Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1017551.1
Update Date:2011-11-30
Keywords:
Solution Type  Technical Instruction Sure

Solution  1017551.1 :   Sun Fire[TM] Servers: 12K/15K/E25K/E20K: SMS System Controller Communication; zoed  

Related Items 
    

  • Sun Fire E25K Server
    •  
  • Sun Fire E20K Server
    •  
  • Sun Fire 12K Server
    •  
  • Sun Fire 15K Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: SF-Exxk
    •  
  • .Old GCS Categories>Sun Microsystems>Servers>High-End Servers
    •  

PreviouslyPublishedAs
228696 




Applies to: 
 
Sun Fire 12K Server
Sun Fire 15K Server
Sun Fire E20K Server
Sun Fire E25K Server
All Platforms



Goal

SMS zoed daemon fills the hole of communication between the two system controllers when Secure by Default (SMS 1.5 and higher) instructs the platform that rsh/ssh can not be used.

Solution

Previous versions of SMS used rsh/ssh to tell the remote SC to halt itself, and to tell the remote SC the locals SC's SCPOST results.


These two operations needed to complete without the use of rsh and ssh.  To do so all usage of rsh/ssh has been removed and replaced with the new communication interface: zoed. 


Zoed has been created to handle the communication and execution of these operations. 



The new SMS daemon zoed will handle the sending and receiving of these two operations.  The communication path is through the I2 network. To ensure security over the path, a root-only numbered socket and the following sequence is used:  


    

  1. The sender opens a socket to the receiver and tells it that it has some pending request.
    2. 

  2. The receiver opens a socket to the sender and asks what the request is.
    3. 

  3. The sender verifies the IP address of the receiver is the one configured, and on the same socket, sends the request.
    4. 



This method ensures that the sender is a root process on the remote SC.


Implementation details:
  • The pending request message consists of a simple string, "REQST".
  • The asking for request message consists of a simple string, "WHAT?"
  • The OS shutdown request message consists of a simple string, "HALT:"
  • The post results request message consists of a simple string, "POST:"
  • Any other messages received are responded to with the string "ERROR" and are ignored.


This daemon is also a door server that listens for proxy requests from the new proxy library.  When it gets a request it will verify via door_cred that the requestor is a root process. Both fomd and the sms startup script, the only clients, are root processes.


Because the startup script (/etc/init.d/zoedsms; /etc/rc3.d/S89zoedsms) is unable to call proxy libraries directly it requires a cli to contact zoed. zoed itself is the cli that the script will use.  With a command line flag, zoed will not start as a daemon, but act as a cli and send the request to the zoed daemon. This behavior only implements the sending of post data, not both zoed operations, as the script only performs that one operation.


Zoed uses port 55 and is not managed by secure shell daemon.


Product
Sun Fire E25K Server

Sun Fire E20K Server

Sun Fire 15K Server

Sun Fire 12K Server


Keywords: 15k, sms, zoed


Internal Section

Previously Published As 85306







Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback