Configuring the Network Interfaces in Trusted Extensions
Your Trusted Extensions system does not require a network to run a desktop with a
directly connected bitmapped display, such as a laptop or workstation. However, network
configuration is required to communicate with other systems. By using the
txzonemgr GUI, you can easily configure the labeled zones and the global zone to
connect to other systems. For a description of the configuration options for labeled zones, see
Access to Labeled Zones. The following task map
describes and links to network configuration tasks.
Table 4-3 Configuring the Network Interfaces in Trusted Extensions Task Map
| | |
|---|
Configure a default system for regular users.
| The system has one IP address and uses an all-zones interface
to communicate between the labeled zones and the global zone. The same IP
address is used to communicate with remote systems.
|
|
Add an IP address to the global zone.
| The system has more than one IP address and uses the global zone's exclusive
IP address to reach a private subnet. The labeled zones cannot reach this
subnet.
|
|
Assign an IP address to every zone, where the zones share the IP stack.
| The system has more than one IP address. In the simplest case, the zones
share a physical interface.
|
|
Add an all-zones interface to the IP instance per
zone.
| The system can offer its labeled zones privileged services that are
protected from remote attack.
|
|
Assign an IP address to every zone, where the IP stack is exclusive.
| One IP address is assigned to every zone, including the global zone.
A VNIC is created for each labeled zone.
|
|
Connect the zones to remote zones.
| This task configures the network interfaces of the labeled zones and
the global zone to reach remote systems at the same label.
|
|
Run a separate nscd daemon per zone.
| In an environment where each subnet has its own name server, this task
configures one nscd daemon per zone.
|
|
|