This chapter provides an overview of the tasks required to install and configure the N1 Service Provisioning System 5.1. This chapter also contains an overview of the applications included in the N1 Service Provisioning System 5.1 and the types of network protocols that you can use for additional security.
This chapter discusses the following topics:
The process overview below describes the tasks necessary to properly install and configure the N1 Service Provisioning System 5.1.
Determine whether your server meets the minimum requirements to install.
Make configuration decisions and gather the information that you need to install the product.
(Optional) You can create a special operating system group and user account to be used by N1 Service Provisioning System 5.1.
If you create a new user and a new group, be sure to include the new user in the group. For more information about creating user accounts, see the documentation for your operating system.
(Optional) Install Jython on CLI Client machines.
You might choose to install Jython on any machine from which you want to run the CLI Client. Jython is not required to run the CLI Client. Jython is available from http://www.jython.org.
For more information about using the CLI CLient with Jython, see Chapter 1, Using the Command-Line Interface, in Sun N1 Service Provisioning System 5.1 Command-Line Interface Reference Manual.
Install each of the N1 Service Provisioning System 5.1 applications individually using the appropriate installation script provided on the product media.
For installation instructions, see Chapter 4, Installing the N1 Service Provisioning System 5.1 on Linux and UNIX Systems or Chapter 5, Installing the N1 Service Provisioning System 5.1 on Windows Systems.
(Optional) If you plan to access the Master Server on the Internet, you can increase the Master Server security by configuring the N1 Service Provisioning System 5.1 to use SSH to communicate with that server.
(Optional) If you want to provide the maximum security for communication among the applications, configure the applications to use SSL when communicating.
(Optional) If you do not use SSL to provide security for communication among applications, you can configure the JVM security policy so that the applications accept only connections from localhost. This setup provides a minimum level of security.
(Optional) Start the applications.
The installation program prompts you to start the applications upon successful installation. If you choose not to start the applications at that time, start the applications by following the instructions in Starting Applications on Linux and UNIX Systems or Starting Applications on Windows Systems.
Complete the initial setup.
SeeConfiguring the Sun N1 Service Provisioning System – Process Overview in Sun N1 Service Provisioning System 5.1 System Administration Guide for more initial setup instructions.
The N1 Service Provisioning System 5.1 is a distributed software platform. The provisioning system includes the following special-purpose applications that you install on the servers in your network. These applications interact to allow you to deploy software to the servers in your network.
Master Server – A central server that stores components and plans, and provides an interface for managing application deployments.
Local Distributor – Optional servers that act as a proxy for the Master Server to optimize network communications across data centers and through firewalls.
Remote Agent – A management application that performs operations on a host. Every server that you want to be controlled by the N1 Service Provisioning System 5.1 must have the Remote Agent application.
Command Line Interface Client – Optional applications that accept commands to be executed on the Master Server.
The Master Server runs on Linux, UNIX, and Windows based servers. The Master Server is a central server that does the following:
Manages a database that identifies all of the hosts that are registered in the provisioning software
Stores components and plans in a repository
Performs version control on the objects that are stored in the repository
Authenticates provisioning system users and ensures that only authorized users perform specific operations
Includes special-purpose engines for performing tasks such as dependency tracking and deployments
Provides both a browser interface and a command-line interface for users
A Local Distributor is a proxy that optimizes the distribution and management of Remote Agents. Data centers can use Local Distributors to do the following:
Minimize network traffic during deployments. The Master Server sends one copy of a component to a Local Distributor, which replicates the component for installation on other servers.
Minimize firewall reconfigurations. If a firewall stands between the Master Server and a collection of servers, administrators can open the firewall only for the Local Distributors, rather than for every server involved in a deployment.
Minimize the load to the Master Server during large scale deployments.
The Remote Agent is an application that runs on every server being managed by the N1 Service Provisioning System 5.1. Remote Agents perform the tasks requested by the Master Server. Remote agents can do the following:
Report server hardware and software configurations to the Master Server
Start and stop services
Manage directory contents and properties
Install and uninstall software
Run operating system commands and native scripts specified by components and plans
The Command Line Interface (CLI) Client provides a communication path to the Master Server to enable the execution of commands from local and remote servers. The CLI Client enables commands to be executed in the following environments:
Windows command line
UNIX shell such as bash
To execute these commands, the CLI Client establishes a connection to the Master Server through TCP/IP or securely using SSL, or SSH.
The CLI Client operates in the following two modes:
Single-command mode, which enables you to submit one command at a time
Interactive mode, which prompts you for commands, maintains a command history and allows for Jython scripting
When operating in interactive mode, the CLI Client uses the Jython programming language. Jython is a Java implementation of the high-level, dynamic, object-oriented language Python.
Install Jython on any server on which you plan to run the CLI Client in interactive mode. For more information about Jython and to download Jython, visit http://www.jython.org.
The N1 Service Provisioning System 5.1 supports a variety of network protocols for communication among the software applications. You select the protocol to apply to each of the following types of network communication:
Communication between the Master Server and Local Distributors or Remote Agents
Communication between a particular Local Distributor and Remote Agents
Communication between the Master Server and a CLI Client
The N1 Service Provisioning System 5.1 supports the following protocols:
Secure Sockets Layer
You can tailor your network security to meet the needs of your particular network topology. For example, the communication within each of your data centers is secure, but your network connection to a remote data center passes through the public Internet. You might configure the Master Server to use SSL when communicating with a Local Distributor that is installed inside the firewall of the remote data center. Consequently, the communication over the Internet to the remote data center is secure. The Local Distributor might use raw TCP/IP to communicate with the Remote Agents because the communication over the local network is secure. For more information about the different protocols and about configuring the protocols, read Chapter 7, Configuring the N1 Service Provisioning System 5.1 to Use Secure Shell and Chapter 8, Configuring the N1 Service Provisioning System 5.1 for SSL.
Raw (TCP/IP) is standard TCP/IP without additional encryption or authentication. The advantage of raw is that it requires no additional set-up and configuration. If your data center network is protected by a firewall, using raw provides a convenient method for communication among N1 Service Provisioning System 5.1 applications.
Secure Shell (SSH) is a UNIX command suite and protocol for securely accessing a remote computer. SSH secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. SSH uses RSA public key cryptography to manage connections and authentication. SSH is more secure than telnet or other shell-based communication methods.
You can configure the N1 Service Provisioning System 5.1 applications to communicate using SSH. The N1 Service Provisioning System 5.1 supports OpenSSH which is a free version of SSH that has been primarily developed by the OpenBSD Project. For more details about OpenSSH, see http://www.openssh.com. The software can be configured to support other versions of SSH as well.
Secure Sockets Layer (SSL) is a protocol for securing communication over IP networks. SSL uses TCP/IP sockets technology to exchange messages between a client and a server while protecting the message with a public-and-private key encryption system developed by RSA. Support for SSL is included in most web server products, as well as in the Netscape NavigatorTM browser and Microsoft web browsers.
You can configure the N1 Service Provisioning System 5.1 applications to use SSL for network communications to help prevent the software messages from being read or altered. Optionally, the applications can be configured to use SSL to authenticate each other before communicating, thereby increasing network security.
In general usage, plug-in applications are programs that can easily be installed and used as part of your web browser. A plug-in application is recognized automatically by the browser and its function is integrated into the main HTML file that is being presented. Web browser plug-in applications generally play sound or motion video or perform some other functions.
In the N1 Service Provisioning System environment, a plug-in differs only slightly in concept from the general usage. A plug-in for the N1 Service Provisioning System product is a packaged solution that extends the provisioning capability of the product for a specific platform, application, or environment. For example, you might create a plug-in solution for a specific application, such as Oracle 8i, or for some feature of an operating system, such as Solaris Zones.
A plug-in includes all of the relevant data that is needed to support a new custom application. The contents of the plug– in are described in the plug-in descriptor file. This file is located in a standard place within the plug–in packaging structure.
Several plug–ins have been created for use with the N1 Service Provisioning System. The plug-ins are available on the Sun N1 Service Provisioning System 5.1: Supplement CD and in the image downloaded from the Sun Download Center.
The plug-ins are packaged in Java archive files (.jar files). To make a given plug-in known to the N1 Service Provisioning System product, you need to import the plug-in. For instructions to import a plug-in, see the user's guide associated with the plug-in that you want to import in the Plug-In User's Guide document collection at http://docs.sun.com/db/coll/1329.1.