Trusted Solaris Installation and Configuration

Plan Your Network.

If you are installing a non-networked workstation, you can skip this step.

For help in planning network hardware, see "Planning Your Network" in TCP/IP and Data Communications Administration Guide.

As in any client-server network, you need to identify hosts by their function (server or client) and configure the software appropriately. The following table lists servers you may need to create and their function. For more information, see System Administration Guide, Volume I.

Table 1-1 Possible Servers in a Trusted Solaris Environment


Create ...	If You Plan to ...
Audit data server	Enable auditing
Audit administration server	Analyze the audit trail
Boot server	Install on a subnet
File server	Centrally locate files for general use
Install server	Install over the network or use Custom JumpStart scripts
DNS server	Resolve internet names and addresses outside your local network
Home directory server	Enable remote mounting of users' home directories.
Mail server	Funnel mail to end user workstations from a central location
Network gateway	Operate an Failed Cross Reference Format
NIS+ root master (Name Server)	Establish a NIS+ domain
NIS+ replicas	Establish a NIS+ domain
NIS+ subdomain masters	Establish a NIS+ subdomain
OS server	Serve diskless clients
Print server	Print hard copy

To plan the system administration aspects of servers, see the administration guides in the Solaris 7 System Administrator Collection including:

Mail Administration Guide
Solaris Naming Setup and Configuration Guide
System Administration Guide, Volume I
System Administration Guide, Volume II

OS servers are covered in the Solstice AdminSuite 2.3 Administration Guide, and Trusted Solaris-specific administration is covered in Trusted Solaris Administrator's Procedures.

Additional Planning for Open Networks

If your network is open to other networks, you need to specify accessible domains and workstations, and identify which Trusted Solaris hosts will serve as gateways to access them. You need to identify the Trusted Solaris accreditation range for these gateways, and the sensitivity label at which data from other hosts may be viewed. Trusted Solaris software recognizes five labeled host types, including Trusted Solaris (sun_tsol), and provides eight templates by default, as shown in the following table.

Table 1-2 Templates Provided with Trusted Solaris Network Software


Host Type		Template Name	Purpose
Unlabeled		`unlab`	For hosts or networks that send unlabeled packets, for example, SUN workstations running Solaris software
Labeled
	Trusted Solaris 2.5.1 (`sun_tsol`)	`tsol`	For Trusted Solaris 2.5.1 hosts or networks
	Trusted Solaris 2.5.1 (`sun_tsol`)	`tsol_1`	For TS2.5.1 and 7 hosts or networks that label packets with the RIPSO security option
		`tsol_2`	For TS2.5.1 and 7 hosts or networks that label packets with the CIPSO security option
	TSIX	`tsix`	For TSIX(RE1.1) hosts or networks
	MSIX	`msix`	For hosts or networks that run Trusted Solaris 1.2 software
	CIPSO	`cipso`	For hosts or networks that send CIPSO packets
	RIPSO	`ripso`	For hosts or networks that send RIPSO packets

The tnrhtp(4) man page gives complete descriptions of each host type with several examples.

For more information on the security administration of servers, file systems, and network interfaces, see Trusted Solaris Administrator's Procedures.