Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1017551.1
Update Date:2010-06-21
Keywords:
Solution Type  Technical Instruction Sure

Solution  1017551.1 :   Sun Fire[TM] Servers: 12K/15K/E25K/E20K: SMS System Controller Communication; zoed  

Related Items 
    

  • Sun Fire E25K Server
    •  
  • Sun Fire E20K Server
    •  
  • Sun Fire 12K Server
    •  
  • Sun Fire 15K Server
    •  
Related Categories 
    

  • GCS>Sun Microsystems>Servers>High-End Servers
    •  

PreviouslyPublishedAs
228696 


Description
SMS zoed daemon fills the hole of communication between the two system controllers when Secure by Default (SMS 1.5 and higher) instructs the platform that rsh/ssh can not be used.



Steps to Follow
Previous versions of SMS used rsh/ssh to tell the remote SC to halt

itself, and to tell the remote SC the locals SC's SCPOST results.


These two operations needed to complete without the use of rsh and ssh.  To do so all usage of rsh/ssh has been removed and replaced with the new communication interface; zoed. 


Zoed; has been created to handle the communication and execution of these operations. 


Design of the new daemon zoed.


The new SMS daemon zoed will handle the sending and receiving of these two

operations.  The communication path is through the I2 network. To ensure

security over the path, a root-only numbered socket and the following 

sequence is used:  


    

  1. The sender opens a socket to the receiver and tells it that it has some pending request.
    2. 

  2. The receiver opens a socket to the sender and asks what the request is.
    3. 

  3. The sender verifies the IP address of the receiver is the one configured, and on the same socket, sends the request.
    4. 



This method ensures that the sender is a root process on the remote SC.


The pending request message consists of a simple string, "REQST".

The asking for request message consists of a simple string, "WHAT?".

The OS shutdown request message consists of a simple string, "HALT:".

The post results request message consists of a simple string, "POST:".

Any other messages received are responded to with the string "ERROR" and are ignored.


This daemon is also a door server that listens for proxy requests from the new proxy library.  When it gets a request it will verify via door_cred that the requestor is a root process. Both fomd and the sms startup script, the only clients, are root processes.


Because the startup script (/etc/init.d/zoedsms; /etc/rc3.d/S89zoedsms) is unable to call proxy libraries directly it requires a cli to contact zoed. zoed itself is the cli that the script will use.  With a command line flag, zoed will not start as a daemon, but act as a cli and send the request to the zoed daemon. This behavior only implements the sending of post data, not both zoed operations, as the script only performs that one operation.


Zoed uses port 55 and is not managed by secure shell daemon.


Product
Sun Fire E25K Server

Sun Fire E20K Server

Sun Fire 15K Server

Sun Fire 12K Server


 15k, sms, zoed

 Previously Published As

 85306



 Change History

 Date: 2010-04-30

User Name: Cootware

Action: Content Team Review

Comment: - Information valid - no update needed



Attachments

This solution has no attachment


















       

Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.

 Feedback