This paper provides instructions and best practices on how to create and manage an SAP installationon an Oracle Solaris Immutable Zone. An Immutable Zone is a security mechanism that can be used to control the way users access files, protect system databases and applications, allow read-only virtual machines, and freeze the operating system and hardware configuration to prevent changes. An Oracle Solaris Immutable Zone obtains the zone’s configuration by implementing read-only root file systems for non-global zones, global zones and kernel zones.
The goal of this document is to increase security features on the Oracle Solaris operating system by defining a non-global zone, global zone or kernel zone as an Immutable Zone and running the SAP application on this read-only zone. With this strategy, the system is made safer. The procedure is tested by simply setting the zonecfg file-mac-profile property for various SAP releases with Oracle Database 11g and 12c... [Click here to read more].
Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.