Security Requirements for Using EVS
To perform EVS operations, you need to be superuser or a user with the Elastic Virtual
Switch Administration rights profile. You can also create a user and assign the Elastic
Virtual Switch Administration rights profile to the user. For more information, see
Securing Users and Processes in Oracle Solaris 11.3.
Note -
In a multitenant EVS setup, individual tenants cannot manage their own elastic
virtual switches and their resources because per-tenant user authorizations for each
user is not supported. The entire EVS domain must have a single administrator who
manages resources of all the tenants.
The following example shows how to create user1 with the Elastic
Virtual Switch Administration rights profile.
# useradd -P “Elastic Virtual Switch Administration” user1
The following example shows how to add the Elastic Virtual Switch Administration
rights profile to the existing user user1.
# usermod -P +”Elastic Virtual Switch Administration” user1
When you set the EVS controller, you must specify the user who has the Elastic Virtual
Switch Administration rights profile. For example, you must specify
user1 when you set the EVS controller as follows:
# evsadm set-prop -p controller=ssh://user1@example-controller.com
For more information, see Configuring an EVS Controller.
Note -
You can also use evsuser that is created when you install the
pkg:/service/network/evs package. The user,
evsuser, is assigned with the Elastic Virtual Switch
Administration rights profile. This profile provides all the required authorizations
and privileges to perform EVS operations. A new authorization
solaris.network.evs.observability is required to observe EVS resources and
statistics. A new authorization solaris.network.evs.observability is required to
observe EVS resources and statistics.
Note -
The Elastic Virtual Switch Administration rights profile with the authorization
solaris.network.evs.observability is required to provide an
ability to observe EVS resources and statistics.