|
|||
Part I Planning to Install Over the Network 1. Where to Find Solaris Installation Planning Information 2. Preconfiguring System Configuration Information (Tasks) 3. Preconfiguring With a Naming Service or DHCP Part II Installing Over a Local Area Network 4. Installing From the Network (Overview) 5. Installing From the Network With DVD Media (Tasks) 6. Installing From the Network With CD Media (Tasks) 7. Installing Over the Network (Examples) 8. Installing From the Network (Command Reference) Part III Installing Over a Wide Area Network 10. Preparing to Install With WAN Boot (Planning) 11. Installing With WAN Boot (Tasks) 12. SPARC: Installing With WAN Boot (Tasks) Task Map: Installing a Client With WAN Boot To Perform a Noninteractive WAN Boot Installation To Perform an Interactive WAN Boot Installation To Perform a WAN Boot Installation With a DHCP Server To Perform a WAN Boot Installation With Local CD Media 13. SPARC: Installing With WAN Boot (Examples) |
Preparing the Client for a WAN Boot InstallationBefore you install the client system, prepare the client by performing the following tasks. To Check the net Device Alias in the Client OBPTo boot the client from the WAN with the boot net, the net device alias must be set to the client's primary network device. On most systems, this alias is already set correctly. However, if the alias is not set to the network device you want to use, you must change the alias. For more information about setting device aliases, see “The Device Tree” in OpenBoot 3.x Command Reference Manual. Follow these steps to check the net device alias on the client.
The following commands show how to check and reset the net device alias. Check the device aliases. ok devalias screen /pci@1f,0/pci@1,1/SUNW,m64B@2 net /pci@1f,0/pci@1,1/network@c,1 net2 /pci@1f,0/pci@1,1/network@5,1 disk /pci@1f,0/pci@1/scsi@8/disk@0,0 cdrom /pci@1f,0/pci@1,1/ide@d/cdrom@0,0:f keyboard /pci@1f,0/pci@1,1/ebus@1/su@14,3083f8 mouse /pci@1f,0/pci@1,1/ebus@1/su@14,3062f8 If you want to use the /pci@1f,0/pci@1,1/network@5,1 network device, type the following command. ok devalias net /pci@1f,0/pci@1,1/network@5,1 More InformationContinuing the WAN Boot InstallationAfter you check the net device alias, see the appropriate section to continue the installation.
Installing Keys on the ClientFor a more secure WAN boot installation or an insecure installation with data integrity checking, you must install keys on the client. By using a hashing key and an encryption key, you can protect the data that is transmitted to the client. You can install these keys in the following ways.
You can also install keys in the OBP of a running client. If you want to install keys on a running client, the system must be running the Solaris 9 12/03 OS, or compatible version. When you install keys on your client, ensure that the key values are not transmitted over an insecure connection. Follow your site's security policies to ensure the privacy of the key values.
To Install Keys in the Client OBPYou can assign key values to OBP network boot argument variables before you boot the client. These keys can then be used for future WAN boot installations of the client. To install keys in the client OBP, follow these steps. If you want to assign key values to OBP network boot argument variables, follow these steps.
The following example shows how to install a hashing key and an encryption key in the client OBP. Display the key values on the WAN boot server. # wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 The previous example uses the following information.
Install the keys on the client system. ok set-security-key wanboot-hmac-sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 ok set-security-key wanboot-3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 The previous commands perform the following tasks.
More InformationContinuing the WAN Boot InstallationAfter you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client. See AlsoFor more information about how to display key values, see the man page wanbootutil(1M). To Install a Hashing Key and an Encryption Key on a Running ClientYou can set key values at the wanboot program boot> prompt on a running system. If you use this method to install keys, the keys are only used for the current WAN boot installation. If you want to install a hashing key and an encryption key in the OBP of a running client, follow these steps. Before You BeginThis procedure makes the following assumptions.
The following example shows how to install keys in the OBP of a running client. Display the key values on the WAN boot server. # wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 The previous example uses the following information.
Install the keys in the OBP of the running client. # /usr/lib/inet/wanboot/ickey -o type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # /usr/lib/inet/wanboot/ickey -o type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 The previous commands perform the following tasks.
More InformationContinuing the WAN Boot InstallationAfter you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client. See AlsoFor more information about how to display key values, see the man page wanbootutil(1M). For additional information about how to install keys on a running system, see ickey(1M). |
||
|