I've worked in the past to help our government customers understand how best to secure Solaris. For my customer base that means complying with Security Technical Implementation Guides (STIGs) from the Defense Information Systems Agency (DISA). I recently worked with a team to apply both the Solaris and Oracle 11gR2 database STIGs to a SPARC SuperCluster. The results have been published in an Oracle White paper.
The SPARC SuperCluster is a highly available, high performance platform that incorporates:
- SPARC T4-4 servers
- Exadata Storage Servers and software
- ZFS Storage appliance
- InfiniBand interconnect
- Flash Cache
- Oracle Solaris 11
- Oracle VM for SPARC
- Oracle Database 11gR2
It is targeted towards large, mission critical database, middleware and general purpose workloads.
Using the Oracle Solution Center we configured a SSC applied DoD security guidance and confirmed functionality and performance of the system. The white paper reviews our findings and includes a number of security recommendations. In addition, customers can contact me for the itemized spreadsheets with our detailed STIG reports.
- There is no DISA STIG documentation for Solaris 11. Oracle is working to help DISA create one using their new process. As a result, our report follows the Solaris 10 STIG document and applies it to Solaris 11 where applicable.
- In my conversations over the years with DISA Field Security Office they have repeatedly told me, "The absence of a DISA written STIG should not prevent a product from being used. Customer may apply vendor or industry security recommendations to receive accreditation."
Thanks to the core team: Kevin Rohan, Gary Jensen and Rich Qualls as well as the staff of the Oracle Solution Center and Glenn Brunette for their help in creating the document. You should also review SPARC SuperCluster T4-4 Platform Security Principles and Capabilities by Glenn and others in Oracle's Enterprise Solution Group.