Sun N1 Service Provisioning System 5.1 Installation Guide

Chapter 1 N1 Service Provisioning System 5.1 Overview

This chapter provides an overview of the tasks required to install and configure the N1 Service Provisioning System 5.1. This chapter also contains an overview of the applications included in the N1 Service Provisioning System 5.1 and the types of network protocols that you can use for additional security.

This chapter discusses the following topics:

Installing the N1 Service Provisioning System 5.1 – Process Overview

The process overview below describes the tasks necessary to properly install and configure the N1 Service Provisioning System 5.1.

  1. Determine whether your server meets the minimum requirements to install.

    See Chapter 2, System Requirements for the N1 Service Provisioning System 5.1.

  2. Make configuration decisions and gather the information that you need to install the product.

    See Chapter 3, Gathering Information Before Installation.

  3. (Optional) You can create a special operating system group and user account to be used by N1 Service Provisioning System 5.1.

    If you create a new user and a new group, be sure to include the new user in the group. For more information about creating user accounts, see the documentation for your operating system.

  4. (Optional) Install Jython on CLI Client machines.

    You might choose to install Jython on any machine from which you want to run the CLI Client. Jython is not required to run the CLI Client. Jython is available from http://www.jython.org.

    For more information about using the CLI CLient with Jython, see Chapter 1, Using the Command-Line Interface, in Sun N1 Service Provisioning System 5.1 Command-Line Interface Reference Manual.

  5. Install each of the N1 Service Provisioning System 5.1 applications individually using the appropriate installation script provided on the product media.

    For installation instructions, see Chapter 4, Installing the N1 Service Provisioning System 5.1 on Linux and UNIX Systems or Chapter 5, Installing the N1 Service Provisioning System 5.1 on Windows Systems.

  6. (Optional) If you plan to access the Master Server on the Internet, you can increase the Master Server security by configuring the N1 Service Provisioning System 5.1 to use SSH to communicate with that server.

    See Chapter 7, Configuring the N1 Service Provisioning System 5.1 to Use Secure Shell.

  7. (Optional) If you want to provide the maximum security for communication among the applications, configure the applications to use SSL when communicating.

    See Chapter 8, Configuring the N1 Service Provisioning System 5.1 for SSL.

  8. (Optional) If you do not use SSL to provide security for communication among applications, you can configure the JVM security policy so that the applications accept only connections from localhost. This setup provides a minimum level of security.

    See Chapter 9, Configuring the Java Virtual Machine Security Policy.

  9. (Optional) Start the applications.

    The installation program prompts you to start the applications upon successful installation. If you choose not to start the applications at that time, start the applications by following the instructions in Starting Applications on Linux and UNIX Systems or Starting Applications on Windows Systems.

  10. Complete the initial setup.

    SeeConfiguring the Sun N1 Service Provisioning System – Process Overview in Sun N1 Service Provisioning System 5.1 System Administration Guide for more initial setup instructions.

Overview of N1 Service Provisioning System 5.1 Applications

The N1 Service Provisioning System 5.1 is a distributed software platform. The provisioning system includes the following special-purpose applications that you install on the servers in your network. These applications interact to allow you to deploy software to the servers in your network.

Master Server

The Master Server runs on Linux, UNIX, and Windows based servers. The Master Server is a central server that does the following:

Local Distributor

A Local Distributor is a proxy that optimizes the distribution and management of Remote Agents. Data centers can use Local Distributors to do the following:

Remote Agent

The Remote Agent is an application that runs on every server being managed by the N1 Service Provisioning System 5.1. Remote Agents perform the tasks requested by the Master Server. Remote agents can do the following:

Command Line Interface Client

The Command Line Interface (CLI) Client provides a communication path to the Master Server to enable the execution of commands from local and remote servers. The CLI Client enables commands to be executed in the following environments:

To execute these commands, the CLI Client establishes a connection to the Master Server through TCP/IP or securely using SSL, or SSH.

The CLI Client operates in the following two modes:

When operating in interactive mode, the CLI Client uses the Jython programming language. Jython is a Java implementation of the high-level, dynamic, object-oriented language Python.


Note –

Install Jython on any server on which you plan to run the CLI Client in interactive mode. For more information about Jython and to download Jython, visit http://www.jython.org.


Network Protocols

The N1 Service Provisioning System 5.1 supports a variety of network protocols for communication among the software applications. You select the protocol to apply to each of the following types of network communication:

The N1 Service Provisioning System 5.1 supports the following protocols:

You can tailor your network security to meet the needs of your particular network topology. For example, the communication within each of your data centers is secure, but your network connection to a remote data center passes through the public Internet. You might configure the Master Server to use SSL when communicating with a Local Distributor that is installed inside the firewall of the remote data center. Consequently, the communication over the Internet to the remote data center is secure. The Local Distributor might use raw TCP/IP to communicate with the Remote Agents because the communication over the local network is secure. For more information about the different protocols and about configuring the protocols, read Chapter 7, Configuring the N1 Service Provisioning System 5.1 to Use Secure Shell and Chapter 8, Configuring the N1 Service Provisioning System 5.1 for SSL.

Raw (TCP/IP)

Raw (TCP/IP) is standard TCP/IP without additional encryption or authentication. The advantage of raw is that it requires no additional set-up and configuration. If your data center network is protected by a firewall, using raw provides a convenient method for communication among N1 Service Provisioning System 5.1 applications.

Secure Shell

Secure Shell (SSH) is a UNIX command suite and protocol for securely accessing a remote computer. SSH secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. SSH uses RSA public key cryptography to manage connections and authentication. SSH is more secure than telnet or other shell-based communication methods.

You can configure the N1 Service Provisioning System 5.1 applications to communicate using SSH. The N1 Service Provisioning System 5.1 supports OpenSSH which is a free version of SSH that has been primarily developed by the OpenBSD Project. For more details about OpenSSH, see http://www.openssh.com. The software can be configured to support other versions of SSH as well.

Secure Sockets Layer

Secure Sockets Layer (SSL) is a protocol for securing communication over IP networks. SSL uses TCP/IP sockets technology to exchange messages between a client and a server while protecting the message with a public-and-private key encryption system developed by RSA. Support for SSL is included in most web server products, as well as in the Netscape NavigatorTM browser and Microsoft web browsers.

You can configure the N1 Service Provisioning System 5.1 applications to use SSL for network communications to help prevent the software messages from being read or altered. Optionally, the applications can be configured to use SSL to authenticate each other before communicating, thereby increasing network security.

Introduction to Plug-Ins

In general usage, plug-in applications are programs that can easily be installed and used as part of your web browser. A plug-in application is recognized automatically by the browser and its function is integrated into the main HTML file that is being presented. Web browser plug-in applications generally play sound or motion video or perform some other functions.

In the N1 Service Provisioning System environment, a plug-in differs only slightly in concept from the general usage. A plug-in for the N1 Service Provisioning System product is a packaged solution that extends the provisioning capability of the product for a specific platform, application, or environment. For example, you might create a plug-in solution for a specific application, such as Oracle 8i, or for some feature of an operating system, such as Solaris Zones.

A plug-in includes all of the relevant data that is needed to support a new custom application. The contents of the plug– in are described in the plug-in descriptor file. This file is located in a standard place within the plug–in packaging structure.

Acquiring Plug-Ins

Several plug–ins have been created for use with the N1 Service Provisioning System. The plug-ins are available on the Sun N1 Service Provisioning System 5.1: Supplement CD and in the image downloaded from the Sun Download Center.

The plug-ins are packaged in Java archive files (.jar files). To make a given plug-in known to the N1 Service Provisioning System product, you need to import the plug-in. For instructions to import a plug-in, see the user's guide associated with the plug-in that you want to import in the Plug-In User's Guide document collection at http://docs.sun.com/db/coll/1329.1.