The Sun N1 Service Provisioning System provides the following features to ensure the security of your data, applications, and network.
Secure HTTP (HTTPS) support –You can configure your SPS environment to use HTTPS to ensure the security of your connection to the master server. By using Secure Sockets Layer (SSL) digital certificates and keystores, you can protect your connection to the Master Server through the web browser interface.
For more information, see Chapter 6, Configuring the Sun N1 Service Provisioning System 5.2 for HTTPS.
Secure Shell (SSH) support –SSH is a UNIX-based command suite and protocol for securely accessing a remote computer. SSH secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. SSH uses RSA public key cryptography to manage connections and authentication.
For more information, see Chapter 7, Configuring the Sun N1 Service Provisioning System 5.2 to Use Secure Shell.
Secure Sockets Layer (SSL) support – SSL is a protocol for securing communication over IP networks. SSL uses TCP/IP sockets technology to exchange messages between a client and a server, while protecting the message with a public and private key encryption system developed by RSA. Support for SSL is included in most web server products and most web browser software.
Sun N1 Service Provisioning System 5.2 applications can be configured to use SSL for their network communications, preventing messages from being read or tampered with.
For more information, see Chapter 8, Configuring the Sun N1 Service Provisioning System 5.2 for SSL.
Java Virtual Machine (JVM) security policies – Each Sun N1 Service Provisioning System 5.2 application has a Java Virtual Machine (JVM) security policy file. You can modify this policy file to restrict access to the Master Server, Remote Agents, and Local Distributors. You can configure these applications to only accept connections from a specific IP Address and Port range or to allow them only to connect to a specific IP Address and Port range.
For more information, see Chapter 9, Configuring the Java Virtual Machine Security Policy.
User authentication - The Sun N1 Service Provisioning System supports the Java Authentication and Authorization Service (JAAS) for user authentication. By editing the jaas.config file, you can configure your SPS environment to use the following authentication services:
LDAP
Sun Directory Server
Microsoft Windows 2000 Active Directory server
For more information, see Appendix A, Authentication Methods, in Sun N1 Service Provisioning System 5.2 System Administration Guide.
User groups - You can control the access to the different features of the Sun N1 Service Provisioning System software by assigning users to specific user groups. You can then assign certain permissions to each user group to limit the actions available to the users in that group.
For more information, see Chapter 4, Managing Users, in Sun N1 Service Provisioning System 5.2 System Administration Guide.
Permissions - You can assign permissions to user groups to restrict user access to either your entire provisioning environment or to specific plans and components. You can designate permission to run provisioning plans or to create components to a specific user group, and limit the permissions of a different user group to enable those users to manage user accounts.
For more information, see Chapter 3, Controlling Access Using Permissions, in Sun N1 Service Provisioning System 5.2 System Administration Guide.
You can also assign file system permissions to the files and directories assigned to a specific resource. By editing the XML in a resource descriptor file, you can override the file system permissions that are created when you check in a resource to SPS. For more information, see Using a Resource Descriptor File in Sun N1 Service Provisioning System 5.2 XML Schema Reference Guide.
User-Specific Steps – The SPS XML schema enables you to specify alternate users to run specific plans or components. The UserToRunAs attribute of the execNative element allows you designate specific users to run commands native to the operating system on a target host.
For more information, see <execNative> Step in Sun N1 Service Provisioning System 5.2 XML Schema Reference Guide Step in Sun N1 Service Provisioning System 5.2 XML Schema Reference Guide.
Access to Component Elements - The XML schema for Sun N1 SPS components allows you to control the access to specific elements of a component, including the following items:
Component variables
Steps to install, uninstall, or control steps on the component
The access attribute enables you to limit the accessibility of specific component elements to varying degrees. For more information, see Chapter 3, Component Schema, in Sun N1 Service Provisioning System 5.2 XML Schema Reference Guide.
User Sessions - Sun N1 SPS can use user sessions to authenticate users and their credentials to perform provisioning tasks. These sessions can be used to identify users throughout a series of related requests without reauthentication. User sessions use session variables to preserve session-related information, such as user authentication and other credentials.
For more information, see Session Variable Concepts in Sun N1 Service Provisioning System 5.2 Plan and Component Developer’s Guide.
You can modify the session variables in a current session without affecting the session variables that are saved in the database, or you can save your modifications. You can use the either the browser interface or the command-line interface to manage session variables. For more information, see Chapter 5, Session Variables, in Sun N1 Service Provisioning System 5.2 Plan and Component Developer’s Guide.
You can also supply session IDs with the command-line interface to authenticate specific commands. For more information, see Chapter 1, Using the Command-Line Interface, in Sun N1 Service Provisioning System 5.2 Command-Line Interface Reference Manual.
You can set user session duration and timeout policies for your SPS environment with a series of configuration variables in the config.properties file. For more information, see Appendix B, Commonly Updated Configuration Variables, in Sun N1 Service Provisioning System 5.2 System Administration Guide.