Implementation Guide › Installing and Customizing a UNIX Endpoint › Solaris 10 Zones Implementation

Solaris 10 Zones Implementation

Solaris 10 provides virtualized OS services which look like different Solaris instances, called zones. All Solaris 10 systems contain a master zone, called the global zone. Nonglobal zones run alongside it, and you can configure, monitor, and control them from the global zone.

You can protect each zone (or selected zones) in your environment using CA ControlMinder. This lets you define different rules and policies for each zone, and therefore defining different access restrictions for each zone.

Installing CA ControlMinder on Solaris 10 zones is no different to a regular installation, and you can do it by either one of the following methods:

• Install CA ControlMinder using Solaris native packaging.

  CA ControlMinder is designed to be installed and uninstalled using Solaris native packaging tools (pkgadd and pkgrm).

  If you install using the Solaris native package installation, you can either:

  • Install CA ControlMinder on all zones.

    The easiest and recommended way of installing CA ControlMinder on Solaris 10 is to either install on the global zone, or on all zones, including nonactive zones and any zones that are created in the future.

  • Install CA ControlMinder on selected zones.

    While we do not recommend this step, you can use Solaris native packaging tools to install CA ControlMinder on selected zones. However, for CA ControlMinder to work in any nonglobal zone, install CA ControlMinder in the global zone.

  If you installed using Solaris native packaging, use the native packaging to uninstall CA ControlMinder from all zones.

• Install CA ControlMinder in each zone using the install_base script.

  The install_base script installs CA ControlMinder in the zone you are executing the script in.

  For CA ControlMinder to work in any nonglobal zone, install CA ControlMinder in the global zone.

  If you installed CA ControlMinder using the install_base script, you can uninstall it from individual nonglobal zones. However, the CA ControlMinder kernel can be uninstalled only from the global zone and only after CA ControlMinder has been stopped in all zones.

  Note: Due to a Solaris 11 limitation, CA ControlMinder package is not propagated into nonglobal zones during installation. We recommend you to install CA ControlMinder in each zone individually using the Solaris native packaging tool (pkgadd).

  Important! If you uninstall CA ControlMinder from the global zone using install_base before you uninstall from all zones, users may be locked out of the zones. We recommend you to use the Solaris native packaging to install and uninstall CA ControlMinder on Solaris zones.