This section provides links for planning and executing a secure installation and configuration of Oracle Solaris Cluster software.
Installation – You can install the Oracle Solaris Cluster software with the Oracle Solaris Automated Installer (AI). For more information, see Installing the Software in Installing and Configuring an Oracle Solaris Cluster 4.4 Environment.
Cluster packages – Oracle Solaris Cluster packages use Oracle Solaris Image Packaging System (IPS) package names.
To see a list of the Oracle Solaris Cluster core, data service, and Disaster Recovery framework packages, see Package Group Lists for Oracle Solaris Cluster 4.4.
Configuration – You can configure and administer a global cluster and a zone cluster. For more information, see Chapter 3, Establishing the Global Cluster in Installing and Configuring an Oracle Solaris Cluster 4.4 Environment, Chapter 6, Creating Zone Clusters in Installing and Configuring an Oracle Solaris Cluster 4.4 Environment, and Chapter 1, Introduction to Administering Oracle Solaris Cluster in Administering an Oracle Solaris Cluster 4.4 Configuration.
For the clinstall installation method and all methods to establish a global cluster node, prior authorization of one designated control node is required, permitting only that designated system to access the node it will install or configure. If desired, DES encryption can be used for a more secure configuration. For more information, see the clauth(8CL) man page.
Common agent container vulnerability – The combination of common agent container and some older Java versions poses a security vulnerability in Oracle Solaris Cluster software. For information to identify whether your system has this vulnerability and how to correct it, see My Oracle Support reference document, CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Solaris Cluster (Doc ID 1999997.1) (https://support.oracle.com/epmos/faces/DocumentDisplay?id=1999997.1&displayIndex=1). This document requires My Oracle Support login.
HA for NFS secured with Kerberos V5 – If you need to secure access to NFS services that are managed by the HA for NFS data service, you can configure a Kerberos V5 client to secure the HA for NFS data service. This includes adding a Kerberos principal for NFS over the logical hostnames on all cluster nodes. For more information, see Securing HA for NFS With Kerberos V5 in Oracle Solaris Cluster Data Service for NFS Guide.