Overview of Securing Automated Installations

You can secure automated installations with the Transport Layer Security (TLS) protocol. TLS uses private certificates and key pairs as well as the Certificate Authority (CA) certificate for generating and signing certificates. SPARC WAN boot clients also require firmware hash (HMAC) digest and encryption keys which secure the downloading of the initial network boot files.

The current Oracle Solaris release supports HMAC-SHA256 protocols for SPARC WAN boot clients, in addition to the HMAC-SHA1 protocols in previous releases.

Note:

With x86 clients that use PXEBoot, the initial network boot phase is not secured. For these clients, you implement security by creating an install service from a custom image that has security credentials. You would set the same credentials for the service as the image's. For information about creating custom secured AI images, see Chapter 3, Building an Image in Creating a Custom Oracle Solaris 11.4 Image.

Security for automated installations is implemented in the following ways:

• Server and client authentication.

• Access control access to automated installations and server data.

• Client data protection either for all clients together or separately for specific clients.

• Data encryption.

• Secure access to IPS package repositories as well as user specified directories.

In addition, you can also use AI to provision Kerberos in the clients. See How to Configure Kerberos Clients Using AI.