This section contains information about specific security mechanisms offered by the Oracle Solaris Cluster Disaster Recovery framework, formerly called Geographic Edition.
A secure installation uses the following critical security features:
Disaster Recovery Framework Authorizations – The Disaster Recovery framework bases its rights profiles on the rights profiles that are used in the core Oracle Solaris Cluster software. You must become an administrator who is assigned the User Security rights profile to change most of the security attributes of a role. Assume the root role and use roles with solaris.cluster.geo.modify, solaris.cluster.geo.admin, and solaris.cluster.geo.read authorizations to access the Disaster Recovery framework in a cluster. For more information, see Securing Users and Processes in Oracle Solaris 11.4 and Modifying a User’s Rights in Administering the Disaster Recovery Framework for Oracle Solaris Cluster 4.4.
Security Certificates – During installation, the cluster is configured for secure cluster communication by using security certificates (nodes within the same cluster must share the same security certificates). The communication between clusters in a Disaster Recovery framework partnership is secured through the Java Management Extensions (JMX) port with Secure Sockets Layer (SSL) using the security certificates. For more information, see Configuring Trust Between Partner Clusters in Installing and Configuring the Disaster Recovery Framework for Oracle Solaris Cluster 4.4.
Common Agent Container – To enable a zone cluster to function as a member of a Disaster Recovery framework partnership, the common agent container must be manually configured within the zone cluster. For more information, see Preparing a Zone Cluster for Partner Membership in Installing and Configuring the Disaster Recovery Framework for Oracle Solaris Cluster 4.4.
IP Security Architecture (IPsec) – Use IPsec to configure secure TCP/UDP heartbeat communications between partner clusters. For more information, see Securing Inter-Cluster Communication in Installing and Configuring the Disaster Recovery Framework for Oracle Solaris Cluster 4.4.