Security Features

This section contains information about specific security mechanisms offered by Geographic Edition.

A secure installation uses the following critical security features:

• Role-Based Access Control (RBAC) – Geographic Edition software bases its RBAC profiles on the RBAC rights profiles that are used in the Oracle Solaris Cluster software. You must become an administrator who is assigned the User Security rights profile to change most of the security attributes of a role. Assume the root role and use the RBAC roles of solaris.cluster.geo.modify, solaris.cluster.geo.admin, and solaris.cluster.geo.read to access the cluster. For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services and Geographic Edition Software and RBAC in Oracle Solaris Cluster Geographic Edition System Administration Guide.

• Security Certificates – During installation, the cluster is configured for secure cluster communication by using security certificates (nodes within the same cluster must share the same security certificates). The communication between clusters in a Geographic Edition partnership is secured through the Java Management Extensions (JMX) port with Secure Sockets Layer (SSL) using the security certificates. For more information, see Configuring Trust Between Partner Clusters in Oracle Solaris Cluster Geographic Edition Installation Guide.

• Common Agent Container – To enable a zone cluster to function as a member of a Geographic Edition partnership, the common agent container must be manually configured within the zone cluster. For more information, see Preparing a Zone Cluster for Partner Membership in Oracle Solaris Cluster Geographic Edition Installation Guide.

• IP Security Architecture (IPsec) – Use IPsec to configure secure TCP/UDP heartbeat communications between partner clusters. For more information, see Configuring Secure Cluster Communication Using IPsec in Oracle Solaris Cluster Geographic Edition System Administration Guide.