Chapter 1 N1 Service Provisioning System 4.1 Overview

This chapter provides an overview of the tasks required to install and configure the N1 Service Provisioning System 4.1. This chapter also contains an overview of the applications included in the N1 Service Provisioning System 4.1 and the types of network protocols that you can use for additional security.

This chapter discusses the following topics:

• Overview of the N1 Service Provisioning System 4.1 Installation Tasks

• Overview of N1 Service Provisioning System 4.1 Applications

• Network Protocols

Overview of the N1 Service Provisioning System 4.1 Installation Tasks

The task map below describes the tasks necessary to properly install and configure the N1 Service Provisioning System 4.1.

Table 1–1 Task Map: Installing the N1 Service Provisioning System 4.1

Task	Description	For Instructions
Review system requirements.	Determine whether your system meets the minimum requirements to install.	Chapter 2, System Requirements for the N1 Service Provisioning System 4.1
Gather information for installation.	Before installing, gather the information that you will need to install the product.	Chapter 3, Gathering Information Before Installation
(Optional) Create a user account.	You can create a special, operating system user account to be used by N1 Service Provisioning System 4.1.	The documentation for your operating system.
(Optional) Install Jython on CLI Client machines.	You may choose to install Jython on any machine from which you want to run the CLI Client. Jython is not required to run the CLI Client. Jython is available from .	The Jython web site.
Install the applications.	You will install each of the N1 Service Provisioning System 4.1 applications individually using the appropriate installation script provided on the product media.	Chapter 4, Installing the N1 Service Provisioning System 4.1 on Solaris OS, Red Hat Linux, and IBM AIX Systems Chapter 5, Installing the N1 Service Provisioning System 4.1 on Windows Systems
(Optional) Configure SSH.	If you plan to access the Master Server on the Internet, you can increase the Master Server security by configuring the N1 Service Provisioning System 4.1 to use SSH to communicate with that server.	Chapter 6, Configuring the N1 Service Provisioning System 4.1 to Use Secure Shell
(Optional) Configure SSL.	If you want to provide the maximum security for communication among the applications, configure the applications to use SSL when communicating. SSL support is based on self-signed digital certificates that your organization can issue to itself.	Chapter 7, Configuring the N1 Service Provisioning System 4.1 for SSL
(Optional) Configure the JVM Security Policy.	If you do not use SSL to provide security for communication among application, you can configure the JVM security policy so that the applications accept only connections from localhost. This setup provides a minimum level of security.	Chapter 8, Configuring the Java Virtual Machine Security Policy

Overview of N1 Service Provisioning System 4.1 Applications

The N1 Service Provisioning System 4.1 is a distributed software platform that includes the following special-purpose applications:

• Master Server – A central server that stores components and plans and provides an interface for managing application deployments.

• Local Distributor – Optional servers that act as a proxy for the Master Server to optimize network communications across data centers and through firewalls.

• Remote Agent – One or more small management applications that perform operations on individual hosts. Every host that you want to be controlled by the N1 Service Provisioning System 4.1 must have the Remote Agent application.

• Command Line Interface Client – Optional small applications that accept commands to be executed on the Master Server.

Master Server

The Master Server runs on Solaris OS, Red Hat Linux, or Microsoft Windows 2000 Server and Microsoft Windows 2000 Advanced Server systems. The Master Server is a central server that does the following.

• Manages a database that identifies all hosts registered in the provisioning software

• Stores components and plans in a repository

• Performs version control on the objects stored in the repository

• Authenticates IT operators and ensures that only authorized users perform specific operations

• Includes special-purpose engines for performing tasks such as dependency tracking and deployments

• Provides both an HTML interface and a command-line interface for users

Local Distributor

A Local Distributor is a proxy that optimizes the distribution and management of Remote Agents. Data centers can use Local Distributors to do the following:

• Minimize network traffic during deployments. The Master Server can send one copy of a component to a Local Distributor, which then replicates the component for installation on a collection of systems.

• Minimize firewall reconfigurations. If a firewall stands between the Master Server and a collection of systems, administrators can open the firewall only for the systems running Local Distributors, rather than for every system involved in a deployment.

• Minimize the load to the Master Server during large scale deployments.

Remote Agent

A Remote Agent is an application that runs on every system being managed by the N1 Service Provisioning System 4.1. Remote Agents perform the tasks requested by the Master Server. The Remote Agents are supported on the Solaris OS, Red Hat Linux, IBM AIX, and Microsoft Windows 2000 platforms. Remote agents can do the following:

• Report server hardware and software configurations to the Master Server

• Start and stop services

• Manage directory contents and properties

• Install and uninstall software

• Run operating system commands and native scripts specified in component models

Command Line Interface Client

The Command Line Interface (CLI) Client provides a communication path to the Master Server to enable the execution of commands from local and remote systems. The CLI Client enables commands to be executed in the following environments:

• Windows command line

• UNIX shell such as bash

To execute these commands, the CLI Client establishes a connection to the Master Server through TCP/IP or securely using SSL, or SSH.

The CLI Client operates in the following two modes:

• Single-command mode, which enables you to submit one command at a time

• Interactive mode, which prompts you for commands, maintains a command history, and allows for Jython scripting

When operating in interactive mode, the CLI Client uses the Jython programming language. Jython is a Java implementation of the high-level, dynamic, object-oriented language Python.

---

Note –

Install Jython on any system on which you plan to run the CLI Client in interactive mode. For more information about Jython and to download Jython, visit .

---

Network Protocols

The N1 Service Provisioning System 4.1 supports a variety of network protocols for communication among the software applications. You select the protocol to apply to each of the following types of network communication:

• Communication between the Master Server and Local Distributors or Remote Agents

• Communication between a particular Local Distributor and Remote Agents

• Communication between the Master Server and a CLI Client

The N1 Service Provisioning System 4.1 supports the following protocols:

• Raw TCP/IP

• Secure Shell

• Secure Sockets Layer

You can tailor your network security to meet the needs of your particular network topology. For example, say communication within each of your data centers is secure but your network connection to a remote data center passes through the public Internet. You might configure the Master Server to use SSL when communicating with a Local Distributor that is installed inside the firewall for the remote data center, so that all communication over the Internet is secure. The Local Distributor might use raw TCP/IP to communicate with the Remote Agents because all the communication over the local network is secure. For more information about how to configure the different protocols, read Chapter 6, Configuring the N1 Service Provisioning System 4.1 to Use Secure Shell and Chapter 7, Configuring the N1 Service Provisioning System 4.1 for SSL.

Raw TCP/IP

Raw TCP/IP is standard TCP/IP without additional encryption or authentication. The advantage of raw TCP/IP is that it requires no additional set-up and configuration. If your data center network is protected by a firewall and secured from intrusion, using raw TCP/IP provides a convenient method for communication among N1 Service Provisioning System 4.1 applications.

Secure Shell

Secure Shell (SSH) is a UNIX command suite and protocol for securely accessing a remote computer. SSH secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. SSH uses RSA public key cryptography to manage connections and authentication. SSH is more secure than telnet or other shell-based communication methods.

You can configure the N1 Service Provisioning System 4.1 applications to communicate using ssh. The N1 Service Provisioning System 4.1 supports OpenSSH which is a free version of SSH that has been primarily developed by the OpenBSD Project. For more details about OpenSSH, see . The software can be configured to support other versions of SSH as well.

Secure Sockets Layer

Secure Sockets Layer (SSL) is a protocol for securing communication over IP networks. SSL uses TCP/IP sockets technology to exchange messages between a client and a server while protecting the message with a public-and-private key encryption system developed by RSA. Support for SSL is included in most web server products, as well as in the Netscape Navigator^TM browser and Microsoft web browsers.

You can configure the N1 Service Provisioning System 4.1 applications to use SSL for network communications to help prevent the software messages from being read or altered. Optionally, the applications can be configured to use SSL to authenticate each other before communicating, thereby increasing network security.