Reflection for Secure IT and Support for Solaris 10 Zones
Technical Note 2254
Last Reviewed 07-Mar-2014
Applies To
Reflection for Secure IT UNIX Client version 7.1 or higher
Reflection for Secure IT UNIX Server version 7.1 or higher
Oracle Solaris version 10
Summary

Zones are a feature in Solaris 10 that allow a single Solaris instance to be partitioned into isolated application environments. This technical note describes how Reflection for Secure IT works in Solaris 10 zones.

Solaris 10 Package Parameters

Solaris package parameters define the characteristics of packages on a system with zones installed. Reflection for Secure IT packages use the following values for these parameters:

Variable
6.1.x
7.x
8.x
SUNW_PKG_ALLZONES
False
True
True
SUNW_PKG_HOLLOW
False
False
False
SUNW_PKG_THISZONE
False
False
False

Note the following:

  • Version 6.1.x is no longer supported. It is listed in this table to provide reference information for upgrading customers. The information in the rest of this note describes zone support for version 7.x and later.
  • In version 7.x and 8.x, the values listed above are visible in the pkginfo file. In version 6.1.x, the above variables were not explicitly set, so they were not visible in the pkginfo file.

Installing Reflection in a Solaris 10 Zones Environment

All Reflection for Secure IT installations must be done in the global zone. You cannot install Reflection for Secure IT in any non-global zone (either sparse or whole root) while running the default SSH or a different version of Reflection for Secure IT in the global zone.

Use this procedure to install Reflection for Secure IT 7.x and 8.x in a Solaris 10 zones environment.

  1. Log in as root in the global zone.
  2. Uninstall the default Solaris SSH.
  3. Install the Reflection for Secure IT package in the global zone.

The package is automatically installed on all non-global zones, and Reflection for Secure IT behaves as a standalone in the new zone.

In a sparse zone, the contents of /usr, /lib, /platform, and /sbin are inherited from the global zone and are read-only. The configuration files in the /etc/ssh2 directory are read-write.

A whole root zone has a read-write copy of the entire file system from the global zone.

Note the following:

  • Disconnect from the non-global zone before upgrading Reflection for Secure IT.
  • If you create a new zone after installing Reflection for Secure IT, Reflection for Secure IT will propagate to the new zone. To ensure that the server is online (and not in maintenance mode), stop the Reflection for Secure IT server before you create the zone then restart it after you create the zone.
  • Uninstall Reflection for Secure IT from the global zone. This will also uninstall it from the non-global zones.
Related Technical Notes
1999 Reflection for Secure IT Technical Notes

Did this technical note answer your question?

           



Need further help? For technical support, please contact Support.