Sun Management Center Internal Security

This section describes the security process that is used between Sun Management Center components.

Server-to-Agent Security

Communication between the Sun Management Center server and its managed nodes is primarily performed using the industry standard Simple Network Management Protocol version 2, employing the User Security model SNMP v2usec. The SNMPv2 mechanism is well suited to mapping the user credentials from the server layer to agent-side operations. SNMPv2 is the primary mechanism for ensuring that access control policies cannot be circumvented.

Sun Management Center also supports SNMP v1 and v2 with community-based security. Although not as robust from a security standpoint, support for SNMP v1 and v2 is important for integration with other devices and other management platforms. In environments where the use of these mechanisms is undesirable, the access control specification mechanism can be used to restrict or forbid access to processes using the SNMP v1 and v2 protocols. The Sun Management Center agent can also understand and respond to SNMPv3 queries from third-party applications.

For customized operations where data streaming could be a requirement, a probe mechanism is also employed. The probe mechanism is initiated by SNMP operations. When initiated, probe operations use a streaming TCP connection to implement bidirectional, potentially interactive services on the managed node, for example, log file viewing. Since the probe mechanism uses SNMP communication, no encryption of the packet payload is performed.

Cross-Server Context Security

When Sun Management Center communicates with managed nodes outside the local server context, the security model ensures that operations are performed as the generic public SNMPv2 usec user. Use of public greatly restricts privileges and limits users to the perusal of management data.

Client-to-Server Security

Communication between the Sun Management Center server layer and clients such as consoles and command-line interfaces is performed using Java Technology Remote Method Invocation (RMI) in conjunction with a comprehensive product-specific security model. The security model allows clients to operate in either low, medium or high security modes, which affects the level of message authentication that is performed.

• Low: No message authentication. Only the user password is checked at time of login.

• Medium (default): Console-to-server authentication only, for example, server authentication of incoming console messages.

• High: Both console and server authenticate messages.

Because of the potential performance impact of the higher security levels, you should carefully consider your message authentication requirements.

Module Security

Sun Management Center provides module level security for Service Management Facility(SMF), Module Configuration Propagation (MCP), and Solaris Container Manager modules. Any user will be able to load any module on the Sun Management Center agent. However, for setting/changing actions or values on the module, the user needs to have prior permissions. Module security is provided in two ways: RBAC (Role Based Access Control) and local file access.

RBAC is based on profiles. Users having the required profiles can perform profile-specific tasks. RBAC can be implemented by running Solaris system administration commands.

Local file access is independent of the OS. The users need to have the required permissions to be added to the local access file. Security through local file access can implemented by using the es-config command. For more information refer to Using es-config.