When running Privileged Identity Management on Solaris zones, there are some scenarios that need to be taken into consideration.
Scenario 1: Branded Zones
By default, PIM uses /etc/name_to_sysnum to use the native system call for communication with the local zones. When branded zones are being used, communication between the global zone and local zones can be affected, resulting in a situation where the local endpoints cannot see the kernel being loaded. To fix this, it is recommended that IOCTL be used as the communication method.
Please follow the steps in the "Use ioctl for Communication" section of our Implementation Guide to configure PIM for IOCTL communication.
Install on a Solaris Branded Zone - CA Privileged Identity Manager - 12.9 - CA Technologies Documentation
Scenario 2: Adding Additional Local Zones
Another scenario that may arise is when adding new zones after IOCTL has been configured. The new zone will not be able to communicate with the global zone until the kernel is reloaded in the global zone. To prevent this from occurring, please follow the steps below when adding new zones.