Task Map: Configuring Trusted Extensions to Your Site's Requirements

Tip - For a secure configuration process, create roles early.

The order of tasks when roles configure the system is shown in the following task map.

Task	For Instructions
Configure the global zone.	Task Map: Configuring the Global Zone
Configure the LDAP naming service. Note - Skip if you are not LDAP.	Task Map: Configuring the LDAP Naming Service
Configure the labeled zones.	Task Map: Configuring the Labeled Zones
To communicate with other systems, set up networking.	Task Map: Configuring Networking
Complete system setup.	Part II, Administration of Trusted Extensions

For a secure configuration process, create roles early. The order of tasks when roles configure the system is shown in the following task maps.

Task	For Instructions
Protect machine hardware by requiring a password to change hardware settings.	Controlling Access to System Hardware in System Administration Guide: Security Services
Configure labels. Labels must be configured for your site.	Check and Install Your Label Encodings File
If you are running an IPv6 network, enable IP to recognize labeled packets.	Enable IPv6 Networking in Trusted Extensions
If the CIPSO Domain of Interpretation (DOI) of your network nodes is not `1`, specify the DOI.	Configure the Domain of Interpretation
Boot to activate a labeled environment. Upon login, you are in the global zone.	Reboot and Log In to Trusted Extensions
Create the Security Administrator role and other roles that you plan to use locally. You create these roles just as you would create them in the Oracle Solaris OS. You can delay this task until the end. For the consequences, see Devising a Configuration Strategy for Trusted Extensions.	Creating Roles and Users in Trusted Extensions Verify That the Trusted Extensions Roles Work

If you plan to use files to administer Trusted Extensions, skip the following tasks.

Task	For Instructions
Add Trusted Extensions databases to an existing Sun Java System Directory Server (LDAP server). Then make your first Trusted Extensions system a proxy of this LDAP server. Or, configure your first system as the server.	Chapter 5, Configuring LDAP for Trusted Extensions (Tasks)
For systems that are not the LDAP server or proxy server, make them an LDAP client.	Make the Global Zone an LDAP Client in Trusted Extensions
In the LDAP naming service, create the Security Administrator role and other roles that you plan to use. You can delay this task until the end. For the consequences, see Devising a Configuration Strategy for Trusted Extensions.	Creating Roles and Users in Trusted Extensions Verify That the Trusted Extensions Roles Work

For a customized configuration, use your label_encodings file to create the labeled zones by following this task map.

Task	For Instructions
Using the `txzonemgr` GUI, create your labeled zones.	Create Labeled Zones Interactively
Assign a label to a workspace for each of your labeled zones.	Substitute your zone names in Assign Labels to Two Zone Workspaces

Network setup is required only if you plan to communicate with other systems.

Task	For Instructions
Configure the network interfaces.	Configure the Network Interfaces in Trusted Extensions
(Optional) Add zone-specific network addresses and default routing to the labeled zones.	Adding Network Interfaces and Routing to Labeled Zones

Skip Navigation Links
Exit Print View
	Oracle Solaris Trusted Extensions Configuration and Administration Oracle Solaris 11 Express 11/10