SunScreen EFS Release 3.0 Installation Guide

Installing the Software on the Screen

The next step is to install the SunScreen EFS 3.0 software on the machine that serves as the Screen. If you have a monitor and a keyboard attached to your Screen, you can use the installation wizard. If you are operating the Screen without a monitor, you must either temporarily attach a monitor and keyboard, or install the software via the command line. Command line instructions are located in Appendix A.


Note -

Before starting the procedure below, configure only the network interface you plan on using for remote administration, if not already done. Configuration of additional network interfaces may result in a non-operational Screen. For details on Solaris network configuration, see the documentation accompanying the Solaris operating environment.



Caution - Caution -

If you configure a network interface and later set it to stealth mode, the Screen will hang upon activation. If this happens, you must first reboot the Screen in single user mode; second, remove the file /etc/hostname.interface_name, which will unconfigure that interface; and third, reboot again.


Option 1: To Install the Software on the Screen Using Self-Generated Certificates

Note -

In this procedure, you need the Administration Station's certificate ID (MKID) from the previous procedure.


  1. On the Screen, open a terminal window and become root.

  2. Insert the SunScreen EFS 3.0 CD-ROM into the Screen's CD-ROM drive.

  3. Mount the CD-ROM by typing:


    # volcheck
    

  4. Add the software by typing:


    # /cdrom/cdrom0/screenInstaller
    

    The SunScreen EFS Screen Install Welcome window appears, as shown in Figure 5-11.

    Figure 5-11 Screen Install Wizard's Welcome Window

    Graphic

  5. Click Next to continue the installation process.

    The Check Installed Solaris Packages window appears, as shown in Figure 5-12. Prior to installation of the SunScreen EFS 3.0 software, a check is performed to verify that the prerequisite Solaris packages are installed on your machine.


    Note -

    If there are missing required packages, a list will be displayed. You must exit the installation wizard at this point and install the required Solaris packages from your Solaris CD.


    Figure 5-12 Checking Installed Solaris Packages Window

    Graphic

  6. Click Next to continue the installation process.

    The Secondary HA Designation window appears, as shown in Figure 5-13. No is the default.

    Choose Yes if you are configuring an HA cluster and are installing the Secondary SunScreen of that cluster. If this is what you want to do, exit the installation wizard and see the SunScreen EFS 3.0 Administration Guide for instructions on how to set-up an HA cluster.

    Figure 5-13 Secondary HA Designation Window

    Graphic

  7. Accept the default, No, and Click Next.

    The Select Screen Type window appears, as shown in Figure 5-14. You are given two types of installations to choose from: Stealth or Routing. Routing mode is the default.

    Figure 5-14 Select Screen Type Window With Stealth Selected

    Graphic

  8. Select Stealth mode and Click Next.

    The Select Administration Type window appears, as shown in Figure 5-15. You are given the choice of Local Administration or Remote Administration. Local Administration is the default.


    Caution - Caution -

    When operating in stealth mode, only Local Administration of the Screen is not a supported configuration. Even if the plan is to use Local Administration primarily for the Screen, the administrator should verify that Remote Administration is configured properly .


    Figure 5-15 Select Administration Type(s) Window With Remote Administration Selected

    Graphic

  9. Select Remote Administration, and Click Next.

    The Select Type of Install window appears, as shown in Figure 5-16. You are given two choices: Default Install and Custom Install.

    Figure 5-16 Select Type of Install Window With Default Install Selected

    Graphic


    Note -

    The HotJava browser, version 1.1.5, is packaged on the SunScreen EFS 3.0 CD-ROM and is installed as part of the Default Install. If you do not want this installed, select Custom Install and deselect package SUNWdthj.


  10. Select the type of install desired, and Click Next.

    The disk space on your machine is checked. An error message appears if you do not have enough disk space.

    The Ready to Install window appears, as shown in Figure 5-17. The size of the packages to be installed is confirmed.

    Figure 5-17 Ready To Install Window

    Graphic

  11. Click Install Now to continue the installation process.

    The Installing Window appears, as shown in Figure 5-18. The status bar shows the progress of the installation.

    Figure 5-18 Installing Window Showing Installation Status Bar

    Graphic

    Once completed, the Installation Summary window appears, as shown in Figure 5-19. This window can be resized if needed.

    Figure 5-19 Installation Summary Window

    Graphic

  12. Click Next to continue the installation process.

    The Select Certificate Type window appears. Self-Generated Certificate is the default, as shown in Figure 5-20.

    Figure 5-20 Select Certificate Type Window With Self-Generated Certificate Selected

    Graphic


    Note -

    If you are using Issued Certificates, you must now turn to the following procedure, "To Install The Software on the Administration Station". Follow the instructions to install your Issued Certificates. Once completed, return to this procedure and resume with Step 17.


  13. Accept the default, Self-Generated Certificate, and Click Next.

    The Self-Generated Certificate ID window appears, as shown in Figure 5-21.

    Figure 5-21 Self-Generated Certificate ID Window

    Graphic

  14. Enter the Administration Station's 32-character certificate ID (MKID), obtained in the previous procedure, and Click Next. Do not enter the leading two characters: 0x.

    The Generate Screen Certificate window appears. Wait while the Screen's certificate ID is generated. When completed, the Screen's 32-character certificate ID appears at the bottom of the window, as shown in Figure 5-22.

    Figure 5-22 Generate Screen Certificate With Screen's Certificate ID Generated

    Graphic

  15. Write down the Screen's 32-character certificate ID (MKID) that appears at the bottom of the window.

  16. Click Next to continue the installation process.

    The Select Initial Security Level window appears.

  17. Select the level of security you want: Restrictive, Secure, or Permissive. Permissive is the default.

    When in doubt, select Permissive as your initial security level, as shown in Figure 5-23. You can change this later if you need to.

    Figure 5-23 Select Initial Security Level Window With Permissive Selected

    Graphic

  18. Click Next to continue the installation process.

    The Select Name Service(s) window appears, as shown in Figure 5-24. You must select the name service that will be used on the Screen. Your choices are both NIS and DNS, either NIS or DNS, or None. The default has both NIS and DNS selected. To select just one, deselect the one you do not want. For None, deselect both.

    Figure 5-24 Select Name Service(s) Window With Both NIS And DNS Selected

    Graphic

  19. Select the appropriate Name Service(s), and Click Next.

    The Screen Configuration window appears with the message: Configuring Screen, as shown in Figure 5-25. Figure 5-26 shows the message which appears when the Screen is successfully configured.

    Figure 5-25 Screen Configuration Window

    Graphic

    Figure 5-26 Screen Configuration Window Once Screen Is Configured

    Graphic

  20. Click Next to continue the installation process.

    The Screen Hardening window appears, as shown in Figure 5-27.


    Caution - Caution -

    Hardening is optional and if chosen, is an automated removal of Solaris files and packages which might otherwise make the Screen vulnerable to an attack. Once you have hardened your Screen, it becomes a dedicated firewall and the machine can not be used for another purpose without first reinstalling the Solaris operating environment.


    Figure 5-27 Screen Hardening Window

    Graphic

  21. (Optional) To Harden your Screen, Click the Harden Screen button and Click Next.

    The Screen Reboot window appears, as shown in Figure 5-28.

    Figure 5-28 Screen Reboot Window

    Graphic

  22. To reboot the machine, Click the Screen Reboot button.

    The installation wizard disappears.


    Note -

    You must reboot the machine at this time in order to complete the installation process.