Security Requirements for Using EVS

Language:

To perform EVS operations, you need to be superuser or a user with the Elastic Virtual Switch Administration rights profile. You can also create a user and assign the Elastic Virtual Switch Administration rights profile to the user. For more information, see Securing Users and Processes in Oracle Solaris 11.2 .

Note - In a multitenant EVS setup, individual tenants cannot manage their own elastic virtual switches and their resources because per-tenant user authorizations for each user is not supported. The entire EVS domain must have a single administrator who manages resources of all the tenants.

The following example shows how to create user1 with the Elastic Virtual Switch Administration rights profile.

# useradd -P “Elastic Virtual Switch Administration” user1

The following example shows how to add the Elastic Virtual Switch Administration rights profile to the existing user user1.

# usermod -P +”Elastic Virtual Switch Administration” user1

When you set the EVS controller, you must specify the user who has the Elastic Virtual Switch Administration rights profile. For example, you must specify user1 when you set the EVS controller as follows:

# evsadm set-prop -p controller=ssh://user1@example-controller.com

For more information, see Configuring an EVS Controller.

Note - You can also use evsuser that is created when you install the pkg:/service/network/evs package. The user, evsuser, is assigned with the Elastic Virtual Switch Administration rights profile. This profile provides all the required authorizations and privileges to perform EVS operations.