Information Technology Reference
In-Depth Information
example, two FC-AL HBAs to the same SAN array. You can enable MPxIO in the
control domain by running the command
stmsboot -e
. That command creates
a single, but redundant path to the same device. The single device is then config-
ured into the virtual disk service. Perhaps most simply, insulation from a path
or media failure can be provided by using a ZFS file pool with mirror or RAID-Z
redundancy. These methods offer resiliency in case of a path failure to a device,
but do not insulate the system from failure of a service domain.
Every domain has a console, which is provided by a virtual console concentrator
(vcc). The vcc is usually assigned to the control domain, which then runs the
Virtual Network Terminal Server daemon (
vntsd
) service.
By default, the daemon listens for localhost connections using the Telnet proto-
col, with a different port number being assigned for each domain. A guest domain
operator connecting to a domain's console first logs into the control domain via
the
ssh
command so that no passwords are transmitted in cleartext over the net-
work; the
telnet
command can then be used to connect to the console.
Optionally, user domain console authorization can be implemented to restrict
which users can connect to a domain's console. Normally, only system and guest
domain operators should have login access to a control domain.
The processors in CMT systems are equipped with on-chip hardware cryptographic
accelerators that dramatically speed up cryptographic operations. This technique
improves security by reducing the CPU consumption needed for encrypted trans-
missions, and makes it possible to transmit secure traffic at wire speed. Each CMT
processor core has its own hardware accelerator unit, making it possible to run
multiple concurrent hardware-assisted cryptographic transmissions.
In the T1 processor used on the T1000 and T2000 servers, the accelera-
tor performs modular exponentiation and multiplication, which are normally
CPU-intensive portions of cryptographic algorithms. The accelerator, called the
Modular Arithmetic Unit
(MAU), speeds up public key cryptography (i.e., RSA,
DSA, and Diffie-Hellman algorithms).
Although the T2 and T2 Plus chips include this function, the accelerator has
additional functionality. This cipher/hash unit accelerates bulk encryption (RC4,
DES, 3DES, AES), secure hash (MD5, SHA-1, SHA-256), other public key algo-
rithms (elliptical curve cryptography), and error-checking codes (ECC, CRC32).
At this time, a cryptographic accelerator can be allocated only to domains that
have at least one virtual CPU on the same core as the accelerator.
Search WWH ::
Custom Search