Configuring and Using Other Security Features

Oracle VM Server for SPARC secures the usage of specific virtualization features. If enabled, the vntsd daemon is configured in the most secure configuration by default. It only accepts connections from the control domain and not over the network. You can configure a less secure option to permit network connections, if needed. See the description of the vntsd/listen_addr property in the vntsd(1M) man page.

Take care when configuring vntsd to accept network connections. It is best to permit only connections from the control domain or to disable vntsd for optimal security. See Applying General Security Principles to Oracle VM Server for SPARC.

The Oracle VM Server for SPARC domain migration feature uses security measures. The Logical Domains Manager on the source machine accepts the request to migrate a domain and establishes a secure network connection with the Logical Domains Manager that runs on the target machine. The migration occurs after this connection has been established. These secure connections are created by using authentication and encryption features. See Security for Migration Operations in Oracle VM Server for SPARC 3.0 Administration Guide.

In particular, the domain migration operation uses the Secure Sockets Layer (SSL), by default, to encrypt all traffic sent and received across the network. You can improve migration performance by assigning cryptographic units to the control domains of systems that support them.

When domain migration is not needed, you can disable the migration feature to prevent the ldmd process from listening on the migration port.

If you use domain migration, ensure that the ldmd daemon is configured to require password authentication during the migration. This is the default behavior.