The following additional requirements must be met before the RHN Satellite Server installation:
Full Access
Client systems need full network access to the RHN Satellite Server solution's services and ports.
Firewall Rules
RHN strongly recommends firewalling the RHN Satellite Server solution from the Internet. However, it must be able to issue outbound connections to rhn.redhat.com, xmlrpc.rhn.redhat.com and satellite.rhn.redhat.com on ports 80 and 443. Also, if Monitoring is enabled on your RHN Satellite Server, inbound traffic must be allowed on port 4545.
Synchronized System Times
There is great time sensitivity when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative that the time settings on the clients and server be reasonably close together so the SSL certificate does not expire before or during use. For this reason, Red Hat requires the Satellite and all client systems to use Network Time Protocol (NTP). This also applies to the separate database machine in RHN Satellite Server with Stand-Alone Database, which must also be set to the same time zone as the Satellite.
Fully Qualified Domain Name (FQDN)
The system upon which the RHN Satellite Server will be installed must resolve its own FQDN properly. If this is not the case, cookies will not work properly on the website.
Functioning Domain Name Service (DNS)
For the RHN Satellite Server's domain name to be resolved by its clients, it and they must all be linked to a working DNS server in the customer environment.
An Entitlement Certificate
The customer will receive, via email from the sales representative, a signed Entitlement Certificate explaining the services provided by Red Hat through RHN Satellite Server. This certificate will be required during the installation process.
A Red Hat Network Account
Customers who connect to the central Red Hat Network Servers to receive incremental updates must have an external account with Red Hat Network. This account should be set up at the time of purchase with the sales representative.
Backups of Login Information
It is imperative that customers keep track of all primary login information. For RHN Satellite Server, this includes usernames and passwords for the Organization Administrator account on rhn.redhat.com, the primary administrator account on the Satellite itself, SSL certificate generation, and database connection (which also requires a SID, or net service name). Red Hat strongly recommends this information be copied onto two separate floppy disks, printed out on paper, and stored in a fireproof safe.
In addition to these requirements, it is recommended that the RHN Satellite Server be configured in the following manner:
The entire RHN Satellite Server solution should be protected by a firewall if the Satellite accesses or is accessed via the Internet. An Internet connection is not required for RHN Satellite Servers running in completely disconnected environments. This feature instead uses Channel Content ISOs that can be downloaded to a separate system to synchronize the Satellite with the central Red Hat Network Servers. All other RHN Satellite Servers should be synchronized directly over the Internet.
All unnecessary ports should be firewalled off. Client systems connect to RHN Satellite Server over ports 80, 443, and 4545 (if Monitoring is enabled). In addition, if you plan to enable the pushing of actions from the Satellite to client systems, as described in Section 8.10 Enabling Push to Clients, you must allow inbound connections on port 5222. Finally, if the Satellite will also push to an RHN Proxy Server, you must also allow inbound connections on port 5269.
No system components should be directly, publicly available. No user other than the system administrators should have shell access to these machines.
All unnecessary services should be disabled using ntsysv or chkconfig.
The httpd service should be enabled.
If the Satellite serves Monitoring-entitled systems and you wish to acknowledge via email the alert notifications you receive, you must configure sendmail to properly handle incoming mail as described in Section 4.4 Sendmail Configuration.
Finally, you should have the following technical documents in hand for use in roughly this order:
The RHN Satellite Server Installation Guide — This guide, which you are now reading, provides the essential steps necessary to get an RHN Satellite Server up and running.
The RHN Client Configuration Guide — This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server. (This will also likely require referencing The RHN Reference Guide, which contains steps for registering and updating systems.)
The RHN Channel Management Guide — This guide identifies in great detail the recommended methods for building custom packages, creating custom channels, and managing private Errata.
The RHN Reference Guide — This guide describes how to create RHN accounts, register and update systems, and use the RHN website to its utmost potential. This guide will probably come in handy throughout the installation and configuration process.