This section includes additional information on new features and functionality.
Sun Cluster Security Hardening uses the Solaris Operating Environment hardening techniques recommended by the Sun BluePrints program to achieve basic security hardening for clusters. The Solaris Security Toolkit automates the implementation of Sun Cluster Security Hardening. Sun Cluster Security Hardening supports the following three agents.
Apache Web Server
iPlanet Web Server
iPlanet Mail Server
The Sun Cluster Security Hardening documentation is available at http://www.sun.com/security/blueprints. From this URL, scroll down to the Architecture heading to locate the article on Sun Cluster Security Hardening.
The following VxFS features are not supported in a Sun Cluster 3.0 configuration.
Quick I/O
Snapshots
Storage checkpoints
Cache advisories (these can be used, but the effect will be observed on the given node only)
VERITAS CFS (requires VERITAS cluster feature & VCS)
VxFS-specific mount options
convosync (Convert O_SYNC)
mincache
qlog, delaylog, tmplog
All other VxFS features and options that are supported in a cluster configuration are supported by Sun Cluster 3.0 software. See VxFS documentation and man pages for details about VxFS options that are or are not supported in a cluster configuration.
The following guidelines for how to use VxFS to create highly available cluster file systems are specific to a Sun Cluster 3.0 configuration.
Create a VxFS file system by following procedures in VxFS documentation.
Globally mount and unmount a VxFS file system from the primary node (the node that masters the disk on which the VxFS file system resides) to ensure that the operation succeeds. A VxFS file system mount or unmount operation that is performed from a secondary node might fail.
Perform all VxFS administration commands from the primary node of the VxFS cluster file system.
The following guidelines for how to administer VxFS cluster file systems are not specific to Sun Cluster 3.0 software. However, they are different from the way you administer UFS cluster file systems.
You can access and administer files on a VxFS cluster file system from any node in the cluster, with the exception of ioctls, which you must issue only from the primary node. If you do not know whether an administration command involves ioctls, issue the command from the primary node.
If a VxFS cluster file system fails over to a secondary node, all standard-system-call operations that were in progress during failover are re-issued transparently on the new primary. However, any ioctl-related operation in progress during the failover will fail. After a VxFS cluster file system failover, check the state of the cluster file system. There might be administrative commands that were issued on the old primary before failover that require corrective measures. See VxFS documentation for more information.