Chapter 1 Site Preparation Overview

This chapter provides a summary of the steps required to prepare your site for installation and configuration of the Sun N1 System Manager1.3 system, and security issues you need to consider when preparing your site for the first-time installation of the Sun N1 System Manager software.

If you are upgrading an existing installation of the N1 System Manager, site preparation is not needed. Upgrade the N1 System Manager as described in Chapter 3, Upgrading the Sun N1 System Manager Software, in Sun N1 System Manager 1.3 Installation and Configuration Guide.

This section discusses the following topics:

• Summary of Major Tasks

• Security Considerations

Summary of Major Tasks

The following diagram provides a high-level overview of the tasks required to prepare a site for Sun N1 System Manager1.3 installation.

The term manageable server is used in this manual for any server that has not been discovered by the N1 System Manager. The term management server refers to the server on which the N1 System Manager is installed. The term managed server is used for any server that has been discovered by the N1 System Manager and is subsequently monitored and managed by the N1 System Manager.

Figure 1–1 Site Preparation Task Flow

Summaries of each of the above tasks are provided in the following list.

• Determine system requirements

  This task involves the following actions:

  • Inventory the equipment you want to use with the Sun N1 System Manager

  • Compare the inventory to the system requirements, and if desired, purchase additional equipment

  • Determine which server you will use as the management server and which operating system you will install on the management server

  • Determine which servers you will monitor and manage using the N1 System Manager and, based on the total, determine your switch requirements

  References:

  • Sun N1 System Manager Hardware and OS Requirements

  • Sun N1 System Manager Connection Information

  • Reference Configurations

  • Management Server Considerations

  • Switch Considerations

• Map network

  This task involves the following actions:

  • Determine the IP addressing scheme for the management, provisioning, and data networks.

  • Determine whether you will use a single-switch configuration in which all connections are on a single switch, or a two-switch configuration, in which the management network is isolated on one switch and the data and provisioning networks are on the second switch.

  • Determine the VLAN assignments.

  References:

  • Reference Configurations

  • Site Planning

• Connect the hardware based on the information and decisions you have made in the preceding steps.

• Prepare the manageable servers

  This task involves the following actions:

  • Assign an IP address to the management port of each manageable server

  • Set up the manageable server management processor account credentials where applicable

  References:

  • Server hardware documentation

  • Setting Up Manageable Servers

• Install and configure an operating system on the management server.

  This task can be performed at the same time as manageable server preparation and RIS server setup.

  References:

  • Installing the Solaris OS on the Management Server

  • Installing the RedHat Enterprise Linux OS on the Management Server

  • Enabling FTP on the Management Server

  • Updating the /etc/hosts File

  • Setting Up a Windows Remote Installation Services Server

Security Considerations

The following list provides general security considerations that you should be aware of when you are using the N1 System Manager:

• The Java^TM Web Console that is used to launch the N1 System Manager's browser interface uses self-signed certificates. These certificates should be treated with the appropriate level of trust by clients and users.

• The terminal emulator applet that is used by the browser interface for the serial console feature does not provide a certificate-based authentication of the applet. The applet also requires that you enable SSHv1 for the management server. For certificate-based authentication or to avoid enabling SSHv1, use the serial console feature by running the connect command from the n1sh shell.

• SSH fingerprints that are used to connect from the management server to the provisioning network interfaces on the managed servers are automatically acknowledged by the N1 System Manager software by default, which might make managed servers vulnerable to “man-in-the middle” attacks. You can configure how the N1 System Manager processes changed and unknown SSH keys by running the n1smconfig utility after the N1 System Manager has been installed or upgraded. See Configuring SSH Unknown and Changed Host Key Policies in Sun N1 System Manager 1.3 Installation and Configuration Guide.

• The Web Console (Sun ILOM Web GUI) autologin feature for Sun Fire X4100 and Sun Fire X4200 servers exposes the server's management processor credentials to users who can view the web page source for the Login page. To avoid this security issue, disable the autologin feature by running the n1smconfig utility. See Configuring the N1 System Manager in Sun N1 System Manager 1.3 Installation and Configuration Guide for details.