Manualshelf

HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
31323334353637383940
32
apply IPSec policies to encrypt and authenticate packets between the container IP address
and a remote IP address.
Secure Shell Daemon for Global View (sshd)
The Secure Shell daemon (sshd) in the global view listens to all IP addresses. These interfere
with the Secure Shell daemons in the container. To prevent the Secure Shell Daemon from
listening on the containers IP addresses, this service restricts sshd to listen to a specific
global view assigned IP address.
The default IP address that the sshd will listen on is the system primary IP address. You can
specify more than one IP address in the global view (see 12.4 Network configuration for the
global view to determine the IP addresses in the global view).
If you are using the srp_sys
command with the enable option, you can use the sshdlistenip variable to specify
multiple global view IP addresses on which the sshd can listen.
Migrate Workload Containers (migrate)
This subsystem attempts to modify the configuration of any existing HP-UX SRP A.02.02
workload SRPs so that it can be supported in the HP-UX Containers A.03.00 and later
environment.
NOTE: The coreset and cmptlogin subsystems are not dynamic features. Enabling or disabling
coreset or cmptlogin requires a reboot.
Example: Enabling default subsystem in interactive mode.
In this example, the user executes the srp_sys setup command to enable HP-UX Containers. The
default values are accepted for each prompt by pressing RETURN.
# /opt/hpsrp/bin/srp_sys -setup
Configure all SRP related subsystems? [y] RETURN
Selected SRP subsystem(s) are: migrate,prm,ipsec,ipfilter,coreset,sshd,cmptlogin
##############################
#
# Core subsystems
#
##############################
Checking SRP core subsystems ... [ Not Enabled ]
Enable SRP support in core subsystems? [y] RETURN
Enabling Security Containment Compartments ... [ OK ]
Enabling multiple namespace support ... [ Enable On Boot ]
Enabling network strong ES model ... [ OK ]
Enabling network compartment IPv4 routing policy ... [ OK ]
Enabling network compartment IPv6 routing policy ... [ OK ]
Enabling network kernel tunable cmpt_allow_local ... [ OK ]
Enabling network kernel tunable cmpt_namedstrs ... [ Enable On Boot ]
Enabling network kernel tunable cmpt_restrict_tl ... [ OK ]
Enabling SRP system services ... [ Enable On Boot ]
Adding SRP user and group ... [ OK ]
##############################
#
# Migrate Workload Containers
#
##############################