Solaris for ISPs includes the following enhancements to the Solaris operating system:
SunTM Internet AdministratorTM
Host configuration software
SunTM Internet Services MonitorTM
SunTM Directory Services
SunscreenTM SKIP
FlexLM License Server
HotJavaTM browser
Java Development Kit
Sun Internet Administrator provides secure central management for distributed ISP services. It gives ISP administrators the following features:
Single sign-on for administrators. ISP administrators log onto Sun Internet Administrator once to access all functions for which they have authorization. Services developed according to ISP guidelines and managed from Sun Internet Administrator receive log-on information from it; the user is not subsequently challenged.
Secure communications between administrators' client machines and remote service hosts. The optional SKIP software can be installed and configured on all connections to the console, and from the console to the service host machines, making those communications snoop-proof and spoof-proof.
Logging of administrator actions for traceability. Each administrator action, from initial log-on attempt through logout, is logged via the syslog utility. This provides both troubleshooting and accountability information.
Remote management of existing ISP services. Service components provided with Solaris for ISPs can all be managed from the Sun Internet Administrator, regardless of their location on the network. Additionally, SunTM Internet FTP ServerTM and SunTM Internet News ServerTM are three-tier components and receive all the security benefits built into Sun Internet Administrator. See "Managing Services with Sun Internet Administrator" for more information on service interaction with Sun Internet Administrator.
Extensibility for existing services. ISPs can integrate their own applications with Sun Internet Administrator and manage them in the same way as services provided with Solaris for ISPs. See Chapter 7, Integrating Existing Service Applications for instructions on integrating applications with Sun Internet Administrator.
The Solaris for ISPs host configuration software provides the following functionality:
Software installation. Administrators install and uninstall all Solaris for ISPs software using the host configuration software. Administrators can save installation scenarios for use in a JumpStart finish script to repeat installations automatically.
Solaris foundation configuration. To improve security and conserve resources, unneeded Solaris services are disabled. Security-related components of Solaris are configured appropriately for an ISP environment.
Intrusion detection. Periodically, the intrusion detector checks its log file, determining whether any failed log-on attempts have occurred since the last check. If an intrusion attempt has occurred, the detector collects the logged data and passes it to the user-specified notification mechanism (such as electronic mail).
Server process management. This cron job ensures that server processes (such as news servers) are indeed running. If any server has stopped abnormally, the server process manager starts that server.
Log file management. Audit and syslog logs are cycled daily. The log file management daemon archives logs weekly and deletes any archive older than one month.
The host configuration software is a required software component. It is installed on every Solaris for ISPs host machine.
The performance monitoring software allows an ISP to set up special client machines that emulate a subscriber's experience with the ISP services. The performance monitoring applet can be set to connect to any combination of Web, mail, news, and directory services servers and collect information on their performance from a subscriber's perspective. This data is collected on the monitoring host machine and viewable with a Web browser.
Sun Internet Services Monitor is a two-tier application. It is manageable through Sun Internet Administrator, but does not receive the benefits of single sign-on or administrator authentication. See "Managing Services with Sun Internet Administrator" for more information on the two-tier architecture.
This Lightweight Directory Access Protocol (LDAP) implementation provides a shared repository for both user (administrator) and service configuration information. Administrators store subscriber information in the repository as well. Features in this release of Sun Directory Services include:
Conformance to LDAP v3 Internet standards.
A Remote Access Dialup User Service (RADIUS) server that provide authentication for remote users connecting to the network through a Network Access Server (NAS).
A Network Information System (NIS) server that integrates into an existing NIS environment to provide an integrated naming service.
A complete suite of administration tools, including the Deja directory editor, a Java--implemented administration console for management of the directory, and a Web gateway for access from any browser.
Sun Directory Services is manageable from Sun Internet Administrator as an X-based application.
Sun Directory Services installs with a no-license limitation of 1K (one thousand) entries in the directory. A license certificate for 5K (five thousand) entries ships with Solaris for ISPs and must be redeemed and registered with the FlexLM license server before it takes effect. See the instructions in the Solaris for ISPs Installation Guide for details of redeeming and installing the license certificate.
See Chapter 5, Using Directory Services and Chapter 6, Solaris for ISPs Directory Services Schema of this book for information about the role of Sun Directory Services in Solaris for ISPs. The Sun Directory Services documentation consists of two books, Sun Directory Services 3.1 Administration Guide and Sun Directory Services 3.1 User's Guide, both delivered as AnswerBook2TM packages. The Sun Directory Services Deja tool also has full on-line help.
SunscreenTM SKIP is based on the Simple Key-management for Internet Protocols (SKIP) standard of key management for IP encryption. Characteristics of SKIP include:
Automatic certificate exchanges
Sessionless protocols
Multicast and unicast packet protocols for IPv4 and IPv6
Certificate Discovery Protocol (CDP)
The full SKIP technology is available only in North America, but a version exists for export to other parts of the world. When SKIP is installed, its manual pages are located at /opt/SUNWicp/man.
The FlexLM license server is used by Sun Directory Services to manage licenses of various sizes. If you already have a license server in your network (version 4.1 or later), you can use it to serve Sun Directory Services licenses.
Sun Directory Services allows 1K (one thousand) entries before requiring a license. This is sufficient to install and initialize the directory. In any reasonable ISP application, however, more entries will quickly be required. Follow the directions in the Solaris for ISPs Installation Guide for acquiring a license key and configuring the server.
After it is installed, the FlexLM manual pages are located at /opt/SUNWste/licene_tools/man.
The HotJava browser is provided with Solaris for ISPs to support Sun Internet Administrator and other administration user interfaces in the product. It supports the following Internet standards and protocols:
Java Development Kit 1.1.6
HTTP 1.1 Protocol
HTML 3.2
Tables and Frames
Persistent Cookies
GIF and JPEG Media Formats
AU Audio Format
FTP and Gopher File Transfer Protocols
SMTP and MIME E-mail Protocols
SOCKS Protocol
Secure Sockets Layer (SSL) 3.0
Java Archive (JAR) Format
The Java Development Kit (JDK) is provided with Solaris for ISPs to support the use of Java in the product. JDK version 1.1.5 includes the following new capabilities:
Internationalization
Signed applets
JAR file format
AWT (window toolkit) enhancements
JavaBeansTM component model
Networking enhancements
Math package for large numbers
Remote Method Invocation (RMI)
Reflection
Database connectivity (JDBC)