6.3 SOLARIS 8 CONTAINERS AND SOLARIS 9 CONTAINERS use software code 128 implementation toincoporate barcode 128 on software USPS POSTal Numeric Encoding Technique Barcode Figure 6.7 Structure of a System with Solaris 8 Containers and Solaris 9 Containers 6.3.1 Oracle Solaris Trusted Extensions Some data center work Software Code 128 Code Set B loads require or bene t from strict compartmentalization of different categories of data and users. This statement has been true for certain government organizations for decades, but in recent years governments have required that corporations protect data in new ways. Some users are allowed access to only one category of data, whereas other users need access to multiple categories.

In the past, government and corporate organizations have used customized versions of operating systems, such as Trusted Solaris 8. That functionality was integrated into Solaris 10 as a feature set that can simply be enabled or disabled. The feature set that provides this strict compartmentalization is called Oracle Solaris 10 Trusted Extensions.

As mentioned earlier, Trusted Extensions achieved Common Criteria Certi cation for the Labeled Security Protection Pro le (LSPP) at Evaluation Assurance Level (EAL) 4+, the highest commonly recognized global security certi cation. This achievement allows Solaris 10 to be deployed when multilevel security (MLS) protection and independent validation of an OS security model is required. Solaris 10 achieved this certi cation for SPARC and x86-based systems, for both desktop and server functionality, and also received Common Criteria Certi cation for the Controlled Access Protection Pro le (CAPP) and Role-Based Access Control Protection Pro le (RBACPP).

Because of this certi cation, you can deploy systems. 6 . Oracle Solaris Containers using Trusted Extensi ons to meet the needs of sensitive data environments, including corporate nancial transaction systems and medical record systems. The Trusted Extensions feature set uses Containers to compartmentalize data and processing. A key factor in its ability to achieve the Common Criteria Certi cation described earlier is the robust security boundary that exists around individual Containers.

The features of Oracle Solaris Trusted Extensions are described in detail in the book Solaris Security Essentials.. 6.4 Network Virtualization in OpenSolaris OpenSolaris offers so me features that are not available in Solaris 10. These features include network virtualization features originally called Project Crossbow. Each of these feature sets is described in detail at http://opensolaris.

org and in the man pages for OpenSolaris. The network virtualization features are described in this section. Network virtualization makes it possible to implement traditional network architectures within a computer without losing any exibility in network design.

The new network virtualization features in OpenSolaris enable you to create these objects:. Virtual network inter Code 128 Code Set A for None face connectors (VNICs), which can be used with Containers to increase the isolation between Containers without losing scalability Virtual switches (vSwitches), which can be used in the same way as physical switches that is, to connect VEs to each other and to a physical network port. The use of virtual ne tworks starts with a network design. The simplest practical use of virtual network components is to create multiple VNICs so that two Containers can share a physical NIC. In Figure 6.

8, one VNIC has been created for each of two Containers. Each VNIC uses a physical NIC for communication with network devices outside of this computer..

Figure 6.8 Virtual NICs 6.4 NET WORK VIRTUALIZATION IN OPENSOL ARIS Figure 6.9 shows a sl code 128 barcode for None ightly more complicated version: the virtualization of a lab network. It includes two Containers running web client software, one running web server software, and a special Container acting only as a router between the other Containers and the corporate network.

. Figure 6.9 Network Layout Using OpenSolaris Network Virtualization Implementing that arc Software Code 128 hitecture starts with creation of the network components. One command creates a vSwitch in OpenSolaris:. GZ# dladm create-etherstub vSwitch0 Just like a physical Software code 128 barcode switch, a vSwitch does nothing by itself. It becomes useful only when you attach things to it, as in the following example, which creates and connects a VNIC for each Container, including the router Container:. GZ# dladm create-vnic -l vSwitch0 vn_cl1 GZ# dladm create-vnic -l vSwitch0 vn_cl2 GZ# dladm create-vnic -l vSwitch0 vn_srvr GZ# dladm create-vnic -l vSwitch0 vn_router. The system now has fo code 128 barcode for None ur virtual NICs, which will communicate via a virtual switch. The vSwitch receives packets from only those four VNICs, and it sends the packet to the appropriate VNIC for receipt at the packet s destination. Now that the virtual network gear exists, you can create all of the Containers.

We will show only the commands pertaining to the Container that will act as the router..
Copyright © . All rights reserved.