On Thu, Oct 30, 2008 at 01:52:15AM -0700, Tony Nguyen wrote:
> In absence of Enhance Profiles, however, I'm very curious how NWAM will
> implement switching of profiles and locations, w.r.t SMF properties. Are
> user's customizations (service's enabled state and property values)
> preserved when profiles and locations deliver different values?
Right, but...
> >The question is: is it reasonable to deliver NWAM locations *before*
> >delivering Enhanced SMF Profiles. Without the host-based firewall in
> >the picture I'd say "yes, but it's asking for trouble." With the
> >host-based firewall in the picture I'd say "trouble's here." :(
> >
> As Renee described in an earlier email, we can configure location
> specific IPfilter rules as services' firewall configurations and apply
> those firewall configuration (change services' firewall properties) when
> a location is activated. This is equivalent to applying a profile,
> setting enable state of services. Do you still see troubles?
...as long as you have a plan to move away from pre-Enhanced SMF
Profiles per-{FMRI, location} filters, I see no trouble.
To me that means:
- NWAM locations -> Enhanced SMF Profiles
- make sure nothing in the various interfaces prevents this
- don't expose location-based naming of firewall rule properties
(see previous bullet point)
Nico
--
