Configuring SSL Certificates for Migration - Oracle® VM Server for SPARC 3.3 Administration Guide

Oracle^® VM Server for SPARC 3.3 Administration Guide

Exit Print View

» ...Documentation Home » Oracle VM Server for SPARC 3.3 Documentation ... » Oracle^® VM Server for SPARC 3.3 ... » Oracle VM Server for SPARC 3.3 Software » Migrating Domains » Security for Migration Operations » Configuring SSL Certificates for Migration

Updated: October 2015

Oracle^® VM Server for SPARC 3.3 Administration Guide

Document Information

Using This Documentation

Part I Oracle VM Server for SPARC 3.3 Software

Chapter 1 Overview of the Oracle VM Server for SPARC Software

About Oracle VM Server for SPARC and Oracle Solaris OS Versions

Hypervisor and Logical Domains

Logical Domains Manager

Oracle VM Server for SPARC Physical-to-Virtual Conversion Tool

Oracle VM Server for SPARC Management Information Base

Oracle VM Server for SPARC Troubleshooting

Chapter 2 Oracle VM Server for SPARC Security

Delegating the Management of Logical Domains by Using Rights

Controlling Access to a Domain Console by Using Rights

Enabling and Using Logical Domains Manager Auditing

Using Domain Console Logging

Chapter 3 Setting Up Services and the Control Domain

Output Messages

Creating Default Services

Initial Configuration of the Control Domain

Rebooting to Use Domains

Enabling Networking Between the Oracle Solaris 10 Service Domain and Other Domains

Enabling the Virtual Network Terminal Server Daemon

Verifying That the ILOM Interconnect Is Enabled

Chapter 4 Setting Up Guest Domains

Creating and Starting a Guest Domain

Installing Oracle Solaris OS on a Guest Domain

Chapter 5 Configuring I/O Domains

I/O Domain Overview

General Guidelines for Creating an I/O Domain

Chapter 6 Creating a Root Domain by Assigning PCIe Buses

Creating a Root Domain by Assigning PCIe Buses

Chapter 7 Creating an I/O Domain by Using PCIe SR-IOV Virtual Functions

SR-IOV Overview

SR-IOV Hardware and Software Requirements

Current SR-IOV Feature Limitations

Enabling I/O Virtualization

Planning for the Use of PCIe SR-IOV Virtual Functions

Using Ethernet SR-IOV Virtual Functions

Using InfiniBand SR-IOV Virtual Functions

Using Fibre Channel SR-IOV Virtual Functions

I/O Domain Resiliency

Rebooting the Root Domain With Non-Resilient I/O Domains Configured

Chapter 8 Creating an I/O Domain by Using Direct I/O

Creating an I/O Domain by Assigning PCIe Endpoint Devices

Direct I/O Hardware and Software Requirements

Current Direct I/O Feature Limitations

Planning PCIe Endpoint Device Configuration

Rebooting the Root Domain With PCIe Endpoints Configured

Making PCIe Hardware Changes

Creating an I/O Domain by Assigning a PCIe Endpoint Device

Chapter 9 Using Non-primary Root Domains

Non-primary Root Domains Overview

Non-primary Root Domain Requirements

Non-primary Root Domain Limitations

Non-primary Root Domain Examples

Chapter 10 Using Virtual Disks

Introduction to Virtual Disks

Virtual Disk Identifier and Device Name

Managing Virtual Disks

Virtual Disk Appearance

Virtual Disk Back End Options

Virtual Disk Back End

Configuring Virtual Disk Multipathing

CD, DVD and ISO Images

Virtual Disk Timeout

Virtual Disk and SCSI

Virtual Disk and the format Command

Using ZFS With Virtual Disks

Using Volume Managers in an Oracle VM Server for SPARC Environment

Virtual Disk Issues

Chapter 11 Using Virtual SCSI Host Bus Adapters

Introduction to Virtual SCSI Host Bus Adapters

Operational Model for Virtual SCSI HBAs

Virtual SCSI HBA Identifier and Device Name

Managing Virtual SCSI HBAs

Appearance of Virtual LUNs in a Guest Domain

Virtual SCSI HBA and Virtual SAN Configurations

Configuring Virtual SCSI HBA Multipathing

Booting From SCSI Devices

Installing a Virtual LUN

Virtual SCSI HBA Timeout

Virtual SCSI HBA and SCSI

Supporting Highly Fragmented I/O Buffers in the Guest Domain

Chapter 12 Using Virtual Networks

Introduction to a Virtual Network

Oracle Solaris 11 Networking Overview

Oracle Solaris 10 Networking Overview

Maximizing Virtual Network Performance

Virtual Network Device

Viewing Network Device Configurations and Statistics

Controlling the Amount of Physical Network Bandwidth That Is Consumed by a Virtual Network Device

Virtual Device Identifier and Network Interface Name

Assigning MAC Addresses Automatically or Manually

Using Network Adapters With Domains That Run Oracle Solaris 10

Configuring a Virtual Switch and the Service Domain for NAT and Routing

Configuring IPMP in an Oracle VM Server for SPARC Environment

Using VLAN Tagging

Using Private VLANs

Tuning Packet Throughput Performance

Using NIU Hybrid I/O

Using Link Aggregation With a Virtual Switch

Configuring Jumbo Frames

Oracle Solaris 11 Networking-Specific Feature Differences

Using Virtual NICs on Virtual Networks

Chapter 13 Migrating Domains

Introduction to Domain Migration

Overview of a Migration Operation

Software Compatibility

Security for Migration Operations

Configuring SSL Certificates for Migration

How to Configure SSL Certificates for Migration

Removing SSL Certificates

FIPS 140-2 Mode for Domain Migration

How to Run Logical Domains Manager in FIPS 140-2 Mode

How to Revert the Logical Domains Manager to the Default Mode From FIPS 140-2 Mode

Domain Migration Restrictions

Version Restrictions for Migration

CPU Restrictions for Migration

Migration Restrictions for Setting perf-counters

Migrating a Domain

Performing a Dry Run

Performing Non-Interactive Migrations

Migrating an Active Domain

Domain Migration Requirements for CPUs

Migration Requirements for Memory

Migration Requirements for Physical I/O Devices

Migration Requirements for Virtual I/O Devices

Migration Requirements for PCIe Endpoint Devices

Migration Requirements for PCIe SR-IOV Virtual Functions

Migration Requirements for NIU Hybrid I/O

Migration Requirements for Cryptographic Units

Delayed Reconfiguration in an Active Domain

Migrating While an Active Domain Has the Power Management Elastic Policy in Effect

Operations on Other Domains

Migrating a Domain From the OpenBoot PROM or a Domain That Is Running in the Kernel Debugger

Migrating Bound or Inactive Domains

Migration Requirements for Virtual I/O Devices

Migration Requirements for PCIe Endpoint Devices

Migration Requirements for PCIe SR-IOV Virtual Functions

Monitoring a Migration in Progress

Canceling a Migration in Progress

Recovering From a Failed Migration

Migration Examples

Chapter 14 Managing Resources

Resource Reconfiguration

Resource Allocation

Configuring the System With Hard Partitions

Assigning Physical Resources to Domains

Using Memory Dynamic Reconfiguration

Using Resource Groups

Using Power Management

Using Dynamic Resource Management

Listing Domain Resources

Using Perf-Counter Properties

Chapter 15 Managing Domain Configurations

Managing Domain Configurations

Available Configuration Recovery Methods

Addressing Service Processor Connection Problems

Chapter 16 Handling Hardware Errors

Hardware Error-Handling Overview

Using FMA to Blacklist or Unconfigure Faulty Resources

Recovering Domains After Detecting Faulty or Missing Resources

Marking Domains as Degraded

Marking I/O Resources as Evacuated

Chapter 17 Performing Other Administration Tasks

Entering Names in the CLI

Updating Property Values in the /etc/system File

Connecting to a Guest Console Over the Network

Using Console Groups

Stopping a Heavily Loaded Domain Can Time Out

Operating the Oracle Solaris OS With Oracle VM Server for SPARC

Using Oracle VM Server for SPARC With the Service Processor

Configuring Domain Dependencies

Determining Where Errors Occur by Mapping CPU and Memory Addresses

Using Universally Unique Identifiers

Virtual Domain Information Command and API

Using Logical Domain Channels

Booting a Large Number of Domains

Cleanly Shutting Down and Power Cycling an Oracle VM Server for SPARC System

Logical Domains Variable Persistence

Adjusting the Interrupt Limit

Listing Domain I/O Dependencies

Enabling the Logical Domains Manager Daemon

Saving and Restoring Autosave Configuration Data

Factory Default Configuration and Disabling Domains

Part II Optional Oracle VM Server for SPARC Software

Language:

Configuring SSL Certificates for Migration

To perform certificate-based authentication, use the –c option with the ldm migrate-domain command. This option is mutually exclusive with the password file and alternate user options. If the –c option is not specified, the migration operation performs password authentication.

How to Configure SSL Certificates for Migration

To configure SSL certificates, you must perform the steps in this task on the control domain of both the source machine and the target machine.

Create the /var/share/ldomsmanager/trust directory if it does not already exist.
Securely copy the remote ldmd certificate to the local ldmd trusted certificate directory.
The remote ldmd certificate is the /var/share/ldomsmanager/server.crt on the remote host. The local ldmd trusted certificate directory is /var/share/ldomsmanager/trust. Call the remote certificate file remote-hostname.pem.
Create a symbolic link from the certificate in the ldmd trusted certificate directory to /etc/certs/CA.
Set the REMOTE variable to remote-host.
```
localhost# ln -s /var/share/ldomsmanager/trust/${REMOTE}.pem /etc/certs/CA/
```

Restart the svc:/system/ca-certificates service.

localhost# svcadm restart svc:/system/ca-certificates

Verify that the configuration is operational.

localhost# openssl verify  /var/share/ldomsmanager/trust/${REMOTE}.pem
/var/share/ldomsmanager/trust/remote-hostname.pem: OK

Restart the ldmd daemon.
```
localhost# svcadm restart ldmd
```

Copyright © 2007, 2015, Oracle and/or its affiliates. All rights reserved. Legal Notices