This section provides links for planning and executing a secure installation and configuration of Oracle Solaris Cluster.
Installation – You can install the Oracle Solaris Cluster software with the Oracle Solaris 11 Automated Installer (AI). For more information, see Installing the Software in Oracle Solaris Cluster 4.3 Software Installation Guide .
Cluster packages – Oracle Solaris Cluster packages use Oracle Solaris Image Packaging System (IPS) package names.
To see a list of the Oracle Solaris Cluster core, data service, and Geographic Edition packages, see Oracle Solaris Cluster 4.3 Package Group Lists .
Configuration – You can configure and administer a global cluster and a zone cluster. For more information, see Chapter 3, Establishing the Global Cluster, in Oracle Solaris Cluster 4.3 Software Installation Guide , Chapter 6, Creating Zone Clusters, in Oracle Solaris Cluster 4.3 Software Installation Guide , and Chapter 1, Introduction to Administering Oracle Solaris Cluster, in Oracle Solaris Cluster 4.3 System Administration Guide .
For all methods to establish a global cluster node, prior authorization of one designated sponsor node is required, permitting only that designated system to access the node it will configure. If desired, DES encryption can be used for a more secure configuration. For more information, see the clauth (1CL) man page.
Common agent container vulnerability – The combination of common agent container and some older Java versions poses a security vulnerability in Oracle Solaris Cluster software. For information to identify whether your system has this vulnerability and how to correct it, see My Oracle Support reference document, CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Solaris Cluster (Doc ID 1999997.1) (https://support.oracle.com/epmos/faces/DocumentDisplay?id=1999997.1&displayIndex=1). This document requires My Oracle Support login.
HA for NFS secured with Kerberos V5 – If you need to secure access to NFS services that are managed by the HA for NFS data service, you can configure a Kerberos V5 client to secure the HA for NFS data service. This includes adding a Kerberos principal for NFS over the logical hostnames on all cluster nodes. For more information, see Securing HA for NFS With Kerberos V5 in Oracle Solaris Cluster Data Service for NFS Guide .