Red Hat Training

A Red Hat training course is available for Red Hat Satellite

2.4. Additional Requirements

The following additional requirements must be met before the RHN Proxy Server installation can be considered complete:
Full Access
Client systems need full network access to the RHN Proxy Server services and ports.
Firewall Rules
RHN strongly recommends firewalling the RHN Proxy Server solution from the Internet. However, various TCP ports must be opened on the Proxy, depending on your implementation of RHN Proxy Server:

Table 2.1. Ports to open on the Proxy

Port Direction Reason
80 Outbound Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com, and your Satellite URL (depending on whether RHN Proxy is talking to either RHN Hosted or a Satellite Server).
80 Inbound Client requests come in via either http or https
443 Inbound Client requests come in via either http or https
443 Outbound Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com, and your Satellite URL (depending on whether RHN Proxy is talking to either RHN Hosted or a Satellite Server).
4545 Outbound If your Proxy is connected to an RHN Satellite Server, Monitoring makes connections to rhnmd running on client systems via this TCP port, if Monitoring is enabled and probes configured to registered systems.
5222 Inbound Opening this port allows osad client connections to the jabberd daemon on the Proxy when using RHN Push technology.
5269 Outbound If your Proxy is connected an RHN Satellite Server, this port must be open to allows server-to-server connections via jabberd for RHN Push Technology.
Synchronized System Times
There is great time sensitivity when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are reasonably close together so the that SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
Fully Qualified Domain Name (FQDN)
The system upon which the RHN Proxy Server will be installed must resolve its own FQDN properly.
A Red Hat Network Account
Customers who will be connecting to the central Red Hat Network Servers to receive incremental updates must have a Red Hat Network account. The sales representative assists with the setup of this account at the time of purchase.
Backups of Login Information
It is imperative that customers keep track of all primary login information. For RHN Proxy Server, this includes usernames and passwords for the Organization Administrator account and SSL certificate generation. Red Hat strongly recommends this information be copied onto two separate floppy disks, printed out on paper, and stored in a fireproof safe.
Distribution Locations
Since the Proxy forwards virtually all local HTTP requests to the central RHN Servers, you must take care to put files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Proxy: /var/www/html/pub/. Files placed in this directory can be downloaded directly from the Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstarts.
In addition, Red Hat recommends that the system running the code not be publicly available. No users but the system administrators should have shell access to these machines. All unnecessary services should be disabled. You can use ntsysv or chkconfig to disable services.
Finally, you should have the following technical documents in hand for use in roughly this order:
  1. The RHN Proxy Server Installation Guide — This guide, which you are now reading, provides the essential steps necessary to get an RHN Proxy Server up and running.
  2. The RHN Client Configuration Guide — This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server. (This will also likely require referencing The RHN Reference Guide, which contains steps for registering and updating systems.)
  3. The RHN Channel Management Guide — This guide identifies in great detail the recommended methods for building custom packages, creating custom channels, and managing private Errata.
  4. The RHN Reference Guide — This guide describes how to create RHN accounts, register and update systems, and use the RHN website to its utmost potential. This guide will probably come in handy throughout the installation and configuration process.