This section contains information about specific security mechanisms offered by Geographic Edition.
A secure installation uses the following critical security features:
Role-Based Access Control (RBAC) – Geographic Edition software bases its RBAC profiles on the RBAC rights profiles that are used in the Oracle Solaris Cluster software. You must become an administrator who is assigned the User Security rights profile to change most of the security attributes of a role. Assume the root role and use the RBAC roles of solaris.cluster.geo.modify, solaris.cluster.geo.admin, and solaris.cluster.geo.read to access the cluster. For more information, see Securing Users and Processes in Oracle Solaris 11.3 and Modifying a User’s RBAC Properties in Oracle Solaris Cluster 4.3 Geographic Edition System Administration Guide .
Security Certificates – During installation, the cluster is configured for secure cluster communication by using security certificates (nodes within the same cluster must share the same security certificates). The communication between clusters in a Geographic Edition partnership is secured through the Java Management Extensions (JMX) port with Secure Sockets Layer (SSL) using the security certificates. For more information, see Configuring Trust Between Partner Clusters in Oracle Solaris Cluster 4.3 Geographic Edition Installation and Configuration Guide .
Common Agent Container – To enable a zone cluster to function as a member of a Oracle Solaris Cluster partnership, the common agent container must be manually configured within the zone cluster. For more information, see Preparing a Zone Cluster for Partner Membership in Oracle Solaris Cluster 4.3 Geographic Edition Installation and Configuration Guide .
IP Security Architecture (IPsec) – Use IPsec to configure secure TCP/UDP heartbeat communications between partner clusters. For more information, see Securing Inter-Cluster Communication in Oracle Solaris Cluster 4.3 Geographic Edition Installation and Configuration Guide .