HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

1 Introduction

This chapter addresses the following topics:

• 1.1 Product Overview

• 1.2 SRP Components

• 1.3 Planning Considerations and Best Practices

• 1.4 Installing SRP

• 1.5 Migration A.02.00/A.02.00.01 to A.02.01

1.1 Product Overview

HP-UX Secure Resource Partitions (SRP) version 2 enables you to create and manage SRP

compartments, which provide isolated execution environments for applications. Each SRP

compartment can have:

• A compartment home directory tree, which is isolated from other compartments.

• A dedicated IP interface.

• Isolated interprocess communication (IPC).

• A compartment-specific login environment.

• Dedicated CPU and memory resources.

• Per-compartment initialization and shutdown capabilities. You can start or stop an SRP

compartment as you would start or stop a single system.

• Compartment-specific network security policies.

Because SRP enables you to configure and control these features on a per-compartment basis, each

compartment forms an isolated execution environment. You can create multiple SRP compartments in

a single image of an HP-UX operating system, which enables you to consolidate multiple applications

on a single HP-UX OS image.

The configuration data for an SRP compartment encompasses data for multiple HP-UX subsystems and

features, including HP-UX Security Containment and HP Process Resource Manager (PRM). SRP

identifies this data using tags, or special text identifiers. This enables you to configure and manage

the parameters for these subsystems as a single unit. Adding an SRP compartment creates

configuration data for multiple HP-UX services, and deleting an SRP compartment removes all data

configured for the compartment. For more information about SRP tags, see Tag Formats.

Figure 1.1 shows a system with two SRP compartments. Each compartment has a dedicated IP

interface, isolated compartment home directory (/var/hpsrp/compartment_name), compartment