Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Sun Fire Software Overview
The following are the elements of Sun Fire Link Interconnect software stack:
-
Sun Fire Link RSM driver software
-
Sun Fire Link switch software
-
Midframe SC software
-
Sun Fire Link Administration software
Sun Fire Link RSM Driver Software
The Sun Fire Link interface is managed by a device driver that implements the RSM interface. RSM supports operations on remote memory as if it were local. The driver software runs on a domain (compute node) as root. The RSM driver is responsible for interfacing to the Sun Fire Link hardware.
Sun Fire Link Switch and Switch Software
The Sun Fire Link Switch is part of the Sun Fire Link clustering technology. The switch manages the network in a hub and spoke fashion using eight optical ports. For direct-connect topologies, the switch is not part of the partition.; it is only part of a switched topology. The switch consists of an enclosure that includes a backplane and two fan trays.
The Sun Fire Link switch system controller module runs an embedded, real time operating system (RTOS). The switch has limited processing and memory resources and no local storage other than erasable programmable read only memories (EPROMS). The switch system controller (SSC) application software runs on the switch. The Sun Fire Link Switch Installation and Service Manual contains more detailed information on the switch and also contains information on the command line interface (CLI) provided by the Sun Fire Link Switch.
The SSC software configures and manages the hardware resources of the switch. For example, the software configures various links and ports to participate in a RSM partition. The switch stores the partition configuration, which is computed by the Sun Fire Link Manager (FM). Network discovery and fabric configuration services are exported to the FM by a private Java remote method invocation (RMI) interface. The FM can remotely execute the functions of the switch. RMI allows client applications to locate remote server objects and execute methods on those objects as if they were local objects. RMI is the object equivalent of remote procedure calls (RPC). RMI also allows code sharing between the client and server application. This shared code is downloaded dynamically between the Java virtual machines (VMs). The switch provides an embedded HTTP server to allow this class code to be downloaded. Currently, the switch SC does not support encrypted or strongly authenticated access methods. All traffic to the switch SC uses non-encrypted transport mechanisms such as Telnet, FTP, HTTP and SNMP. SSL is not used for the RMI so these RMI calls are also insecure. These insecure protocols should not be transmitted across general purpose intranets. These limitations require that the switch be placed on a private subnet. The MSP serves as a gateway system that can communicate between the private subnet and the general access intranet or management network. The switch SC can be accessed only though a serial port on the back of it. Any terminal server used should support privacy and encryption. Running a secure shell on any terminal server is recommended
Midframe System Controller Software
The system controller (SC) of a Sun Fire midframe system controls the assignment of resources within the midframe Sun Fire platform. This includes turning domains on and off and associating components such as CPUs, I/O cards, and memory with domains. All of the server's configuration is stored on the SC. Network discovery and fabric configuration services are exported to the FM software through a private Java remote method invocation (RMI) interface. These RMI interface methods do not use SSL. To mitigate this risk as well as other SC limitations, the midframe SC should be placed on a private subnet. The blueprint article "Securing the Sun Fire Midframe System Controller" contains a detailed description of this.
Sun Fire Link Administration Software
Sun Fire Link software includes tools for administrating Sun Fire Link networks. The administration of Sun Fire Link networks includes the following tasks:
Configuring and reconfiguring Fire Link partitions
Dynamically adding nodes to and removing nodes from partitions
Bringing up and taking down optical links
Enforcing domain topology constraints
Monitoring a configured cluster for faults, such as link failure
The following are the major components of the Sun Fire Link administration software.
Sun Fire Link Manager
FM proxies
The Sun™ Management Center (Sun MC) agent and Sun MC console are not described in this article and are not used.
Figure 3 illustrates where the software is located and how it communicates.
)
FIGURE 3
Sun Fire Link Administration Software
Sun Fire Link Manager
The Sun Fire Link Manager (FM) is installed on a host that is external to the Fire Link cluster. The FM must be installed on the MSP. The FM is a Java application that communicates to the managed entities (compute nodes and switches) through RMI. It is responsible for managing and configuring the Sun Fire Link fabric. The fabric is a collection of RSM partitions, compute nodes, and switch nodes.
Major functions of the FM are:
Creating fabrics
Creating switched and direct connect topologies
Adding nodes to and removing nodes from a partition
Modifying the striping level of a partition
Given the requested topology, stripe level, and node membership, the FM computes configuration information for each node. The FM then distributes the configuration information to every node of the fabric. This configuration information contains items such as striping level (how many links between each node) and the cluster ID. The configuration data is stored in the FM configuration file. The FM configuration file is the persistent form of the FM. If the FM is stopped and restarted the FM configuration file restores the memory resident data structures. This file contains the nodes in the fabrics, which partitions exist and what links are used in what partitions. Another file that the FM manages is the password file. This file contains password information for the domains, switch SCs, and midframe SCs. This data is very sensitive and should always be guarded. The FM has a set of command line tools that are used in the example in this article. These tools allow you to access the FM functionally.
This article discusses how to use role-based access control (RBAC) to control access to these files. These files should never be copied to a insecure location. It is important to continue to treat these files as sensitive data when they are backed up. The FM exposes its functionality through an RMI interface. This RMI interface is called by the FM command line tools. This interface is the access point that Sun MC uses to execute the FM functionality. Access to the RMI interface is protected by a community password. The FM RMI interface refuses connections from systems other than MSP. All FM command line interface (CLI) tools must be executed on the MSP.
Figure 4 is a diagram of the fabric, partition, and nodes.
)
FIGURE 4
Fabric, Partition, and Node Diagram
FM Proxy
The FM proxy is a Solaris OE process that runs on every midframe node that participates in a Sun Fire Link cluster. It is a Java daemon that runs continually. The FM proxy provides configuration and data retrieval methods for the FM. The FM proxy downloads and fetches configuration information from the RSM driver. The FM executes the FM proxy methods though a private Java RMI interface. The RSM driver then communicates this information to the Sun Fire Link hardware. The FM proxy's RMI traffic is validated and protected by using SSL because it is running on a domain. After following the procedures in this article, SSL will be used between the FM proxy and the FM. SSL will restrict access and secure communication to the FM proxy.