Ops Center Site Preparation

Guide

Part No: 999–0001

March 2010
Copyright ©2010 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries.
U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions
of the FAR and its supplements.
This distribution may include materials developed by third parties.
Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other
countries, exclusively licensed through X/Open Company, Ltd.
Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, JavaHelp, J2EE, JumpStart, Solstice, Sun Blade, SunSolve,
SunSpectrum, ZFS, Sun xVM hypervisor, OpenSolaris, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S.
and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other
countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. DLT is claimed as a trademark of Quantum
Corporation in the United States and other countries. Netscape and Mozilla are trademarks or registered trademarks of Netscape Communications Corporation in
the United States and other countries.
The OPEN LOOK and SunTM Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts
of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to
the Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license
agreements.
Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws in
other countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export
or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and specially
designated nationals lists is strictly prohibited.
DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO
THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Copyright ©2010 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuelle relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier,
et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Unis
et dans d'autres pays.
Cette distribution peut comprendre des composants développés par des tierces personnes.
Certaines composants de ce produit peuvent être dérivées du logiciel Berkeley BSD, licenciés par l'Université de Californie. UNIX est une marque déposée aux
Etats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd.
Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coffee Cup, docs.sun.com, Java, JavaHelp, J2EE, JumpStart, Solstice, Sun Blade, SunSolve,
SunSpectrum, ZFS, Sun xVM hypervisor, OpenSolaris et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc., ou ses filiales, aux
Etats-Unis et dans d'autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC
International, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems,
Inc. Quantum Corporation riclame DLT comme sa marque de fabrique aux Etats-Unis et dans d'autres pays. Netscape et Mozilla sont des marques de Netscape
Communications Corporation aux Etats-Unis et dans d'autres pays.
L'interface d'utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de
pionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique. Sun détient
une licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l'interface
d'utilisation graphique OPEN LOOK et qui, en outre, se conforment aux licences écrites de Sun.
Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations et
peuvent être soumis au droit d'autres pays dans le domaine des exportations et importations. Les utilisations finales, ou utilisateurs finaux, pour des armes nucléaires,
des missiles, des armes chimiques ou biologiques ou pour le nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou
réexportations vers des pays sous embargo des Etats-Unis, ou vers des entités figurant sur les listes d'exclusion d'exportation américaines, y compris, mais de manière
non exclusive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui
sont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement designés, sont rigoureusement interdites.
LA DOCUMENTATION EST FOURNIE "EN L'ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES
SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE
IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON.

100314@23474
 Contents

Preface ...................................................................................................................................................11

1 Architecture ..........................................................................................................................................13
Architecture Introduction .................................................................................................................. 13
Enterprise Controller .......................................................................................................................... 14
Proxy Controller .................................................................................................................................. 15
Example of a Co-Located Deployment Architecture .............................................................. 15
Example of a Deployment Architecture with Multiple Proxy Controllers ........................... 15
Agents ................................................................................................................................................... 16
Management Network ........................................................................................................................ 17
Data Network ....................................................................................................................................... 17

2 Decision: Connected Mode or Disconnected Mode? ..................................................................... 19

Connected Mode ................................................................................................................................. 19
Disconnected Mode ............................................................................................................................ 20
Semi-Disconnected Mode .................................................................................................................. 21

3 Decision: Allow Automatic Updates to the Enterprise Controller? ............................................. 23

The Auto-Update Option ................................................................................................................... 23

4 Decision: Does Your Site Require High Availability? ..................................................................... 25

Requirements ....................................................................................................................................... 26
Limitations ........................................................................................................................................... 26
Configuring Storage for High Availability ........................................................................................ 26
Example Storage Configuration ................................................................................................. 27

3
Contents

5 Decision: What Type of Deployment For Proxy Controllers? ....................................................... 29

Restrictions for Logical Domains ...................................................................................................... 29

6 Decision: What Type of Deployment for Agent Software? ........................................................... 31

To Install a Ops Center Agent Manually .......................................................................................... 31

7 Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? ........... 33
Ops Center System Requirements ..................................................................................................... 33
Ops Center Enterprise Controller Requirements .................................................................... 33
Ops Center Proxy Controller Requirements ............................................................................ 34
Ops Center Agent Requirements ............................................................................................... 35
Firmware Requirements ..................................................................................................................... 36
Supported Systems Matrix ................................................................................................................. 40
Supported Operating Systems ........................................................................................................... 44
Supported Operating System by Feature ................................................................................... 45
Supported Operating Systems for Logical Domains ............................................................... 46
Supported Browsers ............................................................................................................................ 46
Cache Planning .................................................................................................................................... 47
Cache Recommendations for Connected Mode Configurations ........................................... 48
Cache Requirements for Disconnected Mode Configurations .............................................. 49
System Scaling ...................................................................................................................................... 50
Enterprise Controller Matrix ...................................................................................................... 51
Proxy Controller Matrix .............................................................................................................. 51

8 About SPARC Enterprise Server Support ......................................................................................... 53

Requirements ....................................................................................................................................... 54
Supported Features in Ops Center .................................................................................................... 54
What Is Not Supported ....................................................................................................................... 54

9 Decision: What Type of Network Configuration? ........................................................................... 55

Network Port Requirements and Protocols ..................................................................................... 55
Network Requirements and Data Flow ..................................................................................... 55
List of Ports and Protocols .......................................................................................................... 56
Network Switch Configuration .......................................................................................................... 57

4 Ops Center Site Preparation Guide • March 2010

 Contents

Reference Configurations ................................................................................................................... 58

Separate Management, Provisioning, and Data Networks ............................................................. 58
Combined Management and Provisioning Network and a Separate Data Network .................. 60
Combined Provisioning, Data, and Management Network .......................................................... 62
Combined Provisioning and Data Network and a Separate Management Network .................. 64

10 Decision: How Will You Use Ops Center? .......................................................................................... 67

Ops Center Operations ....................................................................................................................... 67

11 Provision an OS ....................................................................................................................................69
Provision an OS Introduction ............................................................................................................ 69

12 Provision Firmware .............................................................................................................................71

Provision Firmware Introduction ..................................................................................................... 71

13 About Updating an OS ........................................................................................................................ 73

Managing Systems ............................................................................................................................... 73
Obtaining Patches ............................................................................................................................... 74
Local Content (Solaris and Linux OS only) ...................................................................................... 74
Reports .................................................................................................................................................. 74
System Catalogs (Solaris and Linux OS only) .................................................................................. 75
Update Job ............................................................................................................................................ 75
Solaris OS Patching ...................................................................................................................... 76
Linux OS Patching ....................................................................................................................... 77
Windows OS Patching ................................................................................................................. 77
Using Profiles and Policies to define and control the job (Solaris and Linux only) ............. 77

14 Virtualization .......................................................................................................................................79
Logical Domains .................................................................................................................................. 79
Solaris Containers ............................................................................................................................... 80

15 Using Groups ........................................................................................................................................81

User-Defined Groups .......................................................................................................................... 81

5
Contents

Smart Groups ....................................................................................................................................... 81

16 Decision: Who Will Use Ops Center? ................................................................................................. 83

Defining User Roles ............................................................................................................................ 83

17 Roles and Authorizations ...................................................................................................................85

Roles and Authorizations Introduction ............................................................................................ 85
Enterprise Controller Admin Role .................................................................................................... 86
All Assets Admin Role ........................................................................................................................ 86
Group Roles .......................................................................................................................................... 87
Notifications ......................................................................................................................................... 87

18 Getting Ready ......................................................................................................................................89

Getting Ready Introduction ............................................................................................................... 89

19 Tasks for Preparing a Site ................................................................................................................... 91

Tasks for Preparing a Site Introduction ............................................................................................ 91
Determine System Requirements ...................................................................................................... 93
Map Your Network ............................................................................................................................. 93
Connect the Hardware ........................................................................................................................ 93
Prepare the Agents .............................................................................................................................. 93
Install and configure the operating system on the Enterprise Controller's and Proxy Controller's
server. .................................................................................................................................................... 94

20 Verifying Account Access ....................................................................................................................95

Verifying Your Sun Online Account ................................................................................................. 95
Creating a Sun Online Account .................................................................................................. 95
Setting a Team Name ................................................................................................................... 95
Verifying Your Red Hat Network or Novell Account ..................................................................... 96

21 OC Doctor ..............................................................................................................................................97
Utility Download ................................................................................................................................. 97
OC Doctor Version 1.11 (March 12 2010) ................................................................................ 97

6 Ops Center Site Preparation Guide • March 2010

 Contents

Running the OCDoctor ...................................................................................................................... 97

Options ................................................................................................................................................. 99
Pre-Installation ............................................................................................................................. 99
Troubleshooting and Tuning ................................................................................................... 100
Auto-Update ............................................................................................................................... 101

22 Verifying Solaris OS System Resources .......................................................................................... 103

Before You Begin ............................................................................................................................... 104
To Check the Operating System Release ........................................................................................ 104
To Check the Installed Software Group .......................................................................................... 104
To Check the Zone Identity .............................................................................................................. 104
To Check the Available Disk Space ................................................................................................. 105
To Check Swap Space ........................................................................................................................ 106
To Verify the Amount of System Memory ..................................................................................... 106
To Verify the Amount of Shared Memory ..................................................................................... 106
To Verify the webservd User and Group ........................................................................................ 107
To Verify That an Alternate Administrative User Exists .............................................................. 107
Ops Center Users and Groups ......................................................................................................... 108
To Verify the umask Value ................................................................................................................ 109
To Verify the Locations of ssh Binaries .......................................................................................... 109
To Verify Correct IP Address Resolution ....................................................................................... 110
To Verify That /usr/local Is Writeable ........................................................................................ 110
To Verify the Date and Time ............................................................................................................ 110
To Verify Online cryptosvc and gss Services .............................................................................. 111
To Remove the SMClintl Package .................................................................................................. 111
To Verify Network Access to Required Web Sites ......................................................................... 111
To Verify ssh Access for the root User .......................................................................................... 114
To Verify Network Port Access ........................................................................................................ 114

23 Verifying Linux System Resources ..................................................................................................115

Before You Begin ............................................................................................................................... 116
To Check the Operating System Release ........................................................................................ 116
To Check the Available Disk Space ................................................................................................. 116
To Verify the Amount of System Memory and Swap Space ......................................................... 117
To Verify the SELinux Setting .......................................................................................................... 117

7
Contents

To Verify the umask Value ................................................................................................................ 118

Ops Center Users and Groups ......................................................................................................... 119
To Verify That Required Packages Are Installed ........................................................................... 120
To Verify Correct IP Address Resolution ....................................................................................... 121
To Verify the Locations of ssh Binaries .......................................................................................... 121
To Verify That /usr/local Is Writeable ........................................................................................ 121
To Verify the Date and Time ............................................................................................................ 122
To Verify Network Access to Required Web Sites ......................................................................... 122
To Verify Network Port Access ........................................................................................................ 125
Verifying kernel.shmall and kernel.shmmax Values ................................................................ 125

24 Verifying Resources for Agent Installation ................................................................................... 127

Solaris OS: To Verify Required Packages and Devices .................................................................. 128
Linux OS: To Verify Required Packages ......................................................................................... 130
To Verify ssh Installation ................................................................................................................. 131
To Verify Patches on Solaris 10 Systems With Non-Global Zones Installed ............................. 131
To Verify Unique Service Tags ........................................................................................................ 132
To Identify and Remove Duplicate Service Tags .................................................................... 132
To Create Flash Archives and Exclude Service Tags .............................................................. 134
Agent Patch Dependencies ............................................................................................................... 135
To Verify the umask Value ................................................................................................................ 135
Solaris OS: To Verify cryptosvc and gss Services ........................................................................ 136

25 Obtaining the Software ....................................................................................................................137

Obtaining the Software Introduction ............................................................................................. 137

26 Vendor Download Sites ....................................................................................................................139

Vendor Download Sites Introduction ............................................................................................ 139

27 Terminology ...................................................................................................................................... 141

Agent ................................................................................................................................................... 141
Appliance ............................................................................................................................................ 141
Assets .................................................................................................................................................. 141
Automatic Discovery ........................................................................................................................ 141

8 Ops Center Site Preparation Guide • March 2010

 Contents

Baseline ............................................................................................................................................... 142

Black List ............................................................................................................................................. 142
Boot environment ............................................................................................................................. 142
Channel .............................................................................................................................................. 142
Connected Mode ............................................................................................................................... 142
Control Domain ................................................................................................................................ 142
Critical file system (Solaris OS) ........................................................................................................ 143
Custom Discovery ............................................................................................................................. 143
Declare Assets .................................................................................................................................... 143
Disconnected Mode .......................................................................................................................... 143
Domain ............................................................................................................................................... 143
Enterprise Controller ........................................................................................................................ 143
Global zone ......................................................................................................................................... 144
Group .................................................................................................................................................. 144
Guest ................................................................................................................................................... 144
Guest Operating System ................................................................................................................... 144
Host name .......................................................................................................................................... 144
Hypervisor .......................................................................................................................................... 145
JMX ..................................................................................................................................................... 145
Library ................................................................................................................................................ 145
Logical Domain ................................................................................................................................. 145
Network .............................................................................................................................................. 145
Non-global zone ................................................................................................................................ 146
Policy ................................................................................................................................................... 146
Profile .................................................................................................................................................. 146
Proxy ................................................................................................................................................... 146
Root file system .................................................................................................................................. 146
Root directory .................................................................................................................................... 147
Solaris Containers ............................................................................................................................. 147
Static Route ........................................................................................................................................ 147
Sun Service Tag .................................................................................................................................. 147
SCCM .................................................................................................................................................. 147
Unclassified assets ............................................................................................................................. 147
Virtual Disk Image ............................................................................................................................ 148
Virtual Pool ........................................................................................................................................ 148
Virtual Server Image ......................................................................................................................... 148

9
Contents

Virtualization Host ............................................................................................................................ 148

White List ........................................................................................................................................... 148
WS-Management .............................................................................................................................. 148
zone ..................................................................................................................................................... 149
ZFS ...................................................................................................................................................... 149

10 Ops Center Site Preparation Guide • March 2010

 Preface

Ops Center is a data center life-cycle management tool that enables you to provision, patch, and
monitor the managed hardware, storage, and software, or assets, in one or more of your data
centers from a single browser user interface. The remote management capabilities are designed
to help increase availability and utilization and minimize downtime.

The user interface displays a consolidated view of all the discovered and managed resources in
your data centers, including SPARC? and x86 systems, Linux and Solaris Operating Systems
(Solaris OS), and Solaris Containers and zones.

The following are some of the tasks that you can perform from the Ops Center console:
■ Provision bare metal systems with Solaris, Red Hat, or SUSE Linux operating systems
■ Provision systems with Solaris or Linux operating systems
■ Automate patching and updates for Solaris and Linux OS
■ Update firmware
■ Manage and monitor your assets
■ Generate a variety of reports

Components
■ Enterprise Controller - The Enterprise Controller is the central server that consolidates the
data about the managed systems in your datacenters. You use the Enterprise Controller's
browser user interface (BUI) to view and administer the managed systems. The Enterprise
Controller connects to the managed systems through one or more Proxy Controllers.
■ Proxy Controller - The Proxy Controller increases the scale of the Enterprise Controller's
operations. In a simple deployment or small datacenter, you can install the Enterprise
Controller and Proxy Controller on the same system (co-located). In a larger, more complex
data center, you can install multiple proxy controllers to manage your assets.
■ Agent software - An agent is deployed on an asset so that the Enterprise Controller can
identify the asset. When the agent is installed on the hardware or software, the asset appears
in the Managed Assets section of the Navigation panel.

11
Preface

■ Managed Assets - Assets that have been discovered and have agent software. The agent
software responds to commands from the Enterprise Controller, allowing the asset to be
identified and managed.
■ Virtualization Controller - The Virtualization Controller is a specialized agent that
identifies and manages Solaris 10 OS global zones. Solaris 8, 9, and 10 OS, including
non-global zones in Solaris 10, and the Linux OS use the Agent software.

12 Ops Center Site Preparation Guide • March 2010

 1
C H A P T E R

Architecture
1

Architecture Introduction
The three-tier architecture consists of the Enterprise Controller, Proxy Controller and the
managed systems. This illustration gives a typical data center scenario of the managed systems
connected to the Enterprise Controller. You can also have one proxy controller to manage both
the management and data networks.

13
Enterprise Controller

Enterprise Controller
The Enterprise Controller is the central server that consolidates the management systems. This
is where you manage the connected systems using the new user-friendly browser based
interface. The Enterprise Controller connects to the managed systems through Proxy
Controllers that are deployed for each network.

In Connected mode, the Enterprise Controller has Internet access to download the patch
information from Sun Knowledge Services, and to download patches from different software
vendors such as Sun, Oracle, Red Hat, and Novell. You can choose to use the software in
disconnected mode.

14 Ops Center Site Preparation Guide • March 2010

 Proxy Controller

Proxy Controller
The Enterprise Controller requires one or more proxies to handle the managed systems. Proxy
Controllers increase the scale of the Enterprise Controller's operations. In a simple data center,
one Proxy Controller is co-located with the Enterprise Controller.

A proxy controller manages the flow of actions and data between the Enterprise Controller and
the managed systems. You can only perform actions on a subset of the managed systems at any
one time. The actions are placed in a job queue in chronological order. When a job stops, the
next job in the queue is started.

If you anticipate having a large number of concurrent, parallel jobs, consider using multiple
proxy controllers to improve performance and scalability.

Example of a Co-Located Deployment Architecture

The basic architecture for a co-located Enterprise Controller and Proxy Controller locates the
managed systems on a shared subnet and the Proxy Controller software is installed on the same
system as the Enterprise Controller.

Example of a Deployment Architecture with Multiple

Proxy Controllers
Proxy Controllers manage different aspects of the data. One Proxy Controller is designated to
the Management Network and the other is designated to the Data Network.

Chapter 1 • Architecture 15
Agents

Agents
Agent software is deployed on an asset so that the Enterprise Controller can identify the asset
and manage it. Agents communicate with a specific Proxy Controller; they do not communicate
with the Enterprise Controller directly.

16 Ops Center Site Preparation Guide • March 2010

 Data Network

Some Ops Center features, such as firmware provisioning, do not use agents. Other features,
such as operating system updates, rely on agents to perform tasks within the operating system
on managed systems.

Management Network
In management network, the physical networks are managed separately. You can remotely
control the physical systems that are discovered and managed by Ops Center. You can do the
following functions through this network:
■ Power on or off
■ Power usage
■ Firmware update
■ OS provisioning
■ Locator lights information
■ Boot device information
■ Hardware variable information such as temperature and fan speed
■ Boot parameters

Data Network
In data network, the OS running on the managed systems are managed separately. A separate
proxy is required to manage this network. You can do the following functions through this
network:
■ Provision an OS (using manual net boot option during OS provisioning).
■ Patch, or update, an OS
■ Reboot an OS
■ Obtain OS information such as type and version
■ Obtain CPU, memory and network usage information
■ Obtain zone-related information, such as representation of global and non-global zones.

Common information that is available through both networks includes:

■ MAC address information
■ Physical memory information
■ Firmware information
■ Reboot action
■ UUID information
■ Supported boot devices

Chapter 1 • Architecture 17
18
 2
C H A P T E R 2

Decision: Connected Mode or Disconnected

Mode?

Ops Center software downloads operating system patches and other new software using
Internet access, a mode of operation called Connected mode. By default, Ops Center is in
Connected mode. Before beginning an installation, consider whether you want Ops Center to
access the Internet. In Disconnected mode, the Enterprise Controller cannot be updated
automatically so all updates must be scheduled and managed according to a site policy for
manual procedures. After you have completed the Ops Center installation, you can change
modes.

Connected Mode
In Connected mode, Ops Center uses an Internet connection to access patches and patch
information. This mode is useful for most datacenters.

19
Disconnected Mode

Disconnected Mode
In Disconnected mode, Ops Center can be used in a secured environment that does not allow
Internet access. You must load the patches and other new software from a media device, such as
a CD or DVD, onto the Enterprise Controller. To obtain the software, you run a harvester script
on a system that is connected to the Internet and you downlosf the software to a CD or DVD.

20 Ops Center Site Preparation Guide • March 2010

 Semi-Disconnected Mode

Semi-Disconnected Mode
You can use a combination of Connected and Disconnected modes to maintain your data
center. In the semi-disconnected mode, you run your data center in Disconnected mode until

Chapter 2 • Decision: Connected Mode or Disconnected Mode? 21

Semi-Disconnected Mode

you need to need to access the knowledge base or third-party vendors. For example, when you
want to check for patches, you switch the Enterprise Controller to Connected Mode, connect to
the Internet to get the needed information, then switch the Enterprise Controller back to
Disconnected Mode.

See “Cache Planning” on page 47 for more information about configuring the Enterprise
Controller for these Connection modes.

22 Ops Center Site Preparation Guide • March 2010

 3
C H A P T E R 3

Decision: Allow Automatic Updates to the

Enterprise Controller?

The Auto-Update Option

In Connected mode, you can configure the Enterprise Controller software to use the Auto
Update option so that the software is updated automatically or you can update the software
manually.

In Disconnected mode, the Auto Update option is not available.

Be aware that some software updates cause the Enterprise Controller to reboot or run in
single-user mode.

If you enable the Auto Update option after the initial configuration of the Enterprise Controller,
you must also perform the following procedures:
1. Configure the co-located Proxy Controller.
2. Install and configure agent software on the Enterprise Controller.

23
24
 4
C H A P T E R 4

Decision: Does Your Site Require High

Availability?

Your High Availability (HA) architecture must consider all single points of failure, such as
power, SAN and other storage, and network connectivity in addition to the Ops Center system.

The Ops Center High Availability capability consists of the transfer of Enterprise Controller
functions from one system to another system. The secondary Enterprise Controller takes over
much of the primary Enterprise Controller's identity, including its host name, its IP addresses,
its ssh keys, and its Ops Center data and role.

In an HA configuration, the primary Enterprise Controller has Ops Center software installed,
configured, and operational. The secondary Enterprise Controller has Ops Center software
installed, but not configured, and not operational. In the failover procedure, the data that is
saved on the primary Enterprise Controller is transferred to the secondary Enterprise
Controller to duplicate the primary Enterprise Controller's configuration.

However, root user passwords on the primary and secondary Enterprise Controllers are not
changed.

When the primary Enterprise Controller fails, you initiate the failover to the secondary
Enterprise Controller by:
■ Shutting down the primary Enterprise Controller, if possible
■ Preparing the secondary Enterprise Controller for failover
■ Transferring the storage asset that holds the /var/opt/sun/xvm directory structure from
the primary Enterprise Controller to the secondary Enterprise Controller
■ Restoring the Ops Center configuration on the secondary Enterprise Controller
■ Rebooting the secondary Enterprise Controller and starting Ops Center operations
Only one Enterprise Controller, either primary or secondary, can be operational at any
given time.

25
Requirements

Requirements
Use two systems of the same model that are configured identically:
■ Processor class (SPARC or x86)
■ Operating system (Solaris or RHEL 5.0)
■ Ops Center software version, including updates
■ Set of network interfaces that are cabled identically to the same subnets
■ Use transportable storage

Add an asset tag to identify the primary Enterprise Controller and to distinguish it from the
secondary Enterprise Controller.

If you use ZFS to provide the file system that mounts as /var/opt/sun/xvm, avoid using the ZFS
sharenfs command to share /var/opt/sun/xvm/osp/share/allstart. This allows the Ops
Center software to use legacy NFS sharing tools to share the
/var/opt/sun/xvm/osp/share/allstart directory.

Limitations
■ User accounts and data that are not associated with Ops Center are not part of the failover
process. Only Ops Center data is moved between the primary and secondary Enterprise
Controllers.
■ BUI sessions are lost on failover.
■ The HA configuration applies only to the Enterprise Controller and its co-located Proxy
Controller and not to other standalone Proxy Controllers.

Configuring Storage for High Availability

You have many options for configuring storage devices to support high availability (HA) in Ops
Center. Storage that you use in an HA configuration must meet these requirements:
■ Storage must offer data redundancy capability, such as mirroring or RAID 5
■ Storage must be transferable between the primary and secondary Enterprise Controller
systems
■ Storage must offer performance that is sufficient to support Ops Center operations
■ Storage must have the capacity to hold the data that Ops Center stores in the
/var/opt/sun/xvm directory structure

A wide variety of storage solutions can meet these criteria, including hardware RAID arrays and
external JBODs. Storage can be attached to the Enterprise Controllers using various means,
including Storage Area Networks, or directly connected Fibre Channel (FC) or SCSI interfaces.

26 Ops Center Site Preparation Guide • March 2010

 Configuring Storage for High Availability

You must determine what storage solution offers the capacity, performance, connectivity, and
redundancy capabilities required for use with Ops Center. Configuration procedures vary
greatly among the available storage solutions, and between operating systems.

Note ? You must configure the transferable storage on the system that you want to use as the
primary Enterprise Controller before you install Ops Center software on that system.

Example Storage Configuration

This example uses a JBOD array and ZFS on Solaris systems to provide the required transferable
storage. The example configuration includes the following components and connections:
■ One Sun StorEdge 3510 Fibre Channel (FC) array (JBOD configuration) with 2 FC
interfaces, and 12 146 Gbyte disks
■ Two SunFire systems, each with Solaris 10 OS and one FC interface
■ Each SunFire system is attached to one FC port on the array

In this configuration, both systems have access to all of the disks in the array. Using the FC ports
in this way avoids changing interface connections in the failover procedure. You must prevent
the two systems from using the same disks at the same time. In this example configuration, only
the primary Enterprise Controller accesses the /var/opt/sun/xvm directory on the array.

The example array has no inherent data redundancy capability, so ZFS is used to create a
mirrored storage pool and a file system that will mount as the /var/opt/sun/xvm directory.

To resolve an issue regarding when ZFS and LOFS mounts take place in the system boot
process, the configuration sets the mountpoint property of the example ZFS file system to
legacy. The legacy value indicates that the legacy mount and umount commands, and the
/etc/vfstab file, will control mounting and unmounting this ZFS file system. Other storage
solutions typically use these legacy commands and the /etc/vfstab file to control mounting
and unmounting operations. Refer to the Release Notes for more information about the LOFS
race condition issue.

Chapter 4 • Decision: Does Your Site Require High Availability? 27

28
 5
C H A P T E R 5

Decision: What Type of Deployment For Proxy

Controllers?

Restrictions for Logical Domains

For LDom provisioning, you must use a proxy controller running on any Solaris x86 or SPARC
system. Proxy controllers on Linux systems cannot handle provisioning to logical domains.

“Proxy Controller” on page 15

“Proxy Controller Matrix” on page 51

29
30
 6
C H A P T E R 6

Decision: What Type of Deployment for Agent

Software?

The Discovery feature of the Ops Center software installs the agent software on each asset it
discovers. If you prefer, you can install the agent software on only those assets that you select.

To Install a Ops Center Agent Manually

1. Transfer an agent software bundle to the system where you want the agent to run, the target
system
2. Install the agent software on the target system
3. Configure the agent software
4. Register the target system in Sun Inventory

31
32
 7
C H A P T E R 7

Decision: What Type of Systems for the

Enterprise Controller and Proxy Controllers?

Ops Center System Requirements

Ops Center installation requires systems that meet the following specifications:
■ “Ops Center Enterprise Controller Requirements” on page 33
■ “Ops Center Proxy Controller Requirements” on page 34
■ “Ops Center Agent Requirements” on page 35

Ops Center Enterprise Controller Requirements

Component Recommended Value

Memory 6 GB available RAM.

Hard disk 72 GB minimum free space available, including:

■ 70 GB free in /var/opt/sun/xvm for Ops Center data
■ 4 GB free in /var/opt/sun/xvm/images for each OS image stored for use in OS provisioning
■ 2 GB free in /opt and /var/tmp for software installation

Available swap space 6 GB minimum.

Operating system Ops Center Enterprise Controller and Proxy Controllers require at least Solaris 10 11/06 (x64 or
SPARC), Red Hat Enterprise Linux (RHEL) 5.0, RHEL 5.3, or Oracle Enterprise Linux (OEL) 5.3.

Processor AMD Opteron and Intel Xeon: 2 sockets

UltraSPARC T1/T2: 1 socket, 2 or more cores
UltraSPARC IV+/IV: 2 sockets
UltraSPARC IIIi: 2 sockets

Network connection At least one Network Interface Card (NIC).

33
Ops Center System Requirements

Ops Center Enterprise Controller software, and the data it stores, consume space below the
/var/opt/sun/xvm and /opt directory structures.

Ops Center software installation procedures use /var/tmp/OC as the example working
directory for software installation. The directory that you use for this purpose requires about 2
GByte of available space.

On Solaris Ops Center Enterprise Controllers, the software update data is stored below
/opt/SUNWuce, and data for OS provisioning is stored below /var/opt/sun/xvm/images.

On RHEL Ops Center Enterprise Controllers, software update data is stored below
/usr/local/uce/server and data for OS provisioning is stored below /var/opt/sun/scn. OS
images often consume about 4 Gbyte of space each.

When a Ops Center Proxy Controller is located on the same system as a Ops Center Enterprise
Controller, no duplication of OS images or software update data occurs.

Ops Center Proxy Controller Requirements

Component Recommended Value

Memory 4 GB Available RAM.

Hard disk 72 GB minimum free space available, including:

■ 70 GB free in /var/opt/sun/xvm for Ops Center data
■ 4 GB free in /var/opt/sun/xvm/images/os for each OS image stored for use in OS provisioning
■ 2 GB free in /opt and /var/tmp for software installation

Available swap space 4 GB minimum.

Operating system Ops Center Proxy Controllers require at least Solaris 10 11/06 (x64 or SPARC), Red Hat Enterprise
Linux (RHEL) 5.0, RHEL 5.3, or Oracle Enterprise Linux (OEL) 5.3.

Processor AMD Opteron and Intel Xeon: 1 sockets, 2 or more cores

UltraSPARC T1/T2: 1 socket; 1 or more cores
UltraSPARC IV+/IV: 1 sockets
UltraSPARC IIIi: 1 sockets

Network connection At least one Network Interface Card (NIC).

Ops Center Proxy Controller software, and the data it stores, consume space below the
/var/opt/sun/xvm and /opt directory structures.

34 Ops Center Site Preparation Guide • March 2010

 Ops Center System Requirements

Ops Center software installation procedures use /var/tmp/OC as the example working
directory for software installation. The directory that you use for this purpose requires about 2
Gbyte of available space.

When a Ops Center Proxy Controller is located on the same system as a Ops Center Enterprise
Controller, no duplication of OS images occurs.

On Solaris Ops Center Proxy Controllers, Solaris OS images are stored below /var/js and
Linux OS images are stored below /var/opt/sun/xvm/osp/.

On RHEL Ops Center proxies, Solaris OS images are stored below /var/js and Linux OS
images are stored below /var/opt/sun/xvm/osp/.

Ops Center Agent Requirements

Ops Center agents function as operators on behalf of Ops Center Proxy Controllers.

Agent System Resource Requirements

Ops Center agent installation requires systems with the following resources:
■ 512 MBytes RAM
■ 2 Gbytes disk space

Agent Operating System Requirements

Ops Center agent installation is supported on systems that run the following operating systems:
■ Solaris Operating System (Solaris OS) for x86:
■ Solaris 10 OS
■ Solaris 9 OS
■ Solaris OS for SPARC:
■ Solaris 10 OS
■ Solaris 9 OS
■ Solaris 8 OS
■ Linux Red Hat versions:
■ RHEL 3
■ RHEL 4
■ RHEL 5
■ SLES
■ SLES 9
■ SLES 10

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 35
Firmware Requirements

Known Dependencies
Testing Ops Center agent installations on various operating systems has demonstrated that the
following specific dependencies exist:
■ “RHEL 3 Dependencies” on page 36
■ “SLES 10, 64-bit Dependencies” on page 36
■ “SUSE LINUX Enterprise Server 9 (i586) Dependencies” on page 36

RHEL 3 Dependencies
Ops Center agent updates on systems running Red Hat Enterprise Linux 3 require that the
libxml2 library is installed. This library is delivered by the libxml2-2.5.10-5.i386.rpm
package.

SLES 10, 64-bit Dependencies

Ops Center agent installations on systems running SLES 10, 64-bit, require that the
libpam.so.0 and libuuid.so.1 libraries exist in /usr/lib.

SUSE LINUX Enterprise Server 9 (i586) Dependencies

Ops Center agent installations on systems running SUSE LINUX Enterprise Server 9 (i586)
require that the gettext utility has been installed.

Firmware Requirements
Note - The information on this page is being updated, and might be out of date or incomplete.

Ops Center supports a wide range of Sun servers and chassis, as indicated by the table below.
However, system support is not static. Ops Center can support new Sun hardware without
requiring a new software release.

Each hardware group tests new systems for the ability to be supported by Ops Center. As a
result, the supported list is dynamic and will change as new Sun hardware, or a system variant,
is released.

An "X" in the Qualified for Firmware Provisioning column below indicates that the Ops Center
engineers have tested and qualified the system for firmware provisioning. The recommended
firmware version is the most recently tested version.

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Notes, Qualified Operating Systems

Sun Blade 6000 Modular X 2.0.3.10 2.0.3.10

System

36 Ops Center Site Preparation Guide • March 2010

 Firmware Requirements

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Notes, Qualified Operating Systems

Sun Blade 6048 Modular X 2.0.3.10 2.0.3.10

System

Sun Blade 8000 Modular

System

Sun Blade 8000 P X 2.0.1.10 2.0.1.10

Modular System

Sun Blade T6300 Server X 6.5.4 6.5.4 Solaris 10 11/06 SPARC

Module

Sun Blade T6320 Server X 2.0.4.19 2.0.4.19 Solaris 10 11/06 SPARC

Module

Sun Blade X6220 Server X 2.0.3.2 2.0.3.2 Solaris 10 11/06 x86,RHEL4U4 AS 64bit
Module

Sun Blade X6250 Server X 4.0.43 4.0.45 Solaris 10 11/06 x86, RHEL5 AS 32bit,
Module SUSE10-64bit

Sun Blade X6420 Server X 2.0.3.2 2.0.3.3

Module

Sun Blade X6450 Server X 2.0.3.10 2.0.3.10

Module

Sun Blade X8400 Server

Module

Sun Blade X8420 Server X 1.1.5 2.0.1.13

Module

Sun Blade X8440 Server X 2.0.0.0 2.0.1.11 Solaris 10 11/06 x86, Solaris 10 8/07 x86,
Module RHEL5, SLES10

Sun Blade X8450 Server X 2.0.1.7 2.0.1.8

Module

Sun Fire V20z Server X 2.4.0.8 2.4.0.14 Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire V40z Server Solaris 10 1/06 x86,Solaris 10 11/06

x86,RHEL5,SLES9,SLES10

Sun Fire V125 Server X 1.6.3 1.6.3 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Sun Fire V210 Server X Solaris 10 11/06 SPARC

Sun Fire V215 Server X 1.6 1.6 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 37
Firmware Requirements

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Notes, Qualified Operating Systems

Sun Fire V240 Server X 1.6.2 1.6.4 Solaris 10 11/06 SPARC, Solaris 10 5/08
SPARC

Sun Fire V245 Server X 1.6.3 1.6.9 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Sun Fire V250 Server

Sun Fire V440 Server X 1.6.2 1.6.9 Solaris 10 11/06 SPARC

Sun Fire V445 Server X 1.6 1.6 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Sun Fire V490 Server X OBP 4.22.24

Sun Fire T1000 Server X Sun system Solaris 10 11/06 SPARC, Solaris 10 8/07
firmware 6.1.2 SPARC, Solaris 10 5/08 SPARC

Sun Fire T2000 Server X Sun System Solaris 10 11/06 SPARC, Solaris 10 8/07
Firmware 6.1.2 SPARC

Sun Fire X2100 Server RHEL5, RHEL5.1, SLES10

Sun Fire X2100 M2 X 1.60 3.09

Server

Sun Fire X2200 M2 X 1.1/1.60/3BB5 1.1/1.60/3BB5

Server

Sun Fire X2250 Server

Sun Fire X4100 Server X Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire X4100 M2 X 1.0.7/0ABJX024 1.0.7/0ABJX024

Server

Sun Fire X4140 Server X 2.0.2.5 2.0.2.14

Sun Fire X4150 Server X 1.0 1.0a Solaris 10 5/08 SPARC

Sun Fire X4200 Server X Solaris 10 6/06 x86, RHEL5 64 bit, SLES10 64
bit

Sun Fire X4200 M2 X Solaris 10 6/06 x86

Server

Sun Fire X4240 Server X 2.0.2.5 2.0.2.14

Sun Fire X4440 Server

Sun Fire X4450 Server X 4.11 4.16

Sun Fire X4500 Server X 2.0.2.1 2.0.2.5

38 Ops Center Site Preparation Guide • March 2010

 Firmware Requirements

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Notes, Qualified Operating Systems

Sun Fire X4540 Server

Sun Fire X4600 Server X

Sun Fire X4600 M2 X 2.0.2.1 2.0.2.5 Solaris 10 5/08 SPARC,RHEL5,SLES10

Server

Sun Fire X8450 Server X

Module

Sun Netra 240 Server X OBP 4.18.10

Sun Netra 440 Server X OBP 4.22.19

Sun Netra X4200 M2 X 1.1.7 1.1.7 RHEL4U5-32bit, Solaris 10 11/06 x86,

Server RHEL5, SUSE10-64bit

Sun Netra X4250 Server X

Sun Netra T2000 Server X

Sun Netra T5220 Server X

Sun SPARC Enterprise Solaris 10 10/08

M3000 Server

Sun SPARC Enterprise X Solaris 10 10/08

M4000 Server

Sun SPARC Enterprise Solaris 10 10/08

M5000 Server

Sun SPARC Enterprise Solaris 10 10/08

M8000 Server

Sun SPARC Enterprise Solaris 10 10/08

M9000 Server

Sun SPARC Enterprise 6.7.5

T1000 Server

Sun SPARC Enterprise 6.7.5

T2000 Server

Sun SPARC Enterprise X 7.0.3.b 7.2.0

T5120 Server

Sun SPARC Enterprise X 7.1.0.b 7.2.0

T5140 Server

Sun SPARC Enterprise X 7.0.3.b 7.2.0

T5220 Server

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 39
Supported Systems Matrix

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Notes, Qualified Operating Systems

Sun SPARC Enterprise X 7.1.0.b 7.2.0

T5240 Server

Sun SPARC Enterprise

T5440 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M3000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M4000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M5000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M8000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M9000 Server

Sun Datacenter Switch

3456

Supported Systems Matrix

Note - The information on this page is being updated, and might be out of date or incomplete.

Ops Center supports a wide range of Sun servers and chassis, including the following:
■ All ILOM-based Sun Servers
■ M3000, M4000, M5000, M8000, M9000
■ All ALOM, ELOM, and RSC service processor enabled systems

Other systems, such as the v240, are displayed in the table below.

Note - System support is not static. Ops Center can support new Sun hardware without
requiring a new software release. Each hardware group tests new systems for the ability to be
supported by Ops Center. As a result, the supported list is dynamic and will change as new Sun
hardware, or a system variant, is released.

An "X" in the Qualified for Firmware Provisioning column below indicates that the Ops Center
engineers have tested and qualified the system for firmware provisioning. The recommended
firmware version is the most recently tested version.

40 Ops Center Site Preparation Guide • March 2010

 Supported Systems Matrix

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Qualified Operating Systems

Sun Blade 6000 Modular X 2.0.3.10 2.0.3.10

System

Sun Blade 6048 Modular X 2.0.3.10 2.0.3.10

System

Sun Blade 8000 Modular

System

Sun Blade 8000 P X 2.0.1.10 2.0.1.10

Modular System

Sun Blade T6300 Server X 6.5.4 6.5.4 Solaris 10 11/06 SPARC

Module

Sun Blade T6320 Server X 2.0.4.19 2.0.4.19 Solaris 10 11/06 SPARC

Module

Sun Blade X6220 Server X 2.0.3.2 2.0.3.2 Solaris 10 11/06 x86,RHEL4U4 AS 64bit
Module

Sun Blade X6250 Server X 4.0.43 4.0.45 Solaris 10 11/06 x86, RHEL5 AS 32bit,
Module SUSE10-64bit

Sun Blade X6420 Server X 2.0.3.2 2.0.3.3

Module

Sun Blade X6450 Server X 2.0.3.10 2.0.3.10

Module

Sun Blade X8400 Server

Module

Sun Blade X8420 Server X 1.1.5 2.0.1.13

Module

Sun Blade X8440 Server X 2.0.0.0 2.0.1.11 Solaris 10 11/06 x86, Solaris 10 8/07 x86,
Module RHEL5, SLES10

Sun Blade X8450 Server X 2.0.1.7 2.0.1.8

Module

Sun Fire V20z Server X 2.4.0.8 2.4.0.14 Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire V40z Server Solaris 10 1/06 x86,Solaris 10 11/06

x86,RHEL5,SLES9,SLES10

Sun Fire V125 Server X 1.6.3 1.6.3 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Sun Fire V210 Server X Solaris 10 11/06 SPARC

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 41
Supported Systems Matrix

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Qualified Operating Systems

Sun Fire V215 Server X 1.6 1.6 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Sun Fire V240 Server X 1.6.2 1.6.4 Solaris 10 11/06 SPARC, Solaris 10 5/08
SPARC

Sun Fire V245 Server X 1.6.3 1.6.9 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Sun Fire V250 Server

Sun Fire V440 Server X 1.6.2 1.6.9 Solaris 10 11/06 SPARC

Sun Fire V445 Server X 1.6 1.6 Solaris 10 1/06, Solaris 10 11/06, Solaris 10
8/07

Sun Fire V490 Server X OBP 4.22.24

Sun Fire T1000 Server X Sun system Solaris 10 11/06 SPARC, Solaris 10 8/07
firmware 6.1.2 SPARC, Solaris 10 5/08 SPARC

Sun Fire T2000 Server X Sun System Solaris 10 11/06 SPARC, Solaris 10 8/07
Firmware 6.1.2 SPARC

Sun Fire X2100 Server RHEL5, RHEL5.1, SLES10

Sun Fire X2100 M2 X 1.60 3.09

Server

Sun Fire X2200 M2 X 1.1/1.60/3BB5 1.1/1.60/3BB5

Server

Sun Fire X2250 Server

Sun Fire X4100 Server X Solaris 10 5/08 SPARC,RHEL5,SLES10

Sun Fire X4100 M2 X 1.0.7/0ABJX024 1.0.7/0ABJX024

Server

Sun Fire X4140 Server X 2.0.2.5 2.0.2.14

Sun Fire X4150 Server X 1.0 1.0a Solaris 10 5/08 SPARC

Sun Fire X4200 Server X Solaris 10 6/06 x86, RHEL5 64 bit, SLES10 64
bit

Sun Fire X4200 M2 X Solaris 10 6/06 x86

Server

Sun Fire X4240 Server X 2.0.2.5 2.0.2.14

Sun Fire X4440 Server

42 Ops Center Site Preparation Guide • March 2010

 Supported Systems Matrix

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Qualified Operating Systems

Sun Fire X4450 Server X 4.11 4.16

Sun Fire X4500 Server X 2.0.2.1 2.0.2.5

Sun Fire X4540 Server

Sun Fire X4600 Server X

Sun Fire X4600 M2 X 2.0.2.1 2.0.2.5 Solaris 10 5/08 SPARC,RHEL5,SLES10

Server

Sun Fire X8450 Server X

Module

Sun Netra 240 Server X OBP 4.18.10

Sun Netra 440 Server X OBP 4.22.19

Sun Netra X4200 M2 X 1.1.7 1.1.7 RHEL4U5-32bit, Solaris 10 11/06 x86,

Server RHEL5, SUSE10-64bit

Sun Netra X4250 Server X

Sun Netra T2000 Server X

Sun Netra T5220 Server X

Sun SPARC Enterprise Solaris 10 10/08

M3000 Server

Sun SPARC Enterprise X Solaris 10 10/08

M4000 Server

Sun SPARC Enterprise Solaris 10 10/08

M5000 Server

Sun SPARC Enterprise Solaris 10 10/08

M8000 Server

Sun SPARC Enterprise Solaris 10 10/08

M9000 Server

Sun SPARC Enterprise 6.7.5

T1000 Server

Sun SPARC Enterprise 6.7.5

T2000 Server

Sun SPARC Enterprise X 7.0.3.b 7.2.0

T5120 Server

Sun SPARC Enterprise X 7.1.0.b 7.2.0

T5140 Server

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 43
Supported Operating Systems

Qualified for Firmware Recommended

System Type Provisioning Minimum Firmware Firmware Qualified Operating Systems

Sun SPARC Enterprise X 7.0.3.b 7.2.0

T5220 Server

Sun SPARC Enterprise X 7.1.0.b 7.2.4.f

T5240 Server

Sun SPARC Enterprise

T5440 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M3000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M4000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M5000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M8000 Server

Fujitsu SPARC Enterprise Solaris 10 10/08

M9000 Server

Sun Datacenter Switch

3456

Supported Operating Systems

Unless otherwise noted in the tables, Ops Center supports the following operating systems:
■ Solaris 10 OS for SPARC and x86 platforms
■ Solaris 9 OS for SPARC and x86 platforms
■ Solaris 8 for the SPARC platform
■ OEL version 5.3
■ RHEL versions 3, 4, and 5
■ SLES versions 8, 9, 10, and 11
■ Windows XP, 2003, and 2008 using MSCCM 2007

The tables use the following terms:

■ "x86" refers to the family of 64-bit and 32-bit x86-compatible products.
■ "x64" points out specific 64-bit information about AMD64 or EM64T systems.
■ "32-bit x86" points out specific 32-bit information about x86 based systems.

44 Ops Center Site Preparation Guide • March 2010

 Supported Operating Systems

Supported Operating System by Feature

indicates that the feature is supported. See above for the list of supported versions. If a
specific version is indicated in the table, that is the only version supported.

- indicates that the feature is not supported.

Feature Solaris 10 OS Solaris 9 OS Solaris 8 OS OEL RHEL SLES Windows

Enterprise Controller - - - -

Solaris 10 11/06, 8/07, OEL 5.3 RHEL

10/08, 5/09 * 5.0, 5.3

Proxy Controller - - - -

Solaris 10 11/06, 8/07, OEL 5.3 RHEL

10/08, 5/09 * 5.0, 5.3

Discovery

Provisioning - -

Monitoring

Updating

Live Upgrade - - - -

■ SPARC - Physical and

SPARC SPARC
virtual systems only only
■ x86 - Physical systems

Solaris Container - Zone Life - - - - - -

Cycle Management

Solaris 10 8/07

Branded Zones - - - - -

*For installation, other RHEL, OEL, and Solaris OS releases are not supported. Solaris 10 1/06,
6/06, and 10/09 OS are not supported.

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 45
Supported Browsers

Refer to Migrating Zones for detailed information about supported Solaris 10 OS update
versions.

Supported Operating Systems for Logical Domains

Ops Center supports version 1.2 of Logical Domains and does not support the previous
versions of Logical Domains.

Ops Center supports only Logical Domains that are created through the BUI.

The Logical Domain host must belong to a specific hardware and OS.

The host must also meet specific patch and firmware requirements. For a detailed list of these
requirements, see Requirements of Logical Domains.

The following operating systems are supported for Logical Domains.

Feature Supported OS

Control domain Solaris 10 5/09 OS

Control domain provisioning Solaris 10 5/09 OS

Guest domain creation Solaris 10 5/08 OS up to and including Solaris 10 5/09 OS

Guest domain provisioning Solaris 10 8/07 OS up to and including Solaris 10 5/09 OS

Supported Browsers
Ops Center's Browser User Interface (BUI) is accessible from any supported browser.

The BUI console supports requires the ANSI terminal type.

Browsers Windows XP Windows Vista Mac OS X Solaris OS Linux OS

Firefox 3.0.x

Firefox 2.0.x

Internet Explorer 8 - - - - -

Internet Explorer 7

46 Ops Center Site Preparation Guide • March 2010

 Cache Planning

Browsers Windows XP Windows Vista Mac OS X Solaris OS Linux OS

Internet Explorer 6 - - - - -

Safari - - - - -

Opera - - - - -

Cache Planning
Ops Center uses a centralized file cache to manage its content. The Enterprise Controller and
Proxy Controllers use /var/opt/sun/xvm as the base directory. Agents use
/var/scn/update-agent as their base directory. The Enterprise Controller's global file cache
contains some or all of the following content, depending on what Ops Center is used for:
■ Provisioning Content
■ Firmware
■ OS Images
■ Update Content
■ Knowledge Base data - Metadata that shows what updates exist for a give update channel
(such as Red Hat Enterprise Linux 5 or Solaris 10 X86)
■ Updates - Packages, Patches and RPM files that are a standard part of an OS update
channel
■ Local Content - User-designated content (software bundles, configuration files, scripts)

Ops Center propagates content from the cache as required. The requester downloads the
content on a per-job basis so a proxy controller downloads the content it needs from the
Enterprise Controller to perform a job, and an agent downloads the required content from the
proxy controller. After content is cached on a proxy controller or agent, it can be re-used
without additional downloads. This provides operational efficiency for Ops Center.

Note – A user runs a job which patches five Solaris 10 SPARC OS agents on a single proxy. The
proxy controller downloads and caches all of the patches required by the agents, and each of the
agents downloads and caches only the patches it requires. If an agent has cached several updates
already, it re-uses those updates and downloads only what it needs from the proxy.

Note – A user runs a job to provision an OS ISO image to three systems which are managed by
two proxy controllers. Each proxy controller downloads and caches the ISO image. The three
systems do not cache the OS image, because they download and install the images from their
respective proxy controllers.

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 47
Cache Planning

Many installations use a co-located configuration, in which the proxy controller is installed on
the same OS instance as the Enterprise Controller. In this case, the proxy and enterprise
controllers share a global file cache and no additional disk space is required for the proxy
controller's cache.

Cache Recommendations for Connected Mode

Configurations
“Ops Center System Requirements” on page 33 shows the sizing recommendations for the
cache when operating in Connected mode. The guidelines recommend a cache size of at least
74GB on Enterprise Controllers and proxy controllers. The following additional guidelines
provide a baseline for a recommended minimum cache size:
■ 2 GB for software installation (in /opt and /var/tmp)
■ 4 GB for each OS image used for provisioning
■ 10 GB for each channel used for updates

Because agents store only update content for their OS instance, they have reduced caching
requirements. It is recommended that 2GB be available for the agent for both the Ops Center
software and the update cache.

48 Ops Center Site Preparation Guide • March 2010

 Cache Planning

Note – An Ops Center installation uses an Enterprise Controller with a co-located proxy
controller and one standalone proxy controller. The installation performs OS provisioning for
Solaris 10 X86 and SPARC (update 6) and Red Hat Linux 5.3, with one ISO image for each
distribution. It patches Solaris 10 X86, Solaris 10 SPARC and Red Hat Enterprise Linux 5 32-bit
X86. The standalone proxy controller is used to provision and update Solaris 10 systems on
both SPARC and X86 architectures.

In this scenario, both the Enterprise Controller with co-located proxy and standalone proxy
controllers need a cache size of 74GB, with 2GB in /var/tmp and /opt, and 72GB in
/var/opt/sun/xvm. No additional caching is required on the Enterprise Controller because the
co-located proxy controller shares its cache.

The Enterprise Controller must have a minimum cache size of 44 GB because of the following
requirements:
■ 30 GB for the three OS update channels in /var/opt/sun/xvm
■ 12 GB for the three OS provisioning ISO images in /var/opt/sun/xvm
■ 2 GB for the Ops Center software in /var/tmp and /opt

The standalone proxy controller must have a minimum cache of 30 GB, with the following
requirements:
■ 20 GB for the two Solaris OS update channels in /var/opt/sun/xvm
■ 8 GB for the two Solaris OS provisioning ISOs in /var/opt/sun/xvm
■ 2 GB for the Ops Center software in /var/tmp and /opt

Cache Requirements for Disconnected Mode

Configurations
In Disconnected mode, Ops Center performs system management without an Internet
connection. This requires administrators to manually cache the content that they wish to use,
and changes some cache management requirements and recommendations.

Provisioning content is managed in the same way as in Connected mode configurations except
it is not possible to download Solaris OS images.

The following cache operations work the same in both Connected and Disconnected modes:
■ Import OS image
■ Load OS image from CD or DVD
■ Create firmware image

Update content is usually managed differently in Disconnected mode. Users must manually
upload the knowledgebase (KB) and update content to the Enterprise Controller.

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 49
System Scaling

The KB content is available as a TAR bundle, which users can obtain by running the Ops Center
harvester script. Obtaining a KB bundle with the Harvester Script provides details and examples
on how to run the script. Depending on the settings, users can download the KB content only,
or they can obtain patch content for one or more Solaris baselines.

To cache update content (such as patches, packages or RPMs) users perform one or more bulk
uploads with the enterprise controller. Uploading Local Software in Bulk explains how to
perform bulk uploads of update content in Ops Center.

Enterprise Controller Cache Requirements

The enterprise controller must pre-cache any update content. This means that the enterprise
controller must have the following content cached as jobs are being run:
1. OS Provisioning - The OS image(s) to be provisioned
2. Firmware Provisioning - The firmware image(s) to be installed
3. Update Management - The knowledgebase content

Proxy and Agent Cache Requirements

Proxies and agents function the same way in both connected and disconnected modes. This
means that there are no special requirements for disconnected mode cache management. The
cache sizing recommendations remain the same as they would for connected mode
installations: 74GB recommended for standalone proxies and 2GB for agents.

System Scaling
The Enterprise Controller Matrix and the Proxy Controller Matrix on this page are intended to
provide guidance on the minimum amount of memory and disk space needed to optimize
performance for your environment.

To improve performance, consider the following if you plan to install more than 100 hosts in
your data center:
■ Deploy the Enterprise Controller and the Proxy Controller on separate systems.
■ Using the OS Update functionality requires faster disks and stripped disk configurations.
This is critical for large scale deployments.
■ Consider Solaris Zones and Sun Logical Domains as additional hosts, or agents.

Enterprise Controller recommendations:

■ A minimum of 8 cores is strongly recommended for larger environments
■ OS Update functionality will benefit from a faster core CPU speed on the Enterprise
Controller

Proxy Controller recommendations:

50 Ops Center Site Preparation Guide • March 2010

 System Scaling

■ Monitoring is optimized for multiple cores. Proxy Controllers that manage service
processors (SPs) will benefit from more cores.

Use the Chapter 21, “OC Doctor,” utility with the --performance flag to determine your
hardware's benchmark times (BT).

See ** for the estimated BT for common Sun hardware.

Enterprise Controller Matrix

The following matrix provides general guidelines for planning your Enterprise Controller
hardware. The systems specified in the table are intended to be examples. Machine speed might
vary based on OS, core CPU speed, the number of cores and the number of disks. Service
processor monitoring generates heavier load than OS, as monitoring is done from the Proxy
Controller.

Note - For maximum performance, avoid using a co-located Proxy Controller (Enterprise
Controller and Proxy Controller installed on the same system) in environments with more than
100 hosts.

Up to 75 agents 75 to 200 agents 200 to 450 agents 450 to 750 agents

OS Agents only RAM: 6 GB RAM: 8 GB RAM: 12 GB RAM: 16 GB

Disk: 80 GB avail Disk: 100 GB avail Disk: 120 GB avail Disk: 160 GB avail
Proxies: 1 Proxies: 1 Proxies: 2 Proxies: 3 or more
BT: 100-300 BT: 70-100 BT: 30-50 BT: < 30

Service Processors only RAM: 6 GB RAM: 8 GB RAM: 12 GB RAM: 16 GB

Disk: 80 GB avail Disk: 100 GB avail Disk: 120 GB avail Disk: 160 GB avail
Proxies: 1 Proxies: 1-4 Proxies: 2 Proxies: 3 or more
BT: 100-300 BT: 60-100 BT: 40-60 BT: < 40

OS+Service Processors RAM: 8 GB RAM: 16 GB RAM: 24 GB RAM: 32 GB

Disk: 100 GB avail Disk: 100 GB avail Disk: 120 GB avail Disk: 160 GB avail
Proxies: 1 Proxies: 1-2 Proxies: 2-3 Proxies: 3 or more
BT: 100-200 BT: 50-100 BT: 30-50 BT: < 30

Proxy Controller Matrix

The following matrix provides general guidelines for planning your Proxy Controller hardware.

Chapter 7 • Decision: What Type of Systems for the Enterprise Controller and Proxy Controllers? 51
System Scaling

The systems specified in the table are intended to be examples. Machine speed might vary based
on OS, core CPU speed, the number of cores and the number of disks. Service processor
monitoring generates heavier load than OS, as monitoring is done from the Proxy Controller.

Note - For maximum performance in environments with more than 100 hosts, avoid using a
co-located Proxy Controller (Enterprise Controller and Proxy Controller installed on the same
system). OS update functionality benefits from a faster core CPU speed on the Enterprise
Controller.

Up to 75 agents 150 agents 200 agents 300 or More Agents

OS Agents only RAM: 4 GB RAM: 4 GB RAM: 6 GB RAM: 8 GB

Disk: 20 GB avail Disk: 40 GB avail Disk: 60 GB avail Disk: 80 GB avail
BT: 120-300 BT: 50-120 BT: < 90 BT: < 80

Service Processors only RAM: 4 GB RAM: 4 GB RAM: 6 GB RAM: 8 GB

Disk: 20 GB avail Disk: 40 GB avail Disk: 60 GB avail Disk: 80 GB avail
BT: 120-300 BT: 50-120 BT: < 90 BT: < 80

OS+Service Processors RAM: 4 GB RAM: 6 GB RAM: 8 GB RAM: 12 GB

Disk: 40 GB avail Disk: 60 GB avail Disk: 80 GB avail Disk: 100 GB avail
BT: 100-200 BT:< 100 BT: < 80 BT: < 50

BT = Benchmark time using the Ops Center Doctor benchmark utility.

52 Ops Center Site Preparation Guide • March 2010

 8
C H A P T E R 8

About SPARC Enterprise Server Support

You can use Ops Center to discover, provision, update, and manage your Sun SPARC
Enterprise? M3000/M4000/M5000/M8000/M9000 servers and Fujitsu SPARC Enterprise
M3000/M4000/M5000/M8000/M9000 servers, also referred to as SPARC Enterprise M-series
servers.

The SPARC Enterprise servers contain eXtended System Control Facility (XSCF) firmware,
which is a system monitoring and control facility consisting of a dedicated processor that is
independent from the system processor. The XSCF provides an interface between the user and
the server.

The XSCF is the firmware running on the service processor in the server. The firmware is a
single centralized point for the management of hardware configuration, control of hardware
monitoring, cooling system (fan units), domain status monitoring, power on and power off of
peripheral devices, and error monitoring. XSCF firmware uses different functions to achieve
high system availability and it has a partitioning function to configure and control domains.

A single XSCF service processor is installed in the SPARC Enterprise M3000, M4000, and
M5000 servers. In the SPARC Enterprise M8000 and M9000 servers, two XSCF service
processors are installed in the server; these two service processors are highly available and only
one service processor is active at a time.

When hardware resources in the server are logically divided into one or more units, each set of
divided resources can be used as one system, which is called a domain. A Solaris OS can operate
in each domain.

53
Requirements

Requirements
Ops Center is qualified to run on SPARC Enterprise M3000/M4000/M5000/M8000/M9000
servers running Solaris 10 10/08 operating system with the following requirements:
■ Create and configure domains manually on the server. See Domain Configuration in the
Sun SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User's Guide.
■ Configure the domains manually.
■ In the XSCF service processor, create an xvmoc user with platadm privilege.
■ Create a group for the SPARC Enterprise servers.
■ Use the firmware version that is recommended for the server.

Supported Features in Ops Center

The following Ops Center features are supported for SPARC Enterprise Servers:
■ Discovering XSCF service processors and existing domains
■ Power On/Power Off on XSCF service processors and domains
■ Provisioning OS in domains
■ Provisioning firmware
■ Updating the OS in domains
■ Monitoring

Specific procedures are required to discover and provision firmware on the SPARC Enterprise
M-Series servers. The tasks for updating the domain OS is the same as updating a system OS.

What Is Not Supported

■ Creating and deleting domains
■ Adding and removing the system board to domain
■ Monitoring the service processor hardware
■ Monitoring the domain sensor information and hardware

54 Ops Center Site Preparation Guide • March 2010

 9
C H A P T E R 9

Decision: What Type of Network Configuration?

Network Port Requirements and Protocols

Ops Center has several communication requirements:
■ “Network Requirements and Data Flow” on page 55
■ “List of Ports and Protocols” on page 56
■ “To Verify Network Access to Required Web Sites” on page 111

In addition, depending on the environment being managed, the Enterprise Controller might
need to access a number of vendor sites to download patches or other knowledge. Review the
Chapter 26, “Vendor Download Sites,” page for a list of vendor sites.

Network Requirements and Data Flow

At least one proxy controller is mandatory. It is installed during the Enterprise Controller's
installation, either on the same machine or on a separate server.

55
Network Port Requirements and Protocols

List of Ports and Protocols

The Enterprise Controller's default port is 443. If port 443 is in use, the Enterprise Controller
uses port 11165.
The following is a list of required ports.

Communication Protocol and Port Purpose

Browser to Enterprise Controller HTTPS, TCP 9443 Web interface

Browser to Enterprise Controller HTTP, TCP 80 Redirect to port 9443

Proxy Controller to Enterprise Controller HTTPS, TCP 443 Proxy Controller push of asset inventory data to
Enterprise Controller
Proxy Controller pull of jobs, update, agent, and OS
images

56 Ops Center Site Preparation Guide • March 2010

 Network Switch Configuration

Communication Protocol and Port Purpose

Proxy Controller to Systems FTP, TCP 21 Discovery, bare metal provisioning, system
management, and monitoring
SSH, TCP 22
Telnet, TCP 23
DHCP, UDP 67,68
SNMP, UDP 161,162
IPMI, TCP+UDP 623
Service Tags, TCP 6481

Agent to Proxy Controller HTTPS, TCP 21165 Agent push of asset inventory data to Proxy Controller
Agent pull of jobs

Agent to Proxy Controller HTTPS, TCP 8002 Agent download of updates from Proxy Controller

OS to Proxy Controller HTTPS, TCP 8004 OS provisioning completion status

Used for Linux provisioning
Used to download the agent tar ball after OS
provisioning
Used to upload the status messages to the Proxy
Controller/Enterprise Controller about failed agent
installations

Java client to public APIs Transport Layer JMX access from clients
Security(TLS), port 11162

WMI to agent port 11162 WMI communication to agent

NFS/CIFS access from LDom Hosts and

Enterprise Controller

Enterprise Controller port 8005 Enterprise Controller in disconnected mode

Network Switch Configuration

These are basic guidelines for network switches that are used with systems running Ops Center.
■ 1 * 8 or 16 port Virtual LAN (VLAN) capable managed switch
■ Create a separate VLAN for corporate network and create a separate VLAN for
management and provisioning networks
■ Disable spanning-tree protocols on the switch

Ethernet connectivity recommendations:

Chapter 9 • Decision: What Type of Network Configuration? 57

Reference Configurations

■ The management network should be a 10/100 connection.

■ The provisioning and data networks should be a 10/100/1000 (1 Gbyte) connection.

Reference Configurations
This section provides the reference configurations and connectivity information for Ops
Center.

Other configurations are possible, such as using separate switches for each network. You can
implement your network using any combination of VLANs and switches. Each network,
whether management, provisioning, or data, should be assigned to separate VLANs.

Section Description

“Separate Management, Provisioning, and Data Networks” on Describes the connectivity requirements for the separate
page 58 management, provisioning, and data networks configuration.

“Combined Management and Provisioning Network and a Describes the connectivity requirements for the combined
Separate Data Network” on page 60 management, provisioning and separate data networks
configuration.

“Combined Provisioning and Data Network and a Separate Describes the connectivity requirements for the combined
Management Network” on page 64 provisioning, data and separate management networks
configuration.

“Combined Provisioning, Data, and Management Network” on Describes the connectivity requirements for the combined
page 62 provisioning, data, and management networks configuration.

Separate Management, Provisioning, and Data Networks

58 Ops Center Site Preparation Guide • March 2010

 Separate Management, Provisioning, and Data Networks

When designing a separate network, the following guidelines apply:

■ Configuring separate management, provisioning, and data networks is the best practice.
■ Separate networks provide the highest security and the lowest number of points of failure.
■ Additional NICs are needed to support this configuration.

Chapter 9 • Decision: What Type of Network Configuration? 59

Combined Management and Provisioning Network and a Separate Data Network

The following list summarizes the connectivity requirements for the separate management,
provisioning, and data networks configuration.
■ Enterprise Controller/Proxy Controller
The enterprise controller/proxy controller should provide connectivity to the management
network, provisioning network, and corporate network as follows:
■ ETH0 connects the enterprise controller/proxy controller to the corporate network to
provide external access. The ETH0 IP address, netmask, and gateway should be
configured to meet your corporate environment connectivity requirements.
■ ETH1 connects the enterprise controller/proxy controller to the provisioning network
and should be on the same network as the ETH0 connections of the agents. No devices
other than the enterprise controller/proxy controller and the agents should reside on the
provisioning network. ETH1 should be a 1-Gbit NIC interface.
■ ETH2 connects the enterprise controller/proxy controller to the management network
and should be on the same network as the management port connections of the agents.
The ETH2 IP address, netmask, and gateway should be configured to enable
connectivity to the agent's management port IP addresses. ETH2 should be a
100-megabit NIC interface.
■ The DHCP service allocates IP addresses to the agents for loading operating systems.
■ Agents
Each agent should provide connectivity to the management network, provisioning network,
and data network as follows:
■ The management port connects the agent to the management network and should be on
the same network as the ETH2 connection of the enterprise controller/proxy controller.
The management port should be a 100-megabit connection.
■ ETH0 connects the agent to the provisioning network and must be on the same network
as the ETH1 connection of the enterprise controller/proxy controller. ETH0 should be a
1-Gbyte connection.
■ ETH1 connects the agent to the data network through the switch to provide external
corporate network access to the agent. ETH1 should be a 1-Gbyte connection.

Combined Management and Provisioning Network and a

Separate Data Network

60 Ops Center Site Preparation Guide • March 2010

 Combined Management and Provisioning Network and a Separate Data Network

For this configuration, an additional NIC does not need to be installed on the enterprise
controller/proxy controller. The combined management and provisioning network reduces
system and network security.

Chapter 9 • Decision: What Type of Network Configuration? 61

Combined Provisioning, Data, and Management Network

The following list summarizes the connectivity requirements for the combined management
and provisioning network and the separate data network configuration.
■ Enterprise Controller/Proxy Controller
The enterprise controller/proxy controller should provide connectivity to the management
and provisioning network as follows:
■ ETH0 connects the enterprise controller/proxy controller to the corporate network to
provide external access. The ETH0 IP address, netmask, and gateway should be
configured to meet your corporate environment connectivity requirements.
■ ETH1 connects the enterprise controller/proxy controller to the management and
provisioning network and should be on the same network as the MGMT and ETH0
connections of the agents. No devices other than the enterprise controller/proxy
controller and the agents should reside on the management and provisioning network.
The ETH1 IP address, netmask, and gateway should be configured to enable
connectivity to the agent's management port IP addresses. ETH1 should be a 1-Gbit NIC
interface.
■ The DHCP service allocates IP addresses to the agents for loading operating systems.
■ Agents
Each agent should provide connectivity to the management and provisioning network and
the separate data network as follows:
■ The management port connects the agent to the management and provisioning network
and should be on the same network as the ETH1 connection of the enterprise
controller/proxy controller. The management port should be a 100-megabit connection.
■ ETH0 connects the agent to the management and provisioning network and must be on
the same network as the ETH1 connection of the enterprise controller/proxy controller.
ETH0 should be a 1-Gbyte connection.
■ ETH1 connects the agent to the data network through the switch to provide external
corporate network access to the agent. ETH1 should be a 1-Gbyte connection.

Combined Provisioning, Data, and Management Network

62 Ops Center Site Preparation Guide • March 2010

 Combined Provisioning, Data, and Management Network

For this configuration, an additional NIC does not need to be installed on the enterprise
controller/proxy controller. The combined management, provisioning, and data networks
greatly reduces system and network security.

The following list summarizes the connectivity requirements for the combined management,
provisioning, and data networks configuration.

Chapter 9 • Decision: What Type of Network Configuration? 63

Combined Provisioning and Data Network and a Separate Management Network

■ Enterprise Controller/Proxy Controller

The enterprise controller/proxy controller should provide connectivity to the combined
management, provisioning, and data network and to the corporate network as follows.
■ ETH0 connects the enterprise controller/proxy controller to the corporate network to
provide external access. The ETH0 IP address, netmask, and gateway should be
configured to meet your corporate environment connectivity requirements.
■ ETH1 connects the enterprise controller/proxy controller to the combined
management, provisioning, and data network and should be on the same network as the
MGMT and ETH0 connections of the agents. No devices other than the enterprise
controller/proxy controller and the agents should reside on the combined network.
ETH1 should be a 1-Gbit NIC interface.
■ The DHCP service allocates IP addresses to the agents for loading operating systems.
■ Agents
Each agent should provide connectivity to the management network, provisioning network
and data network as follows:
■ The management port connects the agent to the management, provisioning, and data
network and should be on the same network as the ETH1 connection of the enterprise
controller/proxy controller. The management port should be a 100-megabit connection.
■ ETH0 connects the agent to the management, provisioning, and data network, and must
be on the same network as the ETH1 connection of the enterprise controller/proxy
controller. ETH0 also connects the agent to the data network through the switch to
provide external corporate network access to the agent. ETH0 should be a 1-Gbyte
connection.

Combined Provisioning and Data Network and a Separate

Management Network

64 Ops Center Site Preparation Guide • March 2010

 Combined Provisioning and Data Network and a Separate Management Network

The following list summarizes the connectivity requirements for the combined data and
provisioning network and the separate management network configuration.
■ Enterprise Controller/Proxy Controller

Chapter 9 • Decision: What Type of Network Configuration? 65

Combined Provisioning and Data Network and a Separate Management Network

The enterprise controller/proxy controller should provide connectivity to the provisioning

and data network and to the separate management network as follows:
■ ETH0 connects the enterprise controller/proxy controller to the corporate network to
provide external access. The ETH0 IP address, netmask, and gateway should be
configured to meet your corporate environment connectivity requirements.
■ ETH1 connects the enterprise controller/proxy controller to the provisioning and data
network and should be on the same network as the ETH0 connections of the agents. No
devices other than the enterprise controller/proxy controller and the agents should
reside on the data and provisioning network. ETH1 should be a 1-Gbit NIC interface.
■ ETH2 connects the enterprise controller/proxy controller to the management network
and should be on the same network as the management port connections of the agents.
The ETH2 IP address, netmask, and gateway should be configured to enable
connectivity to the agent's management port IP addresses. ETH2 should be a
100-megabit NIC interface.
■ The DHCP service allocates IP addresses to the agents for loading operating systems.
■ Agents
Each agent should provide connectivity to the management network and to the combined
data and provisioning network as follows:
■ The management port connects the agent to the management network and should be on
the same network as the ETH2 connection of the enterprise controller/proxy controller.
The management port should be a 100-megabit connection.
■ ETH0 connects the agent to the data and provisioning network to provide external
corporate network access to the agent. ETH0 connection must be on the same network
as the ETH1 connection of the enterprise controller/proxy controller. ETH0 should be a
1-Gbyte connection.

66 Ops Center Site Preparation Guide • March 2010

 10
C H A P T E R 1 0

Decision: How Will You Use Ops Center?

Ops Center Operations

Chapter 11, “Provision an OS”

Chapter 12, “Provision Firmware”

Chapter 13, “About Updating an OS”

Chapter 14, “Virtualization”

Chapter 15, “Using Groups”

67
68
 11
C H A P T E R

Provision an OS
1 1

Provision an OS Introduction
Operating system (OS) provisioning enables you to use Ops Center to automatically install
operating systems onto systems that are attached to your network. In most circumstances, OS
provisioning requires no manual interaction with the system that you want to install. You
initiate these OS installations from a centralized location, using the Ops Center BUI, rather
than from the systems that you want to install.

Check “Supported Operating Systems” on page 44 for the list of operating systems that you can
provision with Ops Center.

OS provisioning involves three main tasks:

■ Creating and Managing OS Images
■ Creating and Managing OS Profiles
■ Provisioning Operating Systems

Creating OS images and creating OS profiles are one-time tasks for each OS configuration that
you want to provision. After an OS image and associated OS profile exist in Ops Center, you can
provision the OS onto systems that are attached to your network.

Ops Center enables OS provisioning on single systems, groups of systems, or a combination of

the two. OS provisioning for groups of systems requires using homogeneous groups, as
described in Creating a Group and Adding Assets to a Group.

69
70
 12
C H A P T E R

Provision Firmware
1 2

Provision Firmware Introduction

Ops Center automates firmware provisioning at a single chassis or system level, and at data
center level. The provisioning process is similar, regardless of the hardware, operating system,
or underlying technology that you are deploying.

Firmware provisioning enables you to install firmware updates on a server by using firmware
images and firmware profiles.

At a high level, provisioning firmware involves the following steps:

1. Importing a firmware file with the associated metadata into the Firmware Library.
2. Creating firmware profiles based on one or more firmware images.
3. Updating firmware based on the profile and its associated firmware images or by applying
updates based on the output of a Firmware Compliance report.

71
72
 13
C H A P T E R 1 3

About Updating an OS

Using Ops Center, operating systems are secure and current. You can patch the following
operating systems:
■ Solaris 8, 9, and 10 (SPARC)
■ Solaris 10 (x86)
■ Red Hat Linux Advanced Server 3, 4, and 5
■ SUSE Linux Enterprise 8, 9, and 10
■ Microsoft Windows

The processes for installing patches on Solaris and Linux operating systems are very similar.
The process for updating Windows is different. Detailed information is available in each
OS-specific section.

Managing Systems
Before you can use Ops Center to patch and update an OS, you must discover the OS to gather
identification for each operating system and then you must manage the OS to install the agent
controller software. The agent controller software allows Ops Center to check the current
condition of the operating system and to perform update operations.

When you manage an OS, the following actions occur:

1. The Agent is registered. This might take five minutes. Until the agent is registered, you
cannot perform any update functions.
2. A Notification is displayed when the agent OS update functionality is enabled. The agent is
registered and the Target Selector is enabled.
3. The agent runs an inventory check and creates an OS Update Catalog for the system.
4. A notification is displayed when the OS Update Catalog is available. The OS Update Catalog
actions are enabled.

73
Obtaining Patches

Obtaining Patches
By default, Ops Center software downloads patches and new software using Internet access.
The Enterprise Controller is connected to the Internet and to the Solaris Knowledge Services
database. You can configure Ops Center to connect to third party vendors, such as Red Hat, and
provide authentication details. When you run an update job, the patches are downloaded from
the corresponding site. For example, Solaris OS patches are available from the SunSolve web site
and Red Hat patches are available from the Red Hat site.

Ops Center downloads only signed patches from SunSolve or EIS DVD. The patches must be in
the jar or jar.gz format or in the patch directory.

If your data center cannot have direct Internet access, configure the software to operate in
Disconnected mode. In this mode, the Enterprise Controller is not connected to the Internet
and you must upload all content, such as patches, to the Enterprise Controller. To obtain the
patches and packages, you must run the harvester script on a system outside of the data center
that does have Internet access. You then save the downloaded information to a portable media
device, such as a CD or DVD, and bring it to your data center for manual upload. The uploaded
software is stored in the Local Content section of the Updates Library.

Another option is to run your Enterprise Controller in Disconnected Mode until you need to
download patches or packages. You then change the Enterprise Controller's mode to
Connected only to download the required patches and packages, and then change back to the
Disconnected mode.

Local Content (Solaris and Linux OS only)

Local Content enables you to save custom files, scripts, executables, or binaries in the Updates
Library. You can save these files on your hosted tier and they remain private to your
organization. Your local content files might include instructions that must be carried out before
or after a job. For example, you might use local content to test managed hosts before running a
job.

You can add categories for your content in the Updates Library, edit a component file, and
delete a local component from your library.

Reports
Several OS Update reports are available. Reports are OS-specific, but many reports check for
new patches and security advisories. You can get a general report, or test a system or installed
package for available fixes. For auditing purposes, you can create a Ops Center job history
report.

74 Ops Center Site Preparation Guide • March 2010

 Update Job

Detailed information is available in each OS-specific section. When you create a report, you
select the criteria that are relevant to you, such as a list of hosts that have a specific patch or a list
of hosts that do not have a specific patch. You can export the results of most reports to a CSV
format.

For Solaris Baseline Analysis Reports, you can run the report much quicker if you run a patch
simulation and do not download the patches.

The BUI supports column-based sorting in the Report Results section for all the OS Update
reports except for Job History Report and Baseline Analysis Report. Clicking on any field in the
header part of the results table in the center panel will sort the results of that column.

System Catalogs (Solaris and Linux OS only)

A list of installed OS software components is available in the system catalog. The catalog is
automatically created when you first manage the OS. You can display and modify the catalog.
You can also create historical catalogs, which are snapshots of the OS. You can use the System
Catalog to create a snapshot of your OS before you run an update job.

You can upload patches, packages, and local content and save it in the Updates Library. Local
content includes files, scripts, executables, or binaries that are not known to the hosted tier and
are private to your organization. Your local content files typically include instructions that must
be carried out before or after an update job.

Update Job
Ops Center contains the following options in an update job to maintain control and consistency
across your data center:
■ Groups - Help you to organize the display of assets in the user interface and act as targets for
many types of jobs.
■ Roles - Enable you to determine the tasks that a user can perform on a specific asset, or a
group of assets.
■ Update Profiles - Define what you will allow, or not allow, to be installed on a target. You
can select from a list of predefined profiles, your existing custom profiles, or you can create a
new profile by modifying an existing profile.
■ Update Policies - Define how a job is performed and sets the automation level of the job.
You can select from a list of your existing policies or you can create a new policy.
■ Solaris Baselines, white lists, and black lists - Enable you to bring all systems to a baseline,
and remove or add patches from the list of patches to install.
■ Local Content - Enable you to add custom packages, software, and scripts

Chapter 13 • About Updating an OS 75

Update Job

■ Patch Simulations - Estimates how much time is required to complete an update job based
on the policy and profile and if the job will succeed.
■ Rollback and recovery capabilities - Enables you to back out patches
■ Reports - Maintain patch records, including compliance reports and patch history.

You can define the following job parameters while creating a new update job:
■ Job Name and Description - Identifies the job in the Jobs list. A detailed description is
helpful in clearly identifying the job in the historical record. You can rerun existing jobs.
■ Profile - Defines what you will allow, or not allow, to be installed on a target. You can select
from a list of predefined profiles, your existing custom profiles, or you can create a new
profile by modifying an existing profile.
■ Policy - Defines how a job is performed and sets the automation level of the job. You can
select from a list of your existing policies or you can create a new policy.
■ Target Settings - Defines whether the target should be different or similar for each task in the
job.
■ Run Type - Defines whether this job is in simulation mode or is an actual run. You can
choose to deploy the job, or to run a job simulation. A job simulation determines the actions
and results of a job, and estimates how much time is required to complete the job. Job
simulations also indicate if your policy and profile responses will enable the job to succeed.
You can tun a job simulation without downloading patches and packages.
■ Task Execution Order - Specifies whether the tasks should be run in parallel or sequentially.
■ Task Failure Policy - Specifies what action to take if the task fails.
■ Targets - Selects the target systems for the job.

Solaris OS Patching
The following package and patch services and features are supported for patching the Solaris
OS in Ops Center:
■ Recommended patch clusters
■ Solaris baseline reports
■ Custom packages
■ Active dependency rules
■ Patch analysis
■ Job simulation
■ Job scheduling
■ Rollback and recovery

You can use Solaris Live Upgrade to update your Solaris software or you can update your Solaris
Containers and zones.

76 Ops Center Site Preparation Guide • March 2010

 Update Job

Linux OS Patching
The following package and RPM installation services and features are supported for patching
Linux systems in Ops Center:
■ Linux Red Hat Package Manager (RPM)
■ Custom packages
■ Active dependency rules
■ Patch analysis
■ Job simulation
■ Job scheduling
■ Rollback and recovery

Windows OS Patching
The following features are supported for patching Windows systems in Ops Center:
■ Patch analysis
■ Job scheduling

Using Profiles and Policies to define and control the

job (Solaris and Linux only)
Solaris and Linux OS use profiles and policies to manage update jobs, use your own files and
scripts in Ops Center, and create snapshots (known as system catalogs.)

Chapter 13 • About Updating an OS 77

78
 14
C H A P T E R

Virtualization
1 4

Virtualization maximizes utilization of resources and has become an important technology

across all aspects of the IT environment.

Ops Center can manage assets and resources even if they are virtual assets and resources.

The Virtualization Controller manages and monitors the agent software on a virtual asset or
storage resource as if it were a physical component.

Ops Center supports the following virtualization technology:

■ Solaris OS virtualization
■ SPARC server virtualization

Logical Domains
Logical Domains, or LDoms, technology is part of a suite of methodologies for consolidation
and resource management for SPARC CMT systems. This technology allows you to allocate a
system's various resources, such as memory, CPU threads, and devices, into logical groupings
and create multiple discrete systems. These discrete systems will have their own operating
system, resources, and identity within a single system. By careful architecture, a Logical
Domains environment can help you achieve greater resource usage, better scaling, and
increased security and isolation.

79
Solaris Containers

Solaris Containers
Solaris Containers are an integral part of the Solaris 10 operating system (OS). Solaris
Containers isolate software applications and services using flexible software-defined
boundaries. They enable you to create many private execution environments within a single
instance of the Solaris 10 OS. Each environment has its own identity that is separate from the
underlying hardware. Each environment behaves independently as if running on its own
system, making consolidation simple, safe, and secure.

You can build Solaris Containers by using the following technologies:

■ Solaris Resource Manager
■ Solaris Zones partitioning technology

80 Ops Center Site Preparation Guide • March 2010

 15
C H A P T E R

Using Groups
1 5

Groups are administrative structures that contain assets. They appear in the Assets section of
the Navigation panel. Groups can contain any number of assets, and assets can be placed in
more than one group.

User-Defined Groups
User-defined groups can contain any type of asset:
■ Homogeneous groups contain a single type of asset: server, chassis, or operating system.
■ Heterogeneous groups can contain several types of assets.

Smart Groups
Smart groups are automatically generated to organize all of your assets by type.

You can use groups to organize your assets and act as targets for many types of jobs.
Homogeneous server groups, for example, can be targeted with OS provisioning or firmware
update jobs.

81
82
 16
C H A P T E R 1 6

Decision: Who Will Use Ops Center?

Defining User Roles

Chapter 17, “Roles and Authorizations”

“Ops Center Users and Groups” on page 108

“Notifications” on page 87

83
84
 17
C H A P T E R 1 7

Roles and Authorizations

Roles and Authorizations Introduction

Roles grant users the ability to use the different functions of Ops Center. By giving a role to a
user, an administrator can control what functions are available to that user on specific assets
and groups.

Each role grants a user a specific set of authorizations. To perform a job, you must have the
correct role for the assets or group targeted by the job. Administrators can grant roles to a user
that cover the following assets or groups:
■ Enterprise Controller
■ All Assets group
■ User-created groups
Note - Subgroups inherit the roles assigned to the parent group.

85
Enterprise Controller Admin Role

Enterprise Controller Admin Role

The Enterprise Controller Admin role grants root access to Ops Center. A user with the
Enterprise Controller Admin role can perform asset discovery, perform administration actions
on Ops Center, add new users, and edit roles. When Ops Center is configured, the privileged
user is automatically given this role. At least one user must have this role.

All Assets Admin Role

A user with the All Assets Admin role can perform any action, including provisioning,
updating, and managing, on any asset or group. When Ops Center is configured, the privileged
user is automatically given this role.

86 Ops Center Site Preparation Guide • March 2010

 Notifications

Group Roles
An Enterprise Controller Admin can grant one or more of these roles to any user for any
user-defined group:

Content Description

Group Admin This role allows the user to use administration actions such as adding or removing assets.

Group Provision This role allows the user to provision new operating systems and firmware.

Group Update This role allows the user to do patching.

Group Update Simulate This role allows the user to run simulated update jobs.

Group Manage This role allows the user to use management and monitoring actions.

“Ops Center Users and Groups” on page 108

Notifications
Notification Profiles determine how notifications are sent to a user and what levels of
notifications are sent. By configuring separate notification profiles, different users can receive
specific levels of notifications through the BUI, through email, or through a pager. Different
levels of notifications can be sent for specific Virtual Pools, Groups, or top-level Smart Groups.
Four levels of notification can be sent to a destination:
■ None
■ Low and Higher
■ Medium and Higher
■ High

If a user has no notification profile, all notifications for all assets are sent to the BUI, and no
notifications are sent to other destinations.

Chapter 17 • Roles and Authorizations 87

88
 18
C H A P T E R

Getting Ready
1 8

Getting Ready Introduction

Chapter 19, “Tasks for Preparing a Site”

Chapter 20, “Verifying Account Access”

Chapter 22, “Verifying Solaris OS System Resources”

Chapter 23, “Verifying Linux System Resources”

Chapter 24, “Verifying Resources for Agent Installation”

Chapter 25, “Obtaining the Software”

Chapter 26, “Vendor Download Sites”

89
90
 19
C H A P T E R 1 9

Tasks for Preparing a Site

Tasks for Preparing a Site Introduction

This figure shows the task flow for preparing a site.

91
Tasks for Preparing a Site Introduction

92 Ops Center Site Preparation Guide • March 2010

 Prepare the Agents

Determine System Requirements

■ Inventory the equipment that you want to use with Ops Center.
■ Determine which server you will use for the Enterprise Controller and, if desired, the proxy
controller.
■ Determine which operating system you will install.
■ Determine which assets you will monitor and manage using the Ops Center and, based on
the total, determine your switch requirements.

See the following sections:

■ “Ops Center System Requirements” on page 33
■ Preparing a System for Installation

Map Your Network

■ Determine the IP addressing scheme for the management, provisioning, and data networks.
■ Determine whether you will use a single-switch configuration in which all connections are
on a single switch, or a two-switch configuration, in which the management network is
isolated on one switch and the data and provisioning networks are on the second switch.
■ Determine the VLAN assignments.

See the examples in “Reference Configurations” on page 58.

Connect the Hardware

Cable the equipment according to manufacturers' instructions.

Prepare the Agents

Assign an IP address to the management port of each agent.

For ILOM, ALOM, and SP-based agents, see the server documentation for information about
assigning IP addresses to the server's management port. You can also locate the server
documentation at http://sunsolve.sun.com/handbook_pub/Systems/.

Chapter 19 • Tasks for Preparing a Site 93

Install and configure the operating system on the Enterprise Controller's and Proxy Controller's server.

Install and configure the operating system on the Enterprise

Controller's and Proxy Controller's server.
See the instructions in the Installation section of the product wiki.

94 Ops Center Site Preparation Guide • March 2010

 20
C H A P T E R 2 0

Verifying Account Access

Ops Center requires that you provide a valid Sun Online Account name and password when
you register the Enterprise Controller with the Sun Inventory online service. If you have Linux
systems that you intend to update using Ops Center, a valid Red Hat Network or Novell account
must be available.

Verifying Your Sun Online Account

To verify that you have a valid Sun Online Account, in a web browser, go to the My Sun
Connection site and enter your Sun Online account name and password in the fields provided.

Your login succeeds if you have a valid Sun Online Account. The My Account tab on the My
Sun Connection site enables you to manage your Sun Online Account, including updating
account information, and managing support contracts and licenses.

Creating a Sun Online Account

If you do not yet have a valid Sun Online Account, the Join Now link on the My Sun Connection
login page enables you to register for a Sun Online Account.

Setting a Team Name

Ops Center can be configured to run in either connected or disconnected mode. In connected
mode, user management is performed by using the Sun Inventory portal. If you intend to run
Ops Center in connected mode, log in to the Sun Inventory portal and set your default team
name to a value of your choice.
1. In a browser, access the following URL:
https://inventory.sun.com/inventory/

95
Verifying Your Red Hat Network or Novell Account

2. Log in using your Sun Online Account.

3. From the Teams menu, select Change Team Properties.
4. Change the Team Name field to list the team name that you want to use, and click OK.
5. Log out of Sun Inventory.

Verifying Your Red Hat Network or Novell Account

Verify that your Red Hat Network or Novell account allows access to software updates.

96 Ops Center Site Preparation Guide • March 2010

 21
C H A P T E R

OC Doctor
2 1

The Ops Center Doctor utility is designed to check requirements and identify potential issues
before deploying Ops Center and to assist with post-deployment troubleshooting.

The utility has an internal knowledge base for detecting known issues and workarounds which
gets updated on a regular basis.

Utility Download
The utility is updated on a regular basis. To receive email notification of an update to this page,
including when a new version is available, click Tools, then click Watch This Space.
Alternatively, use the self Auto-Update option (*-update*) to automatically download the latest
version.

Download the latest OCDoctor utility here:

OC Doctor Version 1.11 (March 12 2010)

OC Doctor Version 1.11 (March 12 2010)

Running the OCDoctor

Run the OCDoctor without parameters to get a list of all the options:

# ./OCDoctor.sh

-------- Preinstallation functions ----------

[ --sat-prereq] Check if Enterprise controller /

97
Running the OCDoctor

(Satellite) requirements are met (can be used on Proxy)

[ --agent-prereq] Check if Agent requirements are met

[ --performance] Check machine speed and provide BT score /

(Benchmark Time). Run when the machine is idle.

-------- Troubleshooting / Tuning functions ----------

[ --troubleshoot ] [--fix] Scan the installed components for issues. --fix will /

attempt to fix when available

[ --collectlogs ] <params> Collects all logs from current system, optional /

params to pass to collect script

[ --needhelp ] Display information on how to gather additional info and /

how to open a support case

[ --tuning ] Scan current configuration and suggest improvements

[ --whatisblobid ] <id> Debugging: Provide details about a specific blob id

-------- Other ----------

[ --update ] Check for newer version of the Doctor online

For additional information and updates visit http://wikis.sun.com/display/OC2dot5/OC+Do /

ctor

98 Ops Center Site Preparation Guide • March 2010

 Options

Options
The following options are are available:
■ “Pre-Installation” on page 99
■ “Troubleshooting and Tuning” on page 100
■ “Auto-Update” on page 101

Pre-Installation
The following pre-installation tests are available:
■ -sat-prereq - Verifies that the Enterprise Controller requirements are met.
■ -performance - Checks the machine speed and provides a Benchmark Time (BT) score. To
ensure the best results, run this command when the machine is idle.
■ -agent-prereq - Verifies that the Agent requirements are met.

sat-prereq Option
Run the following command on the system that will be your Enterprise Controller to verify that
the minimum requirements are met.

# ./OCDoctor.sh --sat-prereq

performance Option
The output of this option enables you to determine the best Enterprise Controller and Proxy
Controller configuration for your data center. For maximum performance in environments
with more than 100 systems, avoid using a co-located Proxy Controller (Enterprise Controller
and Proxy Controller installed on the same system).

Run the following command on the systems that will be your Enterprise Controller and Proxy
Controller to determine the system speed and establish a BT score:

# ./OCDoctor.sh --performance

After you obtain the output, go to “System Scaling” on page 50. The Enterprise Controller and
Proxy Controller matrices provide general guidelines for planning your system requirements.

agent-prereq Option
Run the following command on systems that you are planning to install an agent on to verify
that the minimum requirements are met.

# ./OCDoctor.sh --agent-prereq

Chapter 21 • OC Doctor 99
Options

Troubleshooting and Tuning

The following functions assist in troubleshooting after you deploy the software:
■ -troubleshoot - Scans the installed components for issues. You can run this on the
Enterprise Controller, Proxy Controller and the Agent Controller.
■ -troubleshoot -fix - Will attempt to fix issues when a fix is available.

Tip – You can also run the -troubleshoot option inside a broken zone to troubleshoot a problem.

■ -needhelp - Display information on how to gather additional information and how to open
a support case. Try this option if the -troubleshoot did not identify the problem.

Note – Support often asks for GDD output. The latest GDD utility is bundled inside the
OCDoctor in the GDD folder. For more information about the GDD, see Sun Gathering Debug
Data for Sun Ops Center.
■ -tuning - Scans current configuration and suggests improvements.
■ -whatisblobid
<BLOBID> - This is used for debugging: Blob IDs is what Ops Center uses to point to
patches, RPMs and Local files. The Blob IDs show up in various log files. This option will
provide details about a specific blob id.

Run this option on the Enterprise Controller. For example:

# ./OCDoctor.sh --whatisblobid 40006972

-------------------------------------------------

Blob 40006972 is:

120719-02 SunOS 5.10 : SunFreeware gzip patch

Channel - Solaris 10 (SOLARIS_10_0_SPARC)

-------------------------------------------------

100 Ops Center Site Preparation Guide • March 2010

 Options

Auto-Update
■ -update - Checks for a newer version of the Doctor online and automatically install the
newer version.

# ./OCDoctor.sh --update

If your system need a proxy server to access the web, you can configure the proxy settings with
the following:

# export http_proxy="http://proxyuser:proxypass@proxyname:port"

Replace the above with proper values, for example:

# export http_proxy="http://sunproxy.sun.com:8080"

# ./OCDoctor --update

(y) Please send us feedback or report issues to mailto:[email protected]

Chapter 21 • OC Doctor 101

102
 22
C H A P T E R 2 2

Verifying Solaris OS System Resources

Verify that your system is ready to accept the Ops Center Enterprise Controller or Proxy
Controller software before you proceed with the installation. This page describes the system
resources to check.

Run the Chapter 21, “OC Doctor,” utility to check requirements and to identify potential issues
before you install Ops Center. You can also run the utility after installation at any time to
identify problems such as missing Ops Center patches.

The Ops Center Doctor utility performs the following operations. You can perform the same
tasks manually.
■ “To Check the Operating System Release” on page 104
■ “To Check the Installed Software Group” on page 104
■ “To Check the Zone Identity” on page 104
■ “To Check the Available Disk Space” on page 105
■ “To Check Swap Space” on page 106
■ “To Verify the Amount of System Memory” on page 106
■ “To Verify the Amount of Shared Memory” on page 106
■ “To Verify the webservd User and Group” on page 107
■ “To Verify That an Alternate Administrative User Exists” on page 107
■ “Ops Center Users and Groups” on page 108
■ “To Verify the umask Value” on page 109
■ “To Verify the Locations of ssh Binaries” on page 109
■ “To Verify Correct IP Address Resolution” on page 110
■ “To Verify That /usr/local Is Writeable” on page 110
■ “To Verify the Date and Time” on page 110
■ “To Verify Online cryptosvc and gss Services” on page 111
■ “To Remove the SMClintl Package” on page 111
■ “To Verify Network Access to Required Web Sites” on page 111
■ “To Verify ssh Access for the root User” on page 114
■ “To Verify Network Port Access” on page 114

103
Before You Begin

Before You Begin

These procedures assume that you are logged in as the root user on the system on which you
intend to install Ops Center Enterprise Controller or Proxy Controller software.

To Check the Operating System Release

Verify that a release of the Solaris OS that is compatible with Ops Center software is installed.
Ops Center requires at least Solaris 10 11/06 for SPARC or x86 systems. The /etc/release file
lists the Solaris OS release installed on your system. For example:

# cat /etc/release

Solaris 10 8/07 s10s_u4wos_12b SPARC

Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.

Use is subject to license terms.

Assembled 16 August 2007

To Check the Installed Software Group

Verify that your Solaris system has been installed with one of these two software groups:
■ SUNWCXall - Entire distribution with OEM support
■ SUNWCall - Entire distribution

To check the installed software group, display the content of the

/var/sadm/system/admin/CLUSTER file. For example:

# cat /var/sadm/system/admin/CLUSTER

CLUSTER=SUNWCall

To Check the Zone Identity

On Solaris systems, the Enterprise Controller can be installed in a local zone or the global zone.
If you are installing Ops Center ona local zone, see Preparing a Local Zone for Enterprise
Controller Installation. You can use the zonename command to check your current zone. For
example:

104 Ops Center Site Preparation Guide • March 2010

 To Check the Available Disk Space

# zonename

global

To Check the Available Disk Space

Use the df -h command to list the space utilization on the Enterprise Controller, and verify that
you have at least 70 Gbytes available within the file system that will hold the /var/opt/sun/xVM
directory structure. For example:

# df -h

Filesystem size used avail capacity Mounted on

/dev/dsk/c1t0d0s0 82G 4.0G 78G 5% /

/devices 0K 0K 0K 0% /devices

ctfs 0K 0K 0K 0% /system/contract

proc 0K 0K 0K 0% /proc

mnttab 0K 0K 0K 0% /etc/mnttab

swap 5.1G 624K 5.1G 1% /etc/svc/volatile

(output omitted)

Ops Center software, and the data that it stores, primarily consume space below the
/var/opt/sun/xvm and /opt directory structures. In this example, the /opt and
/var/opt/sun/xvm directories are located within the root (/) file system, which has 78 Gbytes
of space available. The install script checks for 2 Gbytes of space in /opt and 70 Gbytes of
space in /var/opt/sun/xvm.

High availability (HA) configurations for Ops Center use transferable storage to hold the
/var/opt/sun/xvm directory structure within a separate file system. Refer to About High
Availability and “Configuring Storage for High Availability” on page 26 for more information
about HA configurations.

Chapter 22 • Verifying Solaris OS System Resources 105

To Check Swap Space

To Check Swap Space

Enterprise Controllers require 6 Gbytes of configured swap space and Proxy Controllers
require at lease 4 Gbytes of configured swap space. The install script checks for this. Use the
swap -l command to list the amount of configured swap space. For example:

# swap -l

swapfile dev swaplo blocks free

/dev/dsk/c1t0d0s1 118,1 16 8395184 8395184

The values in the blocks and free columns are expressed in 512-byte blocks.

To Verify the Amount of System Memory

Use the prtconf command to display the amount of installed memory on your system. For
example:

# prtconf | grep -i meg

Memory size: 4096 Megabytes

At least 6 Gbytes of installed memory is recommended for Enterprise Controller installations.

At least 4 Gbytes of installed memory is recommended for Proxy Controller installations.

To Verify the Amount of Shared Memory

Use the prctl command to display the amount of shared memory on your system. For
example:

# prctl -n project.max-shm-memory -i project 1

project: 1: user.root

NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT

project.max-shm-memory

privileged 1.97GB - deny -

system 16.0EB max deny -

At least 500 MB of shared memory is required. If the privileged value is less than 500 MB, use
the following command to set it to 500 MB.

106 Ops Center Site Preparation Guide • March 2010

 To Verify That an Alternate Administrative User Exists

# projmod -a -K "project.max-shm-memory=(priv,500mb,deny)" default

To Verify the webservd User and Group

The webservd user and group are created by default in Solaris 10 software. This user and group
must exist before you install Ops Center Software.

Examine the content of the /etc/passwd, /etc/shadow, and /etc/group files to confirm that
the webservd user and group exist. For example:

# grep webservd /etc/passwd

webservd:x:80:80:WebServer Reserved UID:/:

# grep webservd /etc/shadow

webservd:*LK*:::::::

# grep webservd /etc/group

webservd::80:

If the webservd user or group does not exist, create the missing user or group using the UID and
GID values listed in the example above.

To Verify That an Alternate Administrative User Exists

If you want to designate a user other than root as the administrative user for Ops Center, you
must verify that the user exists on the system where you intend to install the software. For
example:

# logins -l droot

droot 0 root 0 Super-User

This example system uses droot as the administrative user for Ops Center. You must create the
administrative user before you install Ops Center.

Chapter 22 • Verifying Solaris OS System Resources 107

Ops Center Users and Groups

Ops Center Users and Groups

Ops Center installation creates a number of users and groups on the Enterprise Controller and
Proxy Controllers. Review the list of users and groups, and verify that they do not conflict with
existing policies. If required by account management policies, add these users and groups
before you install the Ops Center software.

Type Enterprise Controller Proxy Controller

Users svctag, allstart, scndb, scn, scncon, uce-sds, xvm svctag, allstart, uce-sds

Groups jet, scndb, uce-sds jet, uce-sds

Ops Center creates these users and groups with the following UID and GID values:

# cat /etc/group

(output omitted)

uce-sds::98194050:

scndb::98194051:

jet::98194052:

# cat /etc/passwd

(output omitted)

svctag:x:95:12:Service Tag UID:/:

scn:x:231796:3::/:/bin/sh

xvm:x:60:60::/:/bin/sh

scncon:x:231798:1::/:/bin/true

uce-sds:x:231799:98194050:UCE Engine:/opt/SUNWuce/server:/bin/sh

scndb:x:231800:98194051:SCS PostgreSQL User:/opt/SUNWscs:/bin/sh

allstart:x:231801:1:AllStart User:/var/opt/sun/xvm/osp/data:/bin/sh

All user accounts have locked (*LK*) passwords, except the scncon user. A password is required
for the scncon user, but it has no login shell. If you must create the scncon user before installing

108 Ops Center Site Preparation Guide • March 2010

 To Verify the Locations of ssh Binaries

the software, you must enter the password that you want to use, in clear text, in the
/var/opt/sun/xvm/persistence/scn-satellite/satellite.properties file. Associate the
password with the scncon.password parameter in this file. For example:

scncon.password=2EzafaJE

To Verify the umask Value

Verify that the umask for the root user or equivalent role is set to 0022. Different shells report
this value differently. The following examples list output from the umask command for the
Bourne shell, the Korn shell, and the C-shell. In all three examples, the umask value is correct.

# sh

# umask

0022

# ksh

# umask

022

# csh

<hostname># umask

22

To Verify the Locations of ssh Binaries

The binary files for ssh operations must be stored in their standard locations, even if OpenSSH
is used. Verify that the following files are stored using the listed path names:
■ /usr/bin/scp
■ /usr/bin/ssh
■ /usr/bin/ssh-keygen
■ /usr/bin/ssh-keyscan

For example:

# ls /usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

/usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

Chapter 22 • Verifying Solaris OS System Resources 109

To Verify Correct IP Address Resolution

To Verify Correct IP Address Resolution

Verify that the configured naming services resolve the correct IP address for the host name that
is assigned to your system. For example:

# host system.domain

system.domain has address 172.21.26.1337

Verify that the /etc/hosts file contains the correct host name and IP address for your system.
For example:

# grep system /etc/hosts

172.21.26.1337 system loghost

To Verify That /usr/local Is Writeable

Some software components of Ops Center are installed in the /usr/local directory. Verify that
the /usr/local directory is writeable, and is not a remotely mounted, read-only directory. For
example:

# df -h /usr/local

Filesystem size used avail capacity Mounted on

/dev/dsk/c1t0d0s0 82G 4.0G 78G 5% /

# ls -ld /usr/local

drwxr-xr-x 7 root root 512 Feb 23 08:33 /usr/local

In this example, the /usr/local directory is stored in the root (/) file system, and is writeable
by the root user and group.

To Verify the Date and Time

Verify that the correct date and time are set on your system. For example:

# date

Thu Mar 11 13:28:59 MST 2010

110 Ops Center Site Preparation Guide • March 2010

 To Verify Network Access to Required Web Sites

If the date and time are not correct, reset them. See Troubleshooting for a description of an error
that might occur in the Enterprise Controller Configuration wizard if the date and time is not
set correctly.

To Verify Online cryptosvc and gss Services

Ops Center requires the cryptosvc and gss SMF services to be online. For example:

# svcs cryptosvc gss

STATE STIME FMRI

online Feb_25 svc:/system/cryptosvc:default

online Feb_25 svc:/network/rpc/gss:default

You can use the svcadm command to enable these services if they are not online.

To Remove the SMClintl Package

The SMClintl freeware package conflicts with Ops Center software and must be removed. Use
the pkgrm command to remove the SMClintl package before you install Ops Center software.
For example:

# pkgrm SMClintl

(output omitted)

To Verify Network Access to Required Web Sites

Use a web browser to verify that your system can access the following URLs:

https://getupdates1.sun.com

https://inv-cs.sun.com

https://inventory.sun.com

https://a248.e.akamai.net

https://identity.sun.com

ftp://ftp.sunfreeware.com

Chapter 22 • Verifying Solaris OS System Resources 111

To Verify Network Access to Required Web Sites

The https://getupdates1.sun.com site should display a login authentication screen for the
Sun Update Connection Download Server. The https://inv-cs.sun.com and
https://inventory.sun.com sites should display the Sun Connection page.

For access to Red Hat Linux updates, verify that your system can access the following URLs:

https://www.redhat.com

http://rhn.redhat.com

https://rhn.redhat.com

https://download.rhn.redhat.com

For access to SUSE Linux updates, verify that your system can access the following URLs:

http://www.novell.com

https://www.novell.com

http://download.novell.com

https://you.novell.com

Use the wget command to verify that you can access the getupdates1.sun.com web site and
download a sample file.
1. If you use a proxy server to access the Internet, set the https_proxy environment variable to
point to the proxy server:
# export https_proxy="http://myproxy.company.com:8080"

where _myproxy.company.com_ is the fully-qualified domain name of your proxy server.

2. Download the sample file named channels.xml and save it locally as /tmp/channels.xml
The wget command is stored by default in /usr/sfw/bin on Solaris systems and uses these
options:
■ --O - Specifies the name of the file to create on the local system
■ --http-user - Specifies the SOA to use for authentication to getupdates1.sun.com
■ --http-password - Specifies the password for SOA that you provide for the
--http-user option
■ --proxy-user - (Optional) Specifies the user name used for authentication with an
HTTPS proxy
■ --proxy-password - (Optional) Specifies the password for the user name that you
provide for the -proxy-user option

112 Ops Center Site Preparation Guide • March 2010

 To Verify Network Access to Required Web Sites

In this example, [email protected] and password represent the SOA and SOA password
that you provide:

# /usr/sfw/bin/wget https://getupdates1.sun.com/channels3/channels.xml -O /tmp/channels.xml /

--http-user="[email protected]" --http-password="password"

--11:43:41-- https://getupdates1.sun.com/channels3/channels.xml

=> ‘/tmp/channels.xml’

Resolving getupdates1.sun.com... 198.232.168.136

Connecting to getupdates1.sun.com|198.232.168.136|:443... connected.

HTTP request sent, awaiting response... 302 Moved Temporarily

Location: https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236019547_e9120d30e1ac62650c8f928

4dfe47663&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SIPR9R&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml [following]

--11:43:42-- https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236019547_e9120d30e1ac62650c8f9284

dfe47663&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SIPR9R&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml

=> ‘/tmp/channels.xml’

Resolving a248.e.akamai.net... 208.51.221.73, 208.51.221.48

Connecting to a248.e.akamai.net|208.51.221.73|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 66,505 (65K) [application/xml]

Chapter 22 • Verifying Solaris OS System Resources 113

To Verify ssh Access for the root User

100%[===========================================>] 66,505 397.16K/s

11:43:42 (396.55 KB/s) - ‘/tmp/channels.xml’ saved [66505/66505]

To Verify ssh Access for the root User

If you intend to use root login credentials to install the Ops Center agent, verify that the ssh
daemon on your target systems is configured to allow root user logins. Custom discovery
allows you to specify a non-root user for ssh access. If you use a non-root user for ssh access,
this configuration is not necessary.

To verify ssh access for the root user, try using ssh to log in as root to the system. If that
attempt succeeds, no further action is necessary. If that attempt fails, check the value of the
PermitRootLogin parameter in the /etc/ssh/sshd_config file. If PermitRootLogin is set to
no, edit the /etc/ssh/sshd_config file, and change the PermitRootLogin setting to yes. Then
use the svcadm command to restart the svc:/network/ssh:default service. For example:

# svcadm restart svc:/network/ssh:default

To Verify Network Port Access

See “Network Port Requirements and Protocols” on page 55 to verify that your systems allow
the use of the required network services and ports.

114 Ops Center Site Preparation Guide • March 2010

 23
C H A P T E R 2 3

Verifying Linux System Resources

Before you install Ops Center on an RHEL or OEL system, verify that the system conforms to
the recommendations described below. This page describes the system resources to check.

Run the Chapter 21, “OC Doctor,” utility to check requirements and to identify potential issues
before you install Ops Center. You can also run the utility after installation at any time to
identify problems such as missing Ops Center patches.

The Ops Center Doctor utility performs the following operations. You can perform the same
tasks manually.:
■ “To Check the Operating System Release” on page 116
■ “To Check the Available Disk Space” on page 116
■ “To Verify the Amount of System Memory and Swap Space” on page 117
■ “To Verify the SELinux Setting” on page 117
■ “To Verify the umask Value” on page 118
■ “Ops Center Users and Groups” on page 119
■ “To Verify That Required Packages Are Installed” on page 120
■ “To Verify Correct IP Address Resolution” on page 121
■ “To Verify the Locations of ssh Binaries” on page 121
■ “To Verify That /usr/local Is Writeable” on page 121
■ “To Verify the Date and Time” on page 122
■ “To Verify Network Access to Required Web Sites” on page 122
■ “To Verify Network Port Access” on page 125
■ “Verifying kernel.shmall and kernel.shmmax Values” on page 125

115
Before You Begin

Before You Begin

To ensure that a Linux system is ready to accept an Enterprise Controller or Proxy Controller
installation, perform a complete Linux installation. Linux OS Installation describes the required
installation procedure. This installation procedure requires that you install all optional software
packages from the installation media that the Linux installer can install.

On a system that has a complete installation of Linux, use the following procedures to verify
that its resources meet the requirements for Ops Center installation.

These procedures assume that you are logged in as the root user on the system on which you
intend to install Enterprise Controller or Proxy Controller software.

To Check the Operating System Release

Verify that RHEL 5.0 or 5.3 or OEL 5.3 is installed on the system. The /etc/redhat-release
file lists the OS release installed on your system. For example:

# cat /etc/redhat-release

Red Hat Enterprise Linux Server release 5 (Tikanga)

To Check the Available Disk Space

Use the df -h command to list the space utilization on the Enterprise Controller, and verify that
you have at least 72 GBytes available. For example:

# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

131G 5.7G 119G 5% /

/dev/sda1 99M 12M 83M 12% /boot

tmpfs 2.0G 0 2.0G 0% /dev/shm

Ops Center software, and the data it stores, primarily consume space below the
/var/opt/sun/xvm and /opt directory structures. In this example, the /var/opt/sun/xvm and
/opt directories are located within the root (/) file system, which has 119 GBytes of space
available.

116 Ops Center Site Preparation Guide • March 2010

 To Verify the SELinux Setting

High availability (HA) configurations for Ops Center use transferable storage to hold the
/var/opt/sun/xvm directory structure within a separate file system. Refer to About High
Availability and “Configuring Storage for High Availability” on page 26 for more information
about HA configurations.

To Verify the Amount of System Memory and Swap Space

Use the free -m command to display the amount of installed memory and swap space on your
system. For example:

# free -m

total used free shared buffers cached

Mem: 3931 1389 2542 0 220 1053

-/+ buffers/cache: 115 3816

Swap: 4096 0 4096

You should have at least 6 GBytes of installed memory and swap space for Ops Center
Enterprise Controller installations, at least 4 GBytes of installed memory and swap space for
Ops Center Proxy Controller installations. The value in the total column indicates the total
amount of installed memory or configured swap space.

You can also use the dmesg command to display the amount of memory installed. For example:

# dmesg | grep Memory

Memory: 4022900k/4063168k available (2043k kernel code, 39036k reserved, 846k data, 232k init, /

3145664k highmem)

To Verify the SELinux Setting

Ops Center installation requires that SELinux is disabled. To check the state of SELinux, either
run the sestatus command, or display the contents of the /etc/selinux/config file, and
verify that the SELINUX variable is set to disabled. For example:

# sestatus

SELinux status: disabled

Chapter 23 • Verifying Linux System Resources 117

To Verify the umask Value

# cat /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - SELinux is fully disabled.

SELINUX=disabled

# SELINUXTYPE= type of policy in use. Possible values are:

# targeted - Only targeted network daemons are protected.

# strict - Full SELinux protection.

SELINUXTYPE=targeted

If the SELinux state is either enforcing or permissive, edit the /etc/selinux/config file and
change the SELINUX value to disabled. After making this change, reboot your system for the
change to take effect.

To Verify the umask Value

Verify that the umask in use for the root user or equivalent role is set to 022. Different shells
report this value differently. The following examples list output from the umask command for
the Bourne shell, the Korn shell, and the C Shell, and bash, in descending order. In all three
examples, the umask value is correct.

# sh

# umask

0022

# ksh

# umask

0022

118 Ops Center Site Preparation Guide • March 2010

 Ops Center Users and Groups

# csh

# umask

22

# bash

# umask

0022

Check the umask value set in /etc/bashrc. The umask value must be set to 022, even for
non-root users. For example:

# grep umask /etc/bashrc

umask 002

umask 022

Ops Center Users and Groups

Ops Center installation creates a number of users and groups on the Enterprise Controller and
Proxy Controllers. Review the list of users and groups, and verify that they do not conflict with
existing policies. If required by account management policies, add these users and groups
before you install the Ops Center software.

Type Enterprise Controller Proxy Controller

Users svctag, allstart, scndb, scn, scncon, uce-sds, xvm svctag, allstart, uce-sds

Groups jet, scndb, uce-sds jet, uce-sds

Ops Center creates these users and groups with the following UID and GID values:

# cat /etc/group

(output omitted)

uce-sds::98194050:

scndb::98194051:

jet::98194052:

Chapter 23 • Verifying Linux System Resources 119

To Verify That Required Packages Are Installed

# cat /etc/passwd

(output omitted)

svctag:x:95:12:Service Tag UID:/:

scn:x:231796:3::/:/bin/sh

xvm:x:60:60::/:/bin/sh

scncon:x:231798:1::/:/bin/true

uce-sds:x:231799:98194050:UCE Engine:/opt/SUNWuce/server:/bin/sh

scndb:x:231800:98194051:SCS PostgreSQL User:/opt/SUNWscs:/bin/sh

allstart:x:231801:1:AllStart User:/var/opt/sun/xvm/osp/data:/bin/sh

All user accounts have locked passwords, except the scncon user. A password is required for the
scncon user, but it has no login shell. If you must create the scncon user before installing the
software, you must enter the password that you want to use, in clear text, in the
/var/opt/sun/xvm/persistence/scn-satellite/satellite.properties file. Associate the
password with the scncon.password parameter in this file. For example:

scncon.password=2EzafaJE

To Verify That Required Packages Are Installed

Ops Center requires a number of specific packages for successful installation on Linux systems.
Currently, the list of required packages includes the following:
■ python-2.4.3
■ expect-5.43.0
■ perl-DBD-Pg
■ xinetd
■ tftp-server
■ dhcp
■ gettext
■ perl-XML-Parser
■ ncompress

120 Ops Center Site Preparation Guide • March 2010

 To Verify That /usr/local Is Writeable

■ libxml2 (both the 64 bit and 32 bit RPMs are required)

Use the rpm -q command to check if each of these packages is installed. For example:
# rpm -q dhcp-3.0.5-3.el5

dhcp-3.0.5-3.el5

To Verify Correct IP Address Resolution

Verify that the configured naming services resolve the correct IP address for the host name that
is assigned to your system. For example:

# host x4200-brm-13

x4200-brm-13.Central.Sun.COM has address 172.20.25.169

To Verify the Locations of ssh Binaries

The binary files for ssh operations must be stored in their standard locations, even if OpenSSH
is used. Verify that the following files are stored using the listed path names:
■ /usr/bin/scp
■ /usr/bin/ssh
■ /usr/bin/ssh-keygen
■ /usr/bin/ssh-keyscan

For example:

# ls /usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

/usr/bin/scp /usr/bin/ssh /usr/bin/ssh-keygen /usr/bin/ssh-keyscan

To Verify That /usr/local Is Writeable

Some software components of Ops Center are installed in the /usr/local directory. Verify that
the /usr/local directory is writeable, and is not a remotely mounted, read-only directory. For
example:

# df -h /usr/local

Filesystem Size Used Avail Use% Mounted on

Chapter 23 • Verifying Linux System Resources 121

To Verify the Date and Time

/dev/mapper/VolGroup00-LogVol00

131G 5.7G 119G 5% /

# ls -ld /usr/local

drwxr-xr-x 11 root root 4096 Nov 30 2005 /usr/local

In this example, the /usr/local directory is stored in the root (/) file system and is writeable by
the root user and group.

To Verify the Date and Time

Verify that the correct date and time are set on your system. For example:

# date

Thu Mar 11 13:28:59 MST 2010

If the date and time are not correct, reset them. See Troubleshooting for a description of an error
that might occur in the Enterprise Controller Configuration wizard if the date and time are not
set correctly.

To Verify Network Access to Required Web Sites

Use a web browser to verify that your system can access the following URLs:

https://getupdates1.sun.com

https://inv-cs.sun.com

https://inventory.sun.com

https://a248.e.akamai.net

https://identity.sun.com

ftp://ftp.sunfreeware.com

The https://getupdates1.sun.com site should display a login authentication screen for the
Sun Update Connection Download Server. The https://inv-cs.sun.com and
https://inventory.sun.com sites should display the Sun Connection page.

For access to Red Hat Linux updates, verify that your system can access the following URLs:

122 Ops Center Site Preparation Guide • March 2010

 To Verify Network Access to Required Web Sites

https://www.redhat.com

http://rhn.redhat.com

https://rhn.redhat.com

https://download.rhn.redhat.com

For access to SUSE Linux updates, verify that your system can access the following URLs:

http://www.novell.com

https://www.novell.com

http://download.novell.com

https://you.novell.com

Use the wget command to verify that you can access the getupdates1.sun.com web site and
download a sample file.
1. If you use a proxy server to access the Internet, set the https_proxy environment variable to
point to the proxy server. For example:
# export https_proxy="http://myproxy.company.com:8080"

where _myproxy.company.com_ is the fully-qualified domain name of your proxy server.

2. Download the sample file named channels.xml and save it locally as /tmp/channels.xml
Use the wget command with these options:
■ --O - Specifies the name of the file to create on the local system
■ --http-user - Specifies the SOA to use for authentication to getupdates1.sun.com
■ ---http-password - Specifies the password for SOA that you provide for the
--http-user option
■ --proxy-user - (Optional) Specifies the user name used for authentication with an
HTTPS proxy
■ ---proxy-password - (Optional) Specifies the password for the user name that you
provide for the --proxy-user option.

The wget command is stored by default in /usr/bin on Linux systems. In this example,
[email protected] and password represent the SOA and SOA password that you must provide.

# /usr/bin/wget https://getupdates1.sun.com/channels3/channels.xml -O /tmp/channels.xml /

--http-user="[email protected]" --http-password="password"

Chapter 23 • Verifying Linux System Resources 123

To Verify Network Access to Required Web Sites

--12:07:40-- https://getupdates1.sun.com/channels3/channels.xml

Resolving getupdates1.sun.com... 198.232.168.136

Connecting to getupdates1.sun.com|198.232.168.136|:443... connected.

HTTP request sent, awaiting response... 302 Moved Temporarily

Location: https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236020624_01b507faf428706c2c0b14

a7462004e4&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SANhtW&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml [following]

--12:07:41-- https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/

21808/sc/channels3/channels.xml?AuthParam=1236020624_01b507faf428706c2c0b14a746

2004e4&TUrl=L0QdUQV8Z4i0fdED3QTP3SJDWA8FMyaJsHfIWf4X29kTWQpKEzIbwqFuyRPZ

&TicketId=3qfzk1SANhtW&GroupName=SWUP&BHost=sdlc3h.sun.com&FilePath=

/sc/channels3/channels.xml&File=channels.xml

Resolving a248.e.akamai.net... 204.2.215.18, 204.2.215.19

Connecting to a248.e.akamai.net|204.2.215.18|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 66505 (65K) [application/xml]

Saving to: ‘/tmp/channels.xml’

100%[=========================================>] 66,505 --.-K/s in 0.1s

12:07:42 (449 KB/s) - ‘/tmp/channels.xml’ saved [66505/66505]

124 Ops Center Site Preparation Guide • March 2010

 Verifying kernel.shmall and kernel.shmmax Values

To Verify Network Port Access

See “Network Port Requirements and Protocols” on page 55 to verify that your systems allow
using the required network services and ports.

Verifying kernel.shmall and kernel.shmmax Values

If the /etc/sysctl.conf file has been modified, the values of kernel.shmall and
kernel.shmmax may be too small for the Ops Center installation.

Variable Recommended Value

kernel.shmall 268435456

kernel.shmmax 4294967295

1. Verify the values of kernel.shmall and kernel.shmmax

[root@x4200-2 ~]# sysctl -a | grep shm

vm.hugetlb_shm_group = 0

kernel.shmmni = 4096

kernel.shmall = 2097152

kernel.shmmax = 33554432

[root@x4200-2 ~]#
2. If the values for kernel.shmall and kernel.shmmax are lower than the values listed above,
edit the /etc/sysctl.conf file and set the variables equal to the values listed above.
[root@x4200-2 ~]# vi /etc/sysctl.conf

(output omitted)

kernel.shmmax = 4294967295

(output omitted)

kernel.shmall = 268435456
3. Reboot the system.
[root@x4200-2 ~]# reboot

Chapter 23 • Verifying Linux System Resources 125

126
 24
C H A P T E R 2 4

Verifying Resources for Agent Installation

Verify that the systems that you intend to manage are ready for Ops Center agent software
installation. These required resources are typically available in systems that are running current
versions of operating system software. Review the list of required resources to determine if it is
likely that any resource is missing from your systems.

This page describes the system resources to check for both Solaris and Linux systems.
Regardless of the operating system supporting the Enterprise Controller, both Linux and
Solaris systems can be managed.

Sun Support Services might have tools available that automate verifying many of the system
requirements and resources listed here. Check with Sun Support Services for the following
items:
■ Pre-installation checklist
■ Pre-installation check script
■ Patches to apply to the Ops Center software
■ Updated Ops Center agent bundles
■ Advice about specific patch dependencies that relate to Ops Center agent installation

Verifying resources for agent installation requires the following tasks:

■ “Solaris OS: To Verify Required Packages and Devices” on page 128
■ “Linux OS: To Verify Required Packages” on page 130
■ “To Verify ssh Installation” on page 131
■ “To Verify Patches on Solaris 10 Systems With Non-Global Zones Installed” on page 131
■ “Agent Patch Dependencies” on page 135
■ “To Verify Unique Service Tags” on page 132
■ “To Verify the umask Value” on page 135
■ “Solaris OS: To Verify cryptosvc and gss Services” on page 136

127
Solaris OS: To Verify Required Packages and Devices

Solaris OS: To Verify Required Packages and Devices

The following packages and devices are required for Ops Center agent installation:

SUNWadmap

SUNWbash

SUNWctpls

SUNWdtcor

SUNWesu

SUNWgzip

SUNWlibC

SUNWlibms

SUNWloc

SUNWmfrun

SUNWswmt

SUNWtoo

SUNWxcu4

SUNWxwdv

SUNWxwfnt

SUNWxwice

SUNWxwplt

SUNWxwrtl

SUNWzip

SUNWzlib

/dev/random

/dev/urandom

128 Ops Center Site Preparation Guide • March 2010

 Solaris OS: To Verify Required Packages and Devices

The following packages are required on Solaris 8 systems:

SUNWlmsx

SUNWnisr

SUNWnisu

SUNWtltk

SUNWxildh

SUNWxilow

SUNWxilrl

SUNWzlibx

The following packages are required on Solaris 9 systems:

SUNWcpp

SUNWgcmn

SUNWlibpopt

SUNWlmsx

SUNWlxml

SUNWpl5u

SUNWpl5v

SUNWzlibx

The following packages are required on Solaris 10 systems:

SUNWbzip

SUNWcpp

SUNWgcmn

SUNWlibmsr

SUNWlibpopt

Chapter 24 • Verifying Resources for Agent Installation 129

Linux OS: To Verify Required Packages

SUNWlxml

SUNWperl584core

SUNWperl584usr

SUNWxwplr

SUNWxwplr

Check Solaris 8 systems in particular for the SUNWbash package and the /dev/random and
/dev/urandom devices. The patch 112438-03 installs these devices.

You can use the pkginfo command to verify that a package is installed. For example:

# pkginfo SUNWadmfr

system SUNWadmfr System & Network Administration Framework Configuration

Linux OS: To Verify Required Packages

Linux systems require the following utilities for Ops Center agent installation.

coreutils

file

gettext

grep

tar

unzip

xinetd

You can use the rpm -qf _file_ command to find the name of the package that installed a file.
You can use the rpm -q _package_ command to verify that a specific package has been
installed.

Ops Center Agent installation on Linux systems requires the 32-bit versions of the following
packages to be installed:

libxml2 (RHEL, OEL)

pam (RHEL, OEL)

130 Ops Center Site Preparation Guide • March 2010

 To Verify Patches on Solaris 10 Systems With Non-Global Zones Installed

e2fsprogs (RHEL, OEL)

pam-32bit (SuSE SLE10/11 64bit)

libxml2-32bit (SuSE SLE10/11 64bit)

e2fsprogs-32bit (SuSE 64bit SLES10)

libuuid-32bit (SuSE 64bit SLES11)

To Verify ssh Installation

Although root ssh access is not required for Ops Center agent installation, ssh must be
available on systems on which you want to provision Ops Center agents.

Solaris OS: Use the pkginfo command to verify that the SUNWsshu package is installed on
Solaris systems. For example:

# pkginfo SUNWsshu

system SUNWsshu SSH Client and utilities, (Usr)

Linux OS: Use the rpm command to check for ssh installation. For example:

# which ssh

/usr/bin/ssh

# rpm -qf /usr/bin/ssh

openssh-clients-4.3p2-16.el5

To Verify Patches on Solaris 10 Systems With Non-Global

Zones Installed
Solaris 10 systems that have non-global zones installed must have the following patches applied
to assure proper function of the Solaris patch utilities.

Patches for Solaris 10 SPARC systems:

■ 124630-03 - System Administration Applications, Network, and Core
■ 122660-07 - Zones patch, obsoleted now by Solaris 10 8/07 kernel patch 120011-14

Patches for Solaris 10 x86 systems:

Chapter 24 • Verifying Resources for Agent Installation 131

To Verify Unique Service Tags

■ 124631-03 - System Administration Applications, Network, and Core

■ 122661-07 - Zones patch, obsoleted now by Solaris 10 8/07 kernel patch 120012-14

Patches 122660-07 and 122661-07 are required on systems with non-global zones installed.
These patches must be installed in single user mode. Because these patches depend on kernel
patch 118833-36 or 118855-36, a reboot is required after you install them. Plan for the time
required to take the affected systems offline to install these patches. Systems that are running at
least Solaris 10 8/07 already have these patches applied.

To Verify Unique Service Tags

Ops Center requires unique service tag uniform resource names (URNs) in each operating
system instance that it manages. Systems that have been installed using Solaris flash archives
that contain the /var/sadm/servicetag/registry/servicetag.xml file might have identical
URNs. Service tag URNs are stored by default in the
/var/sadm/servicetag/registry/servicetag.xml file.

To Identify and Remove Duplicate Service Tags

1. On systems where you want to check for duplicate service tags, use the stclient -x client
command to display the service tags that are stored in the
/var/sadm/servicetag/registry/servicetag.xml file.
For example:
# stclient -x

<?xml version="1.0" encoding="UTF-8"?>

<registry urn="urn:st:4aa51776-9cea-e85b-ab14-aedd6ca93e49" version="1.0">

<service_tag>

<instance_urn>urn:st:c76d9a11-f64b-418b-e9dc-a2fb18e7b76e</instance_urn>

<product_name>Solaris 10 Operating System</product_name>

<product_version>10</product_version>

<product_urn>urn:uuid:5005588c-36f3-11d6-9cec-fc96f718e113</product_urn>

<product_parent_urn>urn:uuid:596ffcfa-63d5-11d7-9886-ac816a682f92 /

</product_parent_urn>

132 Ops Center Site Preparation Guide • March 2010

 To Verify Unique Service Tags

<product_parent>Solaris Operating System</product_parent>

<product_defined_inst_id/>

<product_vendor>Sun Microsystems</product_vendor>

<platform_arch>sparc</platform_arch>

<timestamp>2009-01-09 22:23:42 GMT</timestamp>

<container>global</container>

<source>SUNWstosreg</source>

<installer_uid>95</installer_uid>

</service_tag>

</registry>
2. Compare the instance_urn values on the systems that were installed using Solaris flash
archives, and determine if duplicate URNs exist.
If the instance_urn for the Solaris operating system matches the instance_urn from
another system, you can remove and re-generate the service tag registry to correct the
problem.
3. To remove the service tag registry, remove the rm
/var/sadm/servicetag/registry/servicetag.xml file. For example:
# rm /var/sadm/servicetag/registry/servicetag.xml

# ls /var/sadm/servicetag/registry/servicetag.xml

/var/sadm/servicetag/registry/servicetag.xml: No such file or directory

4. Use the svcadm command to restart the stosreg service, then verify that the
/var/sadm/servicetag/registry/servicetag.xml file exists. For example:
# svcadm restart stosreg

# ls /var/sadm/servicetag/registry/servicetag.xml

/var/sadm/servicetag/registry/servicetag.xml
5. Use the stclient -x command to verify that the new instance_urn values are unique. For
example:
# stclient -x

<?xml version="1.0" encoding="UTF-8"?>

Chapter 24 • Verifying Resources for Agent Installation 133

To Verify Unique Service Tags

<registry urn="urn:st:fdd576f6-b95c-63e6-ab54-f142ecca360f" version="1.1.4">

<service_tag>

<instance_urn>urn:st:cbf9acfb-0c48-c248-fb07-9816382ceb29</instance_urn>

<product_name>Solaris 10 Operating System</product_name>

<product_version>10</product_version>

<product_urn>urn:uuid:5005588c-36f3-11d6-9cec-fc96f718e113</product_urn>

<product_parent_urn>urn:uuid:596ffcfa-63d5-11d7-9886-ac816a682f92 /

</product_parent_urn>

<product_parent>Solaris Operating System</product_parent>

<product_defined_inst_id/>

<product_vendor>Sun Microsystems</product_vendor>

<platform_arch>sparc</platform_arch>

<timestamp>2009-03-13 23:23:24 GMT</timestamp>

<container>global</container>

<source>SUNWstosreg</source>

<installer_uid>95</installer_uid>

</service_tag>

</registry>

To Create Flash Archives and Exclude Service Tags

The flar and flarcreate commands both accept the -x and -X options, which enable you to
specify files to exclude from Solaris flash archives. Use these options to exclude the
/var/sadm/servicetag/registry/servicetag.xml file from the Solaris flash archives that
you will use to install Solaris onto systems that you intend to manage with Ops Center. Refer to
the flar(1M) and flarcreate(1M) man pages for more information about creating Solaris
flash archives.

134 Ops Center Site Preparation Guide • March 2010

 To Verify the umask Value

Agent Patch Dependencies

When Ops Center provisions an agent, it also automatically installs a set of patches. These
patches might depend on other patches that are assumed to be installed.

Ops Center installs the following patches as part of agent provisioning:

Operating System Patches Installed by Agent Provisioning

Solaris 8 SPARC 110165-05, 110380-06,110934-26, 112097-08

Solaris 9 SPARC 114014-17

Solaris 10 SPARC 119042-09, 119254-63, 120900-04, 121133-02, 121901-02, 137321-01

Solaris 10 x86 119043-09, 119255-63, 120901-03, 121334-04, 121902-02, 137322-01

For systems running Solaris 10 versions earlier than Solaris 10 6/06: Agent provisioning installs
the patchadd patch 119254-52 or 119255-52. These patches depend on patches 120900 and
120901 or 121133 and 121334 respectively, which are incorporated into the Solaris OS starting
with Solaris 10 6/06. The patches 120900, 120901, 121133, and 121334 require a reboot to
ensure proper installation. Plan for the down time required to install these patches, if necessary.

The patches 119254-63 and 119255-63 correct issues with Solaris 10 single user mode
operations. Before you provision an Ops Center agent, verify that no IDR patches have been
installed that address Solaris 10 single user mode operations.

Check with Sun Support Services for updated Ops Center agent bundles.

To Verify the umask Value

Verify that the umask for the root user or equivalent role is set to 0022. Different shells report
this value differently. The following examples list output from the umask command for the
Bourne shell, the Korn shell, and the C-shell, in descending order. In all three examples, the
umask value is correct.

# sh

# umask

0022

# ksh

# umask

Chapter 24 • Verifying Resources for Agent Installation 135

Solaris OS: To Verify cryptosvc and gss Services

022

# csh

<host_name># umask

22

Solaris OS: To Verify cryptosvc and gss Services

Use the svcs command to verify that the cryptosvc and gss services are enabled.

For example:

# svcs cryptosvc gss

STATE STIME FMRI

online Mar_31 svc:/system/cryptosvc:default

online Mar_31 svc:/network/rpc/gss:default

136 Ops Center Site Preparation Guide • March 2010

 25
C H A P T E R 2 5

Obtaining the Software

Obtaining the Software Introduction

Contact your Sun sales support representative to arrange for your Ops Center download.

As a qualified Sun customer with an engaged Sun sales support representative, a Sun field or
system engineer can provide access to the Ops Center software for you to download. The
software license agreement for Ops Center is presented as part of the download process. You
must read and accept the software license agreement before you can use Ops Center.

137
138
 26
C H A P T E R 2 6

Vendor Download Sites

Vendor Download Sites Introduction

Depending on the environment that you are managing, the Enterprise Controller will need to
access a number of vendor sites to download knowledge and patches. The following is a list of
the major vendor download sites:
Infrastructure and Solaris OS Patches
■ https://getupdates1.sun.com
The https://getupdates1.sun.com site displays a login authentication screen for the Sun
Download Server.
■ https://a248.e.akamai.net (resolves to constantly changing IP addresses)
■ https://inv-cs.sun.com
■ https://inventory.sun.com/scportal
The https://inv-cs.sun.com and https://inventory.sun.com sites display the Sun
Inventory page.
■ http://kenai.com
Project Kenai is Sun's connected developer destination and it is used to download
Chapter 21, “OC Doctor,” updates.
Freeware and SunSolve
■ ftp://ftp.sunfreeware.sun
■ http://sunsolve.sun.com
■ https://identity.sun.com
Oracle Enterprise Linux
■ https://linux.oracle.com
Red Hat Enterprise Linux (optional)

139
Vendor Download Sites Introduction

■ https://www.redhat.com
■ http://rhn.redhat.com
■ https://rhn.redhat.com
■ http://download.rhn.redhat.com
■ https://content-web.rhn.redhat.com
■ https://e2595.c.akamaiedge.net

Novell SUSE Linux Enterprise Server (optional)

■ http://www.novell.com
■ https://www.novell.com
■ http://download.novell.com
■ https://you.novell.com

Microsoft Download Center

■ http://download.microsoft.com

140 Ops Center Site Preparation Guide • March 2010

 27
C H A P T E R

Terminology
2 7

Agent
The agent software communicates with the Enterprise Controller and is installed automatically
when an asset is discovered to make the asset into a managed asset.

Appliance
An appliance is a pre-installed and pre-configured application and operating system
environment. Using appliances eliminates the installation, configuration, and maintenance
costs associated with running complex stacks of software. Appliance images of the format
VMDK are supported in Ops Center.

Assets
Anything that Ops Center can discover and manage. Hardware, software, operating systems,
and hypervisors are all assets.

Automatic Discovery
Automatic discovery is a discovery method that searches for Service Tags on subnets associated
with the Proxy Controllers.

141
Baseline

Baseline
A baseline, or Solaris baseline, is a dated collection of Solaris patches, patch metadata, and tools.
Sun releases Solaris baselines on a monthly basis. You can modify a baseline to create a custom
patch set by the use of black lists and white lists.

Black List
A black list is a list of Solaris OS patch IDs that you never want to be applied to a host. The black
list is used when you are using a baseline to update a Solaris OS.

Boot environment
A collection of mandatory file systems (disk slices and mount points) that are critical to the
operation of the Solaris OS. These disk slices might be on the same disk or distributed across
multiple disks.

Channel
Channel is an OS distribution, such as Solaris 10 5/09 or Red Hat Enterprise Linux 5.3.

Connected Mode
Connected mode is the default connection mode for Ops Center. With this mode, patch data is
regularly downloaded through an Internet connection.

Control Domain
The control domain is a domain that is created when Logical Domains is installed. The control
domain allows you to create and manage guest domains and allocate virtual resources to the
guest domains.

142 Ops Center Site Preparation Guide • March 2010

 Enterprise Controller

Critical file system (Solaris OS)

File systems that are required by the Solaris OS. When you use Solaris Live Upgrade, these file
systems are separate mount points in the vfstab file of the active and inactive boot
environments. Example file systems are root, /usr, /var, and /opt. These file systems are always
copied from the source to the inactive boot environment.

Custom Discovery
Custom discovery is a discovery method that uses user-specified targets (IP addresses or
subnets) and discovery protocols.

Declare Assets
The Declare Assets option allows you to add assets to Ops Center without performing an
Automatic Discovery or Custom Discovery.

Disconnected Mode
Disconnected mode is the alternate connection mode for Ops Center. Instead of relying on an
Internet connection for updates, patch data is user supplied.

Domain
A domain is created when Logical Domains is installed. See Control Domain.

Enterprise Controller
Enterprise controller is the top portion of the Ops Center software. The Enterprise Controller
hosts the user interface and communicates with the Sun Datacenter.

Chapter 27 • Terminology 143

Global zone

Global zone
In Solaris Containers, the global zone is both the default zone for the system and the zone used
for system-wide administrative control. The global zone is the only zone from which a
non-global zone can be configured,installed, managed, or uninstalled. Administration of the
system infrastructure, such as physical devices,routing, or dynamic reconfiguration (DR), is
only possible in the global zone. Appropriately privileged processes running in the global zone
can access objects associated with other zones. See also Solaris Containers and Non-Global
Zones.

Group
A group consists of user-defined assets. Assets can be organized into a group by any number of
properties, such as type or location. A group can include other groups.

Guest
Guests are virtual machines of a virtualization host such as a Logical Domain host. The control
domain is a privileged domain (Dom0) and the virtual machines are unprivileged domains
(domUs). An unprivileged domain is a domain with no special hardware access.

Guest Operating System

A guest operating system is an OS that can run within a virtualized environment. “Supported
Operating Systems for Logical Domains” on page 46.

Host name
The name by which a system is known to other systems on a network. This name must be
unique among all the systems within a particular domain (usually, this means within any single
organization). A host name can be any combination of letters, numbers, and minus signs (-),
but it cannot begin or end with a minus sign.

144 Ops Center Site Preparation Guide • March 2010

 Network

Hypervisor
A hypervisor is the software that allows multiple virtual machines to be multiplexed on a single
physical machine. The hypervisor code runs at a higher privilege level than the supervisor code
of its guest operating systems to manage use of the underlying hardware resources by multiple
supervisor kernels.

JMX
Java Management Extensions (JMX) technology provides the tools for building distributed,
modular, and dynamic solutions for managing and monitoring devices, applications, and
networks. The JMX API defines the notion of MBeans, or manageable objects, which expose
attributes and operations in a way that allows remote management applications to access them.
The public API in Ops Center can be accessed through JMX-Remoting.

Library
A library is a collection of virtual machine images and disk images that are located under the
same file system. When a virtual pool is created, one or more libraries is assigned to the virtual
pool. Virtual pools can share the same libraries.

Logical Domain
Logical Domain technology is part of a suite of methodologies for consolidation and resource
management for SPARC systems. This technology allows you to allocate a system's various
resources, such as memory, CPUs, and devices, into logical groupings and create multiple
discrete systems. A Logical Domain is a full virtual machine, with a set of resources, such as a
boot environment, CPU, memory, I/O devices, and its own operating system.

Network
A network allows guests to communicate with each other or with the external world (that is, the
Internet). When a virtual pool is created, one or more networks is assigned to the virtual pool.
Virtual pools can share the same networks.

Chapter 27 • Terminology 145

Non-global zone

Non-global zone
A virtualized operating system environment created within a single instance of the Solaris OS.
One or more applications can run in a non-global zone without interacting with the rest of the
system. Non-global zones are also called zones. See also Solaris Containers and Global Zone.

Policy
A policy defines how a job is performed and sets the automation level of the job. A policy file is
similar to a response file. If there is a conflict between a profile and policy, the profile overrides
the policy.

Profile
A profile defines the configuration of components for a specific type of system. By using a
profile, you can define what is allowed, and not allowed, to be installed on a system. If there is a
conflict between a profile and policy, the profile overrides the policy.

Proxy
The proxy is the mid-level portion of the Ops Center software. The proxy pulls jobs from the
Satellite Server and directs their execution.

Root file system

The top-level file system from which all other file systems stem. The root ( / ) file system is the
base on

which all other file systems are mounted, and is never unmounted. The root ( / ) file system
contains the

directories and files critical for system operation, such as the kernel, device drivers, and the
programs that

are used to start (boot) a system.

146 Ops Center Site Preparation Guide • March 2010

 Unclassified assets

Root directory
The top-level directory from which all other directories stem.

Solaris Containers
Solaris containers are sometimes referred to as Solaris Zones. A software partitioning
technology used to virtualize operating system services and provide an isolated and secure
environment for running applications. When you create a non-global zone, you produce an
application execution environment in which processes are isolated from all other zones. This
isolation prevents processes that are running in a zone from monitoring or affecting processes
that are running in any other zones. See also global zone, and non-global zone.

Static Route
A static route specifies the route that must be taken by the network for external access. You
might define a default gateway for the network; however, this default gateway might not be able
reach a given subnet. In this case, you need to add a static route for this specific subnet.

Sun Service Tag

A Sun service tag enables automatic discovery of assets. A service tag uniquely identifies each
tagged asset, and allows information about the asset to be shared over a local network in a
standard XML format. See the Sun Service Tag FAQ for more information.

SCCM
Microsoft's System Center Configuration Manager (SCCM) updates Windows operating
systems.

Unclassified assets
Assets that appear in the Unclassified Assets tab. The hardware and software are discovered, but
there is not enough information to manage them. Typically, assets are placed in this category
when you run an Automatic discovery job or if you run a Custom Discovery job that finds
service tags, but fails on protocol-based authentication. To move assets to the Available to be
Managed or Managed Assets tabs, you must run a Custom Discovery or Declare Assets job.

You can register any unclassified assets using Sun Inventory.

Chapter 27 • Terminology 147

Virtual Disk Image

Virtual Disk Image

A virtual disk image is a representation of a virtual storage device that is associated with a
virtual machine. Such storage can represent a virtual hard disk or a virtual CD/DVD.

Virtual Pool
A virtual pool is a resource pool of virtualization hosts that share compatible chip architecture,
which facilitates actions such as moving guests between virtualization host instances. Members
of the virtual pool have access to the same network and storage library resources. Guests can
access the images contained in the virtual pool's library. Several virtual pools can share the same
network and library storage resources.

Virtual Server Image

A virtual server image is the persisted specification and state of a virtual machine. A virtual
server is created when you create a guest. The virtual server image contains the general
specification of the guest such as CPU, network, memory, and the type of physical storage that
is backing the guest. A virtual server image is also referred to as a guest image.

Virtualization Host
Virtualization Host is a hypervisor.

White List
A white list is a list of Solaris OS patch IDs that you always want to be applied to a host. The
white list is used when you are using a baseline to update a Solaris OS.

WS-Management
Web Services for Management (WS-MAN) is a specification for managing servers, devices, and
applications using web services standards. It provides a common way for systems to access and
exchange management information across the entire IT infrastructure. The public API in Ops
Center can be accessed through WS-Management.

148 Ops Center Site Preparation Guide • March 2010

 ZFS

zone
Zones, also called non-global zones, are a virtualized operating system environment created
within a single instance of the Solaris OS. One or more applications can run in a non-global
zone without interacting with the rest of the system. See also Solaris Containers, Non-Global
Zone, and Global Zone.

ZFS
A Solaris OS file system that uses storage pools to manage physical storage.

Chapter 27 • Terminology 149

150