks

■ Two SunFire systems, each with Solaris 10 OS and one FC interface■ Each SunFire system is attached to one FC port on the array

In this configuration, both systems have access to all of the disks in the array. Using the FC portsin this way avoids changing interface connections in the failover procedure. You must preventthe two systems from using the same disks at the same time. In this example configuration, onlythe primary Enterprise Controller accesses the /var/opt/sun/xvm directory on the array.

The example array has no inherent data redundancy capability, so ZFS is used to create amirrored storage pool and a file system that will mount as the /var/opt/sun/xvm directory.

To resolve an issue regarding when ZFS and LOFS mounts take place in the system bootprocess, the configuration sets the mountpoint property of the example ZFS file system tolegacy. The legacy value indicates that the legacy mount and umount commands, and the/etc/vfstab file, will control mounting and unmounting this ZFS file system. Other storagesolutions typically use these legacy commands and the /etc/vfstab file to control mountingand unmounting operations. Refer to the Release Notes for more information about the LOFSrace condition issue.

Configuring Storage for High Availability

Chapter 4 • Decision: Does Your Site Require High Availability? 27

Decision: What Type of Deployment For ProxyControllers?

Restrictions for Logical DomainsFor LDom provisioning, you must use a proxy controller running on any Solaris x86 or SPARCsystem. Proxy controllers on Linux systems cannot handle provisioning to logical domains.

“Proxy Controller” on page 15

“Proxy Controller Matrix” on page 51

5C H A P T E R 5

29

Decision: What Type of Deployment for AgentSoftware?

The Discovery feature of the Ops Center software installs the agent software on each asset itdiscovers. If you prefer, you can install the agent software on only those assets that you select.

To Install a Ops Center Agent Manually1. Transfer an agent software bundle to the system where you want the agent to run, the target

system2. Install the agent software on the target system3. Configure the agent software4. Register the target system in Sun Inventory

6C H A P T E R 6

31

Decision: What Type of Systems for theEnterprise Controller and Proxy Controllers?

Ops Center System RequirementsOps Center installation requires systems that meet the following specifications:■ “Ops Center Enterprise Controller Requirements” on page 33■ “Ops Center Proxy Controller Requirements” on page 34■ “Ops Center Agent Requirements” on page 35

Ops Center Enterprise Controller Requirements

Component Recommended Value

Memory 6 GB available RAM.

Hard disk 72 GB minimum free space available, including:■ 70 GB free in /var/opt/sun/xvm for Ops Center data

■ 4 GB free in /var/opt/sun/xvm/images for each OS image stored for use in OS provisioning

■ 2 GB free in /opt and /var/tmp for software installation

Available swap space 6 GB minimum.

Operating system Ops Center Enterprise Controller and Proxy Controllers require at least Solaris 10 11/06 (x64 orSPARC), Red Hat Enterprise Linux (RHEL) 5.0, RHEL 5.3, or Oracle Enterprise Linux (OEL) 5.3.

Processor AMD Opteron and Intel Xeon: 2 sockets

UltraSPARC T1/T2: 1 socket, 2 or more cores

UltraSPARC IV+/IV: 2 sockets

UltraSPARC IIIi: 2 sockets

Network connection At least one Network Interface Card (NIC).

7C H A P T E R 7

33

Ops Center Enterprise Controller software, and the data it stores, consume space below the/var/opt/sun/xvm and /opt directory structures.

Ops Center software installation procedures use /var/tmp/OC as the example workingdirectory for software installation. The directory that you use for this purpose requires about 2GByte of available space.

On Solaris Ops Center Enterprise Controllers, the software update data is stored below/opt/SUNWuce, and data for OS provisioning is stored below /var/opt/sun/xvm/images.

On RHEL Ops Center Enterprise Controllers, software update data is stored below/usr/local/uce/server and data for OS provisioning is stored below /var/opt/sun/scn. OSimages often consume about 4 Gbyte of space each.

When a Ops Center Proxy Controller is located on the same system as a Ops Center EnterpriseController, no duplication of OS images or software update data occurs.

Ops Center Proxy Controller Requirements

Component Recommended Value

Memory 4 GB Available RAM.

Hard disk 72 GB minimum free space available, including:■ 70 GB free in /var/opt/sun/xvm for Ops Center data

■ 4 GB free in /var/opt/sun/xvm/images/os for each OS image stored for use in OS provisioning

■ 2 GB free in /opt and /var/tmp for software installation

Available swap space 4 GB minimum.

Operating system Ops Center Proxy Controllers require at least Solaris 10 11/06 (x64 or SPARC), Red Hat EnterpriseLinux (RHEL) 5.0, RHEL 5.3, or Oracle Enterprise Linux (OEL) 5.3.

Processor AMD Opteron and Intel Xeon: 1 sockets, 2 or more cores

UltraSPARC T1/T2: 1 socket; 1 or more cores

UltraSPARC IV+/IV: 1 sockets

UltraSPARC IIIi: 1 sockets

Network connection At least one Network Interface Card (NIC).

Ops Center Proxy Controller software, and the data it stores, consume space below the/var/opt/sun/xvm and /opt directory structures.

Ops Center System Requirements


Ops Center software installation procedures use /var/tmp/OC as the example workingdirectory for software installation. The directory that you use for this purpose requires about 2Gbyte of available space.

When a Ops Center Proxy Controller is located on the same system as a Ops Center EnterpriseController, no duplication of OS images occurs.

On Solaris Ops Center Proxy Controllers, Solaris OS images are stored below /var/js andLinux OS images are stored below /var/opt/sun/xvm/osp/.

On RHEL Ops Center proxies, Solaris OS images are stored below /var/js and Linux OSimages are stored below /var/opt/sun/xvm/osp/.

Ops Center Agent RequirementsOps Center agents function as operators on behalf of Ops Center Proxy Controllers.

Agent System Resource RequirementsOps Center agent installation requires systems with the following resources:

■ 512 MBytes RAM■ 2 Gbytes disk space

Agent Operating System RequirementsOps Center agent installation is supported on systems that run the following operating systems:

■ Solaris Operating System (Solaris OS) for x86:■ Solaris 10 OS■ Solaris 9 OS

■ Solaris OS for SPARC:■ Solaris 10 OS■ Solaris 9 OS■ Solaris 8 OS

■ Linux Red Hat versions:■ RHEL 3■ RHEL 4■ RHEL 5

■ SLES■ SLES 9■ SLES 10

Ops Center System Requirements

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 35

Known DependenciesTesting Ops Center agent installations on various operating systems has demonstrated that thefollowing specific dependencies exist:■ “RHEL 3 Dependencies” on page 36■ “SLES 10, 64-bit Dependencies” on page 36■ “SUSE LINUX Enterprise Server 9 (i586) Dependencies” on page 36

RHEL 3 Dependencies

Ops Center agent updates on systems running Red Hat Enterprise Linux 3 require that thelibxml2 library is installed. This library is delivered by the libxml2-2.5.10-5.i386.rpmpackage.

SLES 10, 64-bit Dependencies

Ops Center agent installations on systems running SLES 10, 64-bit, require that thelibpam.so.0 and libuuid.so.1 libraries exist in /usr/lib.

SUSE LINUX Enterprise Server 9 (i586) Dependencies

Ops Center agent installations on systems running SUSE LINUX Enterprise Server 9 (i586)require that the gettext utility has been installed.

Firmware RequirementsNote - The information on this page is being updated, and might be out of date or incomplete.

Ops Center supports a wide range of Sun servers and chassis, as indicated by the table below.However, system support is not static. Ops Center can support new Sun hardware withoutrequiring a new software release.

Each hardware group tests new systems for the ability to be supported by Ops Center. As aresult, the supported list is dynamic and will change as new Sun hardware, or a system variant,is released.

An "X" in the Qualified for Firmware Provisioning column below indicates that the Ops Centerengineers have tested and qualified the system for firmware provisioning. The recommendedfirmware version is the most recently tested version.

System TypeQualified for FirmwareProvisioning Minimum Firmware

RecommendedFirmware Notes, Qualified Operating Systems

Sun Blade 6000 ModularSystem

X 2.0.3.10 2.0.3.10

Firmware Requirements





X 2.0.3.10 2.0.3.10


Sun Blade 8000 PModular System

X 2.0.1.10 2.0.1.10

Sun Blade T6300 ServerModule

X 6.5.4 6.5.4 Solaris 10 11/06 SPARC


X 2.0.4.19 2.0.4.19 Solaris 10 11/06 SPARC

Sun Blade X6220 ServerModule

X 2.0.3.2 2.0.3.2 Solaris 10 11/06 x86,RHEL4U4 AS 64bit


X 4.0.43 4.0.45 Solaris 10 11/06 x86, RHEL5 AS 32bit,SUSE10-64bit


X 2.0.3.2 2.0.3.3


X 2.0.3.10 2.0.3.10



X 1.1.5 2.0.1.13


X 2.0.0.0 2.0.1.11 Solaris 10 11/06 x86, Solaris 10 8/07 x86,RHEL5, SLES10


X 2.0.1.7 2.0.1.8

Sun Fire V20z Server X 2.4.0.8 2.4.0.14 Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire V40z Server Solaris 10 1/06 x86,Solaris 10 11/06x86,RHEL5,SLES9,SLES10

Sun Fire V125 Server X 1.6.3 1.6.3 Solaris 10 1/06, Solaris 10 11/06, Solaris 108/07

Sun Fire V210 Server X Solaris 10 11/06 SPARC

Sun Fire V215 Server X 1.6 1.6 Solaris 10 1/06, Solaris 10 11/06, Solaris 108/07





Sun Fire V240 Server X 1.6.2 1.6.4 Solaris 10 11/06 SPARC, Solaris 10 5/08SPARC


Sun Fire V250 Server

Sun Fire V440 Server X 1.6.2 1.6.9 Solaris 10 11/06 SPARC


Sun Fire V490 Server X OBP 4.22.24

Sun Fire T1000 Server X Sun systemfirmware 6.1.2

Solaris 10 11/06 SPARC, Solaris 10 8/07SPARC, Solaris 10 5/08 SPARC

Sun Fire T2000 Server X Sun SystemFirmware 6.1.2

Solaris 10 11/06 SPARC, Solaris 10 8/07SPARC

Sun Fire X2100 Server RHEL5, RHEL5.1, SLES10

Sun Fire X2100 M2Server

X 1.60 3.09


X 1.1/1.60/3BB5 1.1/1.60/3BB5

Sun Fire X2250 Server

Sun Fire X4100 Server X Solaris 10 5/08 SPARC,RHEL5,SLES10


X 1.0.7/0ABJX024 1.0.7/0ABJX024

Sun Fire X4140 Server X 2.0.2.5 2.0.2.14

Sun Fire X4150 Server X 1.0 1.0a Solaris 10 5/08 SPARC

Sun Fire X4200 Server X Solaris 10 6/06 x86, RHEL5 64 bit, SLES10 64bit


X Solaris 10 6/06 x86



Sun Fire X4450 Server X 4.11 4.16







Sun Fire X4600 Server X


X 2.0.2.1 2.0.2.5 Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire X8450 ServerModule

X

Sun Netra 240 Server X OBP 4.18.10


Sun Netra X4200 M2Server

X 1.1.7 1.1.7 RHEL4U5-32bit, Solaris 10 11/06 x86,RHEL5, SUSE10-64bit

Sun Netra X4250 Server X

Sun Netra T2000 Server X


Sun SPARC EnterpriseM3000 Server

Solaris 10 10/08


X Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08

Sun SPARC EnterpriseT1000 Server

6.7.5


6.7.5


X 7.0.3.b 7.2.0


X 7.1.0.b 7.2.0


X 7.0.3.b 7.2.0






X 7.1.0.b 7.2.0


Fujitsu SPARC EnterpriseM3000 Server

Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08

Sun Datacenter Switch3456

Supported Systems MatrixNote - The information on this page is being updated, and might be out of date or incomplete.

Ops Center supports a wide range of Sun servers and chassis, including the following:

■ All ILOM-based Sun Servers■ M3000, M4000, M5000, M8000, M9000■ All ALOM, ELOM, and RSC service processor enabled systems

Other systems, such as the v240, are displayed in the table below.

Note - System support is not static. Ops Center can support new Sun hardware withoutrequiring a new software release. Each hardware group tests new systems for the ability to besupported by Ops Center. As a result, the supported list is dynamic and will change as new Sunhardware, or a system variant, is released.

An "X" in the Qualified for Firmware Provisioning column below indicates that the Ops Centerengineers have tested and qualified the system for firmware provisioning. The recommendedfirmware version is the most recently tested version.

Supported Systems Matrix



RecommendedFirmware Qualified Operating Systems


X 2.0.3.10 2.0.3.10


X 2.0.3.10 2.0.3.10


Sun Blade 8000 PModular System

X 2.0.1.10 2.0.1.10


X 6.5.4 6.5.4 Solaris 10 11/06 SPARC


X 2.0.4.19 2.0.4.19 Solaris 10 11/06 SPARC


X 2.0.3.2 2.0.3.2 Solaris 10 11/06 x86,RHEL4U4 AS 64bit


X 4.0.43 4.0.45 Solaris 10 11/06 x86, RHEL5 AS 32bit,SUSE10-64bit


X 2.0.3.2 2.0.3.3


X 2.0.3.10 2.0.3.10



X 1.1.5 2.0.1.13


X 2.0.0.0 2.0.1.11 Solaris 10 11/06 x86, Solaris 10 8/07 x86,RHEL5, SLES10


X 2.0.1.7 2.0.1.8

Sun Fire V20z Server X 2.4.0.8 2.4.0.14 Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire V40z Server Solaris 10 1/06 x86,Solaris 10 11/06x86,RHEL5,SLES9,SLES10


Sun Fire V210 Server X Solaris 10 11/06 SPARC






Sun Fire V240 Server X 1.6.2 1.6.4 Solaris 10 11/06 SPARC, Solaris 10 5/08SPARC


Sun Fire V250 Server

Sun Fire V440 Server X 1.6.2 1.6.9 Solaris 10 11/06 SPARC


Sun Fire V490 Server X OBP 4.22.24

Sun Fire T1000 Server X Sun systemfirmware 6.1.2

Solaris 10 11/06 SPARC, Solaris 10 8/07SPARC, Solaris 10 5/08 SPARC

Sun Fire T2000 Server X Sun SystemFirmware 6.1.2

Solaris 10 11/06 SPARC, Solaris 10 8/07SPARC

Sun Fire X2100 Server RHEL5, RHEL5.1, SLES10


X 1.60 3.09


X 1.1/1.60/3BB5 1.1/1.60/3BB5


Sun Fire X4100 Server X Solaris 10 5/08 SPARC,RHEL5,SLES10


X 1.0.7/0ABJX024 1.0.7/0ABJX024


Sun Fire X4150 Server X 1.0 1.0a Solaris 10 5/08 SPARC

Sun Fire X4200 Server X Solaris 10 6/06 x86, RHEL5 64 bit, SLES10 64bit


X Solaris 10 6/06 x86







Sun Fire X4450 Server X 4.11 4.16



Sun Fire X4600 Server X


X 2.0.2.1 2.0.2.5 Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire X8450 ServerModule

X



Sun Netra X4200 M2Server

X 1.1.7 1.1.7 RHEL4U5-32bit, Solaris 10 11/06 x86,RHEL5, SUSE10-64bit

Sun Netra X4250 Server X




Solaris 10 10/08


X Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08


6.7.5


6.7.5


X 7.0.3.b 7.2.0


X 7.1.0.b 7.2.0






X 7.0.3.b 7.2.0


X 7.1.0.b 7.2.4.f



Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08


Solaris 10 10/08

Sun Datacenter Switch3456

Supported Operating SystemsUnless otherwise noted in the tables, Ops Center supports the following operating systems:

■ Solaris 10 OS for SPARC and x86 platforms■ Solaris 9 OS for SPARC and x86 platforms■ Solaris 8 for the SPARC platform■ OEL version 5.3■ RHEL versions 3, 4, and 5■ SLES versions 8, 9, 10, and 11■ Windows XP, 2003, and 2008 using MSCCM 2007

The tables use the following terms:

■ "x86" refers to the family of 64-bit and 32-bit x86-compatible products.■ "x64" points out specific 64-bit information about AMD64 or EM64T systems.■ "32-bit x86" points out specific 32-bit information about x86 based systems.

Supported Operating Systems


Supported Operating System by Featureindicates that the feature is supported. See above for the list of supported versions. If a

specific version is indicated in the table, that is the only version supported.

- indicates that the feature is not supported.

Feature Solaris 10 OS Solaris 9 OS Solaris 8 OS OEL RHEL SLES Windows


Solaris 10 11/06, 8/07,10/08, 5/09 *

- -

OEL 5.3 RHEL5.0, 5.3

- -

Proxy Controller

Solaris 10 11/06, 8/07,10/08, 5/09 *

- -

OEL 5.3 RHEL5.0, 5.3

- -

Discovery

Provisioning - -

Monitoring

Updating

Live Upgrade

■ SPARC - Physical andvirtual systems

■ x86 - Physical systems

SPARConly

SPARConly

- - - -

Solaris Container - Zone LifeCycle Management

Solaris 10 8/07

- - - - - -

Branded Zones - - - - -

*For installation, other RHEL, OEL, and Solaris OS releases are not supported. Solaris 10 1/06,6/06, and 10/09 OS are not supported.

Supported Operating Systems


Refer to Migrating Zones for detailed information about supported Solaris 10 OS updateversions.

Supported Operating Systems for Logical DomainsOps Center supports version 1.2 of Logical Domains and does not support the previousversions of Logical Domains.

Ops Center supports only Logical Domains that are created through the BUI.

The Logical Domain host must belong to a specific hardware and OS.

The host must also meet specific patch and firmware requirements. For a detailed list of theserequirements, see Requirements of Logical Domains.

The following operating systems are supported for Logical Domains.

Feature Supported OS

Control domain Solaris 10 5/09 OS

Control domain provisioning Solaris 10 5/09 OS

Guest domain creation Solaris 10 5/08 OS up to and including Solaris 10 5/09 OS

Guest domain provisioning Solaris 10 8/07 OS up to and including Solaris 10 5/09 OS

Supported BrowsersOps Center's Browser User Interface (BUI) is accessible from any supported browser.

The BUI console supports requires the ANSI terminal type.

Browsers Windows XP Windows Vista Mac OS X Solaris OS Linux OS

Firefox 3.0.x

Firefox 2.0.x

Internet Explorer 8 - - - - -

Internet Explorer 7

Supported Browsers


Browsers Windows XP Windows Vista Mac OS X Solaris OS Linux OS

Internet Explorer 6 - - - - -

Safari - - - - -

Opera - - - - -

Cache PlanningOps Center uses a centralized file cache to manage its content. The Enterprise Controller andProxy Controllers use /var/opt/sun/xvm as the base directory. Agents use/var/scn/update-agent as their base directory. The Enterprise Controller's global file cachecontains some or all of the following content, depending on what Ops Center is used for:

■ Provisioning Content■ Firmware■ OS Images

■ Update Content■ Knowledge Base data - Metadata that shows what updates exist for a give update channel

(such as Red Hat Enterprise Linux 5 or Solaris 10 X86)■ Updates - Packages, Patches and RPM files that are a standard part of an OS update

channel■ Local Content - User-designated content (software bundles, configuration files, scripts)

Ops Center propagates content from the cache as required. The requester downloads thecontent on a per-job basis so a proxy controller downloads the content it needs from theEnterprise Controller to perform a job, and an agent downloads the required content from theproxy controller. After content is cached on a proxy controller or agent, it can be re-usedwithout additional downloads. This provides operational efficiency for Ops Center.

Note – A user runs a job which patches five Solaris 10 SPARC OS agents on a single proxy. Theproxy controller downloads and caches all of the patches required by the agents, and each of theagents downloads and caches only the patches it requires. If an agent has cached several updatesalready, it re-uses those updates and downloads only what it needs from the proxy.

Note – A user runs a job to provision an OS ISO image to three systems which are managed bytwo proxy controllers. Each proxy controller downloads and caches the ISO image. The threesystems do not cache the OS image, because they download and install the images from theirrespective proxy controllers.

Cache Planning


Many installations use a co-located configuration, in which the proxy controller is installed onthe same OS instance as the Enterprise Controller. In this case, the proxy and enterprisecontrollers share a global file cache and no additional disk space is required for the proxycontroller's cache.

Cache Recommendations for Connected ModeConfigurations“Ops Center System Requirements” on page 33 shows the sizing recommendations for thecache when operating in Connected mode. The guidelines recommend a cache size of at least74GB on Enterprise Controllers and proxy controllers. The following additional guidelinesprovide a baseline for a recommended minimum cache size:

■ 2 GB for software installation (in /opt and /var/tmp)■ 4 GB for each OS image used for provisioning■ 10 GB for each channel used for updates

Because agents store only update content for their OS instance, they have reduced cachingrequirements. It is recommended that 2GB be available for the agent for both the Ops Centersoftware and the update cache.

Cache Planning


Note – An Ops Center installation uses an Enterprise Controller with a co-located proxycontroller and one standalone proxy controller. The installation performs OS provisioning forSolaris 10 X86 and SPARC (update 6) and Red Hat Linux 5.3, with one ISO image for eachdistribution. It patches Solaris 10 X86, Solaris 10 SPARC and Red Hat Enterprise Linux 5 32-bitX86. The standalone proxy controller is used to provision and update Solaris 10 systems onboth SPARC and X86 architectures.

In this scenario, both the Enterprise Controller with co-located proxy and standalone proxycontrollers need a cache size of 74GB, with 2GB in /var/tmp and /opt, and 72GB in/var/opt/sun/xvm. No additional caching is required on the Enterprise Controller because theco-located proxy controller shares its cache.

The Enterprise Controller must have a minimum cache size of 44 GB because of the followingrequirements:

■ 30 GB for the three OS update channels in /var/opt/sun/xvm

■ 12 GB for the three OS provisioning ISO images in /var/opt/sun/xvm

■ 2 GB for the Ops Center software in /var/tmp and /opt

The standalone proxy controller must have a minimum cache of 30 GB, with the followingrequirements:

■ 20 GB for the two Solaris OS update channels in /var/opt/sun/xvm

■ 8 GB for the two Solaris OS provisioning ISOs in /var/opt/sun/xvm

■ 2 GB for the Ops Center software in /var/tmp and /opt

Cache Requirements for Disconnected ModeConfigurationsIn Disconnected mode, Ops Center performs system management without an Internetconnection. This requires administrators to manually cache the content that they wish to use,and changes some cache management requirements and recommendations.

Provisioning content is managed in the same way as in Connected mode configurations exceptit is not possible to download Solaris OS images.

The following cache operations work the same in both Connected and Disconnected modes:

■ Import OS image■ Load OS image from CD or DVD■ Create firmware image

Update content is usually managed differently in Disconnected mode. Users must manuallyupload the knowledgebase (KB) and update content to the Enterprise Controller.

Cache Planning


The KB content is available as a TAR bundle, which users can obtain by running the Ops Centerharvester script. Obtaining a KB bundle with the Harvester Script provides details and exampleson how to run the script. Depending on the settings, users can download the KB content only,or they can obtain patch content for one or more Solaris baselines.

To cache update content (such as patches, packages or RPMs) users perform one or more bulkuploads with the enterprise controller. Uploading Local Software in Bulk explains how toperform bulk uploads of update content in Ops Center.

Enterprise Controller Cache RequirementsThe enterprise controller must pre-cache any update content. This means that the enterprisecontroller must have the following content cached as jobs are being run:

1. OS Provisioning - The OS image(s) to be provisioned2. Firmware Provisioning - The firmware image(s) to be installed3. Update Management - The knowledgebase content

Proxy and Agent Cache RequirementsProxies and agents function the same way in both connected and disconnected modes. Thismeans that there are no special requirements for disconnected mode cache management. Thecache sizing recommendations remain the same as they would for connected modeinstallations: 74GB recommended for standalone proxies and 2GB for agents.

System ScalingThe Enterprise Controller Matrix and the Proxy Controller Matrix on this page are intended toprovide guidance on the minimum amount of memory and disk space needed to optimizeperformance for your environment.

To improve performance, consider the following if you plan to install more than 100 hosts inyour data center:■ Deploy the Enterprise Controller and the Proxy Controller on separate systems.■ Using the OS Update functionality requires faster disks and stripped disk configurations.

This is critical for large scale deployments.■ Consider Solaris Zones and Sun Logical Domains as additional hosts, or agents.

Enterprise Controller recommendations:■ A minimum of 8 cores is strongly recommended for larger environments■ OS Update functionality will benefit from a faster core CPU speed on the Enterprise

Controller

Proxy Controller recommendations:

System Scaling


■ Monitoring is optimized for multiple cores. Proxy Controllers that manage serviceprocessors (SPs) will benefit from more cores.

Use the Chapter 21, “OC Doctor,” utility with the --performance flag to determine yourhardware's benchmark times (BT).

See ** for the estimated BT for common Sun hardware.

Enterprise Controller MatrixThe following matrix provides general guidelines for planning your Enterprise Controllerhardware. The systems specified in the table are intended to be examples. Machine speed mightvary based on OS, core CPU speed, the number of cores and the number of disks. Serviceprocessor monitoring generates heavier load than OS, as monitoring is done from the ProxyController.

Note - For maximum performance, avoid using a co-located Proxy Controller (EnterpriseController and Proxy Controller installed on the same system) in environments with more than100 hosts.

Up to 75 agents 75 to 200 agents 200 to 450 agents 450 to 750 agents

OS Agents only RAM: 6 GB

Disk: 80 GB avail

Proxies: 1

BT: 100-300

RAM: 8 GB

Disk: 100 GB avail

Proxies: 1

BT: 70-100

RAM: 12 GB

Disk: 120 GB avail

Proxies: 2

BT: 30-50

RAM: 16 GB

Disk: 160 GB avail

Proxies: 3 or more

BT: < 30

Service Processors only RAM: 6 GB

Disk: 80 GB avail

Proxies: 1

BT: 100-300

RAM: 8 GB

Disk: 100 GB avail

Proxies: 1-4

BT: 60-100

RAM: 12 GB

Disk: 120 GB avail

Proxies: 2

BT: 40-60

RAM: 16 GB

Disk: 160 GB avail

Proxies: 3 or more

BT: < 40

OS+Service Processors RAM: 8 GB

Disk: 100 GB avail

Proxies: 1

BT: 100-200

RAM: 16 GB

Disk: 100 GB avail

Proxies: 1-2

BT: 50-100

RAM: 24 GB

Disk: 120 GB avail

Proxies: 2-3

BT: 30-50

RAM: 32 GB

Disk: 160 GB avail

Proxies: 3 or more

BT: < 30

Proxy Controller MatrixThe following matrix provides general guidelines for planning your Proxy Controller hardware.

System Scaling


The systems specified in the table are intended to be examples. Machine speed might vary basedon OS, core CPU speed, the number of cores and the number of disks. Service processormonitoring generates heavier load than OS, as monitoring is done from the Proxy Controller.

Note - For maximum performance in environments with more than 100 hosts, avoid using aco-located Proxy Controller (Enterprise Controller and Proxy Controller installed on the samesystem). OS update functionality benefits from a faster core CPU speed on the EnterpriseController.

Up to 75 agents 150 agents 200 agents 300 or More Agents

OS Agents only RAM: 4 GB

Disk: 20 GB avail

BT: 120-300

RAM: 4 GB

Disk: 40 GB avail

BT: 50-120

RAM: 6 GB

Disk: 60 GB avail

BT: < 90

RAM: 8 GB

Disk: 80 GB avail

BT: < 80

Service Processors only RAM: 4 GB

Disk: 20 GB avail

BT: 120-300

RAM: 4 GB

Disk: 40 GB avail

BT: 50-120

RAM: 6 GB

Disk: 60 GB avail

BT: < 90

RAM: 8 GB

Disk: 80 GB avail

BT: < 80

OS+Service Processors RAM: 4 GB

Disk: 40 GB avail

BT: 100-200

RAM: 6 GB

Disk: 60 GB avail

BT:< 100

RAM: 8 GB

Disk: 80 GB avail

BT: < 80

RAM: 12 GB

Disk: 100 GB avail

BT: < 50

BT = Benchmark time using the Ops Center Doctor benchmark utility.

System Scaling


About SPARC Enterprise Server Support

You can use Ops Center to discover, provision, update, and manage your Sun SPARCEnterprise? M3000/M4000/M5000/M8000/M9000 servers and Fujitsu SPARC EnterpriseM3000/M4000/M5000/M8000/M9000 servers, also referred to as SPARC Enterprise M-seriesservers.

The SPARC Enterprise servers contain eXtended System Control Facility (XSCF) firmware,which is a system monitoring and control facility consisting of a dedicated processor that isindependent from the system processor. The XSCF provides an interface between the user andthe server.

The XSCF is the firmware running on the service processor in the server. The firmware is asingle centralized point for the management of hardware configuration, control of hardwaremonitoring, cooling system (fan units), domain status monitoring, power on and power off ofperipheral devices, and error monitoring. XSCF firmware uses different functions to achievehigh system availability and it has a partitioning function to configure and control domains.

A single XSCF service processor is installed in the SPARC Enterprise M3000, M4000, andM5000 servers. In the SPARC Enterprise M8000 and M9000 servers, two XSCF serviceprocessors are installed in the server; these two service processors are highly available and onlyone service processor is active at a time.

When hardware resources in the server are logically divided into one or more units, each set ofdivided resources can be used as one system, which is called a domain. A Solaris OS can operatein each domain.

8C H A P T E R 8

53

RequirementsOps Center is qualified to run on SPARC Enterprise M3000/M4000/M5000/M8000/M9000servers running Solaris 10 10/08 operating system with the following requirements:

■ Create and configure domains manually on the server. See Domain Configuration in theSun SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User's Guide.

■ Configure the domains manually.■ In the XSCF service processor, create an xvmoc user with platadm privilege.■ Create a group for the SPARC Enterprise servers.■ Use the firmware version that is recommended for the server.

Supported Features in Ops CenterThe following Ops Center features are supported for SPARC Enterprise Servers:

■ Discovering XSCF service processors and existing domains■ Power On/Power Off on XSCF service processors and domains■ Provisioning OS in domains■ Provisioning firmware■ Updating the OS in domains■ Monitoring

Specific procedures are required to discover and provision firmware on the SPARC EnterpriseM-Series servers. The tasks for updating the domain OS is the same as updating a system OS.

What Is Not Supported■ Creating and deleting domains■ Adding and removing the system board to domain■ Monitoring the service processor hardware■ Monitoring the domain sensor information and hardware

Requirements


http://docs.sun.com/source/819-6202-16/

http://docs.sun.com/source/819-6202-16/

Decision: What Type of Network Configuration?

Network Port Requirements and ProtocolsOps Center has several communication requirements:

■ “Network Requirements and Data Flow” on page 55■ “List of Ports and Protocols” on page 56■ “To Verify Network Access to Required Web Sites” on page 111

In addition, depending on the environment being managed, the Enterprise Controller mightneed to access a number of vendor sites to download patches or other knowledge. Review theChapter 26, “Vendor Download Sites,” page for a list of vendor sites.

Network Requirements and Data FlowAt least one proxy controller is mandatory. It is installed during the Enterprise Controller'sinstallation, either on the same machine or on a separate server.

9C H A P T E R 9

55

List of Ports and ProtocolsThe Enterprise Controller's default port is 443. If port 443 is in use, the Enterprise Controlleruses port 11165.

The following is a list of required ports.

Communication Protocol and Port Purpose

Browser to Enterprise Controller HTTPS, TCP 9443 Web interface

Browser to Enterprise Controller HTTP, TCP 80 Redirect to port 9443

Proxy Controller to Enterprise Controller HTTPS, TCP 443 Proxy Controller push of asset inventory data toEnterprise Controller

Proxy Controller pull of jobs, update, agent, and OSimages

Network Port Requirements and Protocols


Communication Protocol and Port Purpose

Proxy Controller to Systems FTP, TCP 21

SSH, TCP 22

Telnet, TCP 23

DHCP, UDP 67,68

SNMP, UDP 161,162

IPMI, TCP+UDP 623

Service Tags, TCP 6481

Discovery, bare metal provisioning, systemmanagement, and monitoring

Agent to Proxy Controller HTTPS, TCP 21165 Agent push of asset inventory data to Proxy Controller

Agent pull of jobs

Agent to Proxy Controller HTTPS, TCP 8002 Agent download of updates from Proxy Controller

OS to Proxy Controller HTTPS, TCP 8004 OS provisioning completion status

Used for Linux provisioning

Used to download the agent tar ball after OSprovisioning

Used to upload the status messages to the ProxyController/Enterprise Controller about failed agentinstallations

Java client to public APIs Transport LayerSecurity(TLS), port 11162

JMX access from clients

WMI to agent port 11162 WMI communication to agent

NFS/CIFS access from LDom Hosts andEnterprise Controller

Enterprise Controller port 8005 Enterprise Controller in disconnected mode

Network Switch ConfigurationThese are basic guidelines for network switches that are used with systems running Ops Center.

■ 1 * 8 or 16 port Virtual LAN (VLAN) capable managed switch■ Create a separate VLAN for corporate network and create a separate VLAN for

management and provisioning networks■ Disable spanning-tree protocols on the switch

Ethernet connectivity recommendations:

Network Switch Configuration

Chapter 9 • Decision: What Type of Network Configuration? 57

■ The management network should be a 10/100 connection.■ The provisioning and data networks should be a 10/100/1000 (1 Gbyte) connection.

Reference ConfigurationsThis section provides the reference configurations and connectivity information for OpsCenter.

Other configurations are possible, such as using separate switches for each network. You canimplement your network using any combination of VLANs and switches. Each network,whether management, provisioning, or data, should be assigned to separate VLANs.

Section Description

“Separate Management, Provisioning, and Data Networks” onpage 58

Describes the connectivity requirements for the separatemanagement, provisioning, and data networks configuration.

“Combined Management and Provisioning Network and aSeparate Data Network” on page 60

Describes the connectivity requirements for the combinedmanagement, provisioning and separate data networksconfiguration.

“Combined Provisioning and Data Network and a SeparateManagement Network” on page 64

Describes the connectivity requirements for the combinedprovisioning, data and separate management networksconfiguration.

“Combined Provisioning, Data, and Management Network” onpage 62

Describes the connectivity requirements for the combinedprovisioning, data, and management networks configuration.

Separate Management, Provisioning, and Data Networks

Reference Configurations


When designing a separate network, the following guidelines apply:

■ Configuring separate management, provisioning, and data networks is the best practice.■ Separate networks provide the highest security and the lowest number of points of failure.■ Additional NICs are needed to support this configuration.

Separate Management, Provisioning, and Data Networks


The following list summarizes the connectivity requirements for the separate management,provisioning, and data networks configuration.

■ Enterprise Controller/Proxy Controller

The enterprise controller/proxy controller should provide connectivity to the managementnetwork, provisioning network, and corporate network as follows:■ ETH0 connects the enterprise controller/proxy controller to the corporate network to

provide external access. The ETH0 IP address, netmask, and gateway should beconfigured to meet your corporate environment connectivity requirements.

■ ETH1 connects the enterprise controller/proxy controller to the provisioning networkand should be on the same network as the ETH0 connections of the agents. No devicesother than the enterprise controller/proxy controller and the agents should reside on theprovisioning network. ETH1 should be a 1-Gbit NIC interface.

■ ETH2 connects the enterprise controller/proxy controller to the management networkand should be on the same network as the management port connections of the agents.The ETH2 IP address, netmask, and gateway should be configured to enableconnectivity to the agent's management port IP addresses. ETH2 should be a100-megabit NIC interface.

■ The DHCP service allocates IP addresses to the agents for loading operating systems.

■ Agents

Each agent should provide connectivity to the management network, provisioning network,and data network as follows:■ The management port connects the agent to the management network and should be on

the same network as the ETH2 connection of the enterprise controller/proxy controller.The management port should be a 100-megabit connection.

■ ETH0 connects the agent to the provisioning network and must be on the same networkas the ETH1 connection of the enterprise controller/proxy controller. ETH0 should be a1-Gbyte connection.

■ ETH1 connects the agent to the data network through the switch to provide externalcorporate network access to the agent. ETH1 should be a 1-Gbyte connection.

Combined Management and Provisioning Network and aSeparate Data Network

Combined Management and Provisioning Network and a Separate Data Network


For this configuration, an additional NIC does not need to be installed on the enterprisecontroller/proxy controller. The combined management and provisioning network reducessystem and network security.

Combined Management and Provisioning Network and a Separate Data Network


The following list summarizes the connectivity requirements for the combined managementand provisioning network and the separate data network configuration.


The enterprise controller/proxy controller should provide connectivity to the managementand provisioning network as follows:■ ETH0 connects the enterprise controller/proxy controller to the corporate network to


■ ETH1 connects the enterprise controller/proxy controller to the management andprovisioning network and should be on the same network as the MGMT and ETH0connections of the agents. No devices other than the enterprise controller/proxycontroller and the agents should reside on the management and provisioning network.The ETH1 IP address, netmask, and gateway should be configured to enableconnectivity to the agent's management port IP addresses. ETH1 should be a 1-Gbit NICinterface.


■ Agents

Each agent should provide connectivity to the management and provisioning network andthe separate data network as follows:■ The management port connects the agent to the management and provisioning network

and should be on the same network as the ETH1 connection of the enterprisecontroller/proxy controller. The management port should be a 100-megabit connection.

■ ETH0 connects the agent to the management and provisioning network and must be onthe same network as the ETH1 connection of the enterprise controller/proxy controller.ETH0 should be a 1-Gbyte connection.

■ ETH1 connects the agent to the data network through the switch to provide externalcorporate network access to the agent. ETH1 should be a 1-Gbyte connection.

Combined Provisioning, Data, and Management Network



For this configuration, an additional NIC does not need to be installed on the enterprisecontroller/proxy controller. The combined management, provisioning, and data networksgreatly reduces system and network security.

The following list summarizes the connectivity requirements for the combined management,provisioning, and data networks configuration.




The enterprise controller/proxy controller should provide connectivity to the combinedmanagement, provisioning, and data network and to the corporate network as follows.■ ETH0 connects the enterprise controller/proxy controller to the corporate network to


■ ETH1 connects the enterprise controller/proxy controller to the combinedmanagement, provisioning, and data network and should be on the same network as theMGMT and ETH0 connections of the agents. No devices other than the enterprisecontroller/proxy controller and the agents should reside on the combined network.ETH1 should be a 1-Gbit NIC interface.


■ Agents

Each agent should provide connectivity to the management network, provisioning networkand data network as follows:■ The management port connects the agent to the management, provisioning, and data

network and should be on the same network as the ETH1 connection of the enterprisecontroller/proxy controller. The management port should be a 100-megabit connection.

■ ETH0 connects the agent to the management, provisioning, and data network, and mustbe on the same network as the ETH1 connection of the enterprise controller/proxycontroller. ETH0 also connects the agent to the data network through the switch toprovide external corporate network access to the agent. ETH0 should be a 1-Gbyteconnection.

Combined Provisioning and Data Network and a SeparateManagement Network

Combined Provisioning and Data Network and a Separate Management Network


The following list summarizes the connectivity requirements for the combined data andprovisioning network and the separate management network configuration.




The enterprise controller/proxy controller should provide connectivity to the provisioningand data network and to the separate management network as follows:■ ETH0 connects the enterprise controller/proxy controller to the corporate network to


■ ETH1 connects the enterprise controller/proxy controller to the provisioning and datanetwork and should be on the same network as the ETH0 connections of the agents. Nodevices other than the enterprise controller/proxy controller and the agents shouldreside on the data and provisioning network. ETH1 should be a 1-Gbit NIC interface.

■ ETH2 connects the enterprise controller/proxy controller to the management networkand should be on the same network as the management port connections of the agents.The ETH2 IP address, netmask, and gateway should be configured to enableconnectivity to the agent's management port IP addresses. ETH2 should be a100-megabit NIC interface.


■ AgentsEach agent should provide connectivity to the management network and to the combineddata and provisioning network as follows:■ The management port connects the agent to the management network and should be on

the same network as the ETH2 connection of the enterprise controller/proxy controller.The management port should be a 100-megabit connection.

■ ETH0 connects the agent to the data and provisioning network to provide externalcorporate network access to the agent. ETH0 connection must be on the same networkas the ETH1 connection of the enterprise controller/proxy controller. ETH0 should be a1-Gbyte connection.



Decision: How Will You Use Ops Center?

Ops Center OperationsChapter 11, “Provision an OS”

Chapter 12, “Provision Firmware”

Chapter 13, “About Updating an OS”

Chapter 14, “Virtualization”

Chapter 15, “Using Groups”

10C H A P T E R 1 0

67

Provision an OS

Provision an OS IntroductionOperating system (OS) provisioning enables you to use Ops Center to automatically installoperating systems onto systems that are attached to your network. In most circumstances, OSprovisioning requires no manual interaction with the system that you want to install. Youinitiate these OS installations from a centralized location, using the Ops Center BUI, ratherthan from the systems that you want to install.

Check “Supported Operating Systems” on page 44 for the list of operating systems that you canprovision with Ops Center.

OS provisioning involves three main tasks:

■ Creating and Managing OS Images■ Creating and Managing OS Profiles■ Provisioning Operating Systems

Creating OS images and creating OS profiles are one-time tasks for each OS configuration thatyou want to provision. After an OS image and associated OS profile exist in Ops Center, you canprovision the OS onto systems that are attached to your network.

Ops Center enables OS provisioning on single systems, groups of systems, or a combination ofthe two. OS provisioning for groups of systems requires using homogeneous groups, asdescribed in Creating a Group and Adding Assets to a Group.

11C H A P T E R 1 1

69

Provision Firmware

Provision Firmware IntroductionOps Center automates firmware provisioning at a single chassis or system level, and at datacenter level. The provisioning process is similar, regardless of the hardware, operating system,or underlying technology that you are deploying.

Firmware provisioning enables you to install firmware updates on a server by using firmwareimages and firmware profiles.

At a high level, provisioning firmware involves the following steps:

1. Importing a firmware file with the associated metadata into the Firmware Library.2. Creating firmware profiles based on one or more firmware images.3. Updating firmware based on the profile and its associated firmware images or by applying

updates based on the output of a Firmware Compliance report.

12C H A P T E R 1 2

71

About Updating an OS

Using Ops Center, operating systems are secure and current. You can patch the followingoperating systems:

■ Solaris 8, 9, and 10 (SPARC)■ Solaris 10 (x86)■ Red Hat Linux Advanced Server 3, 4, and 5■ SUSE Linux Enterprise 8, 9, and 10■ Microsoft Windows

The processes for installing patches on Solaris and Linux operating systems are very similar.The process for updating Windows is different. Detailed information is available in eachOS-specific section.

Managing SystemsBefore you can use Ops Center to patch and update an OS, you must discover the OS to gatheridentification for each operating system and then you must manage the OS to install the agentcontroller software. The agent controller software allows Ops Center to check the currentcondition of the operating system and to perform update operations.

When you manage an OS, the following actions occur:

1. The Agent is registered. This might take five minutes. Until the agent is registered, youcannot perform any update functions.

2. A Notification is displayed when the agent OS update functionality is enabled. The agent isregistered and the Target Selector is enabled.

3. The agent runs an inventory check and creates an OS Update Catalog for the system.4. A notification is displayed when the OS Update Catalog is available. The OS Update Catalog

actions are enabled.

13C H A P T E R 1 3

73

Obtaining PatchesBy default, Ops Center software downloads patches and new software using Internet access.The Enterprise Controller is connected to the Internet and to the Solaris Knowledge Servicesdatabase. You can configure Ops Center to connect to third party vendors, such as Red Hat, andprovide authentication details. When you run an update job, the patches are downloaded fromthe corresponding site. For example, Solaris OS patches are available from the SunSolve web siteand Red Hat patches are available from the Red Hat site.

Ops Center downloads only signed patches from SunSolve or EIS DVD. The patches must be inthe jar or jar.gz format or in the patch directory.

If your data center cannot have direct Internet access, configure the software to operate inDisconnected mode. In this mode, the Enterprise Controller is not connected to the Internetand you must upload all content, such as patches, to the Enterprise Controller. To obtain thepatches and packages, you must run the harvester script on a system outside of the data centerthat does have Internet access. You then save the downloaded information to a portable mediadevice, such as a CD or DVD, and bring it to your data center for manual upload. The uploadedsoftware is stored in the Local Content section of the Updates Library.

Another option is to run your Enterprise Controller in Disconnected Mode until you need todownload patches or packages. You then change the Enterprise Controller's mode toConnected only to download the required patches and packages, and then change back to theDisconnected mode.

Local Content (Solaris and Linux OS only)Local Content enables you to save custom files, scripts, executables, or binaries in the UpdatesLibrary. You can save these files on your hosted tier and they remain private to yourorganization. Your local content files might include instructions that must be carried out beforeor after a job. For example, you might use local content to test managed hosts before running ajob.

You can add categories for your content in the Updates Library, edit a component file, anddelete a local component from your library.

ReportsSeveral OS Update reports are available. Reports are OS-specific, but many reports check fornew patches and security advisories. You can get a general report, or test a system or installedpackage for available fixes. For auditing purposes, you can create a Ops Center job historyreport.

Obtaining Patches


Detailed information is available in each OS-specific section. When you create a report, youselect the criteria that are relevant to you, such as a list of hosts that have a specific patch or a listof hosts that do not have a specific patch. You can export the results of most reports to a CSVformat.

For Solaris Baseline Analysis Reports, you can run the report much quicker if you run a patchsimulation and do not download the patches.

The BUI supports column-based sorting in the Report Results section for all the OS Updatereports except for Job History Report and Baseline Analysis Report. Clicking on any field in theheader part of the results table in the center panel will sort the results of that column.

System Catalogs (Solaris and Linux OS only)A list of installed OS software components is available in the system catalog. The catalog isautomatically created when you first manage the OS. You can display and modify the catalog.You can also create historical catalogs, which are snapshots of the OS. You can use the SystemCatalog to create a snapshot of your OS before you run an update job.

You can upload patches, packages, and local content and save it in the Updates Library. Localcontent includes files, scripts, executables, or binaries that are not known to the hosted tier andare private to your organization. Your local content files typically include instructions that mustbe carried out before or after an update job.

Update JobOps Center contains the following options in an update job to maintain control and consistencyacross your data center:

■ Groups - Help you to organize the display of assets in the user interface and act as targets formany types of jobs.

■ Roles - Enable you to determine the tasks that a user can perform on a specific asset, or agroup of assets.

■ Update Profiles - Define what you will allow, or not allow, to be installed on a target. Youcan select from a list of predefined profiles, your existing custom profiles, or you can create anew profile by modifying an existing profile.

■ Update Policies - Define how a job is performed and sets the automation level of the job.You can select from a list of your existing policies or you can create a new policy.

■ Solaris Baselines, white lists, and black lists - Enable you to bring all systems to a baseline,and remove or add patches from the list of patches to install.

■ Local Content - Enable you to add custom packages, software, and scripts

Update Job

Chapter 13 • About Updating an OS 75

■ Patch Simulations - Estimates how much time is required to complete an update job basedon the policy and profile and if the job will succeed.

■ Rollback and recovery capabilities - Enables you to back out patches■ Reports - Maintain patch records, including compliance reports and patch history.

You can define the following job parameters while creating a new update job:

■ Job Name and Description - Identifies the job in the Jobs list. A detailed description ishelpful in clearly identifying the job in the historical record. You can rerun existing jobs.

■ Profile - Defines what you will allow, or not allow, to be installed on a target. You can selectfrom a list of predefined profiles, your existing custom profiles, or you can create a newprofile by modifying an existing profile.

■ Policy - Defines how a job is performed and sets the automation level of the job. You canselect from a list of your existing policies or you can create a new policy.

■ Target Settings - Defines whether the target should be different or similar for each task in thejob.

■ Run Type - Defines whether this job is in simulation mode or is an actual run. You canchoose to deploy the job, or to run a job simulation. A job simulation determines the actionsand results of a job, and estimates how much time is required to complete the job. Jobsimulations also indicate if your policy and profile responses will enable the job to succeed.You can tun a job simulation without downloading patches and packages.

■ Task Execution Order - Specifies whether the tasks should be run in parallel or sequentially.■ Task Failure Policy - Specifies what action to take if the task fails.■ Targets - Selects the target systems for the job.

Solaris OS PatchingThe following package and patch services and features are supported for patching the SolarisOS in Ops Center:

■ Recommended patch clusters■ Solaris baseline reports■ Custom packages■ Active dependency rules■ Patch analysis■ Job simulation■ Job scheduling■ Rollback and recovery

You can use Solaris Live Upgrade to update your Solaris software or you can update your SolarisContainers and zones.

Update Job


Linux OS PatchingThe following package and RPM installation services and features are supported for patchingLinux systems in Ops Center:

■ Linux Red Hat Package Manager (RPM)■ Custom packages■ Active dependency rules■ Patch analysis■ Job simulation■ Job scheduling■ Rollback and recovery

Windows OS PatchingThe following features are supported for patching Windows systems in Ops Center:

■ Patch analysis■ Job scheduling

Using Profiles and Policies to define and control thejob (Solaris and Linux only)Solaris and Linux OS use profiles and policies to manage update jobs, use your own files andscripts in Ops Center, and create snapshots (known as system catalogs.)

Update Job

Chapter 13 • About Updating an OS 77

Virtualization

Virtualization maximizes utilization of resources and has become an important technologyacross all aspects of the IT environment.

Ops Center can manage assets and resources even if they are virtual assets and resources.

The Virtualization Controller manages and monitors the agent software on a virtual asset orstorage resource as if it were a physical component.

Ops Center supports the following virtualization technology:

■ Solaris OS virtualization■ SPARC server virtualization

Logical DomainsLogical Domains, or LDoms, technology is part of a suite of methodologies for consolidationand resource management for SPARC CMT systems. This technology allows you to allocate asystem's various resources, such as memory, CPU threads, and devices, into logical groupingsand create multiple discrete systems. These discrete systems will have their own operatingsystem, resources, and identity within a single system. By careful architecture, a LogicalDomains environment can help you achieve greater resource usage, better scaling, andincreased security and isolation.

14C H A P T E R 1 4

79

Solaris ContainersSolaris Containers are an integral part of the Solaris 10 operating system (OS). SolarisContainers isolate software applications and services using flexible software-definedboundaries. They enable you to create many private execution environments within a singleinstance of the Solaris 10 OS. Each environment has its own identity that is separate from theunderlying hardware. Each environment behaves independently as if running on its ownsystem, making consolidation simple, safe, and secure.

You can build Solaris Containers by using the following technologies:

■ Solaris Resource Manager■ Solaris Zones partitioning technology

Solaris Containers


Using Groups

Groups are administrative structures that contain assets. They appear in the Assets section ofthe Navigation panel. Groups can contain any number of assets, and assets can be placed inmore than one group.

User-Defined GroupsUser-defined groups can contain any type of asset:

■ Homogeneous groups contain a single type of asset: server, chassis, or operating system.■ Heterogeneous groups can contain several types of assets.

Smart GroupsSmart groups are automatically generated to organize all of your assets by type.

You can use groups to organize your assets and act as targets for many types of jobs.Homogeneous server groups, for example, can be targeted with OS provisioning or firmwareupdate jobs.

15C H A P T E R 1 5

81

Decision: Who Will Use Ops Center?

Defining User RolesChapter 17, “Roles and Authorizations”

“Ops Center Users and Groups” on page 108

“Notifications” on page 87

16C H A P T E R 1 6

83

Roles and Authorizations

Roles and Authorizations IntroductionRoles grant users the ability to use the different functions of Ops Center. By giving a role to auser, an administrator can control what functions are available to that user on specific assetsand groups.

Each role grants a user a specific set of authorizations. To perform a job, you must have thecorrect role for the assets or group targeted by the job. Administrators can grant roles to a userthat cover the following assets or groups:

■ Enterprise Controller■ All Assets group■ User-created groups

Note - Subgroups inherit the roles assigned to the parent group.

17C H A P T E R 1 7

85

Enterprise Controller Admin RoleThe Enterprise Controller Admin role grants root access to Ops Center. A user with theEnterprise Controller Admin role can perform asset discovery, perform administration actionson Ops Center, add new users, and edit roles. When Ops Center is configured, the privilegeduser is automatically given this role. At least one user must have this role.

All Assets Admin RoleA user with the All Assets Admin role can perform any action, including provisioning,updating, and managing, on any asset or group. When Ops Center is configured, the privilegeduser is automatically given this role.

Enterprise Controller Admin Role


Group RolesAn Enterprise Controller Admin can grant one or more of these roles to any user for anyuser-defined group:

Content Description

Group Admin This role allows the user to use administration actions such as adding or removing assets.

Group Provision This role allows the user to provision new operating systems and firmware.

Group Update This role allows the user to do patching.

Group Update Simulate This role allows the user to run simulated update jobs.

Group Manage This role allows the user to use management and monitoring actions.

“Ops Center Users and Groups” on page 108

NotificationsNotification Profiles determine how notifications are sent to a user and what levels ofnotifications are sent. By configuring separate notification profiles, different users can receivespecific levels of notifications through the BUI, through email, or through a pager. Differentlevels of notifications can be sent for specific Virtual Pools, Groups, or top-level Smart Groups.Four levels of notification can be sent to a destination:

■ None■ Low and Higher■ Medium and Higher■ High

If a user has no notification profile, all notifications for all assets are sent to the BUI, and nonotifications are sent to other destinations.

Notifications

Chapter 17 • Roles and Authorizations 87

Getting Ready

Getting Ready IntroductionChapter 19, “Tasks for Preparing a Site”

Chapter 20, “Verifying Account Access”

Chapter 22, “Verifying Solaris OS System Resources”

Chapter 23, “Verifying Linux System Resources”

Chapter 24, “Verifying Resources for Agent Installation”

Chapter 25, “Obtaining the Software”

Chapter 26, “Vendor Download Sites”

18C H A P T E R 1 8

89

Tasks for Preparing a Site

Tasks for Preparing a Site IntroductionThis figure shows the task flow for preparing a site.

19C H A P T E R 1 9

91

Tasks for Preparing a Site Introduction


Determine System Requirements■ Inventory the equipment that you want to use with Ops Center.■ Determine which server you will use for the Enterprise Controller and, if desired, the proxy

controller.■ Determine which operating system you will install.■ Determine which assets you will monitor and manage using the Ops Center and, based on

the total, determine your switch requirements.

See the following sections:

■ “Ops Center System Requirements” on page 33■ Preparing a System for Installation

Map Your Network■ Determine the IP addressing scheme for the management, provisioning, and data networks.■ Determine whether you will use a single-switch configuration in which all connections are

on a single switch, or a two-switch configuration, in which the management network isisolated on one switch and the data and provisioning networks are on the second switch.

■ Determine the VLAN assignments.

See the examples in “Reference Configurations” on page 58.

Connect the HardwareCable the equipment according to manufacturers' instructions.

Prepare the AgentsAssign an IP address to the management port of each agent.

For ILOM, ALOM, and SP-based agents, see the server documentation for information aboutassigning IP addresses to the server's management port. You can also locate the serverdocumentation at http://sunsolve.sun.com/handbook_pub/Systems/.

Prepare the Agents

Chapter 19 • Tasks for Preparing a Site 93

http://sunsolve.sun.com/handbook_pub/Systems/

Install and configure the operating system on the EnterpriseController's and Proxy Controller's server.

See the instructions in the Installation section of the product wiki.

Install and configure the operating system on the Enterprise Controller's and Proxy Controller's server.


Verifying Account Access

Ops Center requires that you provide a valid Sun Online Account name and password whenyou register the Enterprise Controller with the Sun Inventory online service. If you have Linuxsystems that you intend to update using Ops Center, a valid Red Hat Network or Novell accountmust be available.

Verifying Your Sun Online AccountTo verify that you have a valid Sun Online Account, in a web browser, go to the My SunConnection site and enter your Sun Online account name and password in the fields provided.

Your login succeeds if you have a valid Sun Online Account. The My Account tab on the MySun Connection site enables you to manage your Sun Online Account, including updatingaccount information, and managing support contracts and licenses.

Creating a Sun Online AccountIf you do not yet have a valid Sun Online Account, the Join Now link on the My Sun Connectionlogin page enables you to register for a Sun Online Account.

Setting a Team NameOps Center can be configured to run in either connected or disconnected mode. In connectedmode, user management is performed by using the Sun Inventory portal. If you intend to runOps Center in connected mode, log in to the Sun Inventory portal and set your default teamname to a value of your choice.

1. In a browser, access the following URL:

https://inventory.sun.com/inventory/

20C H A P T E R 2 0

95

https://portal.sun.com




https://reg.sun.com/register?program=portal%26goto=https://portal.sun.com/portal/dt

https://mysun.sun.com

2. Log in using your Sun Online Account.3. From the Teams menu, select Change Team Properties.4. Change the Team Name field to list the team name that you want to use, and click OK.5. Log out of Sun Inventory.

Verifying Your Red Hat Network or Novell AccountVerify that your Red Hat Network or Novell account allows access to software updates.

Verifying Your Red Hat Network or Novell Account


OC Doctor

The Ops Center Doctor utility is designed to check requirements and identify potential issuesbefore deploying Ops Center and to assist with post-deployment troubleshooting.

The utility has an internal knowledge base for detecting known issues and workarounds whichgets updated on a regular basis.

Utility DownloadThe utility is updated on a regular basis. To receive email notification of an update to this page,including when a new version is available, click Tools, then click Watch This Space.Alternatively, use the self Auto-Update option (*-update*) to automatically download the latestversion.

Download the latest OCDoctor utility here:

OC Doctor Version 1.11 (March 12 2010)OC Doctor Version 1.11 (March 12 2010)

Running the OCDoctorRun the OCDoctor without parameters to get a list of all the options:

# ./OCDoctor.sh

-------- Preinstallation functions ----------

[ --sat-prereq] Check if Enterprise controller /

21C H A P T E R 2 1

97

http://kenai.com/downloads/oc-doctor/OCDoctor-1.11.zip

(Satellite) requirements are met (can be used on Proxy)

[ --agent-prereq] Check if Agent requirements are met

[ --performance] Check machine speed and provide BT score /

(Benchmark Time). Run when the machine is idle.

-------- Troubleshooting / Tuning functions ----------

[ --troubleshoot ] [--fix] Scan the installed components for issues. --fix will /

attempt to fix when available

[ --collectlogs ] <params> Collects all logs from current system, optional /

params to pass to collect script

[ --needhelp ] Display information on how to gather additional info and /

how to open a support case

[ --tuning ] Scan current configuration and suggest improvements

[ --whatisblobid ] <id> Debugging: Provide details about a specific blob id

-------- Other ----------

[ --update ] Check for newer version of the Doctor online

For additional information and updates visit http://wikis.sun.com/display/OC2dot5/OC+Do /

ctor

Running the OCDoctor


OptionsThe following options are are available:

■ “Pre-Installation” on page 99■ “Troubleshooting and Tuning” on page 100■ “Auto-Update” on page 101

Pre-InstallationThe following pre-installation tests are available:

■ -sat-prereq - Verifies that the Enterprise Controller requirements are met.■ -performance - Checks the machine speed and provides a Benchmark Time (BT) score. To

ensure the best results, run this command when the machine is idle.■ -agent-prereq - Verifies that the Agent requirements are met.

sat-prereqOptionRun the following command on the system that will be your Enterprise Controller to verify thatthe minimum requirements are met.

# ./OCDoctor.sh --sat-prereq

performanceOptionThe output of this option enables you to determine the best Enterprise Controller and ProxyController configuration for your data center. For maximum performance in environmentswith more than 100 systems, avoid using a co-located Proxy Controller (Enterprise Controllerand Proxy Controller installed on the same system).

Run the following command on the systems that will be your Enterprise Controller and ProxyController to determine the system speed and establish a BT score:

# ./OCDoctor.sh --performance

After you obtain the output, go to “System Scaling” on page 50. The Enterprise Controller andProxy Controller matrices provide general guidelines for planning your system requirements.

agent-prereqOptionRun the following command on systems that you are planning to install an agent on to verifythat the minimum requirements are met.

# ./OCDoctor.sh --agent-prereq

Options

Chapter 21 • OC Doctor 99

Troubleshooting and TuningThe following functions assist in troubleshooting after you deploy the software:

■ -troubleshoot - Scans the installed components for issues. You can run this on theEnterprise Controller, Proxy Controller and the Agent Controller.

■ -troubleshoot -fix - Will attempt to fix issues when a fix is available.

Tip – You can also run the -troubleshoot option inside a broken zone to troubleshoot a problem.

■ -needhelp - Display information on how to gather additional information and how to opena support case. Try this option if the -troubleshoot did not identify the problem.

Note – Support often asks for GDD output. The latest GDD utility is bundled inside theOCDoctor in the GDD folder. For more information about the GDD, see Sun Gathering DebugData for Sun Ops Center.

■ -tuning - Scans current configuration and suggests improvements.

■ -whatisblobid

<BLOBID> - This is used for debugging: Blob IDs is what Ops Center uses to point topatches, RPMs and Local files. The Blob IDs show up in various log files. This option willprovide details about a specific blob id.

Run this option on the Enterprise Controller. For example:

# ./OCDoctor.sh --whatisblobid 40006972

-------------------------------------------------

Blob 40006972 is:

120719-02 SunOS 5.10 : SunFreeware gzip patch

Channel - Solaris 10 (SOLARIS_10_0_SPARC)

-------------------------------------------------

Options


Auto-Update■ -update - Checks for a newer version of the Doctor online and automatically install the

newer version.

# ./OCDoctor.sh --update

If your system need a proxy server to access the web, you can configure the proxy settings withthe following:

# export http_proxy="http://proxyuser:proxypass@proxyname:port"

Replace the above with proper values, for example:

# export http_proxy="http://sunproxy.sun.com:8080"

# ./OCDoctor --update

(y) Please send us feedback or report issues to mailto:[email protected]

Options

Chapter 21 • OC Doctor 101

mailto:[email protected]

Verifying Solaris OS System Resources

Verify that your system is ready to accept the Ops Center Enterprise Controller or ProxyController software before you proceed with the installation. This page describes the systemresources to check.

Run the Chapter 21, “OC Doctor,” utility to check requirements and to identify potential issuesbefore you install Ops Center. You can also run the utility after installation at any time toidentify problems such as missing Ops Center patches.

The Ops Center Doctor utility performs the following operations. You can perform the sametasks manually.

■ “To Check the Operating System Release” on page 104■ “To Check the Installed Software Group” on page 104■ “To Check the Zone Identity” on page 104■ “To Check the Available Disk Space” on page 105■ “To Check Swap Space” on page 106■ “To Verify the Amount of System Memory” on page 106■ “To Verify the Amount of Shared Memory” on page 106■ “To Verify the webservd User and Group” on page 107■ “To Verify That an Alternate Administrative User Exists” on page 107■ “Ops Center Users and Groups” on page 108■ “To Verify the umask Value” on page 109■ “To Verify the Locations of ssh Binaries” on page 109■ “To Verify Correct IP Address Resolution” on page 110■ “To Verify That /usr/local Is Writeable” on page 110■ “To Verify the Date and Time” on page 110■ “To Verify Online cryptosvc and gss Services” on page 111■ “To Remove the SMClintl Package” on page 111■ “To Verify Network Access to Required Web Sites” on page 111■ “To Verify ssh Access for the root User” on page 114■ “To Verify Network Port Access” on page 114

22C H A P T E R 2 2

103

Before You BeginThese procedures assume that you are logged in as the root user on the system on which youintend to install Ops Center Enterprise Controller or Proxy Controller software.

To Check the Operating System ReleaseVerify that a release of the Solaris OS that is compatible with Ops Center software is installed.Ops Center requires at least Solaris 10 11/06 for SPARC or x86 systems. The /etc/release filelists the Solaris OS release installed on your system. For example:

# cat /etc/release

Solaris 10 8/07 s10s_u4wos_12b SPARC

Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.

Use is subject to license terms.

Assembled 16 August 2007

To Check the Installed Software GroupVerify that your Solaris system has been installed with one of these two software groups:

■ SUNWCXall - Entire distribution with OEM support■ SUNWCall - Entire distribution

To check the installed software group, display the content of the/var/sadm/system/admin/CLUSTER file. For example:

# cat /var/sadm/system/admin/CLUSTER

CLUSTER=SUNWCall

To Check the Zone IdentityOn Solaris systems, the Enterprise Controller can be installed in a local zone or the global zone.If you are installing Ops Center ona local zone, see Preparing a Local Zone for EnterpriseController Installation. You can use the zonename command to check your current zone. Forexample:

Before You Begin


# zonename

global

To Check the Available Disk SpaceUse the df -h command to list the space utilization on the Enterprise Controller, and verify thatyou have at least 70 Gbytes available within the file system that will hold the /var/opt/sun/xVMdirectory structure. For example:

# df -h

Filesystem size used avail capacity Mounted on

/dev/dsk/c1t0d0s0 82G 4.0G 78G 5% /

/devices 0K 0K 0K 0% /devices

ctfs 0K 0K 0K 0% /system/contract

proc 0K 0K 0K 0% /proc

mnttab 0K 0K 0K 0% /etc/mnttab

swap 5.1G 624K 5.1G 1% /etc/svc/volatile

(output omitted)

Ops Center software, and the data that it stores, primarily consume space below the/var/opt/sun/xvm and /opt directory structures. In this example, the /opt and/var/opt/sun/xvm directories are located within the root (/) file system, which has 78 Gbytesof space available. The install script checks for 2 Gbytes of space in /opt and 70 Gbytes ofspace in /var/opt/sun/xvm.

High availability (HA) configurations for Ops Center use transferable storage to hold the/var/opt/sun/xvm directory structure within a separate file system. Refer to About HighAvailability and “Configuring Storage for High Availability” on page 26 for more informationabout HA configurations.

To Check the Available Disk Space

Chapter 22 • Verifying Solaris OS System Resources 105

To Check Swap SpaceEnterprise Controllers require 6 Gbytes of configured swap space and Proxy Controllersrequire at lease 4 Gbytes of configured swap space. The install script checks for this. Use theswap -l command to list the amount of configured swap space. For example:

# swap -l

swapfile dev swaplo blocks free

/dev/dsk/c1t0d0s1 118,1 16 8395184 8395184

The values in the blocks and free columns are expressed in 512-byte blocks.

To Verify the Amount of System MemoryUse the prtconf command to display the amount of installed memory on your system. Forexample:

# prtconf | grep -i meg

Memory size: 4096 Megabytes

At least 6 Gbytes of installed memory is recommended for Enterprise Controller installations.At least 4 Gbytes of installed memory is recommended for Proxy Controller installations.

To Verify the Amount of Shared MemoryUse the prctl command to display the amount of shared memory on your system. Forexample:

# prctl -n project.max-shm-memory -i project 1

project: 1: user.root

NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT

project.max-shm-memory

privileged 1.97GB - deny -

system 16.0EB max deny -

At least 500 MB of shared memory is required. If the privileged value is less than 500 MB, usethe following command to set it to 500 MB.

To Check Swap Space


# projmod -a -K "project.max-shm-memory=(priv,500mb,deny)" default

To Verify the webservdUser and GroupThe webservd user and group are created by default in Solaris 10 software. This user and groupmust exist before you install Ops Center Software.

Examine the content of the /etc/passwd, /etc/shadow, and /etc/group files to confirm thatthe webservd user and group exist. For example:

# grep webservd /etc/passwd

webservd:x:80:80:WebServer Reserved UID:/:

# grep webservd /etc/shadow

webservd:*LK*:::::::

# grep webservd /etc/group

webservd::80:

If the webservd user or group does not exist, create the missing user or group using the UID andGID values listed in the example above.

To Verify That an Alternate Administrative User ExistsIf you want to designate a user other than root as the administrative user for Ops Center, youmust verify that the user exists on the system where you intend to install the software. Forexample:

# logins -l droot

droot 0 root 0 Super-User

This example system uses droot as the administrative user for Ops Center. You must create theadministrative user before you install Ops Center.

To Verify That an Alternate Administrative User Exists


Ops Center Users and GroupsOps Center installation creates a number of users and groups on the Enterprise Controller andProxy Controllers. Review the list of users and groups, and verify that they do not conflict withexisting policies. If required by account management policies, add these users and groupsbefore you install the Ops Center software.

Type Enterprise Controller Proxy Controller

Users svctag, allstart, scndb, scn, scncon, uce-sds, xvm svctag, allstart, uce-sds

Groups jet, scndb, uce-sds jet, uce-sds

Ops Center creates these users and groups with the following UID and GID values:

# cat /etc/group

(output omitted)

uce-sds::98194050:

scndb::98194051:

jet::98194052:

#

# cat /etc/passwd

(output omitted)

svctag:x:95:12:Service Tag UID:/:

scn:x:231796:3::/:/bin/sh

xvm:x:60:60::/:/bin/sh

scncon:x:231798:1::/:/bin/true

uce-sds:x:231799:98194050:UCE Engine:/opt/SUNWuce/server:/bin/sh

scndb:x:231800:98194051:SCS PostgreSQL User:/opt/SUNWscs:/bin/sh

allstart:x:231801:1:AllStart User:/var/opt/sun/xvm/osp/data:/bin/sh

All user accounts have locked (*LK*) passwords, except the scncon user. A password is requiredfor the scncon user, but it has no login shell. If you must create the scncon user before installing

Ops Center Users and Groups


the software, you must enter the password that you want to use, in clear text, in the/var/opt/sun/xvm/persistence/scn-satellite/satellite.properties file. Associate thepassword with the scncon.password parameter in this file. For example:

scncon.password=2EzafaJE

To Verify the umaskValueVerify that the umask for the root user or equivalent role is set to 0022. Different shells reportthis value differently. The following examples list output from the umask command for theBourne shell, the Korn shell, and the C-shell. In all three examples, the umask value is correct.

# sh

# umask

0022

# ksh

# umask

022

# csh

<hostname># umask

22

To Verify the Locations of sshBinariesThe binary files for ssh operations must be stored in their standard locations, even if OpenSSHis used. Verify that the following files are stored using the listed path names:

■ /usr/bin/scp

■ /usr/bin/ssh

■ /usr/bin/ssh-keygen

■ /usr/bin/ssh-keyscan

For example:

# ls /usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

/usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

To Verify the Locations of ssh Binaries


To Verify Correct IP Address ResolutionVerify that the configured naming services resolve the correct IP address for the host name thatis assigned to your system. For example:

# host system.domain

system.domain has address 172.21.26.1337

Verify that the /etc/hosts file contains the correct host name and IP address for your system.For example:

# grep system /etc/hosts

172.21.26.1337 system loghost

To Verify That /usr/local Is WriteableSome software components of Ops Center are installed in the /usr/local directory. Verify thatthe /usr/local directory is writeable, and is not a remotely mounted, read-only directory. Forexample:

# df -h /usr/local

Filesystem size used avail capacity Mounted on

/dev/dsk/c1t0d0s0 82G 4.0G 78G 5% /

# ls -ld /usr/local

drwxr-xr-x 7 root root 512 Feb 23 08:33 /usr/local

In this example, the /usr/local directory is stored in the root (/) file system, and is writeableby the root user and group.

To Verify the Date and TimeVerify that the correct date and time are set on your system. For example:

# date

Thu Mar 11 13:28:59 MST 2010

To Verify Correct IP Address Resolution


If the date and time are not correct, reset them. See Troubleshooting for a description of an errorthat might occur in the Enterprise Controller Configuration wizard if the date and time is notset correctly.

To Verify Online cryptosvc and gss ServicesOps Center requires the cryptosvc and gss SMF services to be online. For example:

# svcs cryptosvc gss

STATE STIME FMRI

online Feb_25 svc:/system/cryptosvc:default

online Feb_25 svc:/network/rpc/gss:default

You can use the svcadm command to enable these services if they are not online.

To Remove the SMClintlPackageThe SMClintl freeware package conflicts with Ops Center software and must be removed. Usethe pkgrm command to remove the SMClintl package before you install Ops Center software.For example:

# pkgrm SMClintl

(output omitted)

To Verify Network Access to Required Web SitesUse a web browser to verify that your system can access the following URLs:

https://getupdates1.sun.com

https://inv-cs.sun.com

https://inventory.sun.com

https://a248.e.akamai.net

https://identity.sun.com

ftp://ftp.sunfreeware.com

To Verify Network Access to Required Web Sites


The https://getupdates1.sun.com site should display a login authentication screen for theSun Update Connection Download Server. The https://inv-cs.sun.com andhttps://inventory.sun.com sites should display the Sun Connection page.

For access to Red Hat Linux updates, verify that your system can access the following URLs:

https://www.redhat.com

http://rhn.redhat.com

https://rhn.redhat.com

https://download.rhn.redhat.com

For access to SUSE Linux updates, verify that your system can access the following URLs:

http://www.novell.com

https://www.novell.com

http://download.novell.com

https://you.novell.com

Use the wget command to verify that you can access the getupdates1.sun.com web site anddownload a sample file.

1. If you use a proxy server to access the Internet, set the https_proxy environment variable topoint to the proxy server:

# export https_proxy="http://myproxy.company.com:8080"

where _myproxy.company.com_ is the fully-qualified domain name of your proxy server.2. Download the sample file named channels.xml and save it locally as /tmp/channels.xml

The wget command is stored by default in /usr/sfw/bin on Solaris systems and uses theseoptions:■ --O - Specifies the name of the file to create on the local system■ --http-user - Specifies the SOA to use for authentication to getupdates1.sun.com

■ --http-password - Specifies the password for SOA that you provide for the--http-user option

■ --proxy-user - (Optional) Specifies the user name used for authentication with anHTTPS proxy

■ --proxy-password - (Optional) Specifies the password for the user name that youprovide for the -proxy-user option



In this example, [email protected] and password represent the SOA and SOA passwordthat you provide:

# /usr/sfw/bin/wget https://getupdates1.sun.com/channels3/channels.xml -O /tmp/channels.xml /

--http-user="[email protected]" --http-password="password"

--11:43:41-- https://getupdates1.sun.com/channels3/channels.xml

=> ‘/tmp/channels.xml’

Resolving getupdates1.sun.com... 198.232.168.136

Connecting to getupdates1.sun.com|198.232.168.136|:443... connected.

HTTP request sent, awaiting response... 302 Moved Temporarily

Location: https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236019547_e9120d30e1ac62650c8f928

4dfe47663&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SIPR9R&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml [following]

--11:43:42-- https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236019547_e9120d30e1ac62650c8f9284

dfe47663&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SIPR9R&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml

=> ‘/tmp/channels.xml’

Resolving a248.e.akamai.net... 208.51.221.73, 208.51.221.48

Connecting to a248.e.akamai.net|208.51.221.73|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 66,505 (65K) [application/xml]



100%[===========================================>] 66,505 397.16K/s

11:43:42 (396.55 KB/s) - ‘/tmp/channels.xml’ saved [66505/66505]

To Verify sshAccess for the rootUserIf you intend to use root login credentials to install the Ops Center agent, verify that the sshdaemon on your target systems is configured to allow root user logins. Custom discoveryallows you to specify a non-root user for ssh access. If you use a non-root user for ssh access,this configuration is not necessary.

To verify ssh access for the root user, try using ssh to log in as root to the system. If thatattempt succeeds, no further action is necessary. If that attempt fails, check the value of thePermitRootLogin parameter in the /etc/ssh/sshd_config file. If PermitRootLogin is set tono, edit the /etc/ssh/sshd_config file, and change the PermitRootLogin setting to yes. Thenuse the svcadm command to restart the svc:/network/ssh:default service. For example:

# svcadm restart svc:/network/ssh:default

To Verify Network Port AccessSee “Network Port Requirements and Protocols” on page 55 to verify that your systems allowthe use of the required network services and ports.

To Verify sshAccess for the rootUser


Verifying Linux System Resources

Before you install Ops Center on an RHEL or OEL system, verify that the system conforms tothe recommendations described below. This page describes the system resources to check.

Run the Chapter 21, “OC Doctor,” utility to check requirements and to identify potential issuesbefore you install Ops Center. You can also run the utility after installation at any time toidentify problems such as missing Ops Center patches.

The Ops Center Doctor utility performs the following operations. You can perform the sametasks manually.:

■ “To Check the Operating System Release” on page 116■ “To Check the Available Disk Space” on page 116■ “To Verify the Amount of System Memory and Swap Space” on page 117■ “To Verify the SELinux Setting” on page 117■ “To Verify the umask Value” on page 118■ “Ops Center Users and Groups” on page 119■ “To Verify That Required Packages Are Installed” on page 120■ “To Verify Correct IP Address Resolution” on page 121■ “To Verify the Locations of ssh Binaries” on page 121■ “To Verify That /usr/local Is Writeable” on page 121■ “To Verify the Date and Time” on page 122■ “To Verify Network Access to Required Web Sites” on page 122■ “To Verify Network Port Access” on page 125■ “Verifying kernel.shmall and kernel.shmmax Values” on page 125

23C H A P T E R 2 3

115

Before You BeginTo ensure that a Linux system is ready to accept an Enterprise Controller or Proxy Controllerinstallation, perform a complete Linux installation. Linux OS Installation describes the requiredinstallation procedure. This installation procedure requires that you install all optional softwarepackages from the installation media that the Linux installer can install.

On a system that has a complete installation of Linux, use the following procedures to verifythat its resources meet the requirements for Ops Center installation.

These procedures assume that you are logged in as the root user on the system on which youintend to install Enterprise Controller or Proxy Controller software.

To Check the Operating System ReleaseVerify that RHEL 5.0 or 5.3 or OEL 5.3 is installed on the system. The /etc/redhat-releasefile lists the OS release installed on your system. For example:

# cat /etc/redhat-release

Red Hat Enterprise Linux Server release 5 (Tikanga)

To Check the Available Disk SpaceUse the df -h command to list the space utilization on the Enterprise Controller, and verify thatyou have at least 72 GBytes available. For example:

# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

131G 5.7G 119G 5% /

/dev/sda1 99M 12M 83M 12% /boot

tmpfs 2.0G 0 2.0G 0% /dev/shm

Ops Center software, and the data it stores, primarily consume space below the/var/opt/sun/xvm and /opt directory structures. In this example, the /var/opt/sun/xvm and/opt directories are located within the root (/) file system, which has 119 GBytes of spaceavailable.

Before You Begin


High availability (HA) configurations for Ops Center use transferable storage to hold the/var/opt/sun/xvm directory structure within a separate file system. Refer to About HighAvailability and “Configuring Storage for High Availability” on page 26 for more informationabout HA configurations.

To Verify the Amount of System Memory and Swap SpaceUse the free -m command to display the amount of installed memory and swap space on yoursystem. For example:

# free -m

total used free shared buffers cached

Mem: 3931 1389 2542 0 220 1053

-/+ buffers/cache: 115 3816

Swap: 4096 0 4096

You should have at least 6 GBytes of installed memory and swap space for Ops CenterEnterprise Controller installations, at least 4 GBytes of installed memory and swap space forOps Center Proxy Controller installations. The value in the total column indicates the totalamount of installed memory or configured swap space.

You can also use the dmesg command to display the amount of memory installed. For example:

# dmesg | grep Memory

Memory: 4022900k/4063168k available (2043k kernel code, 39036k reserved, 846k data, 232k init, /

3145664k highmem)

To Verify the SELinux SettingOps Center installation requires that SELinux is disabled. To check the state of SELinux, eitherrun the sestatus command, or display the contents of the /etc/selinux/config file, andverify that the SELINUX variable is set to disabled. For example:

# sestatus

SELinux status: disabled

#

To Verify the SELinux Setting

Chapter 23 • Verifying Linux System Resources 117

# cat /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - SELinux is fully disabled.

SELINUX=disabled

# SELINUXTYPE= type of policy in use. Possible values are:

# targeted - Only targeted network daemons are protected.

# strict - Full SELinux protection.

SELINUXTYPE=targeted

If the SELinux state is either enforcing or permissive, edit the /etc/selinux/config file andchange the SELINUX value to disabled. After making this change, reboot your system for thechange to take effect.

To Verify the umaskValueVerify that the umask in use for the root user or equivalent role is set to 022. Different shellsreport this value differently. The following examples list output from the umask command forthe Bourne shell, the Korn shell, and the C Shell, and bash, in descending order. In all threeexamples, the umask value is correct.

# sh

# umask

0022

# ksh

# umask

0022

To Verify the umask Value


# csh

# umask

22

# bash

# umask

0022

Check the umask value set in /etc/bashrc. The umask value must be set to 022, even fornon-root users. For example:

# grep umask /etc/bashrc

umask 002

umask 022

Ops Center Users and GroupsOps Center installation creates a number of users and groups on the Enterprise Controller andProxy Controllers. Review the list of users and groups, and verify that they do not conflict withexisting policies. If required by account management policies, add these users and groupsbefore you install the Ops Center software.

Type Enterprise Controller Proxy Controller

Users svctag, allstart, scndb, scn, scncon, uce-sds, xvm svctag, allstart, uce-sds

Groups jet, scndb, uce-sds jet, uce-sds

Ops Center creates these users and groups with the following UID and GID values:

# cat /etc/group

(output omitted)

uce-sds::98194050:

scndb::98194051:

jet::98194052:

Ops Center Users and Groups


#

# cat /etc/passwd

(output omitted)

svctag:x:95:12:Service Tag UID:/:

scn:x:231796:3::/:/bin/sh

xvm:x:60:60::/:/bin/sh

scncon:x:231798:1::/:/bin/true

uce-sds:x:231799:98194050:UCE Engine:/opt/SUNWuce/server:/bin/sh

scndb:x:231800:98194051:SCS PostgreSQL User:/opt/SUNWscs:/bin/sh

allstart:x:231801:1:AllStart User:/var/opt/sun/xvm/osp/data:/bin/sh

All user accounts have locked passwords, except the scncon user. A password is required for thescncon user, but it has no login shell. If you must create the scncon user before installing thesoftware, you must enter the password that you want to use, in clear text, in the/var/opt/sun/xvm/persistence/scn-satellite/satellite.properties file. Associate thepassword with the scncon.password parameter in this file. For example:

scncon.password=2EzafaJE

To Verify That Required Packages Are InstalledOps Center requires a number of specific packages for successful installation on Linux systems.Currently, the list of required packages includes the following:

■ python-2.4.3

■ expect-5.43.0

■ perl-DBD-Pg

■ xinetd

■ tftp-server

■ dhcp

■ gettext

■ perl-XML-Parser

■ ncompress

To Verify That Required Packages Are Installed


■ libxml2 (both the 64 bit and 32 bit RPMs are required)Use the rpm -q command to check if each of these packages is installed. For example:

# rpm -q dhcp-3.0.5-3.el5

dhcp-3.0.5-3.el5

To Verify Correct IP Address ResolutionVerify that the configured naming services resolve the correct IP address for the host name thatis assigned to your system. For example:

# host x4200-brm-13

x4200-brm-13.Central.Sun.COM has address 172.20.25.169

To Verify the Locations of sshBinariesThe binary files for ssh operations must be stored in their standard locations, even if OpenSSHis used. Verify that the following files are stored using the listed path names:

■ /usr/bin/scp

■ /usr/bin/ssh

■ /usr/bin/ssh-keygen

■ /usr/bin/ssh-keyscan

For example:

# ls /usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

/usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

To Verify That /usr/local Is WriteableSome software components of Ops Center are installed in the /usr/local directory. Verify thatthe /usr/local directory is writeable, and is not a remotely mounted, read-only directory. Forexample:

# df -h /usr/local

Filesystem Size Used Avail Use% Mounted on

To Verify That /usr/local Is Writeable


/dev/mapper/VolGroup00-LogVol00

131G 5.7G 119G 5% /

# ls -ld /usr/local

drwxr-xr-x 11 root root 4096 Nov 30 2005 /usr/local

In this example, the /usr/local directory is stored in the root (/) file system and is writeable bythe root user and group.

To Verify the Date and TimeVerify that the correct date and time are set on your system. For example:

# date

Thu Mar 11 13:28:59 MST 2010

If the date and time are not correct, reset them. See Troubleshooting for a description of an errorthat might occur in the Enterprise Controller Configuration wizard if the date and time are notset correctly.

To Verify Network Access to Required Web SitesUse a web browser to verify that your system can access the following URLs:

https://getupdates1.sun.com

https://inv-cs.sun.com

https://inventory.sun.com

https://a248.e.akamai.net

https://identity.sun.com

ftp://ftp.sunfreeware.com

The https://getupdates1.sun.com site should display a login authentication screen for theSun Update Connection Download Server. The https://inv-cs.sun.com andhttps://inventory.sun.com sites should display the Sun Connection page.

For access to Red Hat Linux updates, verify that your system can access the following URLs:

To Verify the Date and Time


https://www.redhat.com

http://rhn.redhat.com

https://rhn.redhat.com

https://download.rhn.redhat.com

For access to SUSE Linux updates, verify that your system can access the following URLs:

http://www.novell.com

https://www.novell.com

http://download.novell.com

https://you.novell.com

Use the wget command to verify that you can access the getupdates1.sun.com web site anddownload a sample file.

1. If you use a proxy server to access the Internet, set the https_proxy environment variable topoint to the proxy server. For example:

# export https_proxy="http://myproxy.company.com:8080"

where _myproxy.company.com_ is the fully-qualified domain name of your proxy server.2. Download the sample file named channels.xml and save it locally as /tmp/channels.xml

Use the wget command with these options:■ --O - Specifies the name of the file to create on the local system■ --http-user - Specifies the SOA to use for authentication to getupdates1.sun.com

■ ---http-password - Specifies the password for SOA that you provide for the--http-user option

■ --proxy-user - (Optional) Specifies the user name used for authentication with anHTTPS proxy

■ ---proxy-password - (Optional) Specifies the password for the user name that youprovide for the --proxy-user option.

The wget command is stored by default in /usr/bin on Linux systems. In this example,[email protected] and password represent the SOA and SOA password that you must provide.

# /usr/bin/wget https://getupdates1.sun.com/channels3/channels.xml -O /tmp/channels.xml /

--http-user="[email protected]" --http-password="password"



--12:07:40-- https://getupdates1.sun.com/channels3/channels.xml

Resolving getupdates1.sun.com... 198.232.168.136

Connecting to getupdates1.sun.com|198.232.168.136|:443... connected.

HTTP request sent, awaiting response... 302 Moved Temporarily

Location: https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236020624_01b507faf428706c2c0b14

a7462004e4&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SANhtW&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml [following]

--12:07:41-- https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236020624_01b507faf428706c2c0b14a746

2004e4&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SANhtW&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml

Resolving a248.e.akamai.net... 204.2.215.18, 204.2.215.19

Connecting to a248.e.akamai.net|204.2.215.18|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 66505 (65K) [application/xml]

Saving to: ‘/tmp/channels.xml’

100%[=========================================>] 66,505 --.-K/s in 0.1s

12:07:42 (449 KB/s) - ‘/tmp/channels.xml’ saved [66505/66505]



To Verify Network Port AccessSee “Network Port Requirements and Protocols” on page 55 to verify that your systems allowusing the required network services and ports.

Verifying kernel.shmall and kernel.shmmaxValuesIf the /etc/sysctl.conf file has been modified, the values of kernel.shmall andkernel.shmmax may be too small for the Ops Center installation.

Variable Recommended Value

kernel.shmall 268435456

kernel.shmmax 4294967295

1. Verify the values of kernel.shmall and kernel.shmmax

[root@x4200-2 ~]# sysctl -a | grep shm

vm.hugetlb_shm_group = 0

kernel.shmmni = 4096

kernel.shmall = 2097152

kernel.shmmax = 33554432

[root@x4200-2 ~]#

2. If the values for kernel.shmall and kernel.shmmax are lower than the values listed above,edit the /etc/sysctl.conf file and set the variables equal to the values listed above.

[root@x4200-2 ~]# vi /etc/sysctl.conf

(output omitted)

kernel.shmmax = 4294967295

(output omitted)

kernel.shmall = 268435456

3. Reboot the system.

[root@x4200-2 ~]# reboot

Verifying kernel.shmall and kernel.shmmax Values


Verifying Resources for Agent Installation

Verify that the systems that you intend to manage are ready for Ops Center agent softwareinstallation. These required resources are typically available in systems that are running currentversions of operating system software. Review the list of required resources to determine if it islikely that any resource is missing from your systems.

This page describes the system resources to check for both Solaris and Linux systems.Regardless of the operating system supporting the Enterprise Controller, both Linux andSolaris systems can be managed.

Sun Support Services might have tools available that automate verifying many of the systemrequirements and resources listed here. Check with Sun Support Services for the followingitems:

■ Pre-installation checklist■ Pre-installation check script■ Patches to apply to the Ops Center software■ Updated Ops Center agent bundles■ Advice about specific patch dependencies that relate to Ops Center agent installation

Verifying resources for agent installation requires the following tasks:

■ “Solaris OS: To Verify Required Packages and Devices” on page 128■ “Linux OS: To Verify Required Packages” on page 130■ “To Verify ssh Installation” on page 131■ “To Verify Patches on Solaris 10 Systems With Non-Global Zones Installed” on page 131■ “Agent Patch Dependencies” on page 135■ “To Verify Unique Service Tags” on page 132■ “To Verify the umask Value” on page 135■ “Solaris OS: To Verify cryptosvc and gss Services” on page 136

24C H A P T E R 2 4

127

Solaris OS: To Verify Required Packages and DevicesThe following packages and devices are required for Ops Center agent installation:

SUNWadmap

SUNWbash

SUNWctpls

SUNWdtcor

SUNWesu

SUNWgzip

SUNWlibC

SUNWlibms

SUNWloc

SUNWmfrun

SUNWswmt

SUNWtoo

SUNWxcu4

SUNWxwdv

SUNWxwfnt

SUNWxwice

SUNWxwplt

SUNWxwrtl

SUNWzip

SUNWzlib

/dev/random

/dev/urandom

Solaris OS: To Verify Required Packages and Devices


The following packages are required on Solaris 8 systems:

SUNWlmsx

SUNWnisr

SUNWnisu

SUNWtltk

SUNWxildh

SUNWxilow

SUNWxilrl

SUNWzlibx


SUNWcpp

SUNWgcmn

SUNWlibpopt

SUNWlmsx

SUNWlxml

SUNWpl5u

SUNWpl5v

SUNWzlibx


SUNWbzip

SUNWcpp

SUNWgcmn

SUNWlibmsr

SUNWlibpopt

Solaris OS: To Verify Required Packages and Devices

Chapter 24 • Verifying Resources for Agent Installation 129

SUNWlxml

SUNWperl584core

SUNWperl584usr

SUNWxwplr

SUNWxwplr

Check Solaris 8 systems in particular for the SUNWbash package and the /dev/random and/dev/urandom devices. The patch 112438-03 installs these devices.

You can use the pkginfo command to verify that a package is installed. For example:

# pkginfo SUNWadmfr

system SUNWadmfr System & Network Administration Framework Configuration

Linux OS: To Verify Required PackagesLinux systems require the following utilities for Ops Center agent installation.

coreutils

file

gettext

grep

tar

unzip

xinetd

You can use the rpm -qf _file_ command to find the name of the package that installed a file.You can use the rpm -q _package_ command to verify that a specific package has beeninstalled.

Ops Center Agent installation on Linux systems requires the 32-bit versions of the followingpackages to be installed:

libxml2 (RHEL, OEL)

pam (RHEL, OEL)

Linux OS: To Verify Required Packages


e2fsprogs (RHEL, OEL)

pam-32bit (SuSE SLE10/11 64bit)

libxml2-32bit (SuSE SLE10/11 64bit)

e2fsprogs-32bit (SuSE 64bit SLES10)

libuuid-32bit (SuSE 64bit SLES11)

To Verify ssh InstallationAlthough root ssh access is not required for Ops Center agent installation, ssh must beavailable on systems on which you want to provision Ops Center agents.

Solaris OS: Use the pkginfo command to verify that the SUNWsshu package is installed onSolaris systems. For example:

# pkginfo SUNWsshu

system SUNWsshu SSH Client and utilities, (Usr)

Linux OS: Use the rpm command to check for ssh installation. For example:

# which ssh

/usr/bin/ssh

# rpm -qf /usr/bin/ssh

openssh-clients-4.3p2-16.el5

To Verify Patches on Solaris 10 Systems With Non-GlobalZones Installed

Solaris 10 systems that have non-global zones installed must have the following patches appliedto assure proper function of the Solaris patch utilities.

Patches for Solaris 10 SPARC systems:■ 124630-03 - System Administration Applications, Network, and Core■ 122660-07 - Zones patch, obsoleted now by Solaris 10 8/07 kernel patch 120011-14

Patches for Solaris 10 x86 systems:

To Verify Patches on Solaris 10 Systems With Non-Global Zones Installed


■ 124631-03 - System Administration Applications, Network, and Core■ 122661-07 - Zones patch, obsoleted now by Solaris 10 8/07 kernel patch 120012-14

Patches 122660-07 and 122661-07 are required on systems with non-global zones installed.These patches must be installed in single user mode. Because these patches depend on kernelpatch 118833-36 or 118855-36, a reboot is required after you install them. Plan for the timerequired to take the affected systems offline to install these patches. Systems that are running atleast Solaris 10 8/07 already have these patches applied.

To Verify Unique Service TagsOps Center requires unique service tag uniform resource names (URNs) in each operatingsystem instance that it manages. Systems that have been installed using Solaris flash archivesthat contain the /var/sadm/servicetag/registry/servicetag.xml file might have identicalURNs. Service tag URNs are stored by default in the/var/sadm/servicetag/registry/servicetag.xml file.

To Identify and Remove Duplicate Service Tags1. On systems where you want to check for duplicate service tags, use the stclient -x client

command to display the service tags that are stored in the/var/sadm/servicetag/registry/servicetag.xml file.For example:

# stclient -x

<?xml version="1.0" encoding="UTF-8"?>

<registry urn="urn:st:4aa51776-9cea-e85b-ab14-aedd6ca93e49" version="1.0">

<service_tag>

<instance_urn>urn:st:c76d9a11-f64b-418b-e9dc-a2fb18e7b76e</instance_urn>

<product_name>Solaris 10 Operating System</product_name>

<product_version>10</product_version>

<product_urn>urn:uuid:5005588c-36f3-11d6-9cec-fc96f718e113</product_urn>

<product_parent_urn>urn:uuid:596ffcfa-63d5-11d7-9886-ac816a682f92 /

</product_parent_urn>

To Verify Unique Service Tags


<product_parent>Solaris Operating System</product_parent>

<product_defined_inst_id/>

<product_vendor>Sun Microsystems</product_vendor>

<platform_arch>sparc</platform_arch>

<timestamp>2009-01-09 22:23:42 GMT</timestamp>

<container>global</container>

<source>SUNWstosreg</source>

<installer_uid>95</installer_uid>

</service_tag>

</registry>

2. Compare the instance_urn values on the systems that were installed using Solaris flasharchives, and determine if duplicate URNs exist.If the instance_urn for the Solaris operating system matches the instance_urn fromanother system, you can remove and re-generate the service tag registry to correct theproblem.

3. To remove the service tag registry, remove the rm/var/sadm/servicetag/registry/servicetag.xml file. For example:

# rm /var/sadm/servicetag/registry/servicetag.xml

# ls /var/sadm/servicetag/registry/servicetag.xml

/var/sadm/servicetag/registry/servicetag.xml: No such file or directory

4. Use the svcadm command to restart the stosreg service, then verify that the/var/sadm/servicetag/registry/servicetag.xml file exists. For example:

# svcadm restart stosreg

# ls /var/sadm/servicetag/registry/servicetag.xml

/var/sadm/servicetag/registry/servicetag.xml

5. Use the stclient -x command to verify that the new instance_urn values are unique. Forexample:

# stclient -x

<?xml version="1.0" encoding="UTF-8"?>



<registry urn="urn:st:fdd576f6-b95c-63e6-ab54-f142ecca360f" version="1.1.4">

<service_tag>

<instance_urn>urn:st:cbf9acfb-0c48-c248-fb07-9816382ceb29</instance_urn>

<product_name>Solaris 10 Operating System</product_name>

<product_version>10</product_version>

<product_urn>urn:uuid:5005588c-36f3-11d6-9cec-fc96f718e113</product_urn>

<product_parent_urn>urn:uuid:596ffcfa-63d5-11d7-9886-ac816a682f92 /

</product_parent_urn>

<product_parent>Solaris Operating System</product_parent>

<product_defined_inst_id/>

<product_vendor>Sun Microsystems</product_vendor>

<platform_arch>sparc</platform_arch>

<timestamp>2009-03-13 23:23:24 GMT</timestamp>

<container>global</container>

<source>SUNWstosreg</source>

<installer_uid>95</installer_uid>

</service_tag>

</registry>

To Create Flash Archives and Exclude Service TagsThe flar and flarcreate commands both accept the -x and -X options, which enable you tospecify files to exclude from Solaris flash archives. Use these options to exclude the/var/sadm/servicetag/registry/servicetag.xml file from the Solaris flash archives thatyou will use to install Solaris onto systems that you intend to manage with Ops Center. Refer tothe flar(1M) and flarcreate(1M) man pages for more information about creating Solarisflash archives.



Agent Patch DependenciesWhen Ops Center provisions an agent, it also automatically installs a set of patches. Thesepatches might depend on other patches that are assumed to be installed.

Ops Center installs the following patches as part of agent provisioning:

Operating System Patches Installed by Agent Provisioning

Solaris 8 SPARC 110165-05, 110380-06,110934-26, 112097-08

Solaris 9 SPARC 114014-17

Solaris 10 SPARC 119042-09, 119254-63, 120900-04, 121133-02, 121901-02, 137321-01

Solaris 10 x86 119043-09, 119255-63, 120901-03, 121334-04, 121902-02, 137322-01

For systems running Solaris 10 versions earlier than Solaris 10 6/06: Agent provisioning installsthe patchadd patch 119254-52 or 119255-52. These patches depend on patches 120900 and120901 or 121133 and 121334 respectively, which are incorporated into the Solaris OS startingwith Solaris 10 6/06. The patches 120900, 120901, 121133, and 121334 require a reboot toensure proper installation. Plan for the down time required to install these patches, if necessary.

The patches 119254-63 and 119255-63 correct issues with Solaris 10 single user modeoperations. Before you provision an Ops Center agent, verify that no IDR patches have beeninstalled that address Solaris 10 single user mode operations.

Check with Sun Support Services for updated Ops Center agent bundles.

To Verify the umaskValueVerify that the umask for the root user or equivalent role is set to 0022. Different shells reportthis value differently. The following examples list output from the umask command for theBourne shell, the Korn shell, and the C-shell, in descending order. In all three examples, theumask value is correct.

# sh

# umask

0022

# ksh

# umask

To Verify the umask Value


022

# csh

<host_name># umask

22

Solaris OS: To Verify cryptosvc and gss ServicesUse the svcs command to verify that the cryptosvc and gss services are enabled.

For example:

# svcs cryptosvc gss

STATE STIME FMRI

online Mar_31 svc:/system/cryptosvc:default

online Mar_31 svc:/network/rpc/gss:default

Solaris OS: To Verify cryptosvc and gss Services


Obtaining the Software

Obtaining the Software IntroductionContact your Sun sales support representative to arrange for your Ops Center download.

As a qualified Sun customer with an engaged Sun sales support representative, a Sun field orsystem engineer can provide access to the Ops Center software for you to download. Thesoftware license agreement for Ops Center is presented as part of the download process. Youmust read and accept the software license agreement before you can use Ops Center.

25C H A P T E R 2 5

137

Vendor Download Sites

Vendor Download Sites IntroductionDepending on the environment that you are managing, the Enterprise Controller will need toaccess a number of vendor sites to download knowledge and patches. The following is a list ofthe major vendor download sites:

Infrastructure and Solaris OS Patches

■ https://getupdates1.sun.comThe https://getupdates1.sun.com site displays a login authentication screen for the SunDownload Server.

■ https://a248.e.akamai.net (resolves to constantly changing IP addresses)■ https://inv-cs.sun.com■ https://inventory.sun.com/scportal

The https://inv-cs.sun.com and https://inventory.sun.com sites display the SunInventory page.

■ http://kenai.comProject Kenai is Sun's connected developer destination and it is used to downloadChapter 21, “OC Doctor,” updates.

Freeware and SunSolve

■ ftp://ftp.sunfreeware.sun■ http://sunsolve.sun.com■ https://identity.sun.com

Oracle Enterprise Linux

■ https://linux.oracle.com

Red Hat Enterprise Linux (optional)

26C H A P T E R 2 6

139

■ https://www.redhat.com■ http://rhn.redhat.com■ https://rhn.redhat.com■ http://download.rhn.redhat.com■ https://content-web.rhn.redhat.com■ https://e2595.c.akamaiedge.net

Novell SUSE Linux Enterprise Server (optional)

■ http://www.novell.com■ https://www.novell.com■ http://download.novell.com■ https://you.novell.com

Microsoft Download Center

■ http://download.microsoft.com

Vendor Download Sites Introduction


Terminology

AgentThe agent software communicates with the Enterprise Controller and is installed automaticallywhen an asset is discovered to make the asset into a managed asset.

ApplianceAn appliance is a pre-installed and pre-configured application and operating systemenvironment. Using appliances eliminates the installation, configuration, and maintenancecosts associated with running complex stacks of software. Appliance images of the formatVMDK are supported in Ops Center.

AssetsAnything that Ops Center can discover and manage. Hardware, software, operating systems,and hypervisors are all assets.

Automatic DiscoveryAutomatic discovery is a discovery method that searches for Service Tags on subnets associatedwith the Proxy Controllers.

27C H A P T E R 2 7

141

BaselineA baseline, or Solaris baseline, is a dated collection of Solaris patches, patch metadata, and tools.Sun releases Solaris baselines on a monthly basis. You can modify a baseline to create a custompatch set by the use of black lists and white lists.

Black ListA black list is a list of Solaris OS patch IDs that you never want to be applied to a host. The blacklist is used when you are using a baseline to update a Solaris OS.

Boot environmentA collection of mandatory file systems (disk slices and mount points) that are critical to theoperation of the Solaris OS. These disk slices might be on the same disk or distributed acrossmultiple disks.

ChannelChannel is an OS distribution, such as Solaris 10 5/09 or Red Hat Enterprise Linux 5.3.

Connected ModeConnected mode is the default connection mode for Ops Center. With this mode, patch data isregularly downloaded through an Internet connection.

Control DomainThe control domain is a domain that is created when Logical Domains is installed. The controldomain allows you to create and manage guest domains and allocate virtual resources to theguest domains.

Baseline


Critical file system (Solaris OS)File systems that are required by the Solaris OS. When you use Solaris Live Upgrade, these filesystems are separate mount points in the vfstab file of the active and inactive bootenvironments. Example file systems are root, /usr, /var, and /opt. These file systems are alwayscopied from the source to the inactive boot environment.

Custom DiscoveryCustom discovery is a discovery method that uses user-specified targets (IP addresses orsubnets) and discovery protocols.

Declare AssetsThe Declare Assets option allows you to add assets to Ops Center without performing anAutomatic Discovery or Custom Discovery.

Disconnected ModeDisconnected mode is the alternate connection mode for Ops Center. Instead of relying on anInternet connection for updates, patch data is user supplied.

DomainA domain is created when Logical Domains is installed. See Control Domain.

Enterprise ControllerEnterprise controller is the top portion of the Ops Center software. The Enterprise Controllerhosts the user interface and communicates with the Sun Datacenter.


Chapter 27 • Terminology 143

Global zoneIn Solaris Containers, the global zone is both the default zone for the system and the zone usedfor system-wide administrative control. The global zone is the only zone from which anon-global zone can be configured,installed, managed, or uninstalled. Administration of thesystem infrastructure, such as physical devices,routing, or dynamic reconfiguration (DR), isonly possible in the global zone. Appropriately privileged processes running in the global zonecan access objects associated with other zones. See also Solaris Containers and Non-GlobalZones.

GroupA group consists of user-defined assets. Assets can be organized into a group by any number ofproperties, such as type or location. A group can include other groups.

GuestGuests are virtual machines of a virtualization host such as a Logical Domain host. The controldomain is a privileged domain (Dom0) and the virtual machines are unprivileged domains(domUs). An unprivileged domain is a domain with no special hardware access.

Guest Operating SystemA guest operating system is an OS that can run within a virtualized environment. “SupportedOperating Systems for Logical Domains” on page 46.

Host nameThe name by which a system is known to other systems on a network. This name must beunique among all the systems within a particular domain (usually, this means within any singleorganization). A host name can be any combination of letters, numbers, and minus signs (-),but it cannot begin or end with a minus sign.

Global zone


HypervisorA hypervisor is the software that allows multiple virtual machines to be multiplexed on a singlephysical machine. The hypervisor code runs at a higher privilege level than the supervisor codeof its guest operating systems to manage use of the underlying hardware resources by multiplesupervisor kernels.

JMXJava Management Extensions (JMX) technology provides the tools for building distributed,modular, and dynamic solutions for managing and monitoring devices, applications, andnetworks. The JMX API defines the notion of MBeans, or manageable objects, which exposeattributes and operations in a way that allows remote management applications to access them.The public API in Ops Center can be accessed through JMX-Remoting.

LibraryA library is a collection of virtual machine images and disk images that are located under thesame file system. When a virtual pool is created, one or more libraries is assigned to the virtualpool. Virtual pools can share the same libraries.

Logical DomainLogical Domain technology is part of a suite of methodologies for consolidation and resourcemanagement for SPARC systems. This technology allows you to allocate a system's variousresources, such as memory, CPUs, and devices, into logical groupings and create multiplediscrete systems. A Logical Domain is a full virtual machine, with a set of resources, such as aboot environment, CPU, memory, I/O devices, and its own operating system.

NetworkA network allows guests to communicate with each other or with the external world (that is, theInternet). When a virtual pool is created, one or more networks is assigned to the virtual pool.Virtual pools can share the same networks.

Network


Non-global zoneA virtualized operating system environment created within a single instance of the Solaris OS.One or more applications can run in a non-global zone without interacting with the rest of thesystem. Non-global zones are also called zones. See also Solaris Containers and Global Zone.

PolicyA policy defines how a job is performed and sets the automation level of the job. A policy file issimilar to a response file. If there is a conflict between a profile and policy, the profile overridesthe policy.

ProfileA profile defines the configuration of components for a specific type of system. By using aprofile, you can define what is allowed, and not allowed, to be installed on a system. If there is aconflict between a profile and policy, the profile overrides the policy.

ProxyThe proxy is the mid-level portion of the Ops Center software. The proxy pulls jobs from theSatellite Server and directs their execution.

Root file systemThe top-level file system from which all other file systems stem. The root ( / ) file system is thebase on

which all other file systems are mounted, and is never unmounted. The root ( / ) file systemcontains the

directories and files critical for system operation, such as the kernel, device drivers, and theprograms that

are used to start (boot) a system.

Non-global zone


Root directoryThe top-level directory from which all other directories stem.

Solaris ContainersSolaris containers are sometimes referred to as Solaris Zones. A software partitioningtechnology used to virtualize operating system services and provide an isolated and secureenvironment for running applications. When you create a non-global zone, you produce anapplication execution environment in which processes are isolated from all other zones. Thisisolation prevents processes that are running in a zone from monitoring or affecting processesthat are running in any other zones. See also global zone, and non-global zone.

Static RouteA static route specifies the route that must be taken by the network for external access. Youmight define a default gateway for the network; however, this default gateway might not be ablereach a given subnet. In this case, you need to add a static route for this specific subnet.

Sun Service TagA Sun service tag enables automatic discovery of assets. A service tag uniquely identifies eachtagged asset, and allows information about the asset to be shared over a local network in astandard XML format. See the Sun Service Tag FAQ for more information.

SCCMMicrosoft's System Center Configuration Manager (SCCM) updates Windows operatingsystems.

Unclassified assetsAssets that appear in the Unclassified Assets tab. The hardware and software are discovered, butthere is not enough information to manage them. Typically, assets are placed in this categorywhen you run an Automatic discovery job or if you run a Custom Discovery job that findsservice tags, but fails on protocol-based authentication. To move assets to the Available to beManaged or Managed Assets tabs, you must run a Custom Discovery or Declare Assets job.

You can register any unclassified assets using Sun Inventory.

Unclassified assets


https://sunconnection.sun.com/FAQ/sc_faq.html

Virtual Disk ImageA virtual disk image is a representation of a virtual storage device that is associated with avirtual machine. Such storage can represent a virtual hard disk or a virtual CD/DVD.

Virtual PoolA virtual pool is a resource pool of virtualization hosts that share compatible chip architecture,which facilitates actions such as moving guests between virtualization host instances. Membersof the virtual pool have access to the same network and storage library resources. Guests canaccess the images contained in the virtual pool's library. Several virtual pools can share the samenetwork and library storage resources.

Virtual Server ImageA virtual server image is the persisted specification and state of a virtual machine. A virtualserver is created when you create a guest. The virtual server image contains the generalspecification of the guest such as CPU, network, memory, and the type of physical storage thatis backing the guest. A virtual server image is also referred to as a guest image.

Virtualization HostVirtualization Host is a hypervisor.

White ListA white list is a list of Solaris OS patch IDs that you always want to be applied to a host. Thewhite list is used when you are using a baseline to update a Solaris OS.

WS-ManagementWeb Services for Management (WS-MAN) is a specification for managing servers, devices, andapplications using web services standards. It provides a common way for systems to access andexchange management information across the entire IT infrastructure. The public API in OpsCenter can be accessed through WS-Management.

Virtual Disk Image


zoneZones, also called non-global zones, are a virtualized operating system environment createdwithin a single instance of the Solaris OS. One or more applications can run in a non-globalzone without interacting with the rest of the system. See also Solaris Containers, Non-GlobalZone, and Global Zone.

ZFSA Solaris OS file system that uses storage pools to manage physical storage.

ZFS


Site Preparation Guide

Documents

Transcript of Site Preparation Guide