Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
11121314151617181920
service, only the root user (the default user assigned the RBAC Administrator role) is
allowed to log in to the compartment.
prm
Configures a PRM group for the SRP compartment. You can specify the PRM group type
and the CPU and memory allocations for the group.
provision
Executes a customizable script to deploy an application in an SRP compartment. HP provides
sample provision scripts for Apache Web Server and Secure Shell daemon (sshd) services.
network
Configures an IP interface for exclusive use by a compartment.
init
Creates compartment startup and shutdown scripts and a compartment-specific init
directory structure that replicates the /sbin/init.d directory structure. By default, the
scripts are automatically executed by the system startup and shutdown scripts.
ipfilter
Configures IPFilter rules for the compartment. For the base template, SRP configures rules
that restrict IP packets to the compartment's IP interface. When used with application
templates, SRP prompts you for local port numbers and configures rules that allow packets
that match the specified ports.
ipsec
Configures HP-UX IPSec policies for the compartment. SRP prompts you for the local and
remote IP addresses and configures IPSec polices to encrypt and authenticate packets that
match the address specifications. The ipsec service also configures an Internet Key Exchange
(IKE) policy and an IKE preshared key.
Configuration Synchronization Manager (CMGR) Utility and Libraries
The Configuration Synchronization Manager (CMGR) product is included in the SRP bundle.
The CMGR product includes the cmgr utility and libraries, which enables SRP to coordinate the
configuration of multiple subsystems. The srp utility invokes the cmgr utility.
For more information about CMGR, see HP-UX CMGR Administrator's and Developer's Guide.
Planning Considerations and Best Practices
This section contains information to consider when planning an SRP deployment and best
practices to follow when managing a system with SRP compartments.
Compatibility with Other Partitioning Continuum Products
HP-UX SRP is a component of the Partitioning Continuum for HP-UX and is compatible with
HP-UX nPartitions, HP-UX vPar, and Integrity Virtual Machine (VM) solutions. You can create
an SRP in any HP-UX OS image; the OS image can exist in an nPartition, vPar, Integrity VM, or
directly on non-partitioned server hardware.
Coexistence with the INIT Compartment
The INIT compartment is a permanent, default compartment defined by the Security Containment
product. By default, all system processes (all processes started by the init process) run in the
INIT compartment, and the INIT compartment has access to all files and directories. The INIT
compartment also has access to all interfaces configured in other compartments, including the
ifaces compartment, which usually contains all interfaces configured on the system. (When
18 Introduction