Solaris 10 Zone Support

Installation and Upgrade Guides › Policy Server Installation Guide › Installing the Policy Server on UNIX Systems › Solaris 10 Zone Support

Solaris 10 Zone Support

A CA SiteMinder® Policy Server is supported in the following zones:

Global zones
Sparse-root zones
Whole-root zones

Consider the following scenarios when planning to run one or more Policy Servers in a Solaris 10 environment.

Global Zone Support

A global zone configuration limits the implementation to a single Policy Server instance across all zones. Specifically:

Only a single Policy Server instance is supported on the global zone.
A Policy Server instance is not supported on a sparse-root zone if there is another Policy Server instance on the global zone.
A Policy Server instance is not supported on a whole-root zone if there is another Policy Server instance on the global zone.

Example: Global zone support

Graphic showing example of Global zone support

Note: Web Agents, however, may run concurrently in any zone.

Sparse-root Zone Support

A sparse-root zone configuration supports multiple Policy Server instances running on multiple sparse-root zones. Specifically:

Only one Policy Server instance is supported on each sparse-root zone.
Concurrent Policy Server instances are supported on sparse-root zones and whole-root zones, so long as there is only one Policy Server instance on each sparse-root or whole-root zone.
Policy Server instances are not supported running concurrently on the global zone and on sparse-root zones.

Example: Sparse-root zone support

Graphic showing an example of sparse-root and whole-root support

Note: Web Agents, however, may run concurrently in any zone.

Whole-root Zone Support

A whole-root zone configuration supports multiple Policy Server instances running on multiple whole-root zones. Specifically:

Only one Policy Server instance is supported on each whole-root zone.
Concurrent Policy Server instances are supported on whole-root zones and sparse-root zones, so long as there is only one Policy Server instance on each whole-root zone or sparse-root zone.
Policy Server instances are not supported running concurrently on the global zone and on whole-root zones.

Example: Whole-root zone support

Graphic showing an example of sparse-root and whole-root support

Note: Web Agents, however, may run concurrently in any zone.

How to Prepare for the Policy Server Installation

Before you install the Policy Server on a UNIX system, complete the following steps, if applicable:

Determine if the Policy Server host system meets the minimum operating system patch requirements. For more information, see the Policy Server Release Notes.
(Red Hat Linux) The Red Hat 6 operating system relies on entropy for performance. Increase entropy before installing the component. Without sufficient entropy, the installation can take an exceedingly long time to complete. We recommend that you use the following command to set a symbolic link:
```
mv /dev/random /dev/random.org
ln -s /dev/urandom /dev/random
```
(Linux) Be sure that the required Linux libraries are installed to the Policy Server host system.
Create a New UNIX Account.
Modify the UNIX System Parameters.
Unset the Localization Variables.
Unset the LANG Environment Variable.

Required Linux Libraries

Certain library files are required for components operating on Linux operating environments. Failure to install the correct libraries can cause the following error:

java.lang.UnsatisfiedLinkError

If you are installing, configuring, or upgrading a Linux version of this component, the following packages are required on the host system:

Red Hat 5.x:

compat–gcc-34-c++-3.4.6-patch_version.I386
libstdc++-4.x.x-x.el5.i686.rpm
libidn.so.11.rpm
ncurses

Red Hat 6.x:

libstdc++-4.x.x-x.el6.i686.rpm
libidn-1.18-2.el6.i686
libXext.i686.rpm
libXrender.i686.rpm
linXtst.i686.rpm
libidn.so.11.rpm
ncurses

Additionally, for Red Hat 6.x (64-bit):

All the RPM packages that are required for 64-bit Red Hat 6.x are 32-bit packages.

libXau-1.0.5-1.el6.i686.rpm
libxcb-1.5-1.el6.i686.rpm
compat-db42-4.2.52-15.el6.i686.rpm
compat-db43-4.3.29-15.el6.i686.rpm
libX11-1.3-2.el6.i686.rpm
libXrender-0.9.5-1.el6.i686.rpm
libexpat.so.1 (provided by expat-2.0.1-11.el6_2.i686.rpm)
libfreetype.so.6 (provided by freetype-2.3.11-6.el6_2.9.i686.rpm)
libfontconfig.so.1 (provided by fontconfig-2.8.0-3.el6.i686.rpm)
libICE-1.0.6-1.el6.i686.rpm
libuuid-2.17.2-12.7.el6.i686.rpm
libSM-1.1.0-7.1.el6.i686.rpm
libXext-1.1-3.el6.i686.rpm
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
compat-db-4.6.21-15.el6.i686.rpm
libXi-1.3-3.el6.i686.rpm
libXtst-1.0.99.2-3.el6.i686.rpm
libXft-2.1.13-4.1.el6.i686.rpm
libXt-1.0.7-1.el6.i686.rpm
libXp-1.0.0-15.1.el6.i686.rpm
libstdc++.i686.rpm
compat-libtermcap.rpm
libidn.i686.rpm
ncurses

Korn Shell (ksh) Package Required on Linux

The ksh Korn shell is required during Policy Server installation and upgrade on Linux platforms. Verify that the appropriate version for your Linux environment is installed.

Red Hat 5.x 32-bit

ksh-20100621-12.el5.i386.rpm

Red Hat 5.x 64-bit: ksh-20100621-12.el5.x86_64.rpm
Red Hat 6.x 32-bit: ksh-20100621-16.el6.i686.rpm
Red Hat 6.x 64-bit: ksh-20100621-16.el6.x86_64.rpm

Create a New UNIX Account

Create a UNIX account with the default shell as ksh. Name the account as follows:

smuser

Important! Do not use the installer to configure the OneView Monitor UI on the following web servers:

Oracle iPlanet
Apache on Linux

The installer modifies the configuration files of the web server. The new UNIX account does not have the required root privileges.

After you install the Policy Server, use the Policy Server Configuration Wizard as root to configure the OneView Monitor UI.

Modify the UNIX System Parameters

When the Policy Server is placed under load, it opens a large number of sockets and files. If the default limit parameters are not adequate for the load, a large number of sockets and files can become a problem. Modify the default limit parameters to avoid associated problems.

To view the default limit parameters, type the following command in a shell window:

ulimit -a

The system displays a message similar to the following example:

$ ulimit -a
time(seconds)	unlimited
file(blocks)	unlimited
data(kbytes	2097148
stack(kbytes)	8192
coredump(blocks)	unlimited
nofiles(descriptors)	256
vmemory(kbytes)	unlimited

In the example, the nofiles parameter is set to 256. The parameter is the total number of files (sockets + files descriptors) that this shell and its descendants have been allocated. If this parameter is not set high enough, the Policy Server returns numerous socket errors. The most common socket error is 10024, or too many open files.

Increase the nofiles parameter value for proper Policy Server operation under load. You can change this value by running the following command:

ulimit -n

For example, to set the value to 1024, place the following command in the profile file of the smuser account:

ulimit -n 1024

The Policy Server is bound by the nofiles parameter in the smuser account ulimit for the number of connections to it.

Unset Localization Variables

The LC_* variables are sometimes set by default in the profile file of the smuser account. Use of the LC_* environment variables are not permitted. Unset them before installing the Policy Server.

To unset the LC_* environment variables, open the profile file of the smuser account and unset them.

Unset the LANG Environment Variable

The LANG environment variable is not permitted. Unset it before installing the Policy Server.

To unset the variable, add the unset LANG command to the profile file of the smuser account.