2.4. Additional Requirements

Protect your Red Hat Satellite environment with a firewall by blocking all unnecessary and unused ports.

The following table provides a list of port requirements for Red Hat Satellite.

Open your firewall to the following hosts for access to Red Hat's Content Delivery Network (CDN):

The umask command sets file permissions mask for new files. This helps secure the file permissions for new files created on a system. Users with a restrictive umask value might experience problems with installation and operation of Red Hat Satellite. Use the recommended umask value of 022.

SELinux is a set of secure software policies that implement mandatory access control to Red Hat Enterprise Linux and other operating systems. Red Hat Satellite supports SELinux targeted policy in enforcing or permissive mode on Red Hat Enterprise Linux 5 and 6.

Network bandwith is important for communication among Satellites, Proxies, and Clients. To accomodate high volume traffic, Red Hat recommends a high bandwidth on a network capable of delivering packages to many systems and clients. As a guide, Red Hat provides a set of estimates for package transfer from one system to another over various speeds.

Red Hat recommends at least a 100Mbps network speed for minor and major releases. This avoids timeouts for transfers longer than 10 minutes. All speeds are relative to your network setup.

Beyond the space needed for the Red Hat Enterprise Linux installation and /var/satellite/, Red Hat Satellite requires space to generate cache files. These cache files are constantly regenerated as they become needed, even if the cache files are deleted. These cache files are stored within /var/cache/rhn, and the storage needs of this directory depend on the following factors:

Provide at least 10 GB of space for /var/cache/rhn/ on a Red Hat Satellite server. For very large environments with numerous channels, packages, and using Inter Satellite Sync, usage can grow to as much as 100 GB of space for cache files in /var/cache/rhn.

The time settings on the server and clients need to be synchronized so the SSL certificate does not expire before or during use. Red Hat requires the Red Hat Satellite and all client systems to use Network Time Protocol (NTP). This also applies to the separate database machine in Red Hat Satellite with External Database or Managed Database, which must also be set to the same time zone as the Red Hat Satellite.

Set the UTF-8 encoding for your language and locale on your Red Hat Satellite system via the /etc/sysconfig/i18n file. The LANG setting in the file must be in the following format:

LANG="[language_TERRITORY].UTF-8"

The language and TERRITORY are entered as two-letter codes. For example if your language is English and your locale is the United States, you set your LANG setting to en_US.UTF-8.

Red Hat Satellite requires the installation to resolve its own FQDN properly. If this is not the case, cookies will not work properly on the web interface.

Ensure all clients resolve Red Hat Satellite's domain name. All systems, both servers and clients, require connection to a working DNS server in the Satellite environment.

Customers aiming to connect with central Red Hat Network servers to receive incremental updates require an external account with Red Hat Network. This account is set up at the time of purchase with the sales representative.

It is imperative that customers keep track of all primary login information. For Red Hat Satellite, this includes usernames and passwords for the Organization Administrator account on access.redhat.com, the primary administrator account on the Red Hat Satellite itself, SSL certificate generation, and database connection (which also requires an SID, or net service name). Red Hat strongly recommends you copy this information to removable storage media, print out on paper, and store in a fireproof safe.

An Internet connection is not required for Red Hat Satellites running in completely disconnected environments. This feature instead uses Channel Content ISOs to synchronize Red Hat Satellite with the central Red Hat Network Servers. All other Red Hat Satellites should synchronize directly over the Internet.

No system components should be directly, publicly available. No user, other than the system administrators, should have shell access to these machines.

All unnecessary services should be disabled using ntsysv or chkconfig.

The following services should be enabled.

If Red Hat Satellite serves Monitoring-entitled systems and you wish to acknowledge via email the alert notifications you receive, configure sendmail or postfix to properly handle incoming mail.