Skip to content
CA Privileged Access Manager Server Control - 14.1
Documentation powered by DocOps

Solaris 10 Zones Implementation

Last update July 5, 2018

Solaris 10 provides virtualized OS services which look like different Solaris instances, called zones. All Solaris 10 systems contain a master zone, called the global zone. Nonglobal zones run alongside it, and you can configure, monitor, and control them from the global zone.

You can protect each zone (or selected zones) in your environment using CA Privileged Access Manager Server Control. This method lets you define different rules and policies for each zone, therefore defining different access restrictions for each zone.

Installing CA Privileged Access Manager Server Control on Solaris 10 zones is the same as a regular installation. Use either one of these methods:

  • Install CA Privileged Access Manager Server Control using Solaris native packaging.
    The product is designed to be installed and uninstalled using Solaris native packaging tools (pkgadd and pkgrm).
    If you install using the Solaris native package installation, you can either:
    • Install CA Privileged Access Manager Server Control on all zones.
      The recommended way of installing CA Privileged Access Manager Server Control on Solaris 10 is to either install on the global zone, or on all zones. All zones include nonactive zones and any zones that are created in the future.
    • Install CA Privileged Access Manager Server Control on selected zones.
      While we do not recommend this step, you can use Solaris native packaging tools to install CA Privileged Access Manager Server Control on selected zones. However, for CA Privileged Access Manager Server Control to work in any nonglobal zone, install CA Privileged Access Manager Server Control in the global zone.
    If you installed using Solaris native packaging, use the native packaging to uninstall CA Privileged Access Manager Server Control from all zones.
  • Install CA Privileged Access Manager Server Control in each zone using the install_base script.
    The install_base script installs CA Privileged Access Manager Server Control in the zone you are executing the script in.
    For CA Privileged Access Manager Server Control to work in any nonglobal zone, install CA Privileged Access Manager Server Control in the global zone.
    If you installed CA Privileged Access Manager Server Control using the install_base script, you can uninstall it from individual nonglobal zones. However, the CA Privileged Access Manager Server Control kernel can be uninstalled only from the global zone and only after CA Privileged Access Manager Server Control has been stopped in all zones.
    Note: Due to a Solaris 11 limitation, the CA Privileged Access Manager Server Control package is not propagated into nonglobal zones during installation. We recommend you to install CA Privileged Access Manager Server Control in each zone individually using the Solaris native packaging tool (pkgadd).

    Important! If you uninstall CA Privileged Access Manager Server Control from the global zone using install_base before you uninstall from all zones, users can be locked out of the zones. We recommend you to use the Solaris native packaging to install and uninstall CA Privileged Access Manager Server Control on Solaris zones.
Was this helpful?

Please log in to post comments.