Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
11121314151617181920
1 Introduction
This chapter addresses the following topics:
“Product Overview” (page 13)
“SRP Components” (page 16)
“Planning Considerations and Best Practices” (page 18)
Product Overview
HP-UX Secure Resource Partitions (SRP) version 2 enables you to create and manage SRP
compartments, which provide isolated execution environments for applications. Each SRP
compartment can have:
A compartment home directory tree, which is isolated from other compartments.
A dedicated IP interface.
Isolated interprocess communication (IPC).
A compartment-specific login environment.
Dedicated CPU and memory resources.
Per-compartment initialization and shutdown capabilities. You can start or stop an SRP
compartment as you would start or stop a single system.
Compartment-specific network security policies.
Because SRP enables you to configure and control these features on a per-compartment basis,
each compartment forms an isolated execution environment. You can create multiple SRP
compartments in a single image of an HP-UX operating system, which enables you to consolidate
multiple applications on a single HP-UX OS image.
The configuration data for an SRP compartment encompasses data for multiple HP-UX subsystems
and features, including HP-UX Security Containment and HP Process Resource Manager (PRM).
SRP identifies this data using tags, or special text identifiers. This enables you to configure and
manage the parameters for these subsystems as a single unit. Adding an SRP compartment
creates configuration data for multiple HP-UX services, and deleting an SRP compartment
removes all data configured for the compartment. (For more information about SRP tags, see
“Tag Formats” (page 84).)
Figure 1-1 shows a system with two SRP compartments, SRP_web1 and SRP_web2. Each
compartment has a dedicated IP interface, isolated compartment home directory (/var/hpsrp/
SRP_web1 and /var/hpsrp/SRP_web2), compartment login group, dedicated processor set
(pset), and separate instances of network daemons running.
Product Overview 13