Office of Information Technology Boston University
System Support
About Getting Started News Contact
Administration Tools Administration Tools Software
Network Installations
Hostname/IP Issues
BU Linux
Solaris
Checklist
Installation Options
Boot Server Guide
Class File
Installation Clusters
Finish Scripts
SGI
Application Server
Patches
Sun Patches
Automate Sun Patches
SGI
Media Loans
Backups
Global Compliance
UID System Guide
Security
Links
FAQ

BU Installation Clusters

Over the years it has become apparent that Sun's installation clusters are broadly defined and often result in systems administrators installing a lot of software they will never use. In a number of cases, software fitting this description has been the source of security holes that have resulted in systems being compromised. As a result, OIT has spent time since Solaris 2.7 developing two installation clusters that attempt to provide all the software that is required while cutting out software that is inappropriate for the BU domain or generally not useful to our users. One benefit to this is that patches which are not relevant to your needs can be excluded more easily and thus reduce the total system maintenance time over the life of the system. OIT fully supports its installation clusters and tests them routinely to make sure they work properly.

There will be exceptions to this where a certain package is required for a specific need, and campus systems administrators are encouraged to install additional packages with the class file or after installation to address these needs. OIT invites feedback on their clusters so that improvements can be made in future releases.

These packages may be installed via the CLUSTER directive the in the Jumpstart Class file. These clusters are not available via a WebStart or Media based installation.

The Headless Server Cluster (SUNWCbuhs) Overview
The Headless Server cluster is designed around the installation of a multiuser or dedicated system that does not have an X-display or need to run xdm (although x-based applications will work just fine via the DISPLAY shell variable). It has a minimal subset of software installed and will install generally install quickly and pose the smallest possible security risk over time.

The User Environment Cluster (SUNWbuue) Overview
The User Environment cluster is the continuation of the Headless Server cluster with additional support for an X display or X services. It is ideal for a desktop system with a graphical display, or as a multiuser server that needs to provide service to xterminals. The installed OS is larger and will take longer to install and patch, and will generally have more security exposures as a result.

The Optional Software
There are a few packages which OIT does not recommend being installed on a system unless it is specifically needed, such as the yp server software. This software can be added to a system by uncommenting a few lines in the provided sample class file. The list of package names is provided to make it easier for systems administrator to find them.

The Installed Software (details)
The installation tables are broken into four pieces below. The first table is software that is installed only if appropriate hardware is detected on the system at install time. The second table is software contained the Headless Server Cluster. The third table is software that installed by the User Environment cluster in addition to the software installed by the Headless Server cluster. The fourth and final table lists the optional software that an administrator might want to select in the class file.

Software installed based on hardware tests

Software included the BUHS cluster

Software included the BUUE cluster (in addition to BUHS cluster)

Optional Installation Packages

The Not-Installed Software
The following list defines the types of things that are not installed by either of the BU clusters. By not including this software you save hundreds of megabytes of disk space and substantial decrease your security risks. If you do have a need for some of this software you are best advised to talk to OIT about how to install it. It may be that it is simple to add to your class file using a BU cluster, or it may be more appropriate for you to use a Sun install cluster.
  • Netscape (it's provided via the Application server instead)
  • Drivers for some hardware that Sun doesn't normally install (meaning you probably won't need it)
  • Locales and Foreign Language environments, including CDE support for them.
  • Authentication Management Infrastructure (AMI)
  • Power Management (suspend, resume)
  • Generic Security Service Application Program Interface (GSS-API)
  • Optional fonts not installed by Sun under any circumstances
  • Internet/Intranet Input Method Framework
  • Sun installation software
  • IEEE 802.2 Logical Link Control 2 service software
  • MP Print Filter
  • Printer Management GUI
  • GSS-API for ONC RPC
  • Solstice Enterprise Agents (SNMP)
  • Service Location Protocol Framework (SLP)
  • Solaris User Registration
  • Solaris Web Based Enterprise Management (WBEM)
  • XCU4 support
  • Apache
  • PPP
  • ASET (Sun's security tool)
  • Demo programs of any sort
  • UUCP
  • DHCP Server software
  • Dials and Buttons Device support
  • Federated Naming Services (XFN) support
  • Kodak Color Management System (KCMS)
  • Sun Video support
November 18, 2002
Office of Information Technology
Boston University