Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1017551.1
Update Date:2010-06-21
Keywords:

Solution Type  Technical Instruction Sure

Solution  1017551.1 :   Sun Fire[TM] Servers: 12K/15K/E25K/E20K: SMS System Controller Communication; zoed  


Related Items
  • Sun Fire E25K Server
  •  
  • Sun Fire E20K Server
  •  
  • Sun Fire 12K Server
  •  
  • Sun Fire 15K Server
  •  
Related Categories
  • GCS>Sun Microsystems>Servers>High-End Servers
  •  

PreviouslyPublishedAs
228696


Description
SMS zoed daemon fills the hole of communication between the two system controllers when Secure by Default (SMS 1.5 and higher) instructs the platform that rsh/ssh can not be used.



Steps to Follow
Previous versions of SMS used rsh/ssh to tell the remote SC to halt
itself, and to tell the remote SC the locals SC's SCPOST results.

These two operations needed to complete without the use of rsh and ssh. To do so all usage of rsh/ssh has been removed and replaced with the new communication interface; zoed.

Zoed; has been created to handle the communication and execution of these operations.

Design of the new daemon zoed.

The new SMS daemon zoed will handle the sending and receiving of these two
operations. The communication path is through the I2 network. To ensure
security over the path, a root-only numbered socket and the following
sequence is used:

  1. The sender opens a socket to the receiver and tells it that it has some pending request.
  2. The receiver opens a socket to the sender and asks what the request is.
  3. The sender verifies the IP address of the receiver is the one configured, and on the same socket, sends the request.

This method ensures that the sender is a root process on the remote SC.

The pending request message consists of a simple string, "REQST".
The asking for request message consists of a simple string, "WHAT?".
The OS shutdown request message consists of a simple string, "HALT:".
The post results request message consists of a simple string, "POST:".
Any other messages received are responded to with the string "ERROR" and are ignored.

This daemon is also a door server that listens for proxy requests from the new proxy library. When it gets a request it will verify via door_cred that the requestor is a root process. Both fomd and the sms startup script, the only clients, are root processes.

Because the startup script (/etc/init.d/zoedsms; /etc/rc3.d/S89zoedsms) is unable to call proxy libraries directly it requires a cli to contact zoed. zoed itself is the cli that the script will use. With a command line flag, zoed will not start as a daemon, but act as a cli and send the request to the zoed daemon. This behavior only implements the sending of post data, not both zoed operations, as the script only performs that one operation.

Zoed uses port 55 and is not managed by secure shell daemon.



Product
Sun Fire E25K Server
Sun Fire E20K Server
Sun Fire 15K Server
Sun Fire 12K Server

15k, sms, zoed
Previously Published As
85306

Change History
Date: 2010-04-30
User Name: Cootware
Action: Content Team Review
Comment: - Information valid - no update needed

Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback