Implementation Guide › Installing and Customizing a UNIX Endpoint › Solaris 10 Zones Implementation

Solaris 10 Zones Implementation

Solaris 10 provides virtualized OS services which look like different Solaris instances, called zones. All Solaris 10 systems contain a master zone, called the global zone. Non-global zones run alongside it, and you can configure, monitor, and control them from the global zone.

You can protect each zone (or selected zones) in your environment using CA Access Control. This lets you define different rules and policies for each zone, and therefore defining different access restrictions for each zone.

Installing CA Access Control on Solaris 10 zones is no different to a regular installation, and you can do it by either one of the following methods:

• Install CA Access Control using Solaris native packaging

  CA Access Control is designed to be installed and uninstalled using Solaris native packaging tools (pkgadd and pkgrm).

  If you install using the Solaris native package installation, you can either:

  • Install CA Access Control on all zones.

    The easiest and recommended way of installing CA Access Control on Solaris 10 is to either install on the global zone, or on all zones, including non-active zones and any zones that are created in the future.

  • Install CA Access Control on selected zones.

    While we do not recommend this, you can use Solaris native packaging tools to install CA Access Control on selected zones. However, for CA Access Control to work in any non-global zone, you must also install CA Access Control in the global zone.

  If you installed using Solaris native packaging, use the native packaging to uninstall CA Access Control from all zones.

• Install CA Access Control in each zone using the install_base script.

  The install_base script installs CA Access Control in the zone you are executing the script in.

  For CA Access Control to work in any non-global zone, you must also install CA Access Control in the global zone.

  If you installed CA Access Control using the install_base script, you can uninstall it from individual non-global zones. However, the CA Access Control kernel can be uninstalled only from the global zone and only after CA Access Control has been stopped in all zones.

  Important! If you uninstall CA Access Control from the global zone using install_base before you uninstall from all zones, users may be locked out of the zones. We recommend you use Solaris native packaging to install and uninstall CA Access Control on Solaris zones.