Planning Your Trusted Network
For assistance in planning network hardware, see Chapter 2, Planning Your TCP/IP Network (Tasks), in System Administration Guide: IP Services.
As in any client-server network, you need to identify hosts by their function, that is, server or client, and configure the software appropriately. For assistance in planning, see Solaris 10 5/09 Installation Guide: Custom JumpStart and Advanced Installations.
Trusted Extensions software recognizes two host types, labeled and unlabeled. Each host type has a default security template, as shown in Table 1–1.
Table 1–1 Default Host Templates in Trusted Extensions|
Host Type |
Template Name |
Purpose |
|---|---|---|
|
unlabeled |
admin_low |
At initial boot, labels the global zone. After initial boot, identifies hosts that send unlabeled packets. |
|
cipso |
cipso |
Identifies hosts or networks that send CIPSO packets. CIPSO packets are labeled. |
If your network can be reached by other networks, you need to specify accessible domains and hosts. You also need to identify which Trusted Extensions hosts are going to serve as gateways. You need to identify the label accreditation range for these gateways, and the sensitivity label at which data from other hosts can be viewed.
The smtnrhtp(1M) man page provides a complete description of each host type with several examples.
- © 2010, Oracle Corporation and/or its affiliates