This chapter describes the following tasks that are necessary to prepare your network for a WAN boot installation.Installing Over a Wide Area Network (Task Maps) Configuring the WAN Boot Server Creating the Custom JumpStart Installation Files Creating the Configuration Files (Optional) Providing Configuration Information With a DHCP Server (Optional) To Configure the WAN Boot Logging Server The following tables list the tasks you need to perform to prepare for a WAN boot installation.For a list of the tasks you need to perform to prepare for a secure WAN boot installation, see Table 11–1. For a description of a secure WAN boot installation over HTTPS, see Secure WAN Boot Installation Configuration. For a list of the tasks you need to perform to prepare for an insecure WAN boot installation, see Table 11–2. For a description of an insecure WAN boot installation, see Insecure WAN Boot Installation Configuration. To use a DHCP server or a logging server, complete the optional tasks that are listed at the bottom of each table.Task Description For Instructions Decide what security features you want to use in your installation. Review the security features and configurations to decide what level of security you want to use in your WAN boot installation. Protecting Data During a WAN Boot InstallationSecurity Configurations Supported by WAN Boot (Overview) Collect WAN boot installation information. Complete the worksheet to record all the information you need to perform a WAN boot installation. Gathering Information for WAN Boot Installations Create the document root directory on the WAN boot server. Create the document root directory and any subdirectories to serve the configuration and installation files. Creating the Document Root Directory Create the WAN boot miniroot. Use the setup_install_server command to create the WAN boot miniroot. To Create a WAN Boot Miniroot Verify that the client system supports WAN boot. Check the client OBP for boot argument support of WAN boot. To Check the Client OBP for WAN Boot Support Install the wanboot program on the WAN boot server. Copy the wanboot program to the document root directory of the WAN boot server. Installing the wanboot Program on the WAN Boot Server Install the wanboot-cgi program on the WAN boot server. Copy the wanboot-cgi program to the WAN boot server's CGI directory. To Copy the wanboot-cgi Program to the WAN Boot Server (Optional) Set up the logging server. Configure a dedicated system for displaying boot and installation log messages. (Optional) To Configure the WAN Boot Logging Server Set up the /etc/netboot hierarchy. Populate the /etc/netboot hierarchy with the configuration and security files that are required for a WAN boot installation. Creating the /etc/netboot Hierarchy on the WAN Boot Server Configure the web server to use secure HTTP for a more secure WAN boot installation. Identify the web server requirements that are necessary to perform a WAN installation with HTTPS. (Optional) Protecting Data by Using HTTPS Format digital certificates for a more secure WAN boot installation. Split PKCS#12 file into a private key and a certificate to use with the WAN installation. (Optional) To Use Digital Certificates for Server and Client Authentication Create a hashing key and an encryption key for a more secure WAN boot installation. Use the wanbootutil keygen command to create HMAC SHA1, 3DES, or AES keys. (Optional) To Create a Hashing Key and an Encryption Key Create the Solaris Flash archive. Use the flarcreate command to create an archive of the software that you want to install on the client. To Create the Solaris Flash Archive Create the installation files for the custom JumpStart installation. Use a text editor to create the following files:sysidcfg profile rules.ok begin scripts finish scripts To Create the sysidcfg FileTo Create the ProfileTo Create the rules File(Optional) Creating Begin and Finish Scripts Create the system configuration file. Set the configuration information in the system.conf file. To Create the System Configuration File Create the WAN boot configuration file. Set the configuration information in the wanboot.conf file. To Create the wanboot.conf File (Optional) Configure the DHCP server to support a WAN boot installation. Set Sun vendor options and macros in the DHCP server. Preconfiguring System Configuration Information With the DHCP Service (Tasks) Task Description For Instructions Decide what security features you want to use in your installation. Review the security features and configurations to decide what level of security you want to use in your WAN boot installation. Protecting Data During a WAN Boot InstallationSecurity Configurations Supported by WAN Boot (Overview) Collect WAN boot installation information. Complete the worksheet to record all the information you need to perform a WAN boot installation. Gathering Information for WAN Boot Installations Create the document root directory on the WAN boot server. Create the document root directory and any subdirectories to serve the configuration and installation files. Creating the Document Root Directory Create the WAN boot miniroot. Use the setup_install_server command to create the WAN boot miniroot. To Create a WAN Boot Miniroot Verify that the client system supports WAN boot. Check the client OBP for boot argument support of WAN boot. To Check the Client OBP for WAN Boot Support Install the wanboot program on the WAN boot server. Copy the wanboot program to the document root directory of the WAN boot server. Installing the wanboot Program on the WAN Boot Server Install the wanboot-cgi program on the WAN boot server. Copy the wanboot-cgi program to the WAN boot server's CGI directory. To Copy the wanboot-cgi Program to the WAN Boot Server (Optional) Set up the logging server. Configure a dedicated system for displaying boot and installation log messages. (Optional) To Configure the WAN Boot Logging Server Set up the /etc/netboot hierarchy. Populate the /etc/netboot hierarchy with the configuration and security files that are required for a WAN boot installation. Creating the /etc/netboot Hierarchy on the WAN Boot Server (Optional) Create a hashing key. Use the wanbootutil keygen command to create HMAC SHA1 key.For insecure installations that check data integrity, complete this task to create an HMAC SHA1 hashing key. (Optional) To Create a Hashing Key and an Encryption Key Create the Solaris Flash archive. Use the flarcreate command to create an archive of the software that you want to install on the client. To Create the Solaris Flash Archive Create the installation files for the custom JumpStart installation. Use a text editor to create the following files:sysidcfg profile rules.ok begin scripts finish scripts To Create the sysidcfg FileTo Create the ProfileTo Create the rules File(Optional) Creating Begin and Finish Scripts Create the system configuration file. Set the configuration information in the system.conf file. To Create the System Configuration File Create the WAN boot configuration file. Set the configuration information in the wanboot.conf file. To Create the wanboot.conf File (Optional) Configure the DHCP server to support a WAN boot installation. Set Sun vendor options and macros in the DHCP server. Preconfiguring System Configuration Information With the DHCP Service (Tasks) The WAN boot server is a web server that provides the boot and configuration data during a WAN boot installation. For a list of the system requirements for the WAN boot server, see Table 10–1.This section describes the following tasks required to configure the WAN boot server for a WAN boot installation.Creating the Document Root Directory Creating the WAN Boot Miniroot Installing the wanboot Program on the WAN Boot Server Creating the /etc/netboot Hierarchy on the WAN Boot Server Copying the WAN Boot CGI Program to the WAN Boot Server (Optional) Protecting Data by Using HTTPS To serve the configuration and installation files, you must make these files accessible to the web server software on the WAN boot server. One method to make these files accessible is to store them in the WAN boot server's document root directory. If you want to use a document root directory to serve the configuration and installation files, you must create this directory. See your web server documentation for information about how to create the document root directory. For detailed information about how to design your document root directory, see Storing Installation and Configuration Files in the Document Root Directory.For an example of how to set up this directory, see Create the Document Root Directory.After you create the document root directory, create the WAN boot miniroot. For instructions, see Creating the WAN Boot Miniroot. WAN boot uses a special Solaris miniroot that has been modified to perform a WAN boot installation. The WAN boot miniroot contains a subset of the software in the Solaris miniroot. To perform a WAN boot installation, you must copy the miniroot from the Solaris DVD or the Solaris Software - 1 CD to the WAN boot server. Use the w option to the setup_install_server command to copy the WAN boot miniroot from the Solaris software media to your system's hard disk.This procedure creates a SPARC WAN boot miniroot with SPARC media. If you want to serve a SPARC WAN boot miniroot from an x86–based server, you must create the miniroot on a SPARC machine. After you create the miniroot, copy the miniroot to the document root directory on the x86–based server. This procedure assumes that the WAN boot server is running the Volume Manager. If you are not using the Volume Manager, see System Administration Guide: Devices and File Systems. Become superuser or assume an equivalent role on the WAN boot server. The system must meet the following requirements.Include a CD-ROM or DVD-ROM drive Be part of the site's network and naming serviceIf you use a naming service, the system must already be in a naming service, such as NIS, NIS+, DNS, or LDAP. If you do not use a naming service, you must distribute information about this system by following your site's policies. Insert the Solaris Software - 1 CD or the Solaris DVD in the install server's drive. Create a directory for the WAN boot miniroot and Solaris installation image.# mkdir -p wan-dir-path install-dir-pathpInstructs the mkdir command to create all the necessary parent directories for the directory you want to create. wan-dir-pathSpecifies the directory where the WAN boot miniroot is to be created on the install server. This directory needs to accommodate miniroots that are typically 250 Mbytes in size. install-dir-pathSpecifies the directory on the install server where the Solaris software image is to be copied. This directory can be removed later in this procedure. Change to the Tools directory on the mounted disc.# cd /cdrom/cdrom0/s0/Solaris_11/ToolsIn the previous example, cdrom0 is the path to the drive that contains the Solaris OS media. Copy the WAN boot miniroot and the Solaris software image to the WAN boot server's hard disk.# ./setup_install_server -w wan-dir-path install-dir-pathwan-dir-pathSpecifies the directory where the WAN boot miniroot is to be copied install-dir-pathSpecifies the directory where the Solaris software image is to be copied The setup_install_server command indicates whether you have enough disk space available for the Solaris Software disc images. To determine available disk space, use the df -kl command. The setup_install_server -w command creates the WAN boot miniroot and a network installation image of the Solaris software. Remove the network installation image.You do not need the Solaris software image to perform a WAN installation with a Solaris Flash archive. You can free up disk space if you do not plan to use the network installation image for other network installations. Type the following command to remove the network installation image.# rm -rf install-dir-path Make the WAN boot miniroot available to the WAN boot server in one of the following ways.Create a symbolic link to the WAN boot miniroot in the document root directory of the WAN boot server.# cd /document-root-directory/miniroot # ln -s /wan-dir-path/miniroot .document-root-directory/minirootSpecifies the directory in the WAN boot server's document root directory where you want to link to the WAN boot miniroot /wan-dir-path/minirootSpecifies the path to the WAN boot miniroot Move the WAN boot miniroot to the document root directory on the WAN boot server.# mv /wan-dir-path/miniroot /document-root-directory/miniroot/miniroot-namewan-dir-path/minirootSpecifies the path to the WAN boot miniroot. /document-root-directory/miniroot/Specifies the path to the WAN boot miniroot directory in the WAN boot server's document root directory. miniroot-nameSpecifies the name of the WAN boot miniroot. Name the file descriptively, for example miniroot.s10_sparc. Use the setup_install_server1M with the w option to copy the WAN boot miniroot and the Solaris software image to the /export/install/Solaris_11 directory of wanserver-1.Insert the Solaris Software media in the media drive that is attached to wanserver-1. Type the following commands.wanserver-1# mkdir -p /export/install/cdrom0 wanserver-1# cd /cdrom/cdrom0/s0/Solaris_11/Tools wanserver-1# ./setup_install_server -w /export/install/cdrom0/miniroot \ /export/install/cdrom0Move the WAN boot miniroot to the document root directory (/opt/apache/htdocs/) of the WAN boot server. In this example the name the WAN boot miniroot is set to miniroot.s10_sparc.wanserver-1# mv /export/install/cdrom0/miniroot/miniroot \ /opt/apache/htdocs/miniroot/miniroot.s10_sparc After you create the WAN boot miniroot, verify that the client OpenBoot PROM (OBP) supports WAN boot. For instructions, see Verifying WAN Boot Support on the Client. For additional information about the setup_install_server command, see install_scripts1M. To perform an unattended WAN boot installation, the client system's OpenBoot PROM (OBP) must support WAN boot. If the client's OBP does not support WAN boot, you can perform a WAN boot installation by providing the necessary programs on a local CD.You can determine if the client supports WAN boot by checking the client's OBP configuration variables. Perform the following procedure to check the client for WAN boot support.This procedure describes how to determine if the client OBP supports WAN boot. &suStepA;Check the OBP configuration variables for WAN boot support.# eeprom | grep network-boot-argumentsIf the variable network-boot-arguments is displayed, or if the previous command returns the output network-boot-arguments: data not available, the OBP supports WAN boot installations. You do not need to update the OBP before you perform your WAN boot installation. If the previous command does not return any output, the OBP does not support WAN boot installations. You must perform one of the following tasks.Update the client OBP. For those clients who do have an OBP that is capable of supporting WAN boot installations, see your system documentation for information about how to update the OBP.Not all client OBPs support WAN Boot. For those clients use the next option. After you complete the preparation tasks and are ready to install the client, perform the WAN boot installation from the Solaris Software CD1 or DVD. This option works in all cases when the current OBP does not provide WAN Boot support.For instructions about how to boot the client from CD1, see To Perform a WAN Boot Installation With Local CD Media. To continue preparing for the WAN boot installation, see Creating the /etc/netboot Hierarchy on the WAN Boot Server. The following command shows how to check the client OBP for WAN boot support.# eeprom | grep network-boot-arguments network-boot-arguments: data not availableIn this example, the output network-boot-arguments: data not available indicates that the client OBP supports WAN boot. After you verify that the client OBP supports WAN boot, you must copy the wanboot program to the WAN boot server. For instructions, see Installing the wanboot Program on the WAN Boot Server.If the client OBP does not support WAN boot, you do not need to copy the wanboot program to the WAN boot server. You must provide the wanboot program to the client on a local CD. To continue the installation, see Creating the /etc/netboot Hierarchy on the WAN Boot Server. For additional information about the setup_install_server command, see Chapter 4, Installing From the Network (Overview). WAN boot uses a special second-level boot program (wanboot) to install the client. The wanboot program loads the WAN boot miniroot, client configuration files, and installation files that are required to perform a WAN boot installation.To perform a WAN boot installation, you must provide the wanboot program to the client during the installation. You can provide this program to the client in the following ways.If your client's PROM supports WAN boot, you can transmit the program from the WAN boot server to the client. You must install the wanboot program on the WAN boot server.To check if your client's PROM supports WAN boot, see To Check the Client OBP for WAN Boot Support. If your client's PROM does not support WAN boot, you must provide the program to the client on a local CD. If your client's PROM does not support WAN boot, go to Creating the /etc/netboot Hierarchy on the WAN Boot Server to continue preparing for your installation. This procedure describes how to copy the wanboot program from Solaris media to the WAN boot server.This procedure assumes that the WAN boot server is running the Volume Manager. If you are not using the Volume Manager, see System Administration Guide: Devices and File Systems. Verify that your client system supports WAN boot. See To Check the Client OBP for WAN Boot Support for more information. Become superuser or assume an equivalent role on the install server. Insert the Solaris Software - 1 CD or the Solaris DVD in the install server's drive. Change to the sun4u platform directory on the Solaris Software - 1 CD or the Solaris DVD.# cd /cdrom/cdrom0/s0/Solaris_11/Tools/Boot/platform/sun4u/ Copy the wanboot program to the install server.# cp wanboot /document-root-directory/wanboot/wanboot-namedocument-root-directorySpecifies the document root directory of the WAN boot server. wanboot-nameSpecifies the name of the wanboot program. Name this file descriptively, for example, wanboot.s10_sparc. Make the wanboot program available to the WAN boot server in one of the following ways.Create a symbolic link to the wanboot program in the document root directory of the WAN boot server.# cd /document-root-directory/wanboot # ln -s /wan-dir-path/wanboot .document-root-directory/wanbootSpecifies the directory in the WAN boot server's document root directory where you want to link to the wanboot program /wan-dir-path/wanbootSpecifies the path to the wanboot program Move the WAN boot miniroot to the document root directory on the WAN boot server.# mv /wan-dir-path/wanboot /document-root-directory/wanboot/wanboot-namewan-dir-path/wanbootSpecifies the path to the wanboot program /document-root-directory/wanboot/Specifies the path to the wanboot program directory in the WAN boot server's document root directory. wanboot-nameSpecifies the name of the wanboot program. Name the file descriptively, for example wanboot.s10_sparc. To install the wanboot program on the WAN boot server, copy the program from the Solaris Software media to the WAN boot server's document root directory.Insert the Solaris DVD or the Solaris Software - 1 CD in the media drive that is attached to wanserver-1 and type the following commands.wanserver-1# cd /cdrom/cdrom0/s0/Solaris_11/Tools/Boot/platform/sun4u/ wanserver-1# cp wanboot /opt/apache/htdocs/wanboot/wanboot.s10_sparcIn this example, the name of the wanboot program is set to wanboot.s10_sparc. After you install the wanboot program on the WAN boot server, you must create the /etc/netboot hierarchy on the WAN boot server. For instructions, see Creating the /etc/netboot Hierarchy on the WAN Boot Server. For overview information about the wanboot program, see What Is WAN Boot?. During the installation, WAN boot refers to the contents of the /etc/netboot hierarchy on the web server for instructions about how to perform the installation. This directory contains the configuration information, private key, digital certificate, and certificate authority required for a WAN boot installation. During the installation, the wanboot-cgi program converts this information into the WAN boot file system. The wanboot-cgi program then transmits the WAN boot file system to the client.You can create subdirectories within the /etc/netboot directory to customize the scope of the WAN installation. Use the following directory structures to define how configuration information is shared among the clients that you want to install.Global configuration – If you want all the clients on your network to share configuration information, store the files that you want to share in the /etc/netboot directory. Network-specific configuration – If you want only those machines on a specific subnet to share configuration information, store the configuration files that you want to share in a subdirectory of /etc/netboot. Have the subdirectory follow this naming convention./etc/netboot/net-ipIn this example, net-ip is the IP address of the client's subnet. Client-specific configuration – If you want only a specific client to use the boot file system, store the boot file system files in a subdirectory of /etc/netboot. Have the subdirectory follow this naming convention./etc/netboot/net-ip/client-IDIn this example, net-ip is the IP address of the subnet. client-ID is either the client ID that is assigned by the DHCP server, or a user-specified client ID. For detailed planning information about these configurations, see Storing Configuration and Security Information in the /etc/netboot Hierarchy.The following procedure describes how to create the /etc/netboot hierarchy.Follow these steps to create the /etc/netboot hierarchy. Become superuser or assume an equivalent role on the WAN boot server. Create the /etc/netboot directory.# mkdir /etc/netboot Change the permissions of the /etc/netboot directory to 700.# chmod 700 /etc/netboot Change the owner of the /etc/netboot directory to the web server owner.# chown web-server-user:web-server-group /etc/netboot/web-server-userSpecifies the user owner of the web server process web-server-groupSpecifies the group owner of the web server process Exit the superuser role.# exit Assume the user role of the web server owner. Create the client subdirectory of the /etc/netboot directory.# mkdir -p /etc/netboot/net-ip/client-IDpInstructs the mkdir command to create all the necessary parent directories for the directory you want to create. (Optional) net-ipSpecifies the network IP address of the client's subnet. (Optional) client-IDSpecifies the client ID. The client ID can be a user-defined value or the DHCP client ID. The client-ID directory must be a subdirectory of the net-ip directory. For each directory in the /etc/netboot hierarchy, change the permissions to 700.# chmod 700 /etc/netboot/dir-namedir-nameSpecifies the name of a directory in the /etc/netboot hierarchy The following example shows how to create the /etc/netboot hierarchy for the client 010003BA152A42 on subnet 192.168.198.0. In this example, the user nobody and the group admin own the web server process.The commands in this example perform the following tasks.Create the /etc/netboot directory. Change the permissions of the /etc/netboot directory to 700. Change the ownership of the /etc/netboot directory to the owner of the web server process. Assume the same user role as the web server user. Create a subdirectory of /etc/netboot that is named after the subnet (192.168.198.0). Create a subdirectory of the subnet directory that is named after the client ID. Change the permissions of the /etc/netboot subdirectories to 700. # cd / # mkdir /etc/netboot/ # chmod 700 /etc/netboot # chown nobody:admin /etc/netboot # exit server# su nobody Password: nobody# mkdir -p /etc/netboot/192.168.198.0/010003BA152A42 nobody# chmod 700 /etc/netboot/192.168.198.0 nobody# chmod 700 /etc/netboot/192.168.198.0/010003BA152A42 After you create the /etc/netboot hierarchy, you must copy the WAN Boot CGI program to the WAN boot server. For instructions, see Copying the WAN Boot CGI Program to the WAN Boot Server. For detailed planning information about how to design the /etc/netboot hierarchy, see Storing Configuration and Security Information in the /etc/netboot Hierarchy. The wanboot-cgi program creates the data streams that transmit the following files from the WAN boot server to the client.wanboot program WAN boot file system WAN boot miniroot The wanboot-cgi program is installed on the system when you install the current Solaris release software. To enable the WAN boot server to use this program, copy this program to the cgi-bin directory of the WAN boot server.Become superuser or assume an equivalent role on the WAN boot server. Copy the wanboot-cgi program to the WAN boot server.# cp /usr/lib/inet/wanboot/wanboot-cgi /WAN-server-root/cgi-bin/wanboot-cgi/WAN-server-rootSpecifies the root directory of the web server software on the WAN boot server On the WAN boot server, change the permissions of the CGI program to 755.# chmod 755 /WAN-server-root/cgi-bin/wanboot-cgi After you copy the WAN boot CGI program to the WAN boot server, you can optionally set up a logging server. For instructions, see (Optional) To Configure the WAN Boot Logging Server.If you do not want to set up a separate logging server, see (Optional) Protecting Data by Using HTTPS for instructions about how to set up the security features of a WAN boot installation. For overview information about the wanboot-cgi program, see What Is WAN Boot?. By default, all WAN boot logging messages are displayed on the client system. This default behavior enables you to quickly debug any installation issues.If you want to record boot and installation logging messages on a system other than the client, you must set up a logging server. If you want to use a logging server with HTTPS during the installation, you must configure the WAN boot server as the logging server.To configure the logging server, follow these steps. Copy the bootlog-cgi script to the logging server's CGI script directory.# cp /usr/lib/inet/wanboot/bootlog-cgi \ log-server-root/cgi-binlog-server-root/cgi-binSpecifies the cgi-bin directory in the logging server's web server directory Change the permissions of the bootlog-cgi script to 755.# chmod 755 log-server-root/cgi-bin/bootlog-cgi Set the value of the boot_logger parameter in the wanboot.conf file.In the wanboot.conf file, specify the URL of the bootlog-cgi script on the logging server.For more information about setting parameters in the wanboot.conf file, see To Create the wanboot.conf File.During the installation, boot and installation log messages are recorded in the /tmp directory of the logging server. The log file is named bootlog.hostname, where hostname is the host name of the client. The following example configures the WAN boot server as a logging server.# cp /usr/lib/inet/wanboot/bootlog-cgi /opt/apache/cgi-bin/ # chmod 755 /opt/apache/cgi-bin/bootlog-cgi After you set up the logging server, you can optionally set up the WAN boot installation to use digital certificates and security keys. See (Optional) Protecting Data by Using HTTPS for instructions about how to set up the security features of a WAN boot installation. To protect your data during the transfer from the WAN boot server to the client, you can use HTTP over Secure Sockets Layer (HTTPS). To use the more secure installation configuration that is described in Secure WAN Boot Installation Configuration, you must enable your web server to use HTTPS.If you do not want to perform a secure WAN boot, skip the procedures in this section. To continue preparing for your less secure installation, see Creating the Custom JumpStart Installation Files.To enable the web server software on the WAN boot server to use HTTPS, you must perform the following tasks.Activate Secure Sockets Layer (SSL) support in your web server software.The processes for enabling SSL support and client authentication vary by web server. This document does not describe how to enable these security features on your web server. For information about these features, see the following documentation.For information about activating SSL on the SunONE and iPlanet web servers, see the SunONE and iPlanet documentation collections on http://docs.sun.com. For information about activating SSL on the Apache web server, see the Apache Documentation Project at http://httpd.apache.org/docs-project/. If you are using web server software that is not listed in the previous list, see your web server software documentation. Install digital certificates on the WAN boot server.For information about using digital certificates with WAN boot, see (Optional) To Use Digital Certificates for Server and Client Authentication. Provide a trusted certificate to the client.For instructions about how to create a trusted certificate, see (Optional) To Use Digital Certificates for Server and Client Authentication. Create a hashing key and an encryption key.For instructions about how to create keys, see (Optional) To Create a Hashing Key and an Encryption Key. (Optional) Configure the web server software to support client authentication.For information about how to configure your web server to support client authentication, see your web server documentation. This section describes how to use digital certificates and keys in your WAN boot installation.The WAN boot installation method can use PKCS#12 files to perform an installation over HTTPS with server or both client and server authentication. For requirements and guidelines about using PKCS#12 files, see Digital Certificate Requirements.To use a PKCS#12 file in a WAN boot installation, you perform the following tasks.Split the PKCS#12 file into separate SSL private key and trusted certificate files. Insert the trusted certificate in the client's truststore file in the /etc/netboot hierarchy. The trusted certificate instructs the client to trust the server. (Optional) Insert the contents of the SSL private key file in the client's keystore file in the /etc/netboot hierarchy. The wanbootutil command provides options to perform the tasks in the previous list.If you do not want to perform a secure WAN boot, skip this procedure. To continue preparing for your less secure installation, see Creating the Custom JumpStart Installation Files.Follow these steps to create a trusted certificate and a client private key. Before you split a PKCS#12 file, create the appropriate subdirectories of the /etc/netboot hierarchy on the WAN boot server.For overview information that describes the /etc/netboot hierarchy, see Storing Configuration and Security Information in the /etc/netboot Hierarchy. For instructions about how to create the /etc/netboot hierarchy, see Creating the /etc/netboot Hierarchy on the WAN Boot Server. Assume the same user role as the web server user on the WAN boot server. Extract the trusted certificate from the PKCS#12 file. Insert the certificate in the client's truststore file in the /etc/netboot hierarchy.# wanbootutil p12split -i p12cert \ -t /etc/netboot/net-ip/client-ID/truststorep12splitOption to wanbootutil command that splits a PKCS#12 file into separate private key and certificate files. -i p12certSpecifies the name of the PKCS#12 file to split. -t /etc/netboot/net-ip/client-ID/truststoreInserts the certificate in the client's truststore file. net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. Decide if you want to require client authentication.If no, go to (Optional) To Create a Hashing Key and an Encryption Key. If yes, continue with the following steps.Insert the client certificate in the client's certstore.# wanbootutil p12split -i p12cert -c \ /etc/netboot/net-ip/client-ID/certstore -k keyfilep12splitOption to wanbootutil command that splits a PKCS#12 file into separate private key and certificate files. -i p12certSpecifies the name of the PKCS#12 file to split. -c /etc/netboot/net-ip/client-ID/certstoreInserts the client's certificate in the client's certstore. net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. -k keyfileSpecifies the name of the client's SSL private key file to create from the split PKCS#12 file. Insert the private key in the client's keystore.# wanbootutil keymgmt -i -k keyfile \ -s /etc/netboot/net-ip/client-ID/keystore -o type=rsakeymgmt -iInserts an SSL private key in the client's keystore -k keyfileSpecifies the name of the client's private key file that was created in the previous step -s /etc/netboot/net-ip/client-ID/keystoreSpecifies the path to the client's keystore -o type=rsaSpecifies the key type as RSA In the following example, you use a PKCS#12 file to install client 010003BA152A42 on subnet 192.168.198.0. This command sample extracts a certificate from a PKCS#12 file that is named client.p12. The command then places the contents of the trusted certificate in the client's truststore file.Before you execute these commands, you must first assume the same user role as the web server user. In this example, the web server user role is nobody.server# su nobody Password: nobody# wanbootutil p12split -i client.p12 \ -t /etc/netboot/192.168.198.0/010003BA152A42/truststore nobody# chmod 600 /etc/netboot/192.168.198.0/010003BA152A42/truststore After you create a digital certificate, create a hashing key and an encryption key. For instructions, see(Optional) To Create a Hashing Key and an Encryption Key. For more information about how to create trusted certificates, see the man page wanbootutil1M. If you want to use HTTPS to transmit your data, you must create a HMAC SHA1 hashing key and an encryption key. If you plan to install over a semi-private network, you might not want to encrypt the installation data. You can use a HMAC SHA1 hashing key to check the integrity of the wanboot program.By using the wanbootutil keygen command, you can generate these keys and store them in the appropriate /etc/netboot directory.If you do not want to perform a secure WAN boot, skip this procedure. To continue preparing for your less secure installation, see Creating the Custom JumpStart Installation Files.To create a hashing key and an encryption key, follow these steps. Assume the same user role as the web server user on the WAN boot server. Create the master HMAC SHA1 key.# wanbootutil keygen -mkeygen -mCreates the master HMAC SHA1 key for the WAN boot server Create the HMAC SHA1 hashing key for the client from the master key.# wanbootutil keygen -c -o [net=net-ip,{cid=client-ID,}]type=sha1-cCreates the client's hashing key from the master key. -oIndicates that additional options are included for the wanbootutil keygen command. (Optional) net=net-ipSpecifies the IP address for the client's subnet. If you do not use the net option, the key is stored in the /etc/netboot/keystore file, and can be used by all WAN boot clients. (Optional) cid=client-IDSpecifies the client ID. The client ID can be a user-defined ID or the DHCP client ID. The cid option must be preceded by a valid net= value. If you do not specify the cid option with the net option, the key is stored in the /etc/netboot/net-ip/keystore file. This key can be used by all WAN boot clients on the net-ip subnet. type=sha1Instructs the wanbootutil keygen utility to create a HMAC SHA1 hashing key for the client. Decide if you need to create an encryption key for the client.You need to create an encryption key to perform a WAN boot installation over HTTPS. Before the client establishes an HTTPS connection with the WAN boot server, the WAN boot server transmits encrypted data and information to the client. The encryption key enables the client to decrypt this information and use this information during the installation.If you are performing a more secure WAN installation over HTTPS with server authentication, continue. If you only want to check the integrity of the wanboot program, you do not need to create an encryption key. Go to Step 6. Create an encryption key for the client.# wanbootutil keygen -c -o [net=net-ip,{cid=client-ID,}]type=key-type-cCreates the client's encryption key. -oIndicates that additional options are included for the wanbootutil keygen command. (Optional) net=net-ipSpecifies the network IP address for the client. If you do not use the net option, the key is stored in the /etc/netboot/keystore file, and can be used by all WAN boot clients. (Optional) cid=client-IDSpecifies the client ID. The client ID can be a user-defined ID, or the DHCP client ID. The cid option must be preceded by a valid net= value. If you do not specify the cid option with the net option, the key is stored in the /etc/netboot/net-ip/keystore file. This key can be used by all WAN boot clients on the net-ip subnet. type=key-typeInstructs the wanbootutil keygen utility to create an encryption key for the client. key-type can have a value of 3des or aes. Install the keys on the client system.For instructions about how to install keys on the client, see Installing Keys on the Client. The following example creates a master HMAC SHA1 key for the WAN boot server. This example also creates a HMAC SHA1 hashing key and 3DES encryption key for client 010003BA152A42 on subnet 192.168.198.0.Before you execute these commands, you must first assume the same user role as the web server user. In this example, the web server user role is nobody.server# su nobody Password: nobody# wanbootutil keygen -m nobody# wanbootutil keygen -c -o net=192.168.198.0,cid=010003BA152A42,type=sha1 nobody# wanbootutil keygen -c -o net=192.168.198.0,cid=010003BA152A42,type=3des After you create a hashing and an encryption key, you must create the installation files. For instructions, see Creating the Custom JumpStart Installation Files. For overview information on hashing keys and encryption keys, see Protecting Data During a WAN Boot Installation.For more information about how to create hashing and encryption keys, see the man page wanbootutil1M. WAN boot performs a custom JumpStart installation to install a Solaris Flash archive on the client. The custom JumpStart installation method is a command–line interface that enables you to automatically install several systems, based on profiles that you create. The profiles define specific software installation requirements. You can also incorporate shell scripts to include preinstallation and postinstallation tasks. You choose which profile and scripts to use for installation or upgrade. The custom JumpStart installation method installs or upgrades the system, based on the profile and scripts that you select. Also, you can use a sysidcfg file to specify configuration information so that the custom JumpStart installation is completely free of manual intervention.To prepare the custom JumpStart files for a WAN boot installation, complete the following tasks.To Create the Solaris Flash Archive To Create the sysidcfg File To Create the rules File To Create the Profile (Optional) Creating Begin and Finish Scripts For detailed information on the custom JumpStart installation method, see Chapter 2, Custom JumpStart (Overview), in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations.The Solaris Flash installation feature enables you to use a single reference installation of the Solaris OS on a system, which is called the master system. You can then create a Solaris Flash archive, which is a replica image of the master system. You can install the Solaris Flash archive on other systems in the network, creating clone systems.This section describes how to create a Solaris Flash archive. Before you create a Solaris Flash archive, you must first install the master system.For information about installing a master system, see Installing the Master System in Solaris Express Installation Guide: Solaris Flash Archives (Creation and Installation). For detailed information about Solaris Flash archives, see Chapter 1, Solaris Flash (Overview), in Solaris Express Installation Guide: Solaris Flash Archives (Creation and Installation). File Size Issues:Check your web server software documentation to verify that the software can transmit files that are the size of a Solaris Flash archive.Check your web server software documentation to verify that the software can transmit files that are the size of a Solaris Flash archive. The flarcreate command no longer has size limitations on individual files. You can create a Solaris Flash archive that contains individual files over 4 Gbytes.For more information, see Creating an Archive That Contains Large Files in Solaris Express Installation Guide: Solaris Flash Archives (Creation and Installation). Boot the master system.Run the master system in as inactive a state as possible. When possible, run the system in single-user mode. If that is not possible, shut down any applications that you want to archive and any applications that require extensive operating system resources. To create the archive, use the flarcreate command.# flarcreate -n name [optional-parameters] document-root/flash/filenamenameThe name that you give the archive. The name you specify is the value of the content_name keyword. optional-parametersYou can use several options to the flarcreate command to customize your Solaris Flash archive. For detailed descriptions of these options, see Chapter 5, Solaris Flash (Reference), in Solaris Express Installation Guide: Solaris Flash Archives (Creation and Installation). document-root/flashThe path to the Solaris Flash subdirectory of the install server's document root directory. filenameThe name of the archive file. To conserve disk space, you might want to use the c option to the flarcreate command to compress the archive. However, a compressed archive can affect the performance of your WAN boot installation. For more information about creating a compressed archive, see the man page flarcreate1M.If the archive creation is successful, the flarcreate command returns an exit code of 0. If the archive creation fails, the flarcreate command returns a nonzero exit code. In this example, you create your Solaris Flash archive by cloning the WAN boot server system with the host name wanserver. The archive is named sol_10_sparc, and is copied exactly from the master system. The archive is an exact duplicate of the master system. The archive is stored in sol_10_sparc.flar. You save the archive in the flash/archives subdirectory of the document root directory on the WAN boot server.wanserver# flarcreate -n sol_10_sparc \ /opt/apache/htdocs/flash/archives/sol_10_sparc.flar After you create the Solaris Flash archive, preconfigure the client information in the sysidcfg file. For instructions, see To Create the sysidcfg File. For detailed instructions about how to create a Solaris Flash archive, see Chapter 3, Creating Solaris Flash Archives (Tasks), in Solaris Express Installation Guide: Solaris Flash Archives (Creation and Installation).For more information about the flarcreate command, see the man page flarcreate1M. You can specify a set of keywords in the sysidcfg file to preconfigure a system.To create the sysidcfg file, follow these steps. Create the Solaris Flash archive. See To Create the Solaris Flash Archive for detailed instructions. Create a file called sysidcfg in a text editor on the install server. Type the sysidcfg keywords you want.For detailed information about sysidcfg keywords, see sysidcfg File Keywords. Save the sysidcfg file in a location that is accessible to the WAN boot server.Save the file to one of the following locations.If the WAN boot server and install server are hosted on the same machine, save this file to the flash subdirectory of the document root directory on the WAN boot server. If the WAN boot server and install server are not on the same machine, save this file to the flash subdirectory of the document root directory of the install server. The following is an example of a sysidcfg file for a SPARC based system. The host name, IP address, and netmask of this system have been preconfigured by editing the naming service.network_interface=primary {hostname=wanclient default_route=192.168.198.1 ip_address=192.168.198.210 netmask=255.255.255.0 protocol_ipv6=no} timezone=US/Central system_locale=C terminal=xterm timeserver=localhost name_service=NIS {name_server=matter(192.168.255.255) domain_name=mind.over.example.com } security_policy=none After you create the sysidcfg file, create a custom JumpStart profile for the client. For instructions, see To Create the Profile. For more detailed information about sysidcfg keywords and values, see Preconfiguring With the sysidcfg File. A profile is a text file that instructs the custom JumpStart program how to install the Solaris software on a system. A profile defines elements of the installation, for example, the software group to install.For detailed information about how to create profiles, see Creating a Profile in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations.To create the profile, follow these steps. Create the sysidcfg file for the client. See To Create the sysidcfg File for detailed instructions. Create a text file on the install server. Name the file descriptively.Ensure that the name of the profile reflects how you intend to use the profile to install the Solaris software on a system. For example, you might name the profiles basic_install, eng_profile, or user_profile. Add profile keywords and values to the profile.For a list of profile keywords and values, see Profile Keywords and Values in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations.Profile keywords and their values are case sensitive. Save the profile in a location that is accessible to the WAN boot server.Save the profile in one of the following locations.If the WAN boot server and install server are hosted on the same machine, save this file to the flash subdirectory of the document root directory on the WAN boot server. If the WAN boot server and install server are not on the same machine, save this file to the flash subdirectory of the document root directory of the install server. Ensure that root owns the profile and that the permissions are set to 644. (Optional) Test the profile.Testing a Profile in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations contains information about testing profiles. In the following example, the profile indicates that the custom JumpStart program retrieves the Solaris Flash archive from a secure HTTP server.# profile keywords profile values # ---------------- ------------------- install_type flash_install archive_location https://192.168.198.2/sol_10_sparc.flar partitioning explicit filesys c0t1d0s0 4000 / filesys c0t1d0s1 512 swap filesys c0t1d0s7 free /export/homeThe following list describes some of the keywords and values from this example.install_typeThe profile installs a Solaris Flash archive on the clone system. All files are overwritten as in an initial installation. archive_locationThe compressed Solaris Flash archive is retrieved from a secure HTTP server. partitioningThe file system slices are determined by the filesys keywords, value explicit. The size of root (/) is based on the size of the Solaris Flash archive. The size of swap is set to the necessary size and is installed on c0t1d0s1. /export/home is based on the remaining disk space. /export/home is installed on c0t1d0s7. After you create a profile, you must create and validate the rules file. For instructions, see To Create the rules File. For more information about how to create a profile, see Creating a Profile in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations.For more detailed information about profile keywords and values, see Profile Keywords and Values in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations. The rules file is a text file that contains a rule for each group of systems on which you want to install the Solaris OS. Each rule distinguishes a group of systems that are based on one or more system attributes. Each rule also links each group to a profile. A profile is a text file that defines how the Solaris software is to be installed on each system in the group. For example, the following rule specifies that the JumpStart program use the information in the basic_prof profile to install any system with the sun4u platform group.karch sun4u - basic_prof -The rules file is used to create the rules.ok file, which is required for custom JumpStart installations.For detailed information about how to create a rules file, see Creating the rules File in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations.To create the rules file, follow these steps. Create the profile for the client. See To Create the Profile for detailed instructions. On the install server, create a text file that is named rules. Add a rule in the rules file for each group of systems you want to install.For detailed information about how to create a rules file, see Creating the rules File in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations. Save the rules file on the install server. Validate the rules file.$ ./check -p path -r file-namep pathValidates the rules by using the check script from the current Solaris release software image instead of the check script from the system you are using. path is the image on a local disk or a mounted Solaris DVD or a Solaris Software - 1 CD.Use this option to run the most recent version of check if your system is running a previous version of the Solaris OS. r file_nameSpecifies a rules file other than the file that is named rules. By using this option, you can test the validity of a rule before you integrate the rule into the rules file. As the check script runs, the script reports the checking of the validity of the rules file and each profile. If no errors are encountered, the script reports: The custom JumpStart configuration is ok. The check script creates the rules.ok file. Save the rules.ok file in a location that is accessible to the WAN boot server.Save the file to one of the following locations.If the WAN boot server and install server are hosted on the same machine, save this file to the flash subdirectory of the document root directory on the WAN boot server. If the WAN boot server and install server are not on the same machine, save this file to the flash subdirectory of the document root directory of the install server. Ensure that root owns the rules.ok file and that the permissions are set to 644. The custom JumpStart programs use the rules file to select the correct installation profile for the wanclient-1 system. Create a text file that is named rules. Then, add keywords and values to this file.The IP address of the client system is 192.168.198.210, and the netmask is 255.255.255.0. Use the network rule keyword to specify the profile that the custom JumpStart programs should use to install the client.network 192.168.198.0 - wanclient_prof - This rules file instructs the custom JumpStart programs to use the wanclient_prof to install the current Solaris release software on the client.Name this rule file wanclient_rule.After you create the profile and the rules file, you run the check script to verify that the files are valid.wanserver# ./check -r wanclient_ruleIf the check script does not find any errors, the script creates the rules.ok file. Save the rules.ok file in the /opt/apache/htdocs/flash/ directory. After you create the rules.ok file, you can optionally set up begin and finish scripts for your installation. For instructions, see (Optional) Creating Begin and Finish Scripts.If you do not want to set up begin and finish scripts, see Creating the Configuration Files to continue the WAN boot installation. For more information about how to create a rules file, see Creating the rules File in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations.For more detailed information about rules file keywords and values, see Rule Keywords and Values in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations. Begin and finish scripts are user-defined Bourne shell scripts that you specify in the rules file. A begin script performs tasks before the Solaris software is installed on a system. A finish script performs tasks after the Solaris software is installed on a system, but before the system reboots. You can use these scripts only when using custom JumpStart to install Solaris.You can use begin scripts to create derived profiles. Finish scripts enable you to perform various postinstallation tasks, such as adding files, packages, patches, or additional software.You must store the begin and finish scripts in the same directory as the sysidcfg, rules.ok, and profile files on the install server.For more information about creating begin scripts, see Creating Begin Scripts in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations. For more information about creating finish scripts, see Creating Finish Scripts in Solaris Express Installation Guide: Custom JumpStart and Advanced Installations. To continue preparing for your WAN boot installation, see Creating the Configuration Files. WAN boot uses the following files to specify the location of the data and files that are required for a WAN boot installation.System configuration file (system.conf) wanboot.conf file This section describes how to create and store these two files.In the system configuration file, you can direct the WAN boot installation programs to the following files.sysidcfg file rules.ok file Custom JumpStart profile WAN boot follows the pointers in the system configuration file to install and configure the client.The system configuration file is a plain text file, and must be formatted in the following pattern.setting=valueTo use a system configuration file to direct the WAN installation programs to the sysidcfg, rules.ok, and profile files, follow these steps. Before you create the system configuration file, you must create the installation files for you WAN boot installation. See Creating the Custom JumpStart Installation Files for detailed instructions. Assume the same user role as the web server user on the WAN boot server. Create a text file. Name the file descriptively, for example, sys-conf.s10–sparc. Add the following entries to the system configuration file.SsysidCF=sysidcfg-file-URLThis setting points to the flash directory on the install server that contains the sysidcfg file. Make sure that this URL matches the path to the sysidcfg file that you created in To Create the sysidcfg File. For WAN installations that use HTTPS, set the value to a valid HTTPS URL. SjumpsCF=jumpstart-files-URLThis setting points to the Solaris Flash directory on the install server that contains the rules.ok file, profile file, and begin and finish scripts. Make sure that this URL matches the path to the custom JumpStart files that you created in To Create the Profile and To Create the rules File. For WAN installations that use HTTPS, set the value to a valid HTTPS URL. Save the file to a directory that is accessible to the WAN boot server.For administration purposes, you might want to save the file to the appropriate client directory in the /etc/netboot directory on the WAN boot server. Change the permissions on the system configuration file to 600.# chmod 600 /path/system-conf-filepathSpecifies the path to the directory that contains the system configuration file. system-conf-fileSpecifies the name of the system configuration file. In the following example, the WAN boot programs check for the sysidcfg and custom JumpStart files on the web server https://www.example.com on port 1234. The web server uses secure HTTP to encrypt data and files during the installation.The sysidcfg and custom JumpStart files are located in the flash subdirectory of the document root directory /opt/apache/htdocs.SsysidCF=https://www.example.com:1234/flash SjumpsCF=https://www.example.com:1234/flash In the following example, the WAN boot programs check for the sysidcfg and custom JumpStart files on the web server http://www.example.com. The web server uses HTTP, so the data and files are not protected during the installation.The sysidcfg and custom JumpStart files are located in the flash subdirectory of the document root directory /opt/apache/htdocs.SsysidCF=http://www.example.com/flash SjumpsCF=http://www.example.com/flash After you create the system configuration file, create the wanboot.conf file. For instructions, see To Create the wanboot.conf File. The wanboot.conf file is a plain text configuration file that the WAN boot programs use to perform a WAN installation. The wanboot-cgi program, the boot file system, and the WAN boot miniroot all use the information included in the wanboot.conf file to install the client machine.Save the wanboot.conf file in the appropriate client subdirectory in the /etc/netboot hierarchy on the WAN boot server. For information about how to define the scope of your WAN boot installation with the /etc/netboot hierarchy, see Creating the /etc/netboot Hierarchy on the WAN Boot Server.If the WAN boot server is running the current Solaris release, a sample wanboot.conf file is located in /etc/netboot/wanboot.conf.sample. You can use this sample as a template for your WAN boot installation.You must include the following information in the wanboot.conf file.Type of Information Description WAN boot server information Path to wanboot program on the WAN boot server URL of wanboot-cgi program on WAN boot server Install server information Path to WAN boot miniroot on the install server Path to system configuration file on the WAN boot server that specifies location of sysidcfg and custom JumpStart files Security information Signature type for the WAN boot file system or WAN boot miniroot Encryption type for the WAN boot file system Whether the server should be authenticated during the WAN boot installation Whether the client should be authenticated during the WAN boot installation Optional information Additional hosts that might need to be resolved for the client during a WAN boot installation URL to the bootlog-cgi script on the logging server You specify this information by listing parameters with associated values in the following format.parameter=valueFor detailed information about wanboot.conf file parameters and syntax, see wanboot.conf File Parameters and Syntax.To create the wanboot.conf file, follow these steps. Assume the same user role as the web server user on the WAN boot server. Create the wanboot.conf text file.You can create a new text file that is named wanboot.conf, or use the sample file that is located in /etc/netboot/wanboot.conf.sample. If you use the sample file, rename the file wanboot.conf after you add parameters. Type the wanboot.conf parameters and values for your installation.For detailed descriptions of wanboot.conf parameters and values, see wanboot.conf File Parameters and Syntax. Save the wanboot.conf file to the appropriate subdirectory of the /etc/netboot hierarchy.For information about how to create the /etc/netboot hierarchy, see Creating the /etc/netboot Hierarchy on the WAN Boot Server. Validate the wanboot.conf file.# bootconfchk /etc/netboot/path-to-wanboot.conf/wanboot.confpath-to-wanboot.confSpecifies the path to the client's wanboot.conf file on the WAN boot server If the wanboot.conf file is structurally valid, the bootconfchk command returns an exit code of 0. If the wanboot.conf file is invalid, the bootconfchk command returns a nonzero exit code. Change the permissions on the wanboot.conf file to 600.# chmod 600 /etc/netboot/path-to-wanboot.conf/wanboot.conf The following wanboot.conf file example includes configuration information for a WAN installation that uses secure HTTP. The wanboot.conf file also indicates that a 3DES encryption key is used in this installation.boot_file=/wanboot/wanboot.s10_sparc root_server=https://www.example.com:1234/cgi-bin/wanboot-cgi root_file=/miniroot/miniroot.s10_sparc signature_type=sha1 encryption_type=3des server_authentication=yes client_authentication=no resolve_hosts= boot_logger=https://www.example.com:1234/cgi-bin/bootlog-cgi system_conf=sys-conf.s10–sparcThis wanboot.conf file specifies the following configuration.boot_file=/wanboot/wanboot.s10_sparcThe second level boot program is named wanboot.s10_sparc. This program is located in the /wanboot directory in the WAN boot server's document root directory. root_server=https://www.example.com:1234/cgi-bin/wanboot-cgiThe location of the wanboot-cgi program on the WAN boot server is https://www.example.com:1234/cgi-bin/wanboot-cgi. The https portion of the URL indicates that this WAN boot installation uses secure HTTP. root_file=/miniroot/miniroot.s10_sparcThe WAN boot miniroot is named miniroot.s10_sparc. This miniroot is located in the /miniroot directory in the WAN boot server's document root directory. signature_type=sha1The wanboot.s10_sparc program and the WAN boot file system are signed with a HMAC SHA1 hashing key. encryption_type=3desThe wanboot.s10_sparc program and the boot file system are encrypted with a 3DES key. server_authentication=yesThe server is authenticated during the installation. client_authentication=noThe client is not authenticated during the installation. resolve_hosts=No additional host names are needed to perform the WAN installation. All required files and information are located in the document root directory on the WAN boot server. boot_logger=https://www.example.com:1234/cgi-bin/bootlog-cgi(Optional) Booting and installation log messages are recorded on the WAN boot server by using secure HTTP.For instructions on how to set up a logging server for your WAN boot installation, see (Optional) To Configure the WAN Boot Logging Server. system_conf=sys-conf.s10–sparcThe system configuration file that contains the locations of the sysidcfg and JumpStart files is located in a subdirectory of the /etc/netboot hierarchy. The system configuration file is named sys-conf.s10–sparc. The following wanboot.conf file example includes configuration information for a less secure WAN boot installation that uses HTTP. This wanboot.conf file also indicates that the installation does not use an encryption key or a hashing key.boot_file=/wanboot/wanboot.s10_sparc root_server=http://www.example.com/cgi-bin/wanboot-cgi root_file=/miniroot/miniroot.s10_sparc signature_type= encryption_type= server_authentication=no client_authentication=no resolve_hosts= boot_logger=http://www.example.com/cgi-bin/bootlog-cgi system_conf=sys-conf.s10–sparcThis wanboot.conf file specifies the following configuration.boot_file=/wanboot/wanboot.s10_sparcThe second level boot program is named wanboot.s10_sparc. This program is located in the /wanboot directory in the WAN boot server's document root directory. root_server=http://www.example.com/cgi-bin/wanboot-cgiThe location of the wanboot-cgi program on the WAN boot server is http://www.example.com/cgi-bin/wanboot-cgi. This installation does not use secure HTTP. root_file=/miniroot/miniroot.s10_sparcThe WAN boot miniroot is named miniroot.s10_sparc. This miniroot is located in the /miniroot subdirectory in the WAN boot server's document root directory. signature_type=The wanboot.s10_sparc program and the WAN boot file system are not signed with a hashing key. encryption_type=The wanboot.s10_sparc program and the boot file system are not encrypted. server_authentication=noThe server is not authenticated with keys or certificates during the installation. client_authentication=noThe client is not authenticated with keys or certificates during the installation. resolve_hosts=No additional host names are needed to perform the installation. All required files and information are located in the document root directory on the WAN boot server. boot_logger=http://www.example.com/cgi-bin/bootlog-cgi(Optional) Booting and installation log messages are recorded on the WAN boot server.For instructions on how to set up a logging server for your WAN boot installation, see (Optional) To Configure the WAN Boot Logging Server. system_conf=sys-conf.s10–sparcThe system configuration file that contains the locations of the sysidcfg and JumpStart files is named sys-conf.s10–sparc. This file is located in the appropriate client subdirectory of the /etc/netboot hierarchy. After you create the wanboot.conf file, you can optionally configure a DHCP server to support WAN boot. For instructions, see (Optional) Providing Configuration Information With a DHCP Server.If you do not want to use a DHCP server in your WAN boot installation, see To Check the net Device Alias in the Client OBP to continue the WAN boot installation. For detailed descriptions of wanboot.conf parameters and values, see wanboot.conf File Parameters and Syntax and the man page wanboot.conf4. If you use a DHCP server on your network, you can configure the DHCP server to supply the following information.Proxy server's IP address Location of the wanboot-cgi program You can use the following DHCP vendor options in your WAN boot installation.SHTTPproxySpecifies the IP address of the network's proxy server SbootURISpecifies the URL of the wanboot-cgi program on the WAN boot server For information about setting these vendor options on a Solaris DHCP server, see Preconfiguring System Configuration Information With the DHCP Service (Tasks).For detailed information about setting up a Solaris DHCP server, see Chapter 16, Configuring the DHCP Service (Tasks), in System Administration Guide: IP Services. To continue with your WAN boot installation, see Chapter 12, Installing With WAN Boot (Tasks).