Jim Laurent's Weblog

Ever wanted to build your own custom configuration for Sun servers?  Find that the Sun store provides a limited set of preconfigured systems?  Try the Sun Desktop system Configurator. It allows you to build supported configurations of Sun servers, disk, tape, desktop systems and racks.  With a completed configuration you can export to a CSV file that opens in OpenOffice or Excel with standard list pricing.  You can then send this configuration to your favorite Sun reseller for a discounted pricing quote.

It is a Java Webstart Application that support multiple OS platforms that run Java 1.6.  Click on the link and the application will start on your desktop.  

I'll be joining a number of government customers and some of my colleagues from Sun at the Government Open Source Conference (GOSCON) this Thursday.  Join me, Dr. Harry Foxwell (published author of "Pro Opensolaris") and Bill Vass (Sun Federal President and COO) at the Reagan Building in downtown Washington D.C on November 5th.

Sun is a leader in open source development communities and we have a wide variety of very popular projects including MySQL, Glassfish, Java, OpenSolaris, OpenOffice and more.

See you there.

Oracle recently updated their FAQ document on the acquisition of Sun Microsystems  (JAVA on NASDAQ currently trading at $8.20 against a $9.50 purchase price by Oracle).  There is a lot of encouraging news about OpenOffice, Glassfish, MySQL, Solaris and SPARC.

For the highlights, see this blog entry (he beat me to it) or read the entire FAQ.

As a Solaris fanatic, I'm very excited about their statements such as:

Oracle plans to spend more money developing Solaris than Sun does now. The industry leading capabilities of the Solaris operating system make it the leader in performance, scalability, reliability, and security – all of which are core requirements for our customers. Oracle plans to enhance our investment in Solaris to push core technologies to the next level as quickly as possible.

We expect that our customers will see the management of their environments that run both Linux and Solaris simplified. Additionally, customers using both Solaris and Linux will be able to rely on one vendor, Oracle, for the support of their entire stack – applications to disk.

Oracle and Sun’s management software are highly complementary. Oracle Enterprise Manager provides comprehensive solutions for managing the full Oracle stack including applications, middleware, database, Linux, and virtualization. Sun Ops Center provides a comprehensive solution for managing Sun servers and their firmware; Solaris, Linux and Windows operating systems; and virtualization technologies such as Solaris Containers and Logical Domains. Oracle Enterprise Manager and Sun Ops Center are expected to combine and deliver to customers the most complete top-down application and systems management environment from applications to hardware.

I know that my federal government customers will be excited to see that Oracle is behind Sun's open source strategy particularly in light of the recent DoD statement about open source.

This memo from the DoD Deputy CIO states:

In almost all cases, OSS meets the definition of “commercial computer software”
and shall be given appropriate statutory preference in accordance with 10 USC 2377
(reference (b)) (see also FAR 2.101(b), 12.000, 12.101 (reference (c)); and DFARS
212.212, and 252.227-7014(a)(1) (reference (d))).

In addition, it notes that:

The use of any software without appropriate maintenance and support presents an
information assurance risk.

Which means that government users of open source products should pay for support to the appropriate vendor.

 The memo also calls out a number of benefits of open source including rapid prototyping, lower costs, security, reliability and avoiding vendor lock-in.

Recently a customer in the Federal Government asked some fairly straightforward security questions about Logical Domains.  In doing my research, I found it wasn't that straight forward to get the answers from the standard Logical Domains (LDOMs) documentation.  Luckily, our engineering and marketing team stepped up to provide clear, concise answers so that this customer (who prefers to remain anonymous) can move forward and implement their virtualization strategy on Sun's T2 class of processors.

Logical Domains (LDoms) provide built-in and no-cost virtualization capabilities for Sun Chip Multithreading (CMT) Servers. Unlike proprietary virtualization technologies, LDoms can save you up to $10,000 per server. It allows you to create virtual machines that take advantage of the massive thread scale offered by these platforms. Create up to 128 virtual servers on one system... for free!  Customers have used Logical Domains to reduce their costs and consolidate their server farms for significant returns in operations and energy savings. For example, using LDOMs and Solaris containers, the United States Air Force was able to reduce rack space to achieve a 13:1 consolidation ratio, decreased server deployment time by more than 90% and cut datacenter power consumption by more than 25%. Download the software for Solaris 10 or OpenSolaris today.

Logical Domains allow the primary Solaris domain (sometimes known as the control domain) to create virtual disks and assign CPU thread, network, memory and I/O resources to other virtual Solaris machines to run on a single system.  The control domain uses the Logical Domains Manager (LDM) to control, monitor and manage the running domains.  Live migration of domains is supported.

LDoms 1.2 adds a number of new features, including:

• Improved Network performance with the introduction of support for jumbo frames
• Reduced power footprint with CPU power management, powering off cores that aren't in use automatically
• Easier adoption with support for physical-to-virtual migration tool
• Quick start with support for configuration assistant tools
• Faster agility with enhancements to Domain Mobility
• Increased control and response to guest availability with Domain dependencies
• In-built protection from corruption with Auto-recovery of configurations

CPU

Q: Can the Control domain access/utilize the CPU threads of a guest without shutting down the guest?

Answer: A Control domain cannot access the CPU threads assigned to a guest domain unless the threads are removed from the guest, and then added to the control domain, such as with CPU Dynamic Reconfiguration, or by rebooting both the guest and control domain after a Static Reconfiguration. LDoms fundamentally partitions CPU resources and there is no sharing of CPU thread resources. Enforcement of this partitioning and separation is done at the Hypervisor level, so it cannot be circumvented by the Control domain.

Virtualization solutions for x86 and IBM Power systems typically time-slice access to threads across multiple guests. This is because IBM and Intel CPU's have very few threads per socket. With SPARC CMT, we have up to 128 threads per socket, and we take advantage of the hardware by using a much safer and simpler partitioning approach in the SPARC Hypervisor and LDoms.

Q: Can a guest domain access the CPU threads of another guest?

Answer: No. LDoms partitions threads and does not share them across logical domain boundaries. See detailed explanation above.

Q: Can a guest domain access the CPU threads of the control domain?

Answer: No. See answers above.

Memory

Q: Can the Control domain alter the active memory space of a running guest?

Answer: There are two types of memory “alteration” in a system, first is modifying the contents of existing memory in a guest, and second, is the reconfiguration of memory size within a guest. For LDoms, guests have no knowledge of one another, nor are there any interfaces to allow one guest to gain access to or modify the memory of another guest. Memory separation and partitioning is enforced by the SPARC Hypervisor.

As of LDoms 1.2, Any request to change the memory configuration (i.e. How much memory a guest has allocated to it), through the LDM command line interface on the Control Domain would queue a “Delayed Reconfiguration” operation, which would take effect upon the next reboot of the guest. Beginning in LDoms 2.0, we will support the dynamic reconfiguration of a guest domain's memory configuration.

There are some memory transfer or shared memory access between domains done in order to implement virtual device and domain services. These transfers and sharing are strictly controlled by each domain and by the SPARC hypervisor: a domain will define, with the hypervisor, the memory data it is going to transfer or share with another domain

Q: Can a guest domain access the memory of another guest?

Answer: No. Guests have no knowledge of one another, nor are there any interfaces to allow one guest to gain access to or modify the memory of another guest. Memory separation and partitioning is enforced by the SPARC Hypervisor.

Q: Can a guest domain access the memory of the control domain?

Answer: No. There are no interfaces which allow for a guest to modify the configuration of or gain access to any part of the control domain's memory.

Virtual Network

Q: Can the control domain alter the network traffic of guest domains? The concern is about a compromised Control Domain becoming a man-in-the-middle. How can this condition be identified/reported?

Answer: Yes. The network switching of the packets is done in a software driver(vsw), its harder to alter the network traffic to Guest domains, but a compromised control(or service) domain *can* alter the traffic. Our Security model assumes that the domain(s) that host services such as vsw, are trusted, so they need to be secured as per the local security guidelines. Compromising or accessing the network traffic of guest domains from the control domain requires root access on the control domain.

Q: Can a guest domain access the network traffic for another guest? The assumption is yes, since an IP network is being shared. A scenario of interest - or pre condition - is if the physical NIC is disconnected, other than via the physical IP network. The key concern is a guest domain accessing the IP traffic of another guest domain via the virtual switch.

Answer: No. The traffic between the virtual switch(vsw) and the virtual network device(vnet) uses Logical Domain Channels(LDCs) that are a point-to-point type of connection. As a result, the traffic between the virtual switch and a guest domain is not visible to other guest domains. Note, switching is based on mac-addresses and LDoms doesn't allow the change of mac-address of a vnet device in a guest domain, so guest domains cannot spoof by changing their mac-addresses.

Q: Can a guest domain access the network traffic of the control domain?

Answer: No. Guest domains will only see the traffic that fits the following:

• Unicast traffic that matches the virtual network device's mac-address in the guest domain.

• Broadcast traffic.

• Multicast traffic for which the guest domain registered to receive.
  
  

No other packets will be seen by the Guest domains.

Virtual Disks

Q: Can a guest domain access virtual disk devices that it has not been allocated, e.g., other guests, Control Domains?

Answer: No. A guest domain can only access virtual disk devices that have been explicitly assigned to it. It will not see, nor can the guest access any other disk.

Virtual Console

Q: Can a guest domain access the virtual console of another guest domain?

Q: Can a guest domain access the console for the control domain?

Answers: A guest domain cannot access the console interface for a different guest domain, nor can a guest domain access the console for the control domain. The only console access is via a privileged user on the control domain itself. There are no interfaces available in any other scenario for access a guest console, including over the general network interface.

Special Interest

Once the LDoms are running in our environment, there is very little need to log into the Control Domain (CD) and this is preferred behavior.

Q: Can a Control Domain be shut down and the LDOMS continue to run? If not, are there other options for maximally restricting access to, e.g., "locking" a CD once the LDoms are configured? An acceptable instance of "locking"is restricting access to the CD from Virtual Console only. Ideally, access via SSH would also be highly restricted. Limited access for maintenance and configuration are also acceptable.

In summary, the primary objective of these features is to secure the CD from a malicious user gaining access and changing LDom configuration without detection.

Answer: one of the architectural principles of LDoms has been that a guest domain can operate independently of the control domain. For example, If a control domain were to fail and reboot, the guests will continue to operate. Extending this logic, yes, you can currently shutdown the control domain and the guest environment will continue to operate. However, this holds only if the guests are using virtual I/O (assuming that I/O is being served from an I/O service domain that's not the control domain) or have been granted direct ownership of one or more PCI-E busses. But with the advent of upcoming projects like direct I/O (the ability to assign individual PCI-E slots to a guest) and SR-IOV (the ability to assign individual PCI-E virtual functions to a guest), it will not be possible to shut down the control domain without impacting guest domains that have been allocated individual PCI-E slots or functions.

In addition, other caveats, or things to consider are:

• Without a control domain, there is no console access to the guests unless the console service is hosted elsewhere.

• With no control domain, there's no LDoms Manager, which precludes any monitoring or reconfiguration of the guests. It also precludes capabilities such as domain mobility (i.e. migration) and power management.

• All IO used by the guest must continue to be available – i.e. If the control domain is also operating as an IO service domain, those IO devices being served by the control domain will cease to be available for the duration that the control domain is down.

• FMA (the Solaris Fault Management Architecture) will be unavailable

• Certain Sun as well as third party management tools require access to the control domain, if the control domain goes down, those tools will have degraded capability

In terms of "locking" or severely limiting access to the control domain, that is certainly possible, but would be subject to its own set of constraints:

• Without control domain access, there is no console access to the guests unless the console service is hosted elsewhere.

• There's no way to interact with the LDoms Manager directly, which limits the ability to monitor, manage, or reconfigure the guests. The current lack of a suitable standalone LDoms management capability exacerbates this issue.

• The inability to login to the control domain makes it extremely difficult to discover or manage any I/O (e.g. disks & network interfaces) bound to that domain.

• Certain Sun as well as third party management tools require access to the control domain, if the control domain is locked down, those tools will have degraded capability

The control domain is usually configured as a service domain. In that case,the control domain needs to be up and running in order to provide service for virtual devices used by guest domains. If the control domain is down then access to virtual devices is suspended until the control domain comes back up.

On appropriate platforms, I/O domains can be created and used as service domains instead of using the control domain as a service domain. That way, guest domains will not depend on the control domain to access their virtual devices.

Forbes magazine published a great article on why Oracle wants Solaris.

Some of the highlights include:

• Virtualization
• Scalability
• Security 
• Reliability
• Management
• Flexibility

Sun has long been an advocate in the use of Open source software in the government (both US and abroad).  In fact, Sun Federal President and COO Bill Vass has created a series of blog entries about why the government can benefit from open source.  These reasons include:

• The ability to control the direction of a product
• Improved quality
• Reduced cost
• Vendor Choice (preventing vendor lock-in)
• Faster time to mission (aka. reduced procurement time)
• Improved security

Now, Sun and a broad array of industry giants have created the Open Source for America Consortium. In addition to Sun, founding members include Oracle, Google, Red Hat, Gnome foundation, Mozilla, Collabnet and others.  The board of advisors includes a number of industry and government luminaries that I've had the pleasure of working with in the past including:

• Dawn Meyeriecks (formerly of DISA as well as AOL)
  
• Marv Langston (former DoD Deputy CIO)
  
• Bill Vass
• Art Money (former DoD CIO)
  
• Simon Phipps (Sun's Chief Open Source Officer)

The mission of OSA is to educate decision makers in the U.S. Federal government about the advantages of using free and open source software; to encourage the Federal agencies to give equal priority to procuring free and open source software in all of their procurement decisions; and generally provide an effective voice to the U.S. Federal government on behalf of the open source software community, private industry, academia, and other non-profits. The mission incorporates three goals: (1) to effectuate changes in U.S. Federal government policies and practices so that all the government may more fully benefit from and utilize free and open source software; (2) to help coordinate these communities to collaborate with the Federal government on technology requirements; and (3) to raise awareness and create understanding among federal government leaders in the executive and legislative branches about the values and implications of open source software. OSA may also participate in standards development and other activities that may support its open source mission.

While some consider the "open source" movement to be a religion or political agenda designed to socialize software or kill proprietary vendors, what it really boils down to is simply developing software outside the company firewall so that you can take advantage of the strengths of the community.  To quote Bill Joy (former Sun co-founder), "Innovation often happens elsewhere."

Sun offers a wide variety of supported, enterprise class open source projects including MySQL, OpenSolaris, OpenSSO, Glassfish and more.  Download some open source Sun software today and you too can start experiencing the benefits of open source.

Federal Government customers can contact Sun's sales office in McLean VA by calling 703 204 4100.

Update:  See the screencast on how to update at the CommunityOne website.

For What's New in OpenSolaris 2009.06, see this PDF presentation... 

If you have OpenSolaris 2008.11 installed, the repositories have now been updated to include the 2009.06 packages. You do NOT have to do a clean install. Simply update your packages.  The complete download image will be available on Monday June 1st.

However, the Update manager GUI tools will tell you that no new packages are available. You must use the command line tools to update SUNWipkg first. Attempting to run the "pfexec pkg image-update" command will give you a message indicating that you need to run:

pfexec pkg install SUNWipkg

in order to update the package tools. Once this process is complete, you can use the command line or the GUI Update Manager to move to 2009.06. Update manager will create a new boot environment (using ZFS) and make it the default BE. OpenSolaris will be featured prominently during Community One/JavaOne this week.

One more bit of information.  If you have created zones on your opensolaris installation, you may need to uninstall the zones before updating. Otherwise, the update manager will give you an error (for which there is a bugID 8313 )

"Unable to clone current boot environment"

To remove the zones:

pfexec zoneadm -z zonename uninstall

I recently had the opportunity to speak at FOSE about cloud computing.  I was also stationed at Sun's table in the Cloud section of the exhibit hall and had an unbelievable number of people come up and ask me what I thought cloud computing is.  Sometimes I think they were just polling all the vendors to see how many different answers they could get.  Needless to say, there are a wide variety of opinions as to the meaning of a cloud and the best use of a computing cloud.

While traveling to Anaheim last week for the DISA customer conference, I spent a good amount of time in LAX.  It occurred to me while I was sitting there that the airport is a perfect analogy to a cloud.  It just happens to be a transportation cloud.

What is an airport?

An airport is a shared transportation resource run by a single organization serving a variety of vendors and customers.

How is an airport like a cloud.... Let me count the ways.

1. Shared common security model that keeps vendors and customers in the right place at the right time.
2. Shared infrastructure that can be virtualized to a variety of vendors depending upon their needs including:
1. Runways
2. Gates
3. Ticket issuing stations
4. Baggage handling
   
5. Security stations
6. Customs inspectors
7. Shopping
   
3. Air traffic control to ensure that planes don't crash in the air
4. Ground traffic control to ensure that planes go to gates they've paid for
5. A single manager for the shared service (the local airport authority)

Why did airports become clouds?

Imagine if each airline actually had to have it's own airport in each city.  A Delta plane could only fly from one Delta airport to another.  Each would need their own runways, parking lots, security guards and more.  It would clearly be an unsustainable model.

Benefits of the transportation cloud

Clearly the airlines saw the benefits of sharing an infrastructure in a number of ways including:

• Reduced costs (less real estate, infrastructure and personnel)
  
• Reduce training through standardization of tools and process
• Improved efficiency
• Less waste (fewer unused resources such as ticket agents, gates, security guards)
  
• The ability to scale an airline up or down as economic factors required and pay for only the resources used.
  

The idea of a cloud is not so new after all and has been around for years in different forms.  It's up to us in the computer industry to take these existing models with manual processes and automate them in a way that provides the same security and flexibility as we find in an airport today.

One of the unique things about the "transportation cloud" is that planes can easily leave one cloud (the LAX cloud) and travel to another cloud (the DCA cloud)  because of agreed upon standards in flight number, communications protocols and a standardization body (the FAA).  Sun is building a cloud infrastructure just as Google, Microsoft, Amazon and other have.  Sun, however, is also focusing on open, interoperable standards for cloud computing so that sometime the future, it will be easy to move an application not just within the Sun cloud from from the Sun cloud to the Amazon  cloud and back again.

Join the community and start to experience the benefits of the cloud.  Learn more and stay up to date on the status of Sun's cloud computing offering.

Hopefully, I'll see you sometime soon in the clouds.

Important note

This blog is my opinion only (actually just random musings) and does not represent official Sun policy.  I have no inside knowledge of Oracle or Sun's intentions or plans for the upcoming acquisition of Sun by Oracle

There are a whole host of reasons that Oracle bought Sun, some of which have already been clearly stated by Oracle management. They include Java, MySQL, Sparc, Servers, Storage and Solaris. Listen to the webcast to hear it from Larry Ellison, Safra Catz as well as other Oracle and Sun leaders.  Also, please review the FAQ regarding the acquistion.

I think that there are some specific things that Oracle will love to gain in this acquisition.

Star/Openoffice

As the second largest software company in the world, there is at least one thing that Oracle has NOT had yet that their primary competitor has and that is an office automation suite used by students, grandmas,  and enterprises worldwide.  The ability to have your name in front of millions of users is a powerful tool particularly when they can download it for free and run it on Windows, MacOS, Linux distros and Solaris.  I think we know that Larry is not a great friend of Microsoft and this will give him one more thing to poke in their eye.

xVM VirtualBox

This free and powerful virtualization tool provides an ideal platform to allow customers to test, develop and deploy Oracle software solutions on a variety of platforms in the comfort of a user's own laptop.  Its upcoming ability to upload a virtual machine to the "cloud" will provide a low cost way for Oracle to accelerate adoption of their hosted application services.

JavaFX

The upcoming land grab for rich internet applications (RIAs) will be a fierce competition between Microsoft, Adobe and Oracle with Sun's JavaFX.  JavaFX provides an advanced tool with proven security and programming model to deploy RIAs on billions of devices over the network.  Its open source status will ensure a broad developer acceptance and diverse contributions from industry, academia and government.  In the fight for "eyeballs" JavaFX will provide Oracle with a significant competitive advantage in function as well as wide device support.

Sun Federal

Sun Federal has a broad reach and it an important strategic part of Sun Microsystems.  Our staff works closely with DoD, Intelligence and Civilian agencies to deploy mission critical applications using a complete systems approach of servers, storage, software and services.  With the anticipated new requirements for government IT efficiencies, Sun Federal will be a real asset to Oracle.

GlassFish

This free, open source application server is fast and easy to download and get started.  I can provide a low (no) cost way for new businesses to get started in enterprise datacenters, college dorm rooms or Amazon EC2 appliances.  Owning Glassfish will give Oracle access to a whole class of customer that normally might not consider their enterprise software.

The Sun Modular Datacenter

What better way to deliver a soup to nuts enterprise application service in a can?  Enough said!

Sun Ray thin clients

As far back as 1996, Larry Ellison has been talking about a low cost, network computer that draws services from a virtualized desktop environment. Sun introduced the Sun Ray ultra-thin client in 1999, and I can personally vouch for the fact that some of those early revision network appliances are still working on desks in our Sun Federal headquarters in McLean, VA.  The savings in energy, noise, real estate and refresh costs certainly must have helped Sun's bottom line along the way.  We have deployed many tens of thounsands Sun Rays in commercial industry and government over the years.  I feel certain that Oracle will expand the usefulness and applicability of the Sun Ray.

I have only touched the surface of advanced research, development, services and products from which Oracle will benefit.  Both Sun and Oracle have always believed that the customer wants true innovation from their IT vendors.  This is what Sun strives for at all times.

I leave you with a quote from a developer I met at the DISA customer conference this week.

"I love Java.  I wrote my thesis on Java.  I think this merger of Oracle and Sun is a match made in heaven."

What do you think?  Please offer your comments!

If you are a part of the US DoD you may remember my earlier blog entry (July 2007) in which I posted customizations to the Solaris Security Toolkit designed to help secure a computer in compliance with DISA Security Guidelines.  Although I haven't done any additional work since that time, Aaron Lippold of DISA took my work and extended it to increase compliance and updated it to more recent versions of DISA STIGs.

Aaron recently notified me that his modifications have now been posted on Forge.mil.

Forge.mil is a family of services provided to support the DoD's technology development community. The system currently enables the collaborative development and use of open source and DoD community source software. These initial software development capabilities are growing to support the full system life-cycle and enable continuous collaboration among all stakeholders including developers, testers, certifiers, operators, and users.

This is great news because it provides a way for the DoD community to collaborate together to make the tool better for everyone. If you are a DoD employee or contractor with a Common Access Card (CAC) you can access this project at https://software.forge.mil/sf/projects/dodsst/.

Join the community, download the tools, contribute changes and make your life generally better by using the Toolkit and DoDSST project to secure your Solaris 10 environment quicker, in an automated and more reproducible fashion.

 I'd like to thank Aaron for the hard work he has done and for his iniative in creating this project for the good of the US Government.

Once again Sun will be showing a variety of our products and services at the DISA customer conference this year being held in Anaheim, CA. Come see us in booth #924

Sun's systems and blades based on Intel's new Nehalem processors

Find the fastest, most cost effective and energy efficient Intel processors that can run Solaris 10, Open Solaris, VMware, MS Windows, Red hat and Suse platforms.

Sun ATCA Blade chassis

As a leader it open systems design, it makes sense that Sun would offer a blade chassis compliant with the Advanced Telecommunications Computing Architecture.  Sun offers Intel, AMD and Sparc chip designs in a single blade chassis.

Here's a photo of the traveling exhibit that we will be bringing.  Learn more about Sun's ATCA products as well as our competitive Blade 6000 products now features the new Intel Nehalem family of processors.

Thin Clients

Our Sun Ray Thin client technology allows you to save money, "be green" and reduce operating costs whether you are runing a Solaris, Linux or Windows environment. Read about the many customers who have deployed thin clients successfully replacing existing PC environments.

Identity Management and SOA software

Sun's Identity Management and SOA solutions allow customers to get a handle on their users, data and programs making them more agile, responsive and secure while helping them comply to government regulations.

This popular, open source database can cost as much as 10% of the traditional vendors, reducing your cost while extending your reach to the internet. Download and try MySQL today.  It installs in less than 15 minutes on all the popular OS platforms.

Sun 7000 Unified Storage System

Sun's newest, network attached storage system, the 7000 series provides high performance, low cost storage with the advantages of solid state disk and detailed analytic tools.

OpenSolaris

Experience the next generation of Solaris technology by downloading OpenSolaris or Solaris 10 today for Sparc, Intel or AMD based platforms.

Dynamic Systems

Dynamic Systems Inc is a Sun partner with the  capability of providing all of Sun's products and service via GSA contract, Enterprise Software Iniative contract or their BPA with DISA known as SSTEW.

CopperEye

CopperEye is a leading provider of enterprise data management solutions that eliminate the economic, technical and operational barriers to storing and accessing massive volumes of data.

And more....

Ask any of our booth personnel (including me) for any information about these or any other Sun products or services in which you are interested.

One of the new features of the recently posted VirtualBox 2.2 beta1 is that you are finally allowed to share folders from an OpenSolaris guest to a MacOS host.  This increases the usability of VBox substantially for me because I've been using a workaround for a while.

It's easy to setup the sharing capability in the Virtualbox GUI. With your VM running:

Devices > Shared Folders

Enter the path of a folder on our Mac and the "Share" name that you will be using to reference it on your OpenSolaris system.  The folder name does not need to be related to the actual folder path.

On the OpenSolaris side, you need to mount the file system to make it visible to the user.

bash-3.2$ id
uid=101(jlaurent) gid=10(staff) groups=10(staff)
bash-3.2$ mkdir mac
bash-3.2$ pfexec mount  -F vboxfs -o uid=101,gid=10 jlaurent /export/home/jlaurent/mac

This, however, is annoying to do each time you reboot so it would be nice to have the file system mount on boot up.  Adding a line to /etc/vfstab should help.

 jlaurent    -    /export/home/jlaurent/mac    vboxfs    -    yes    uid=101,gid=10

Unfortunately, in my testing, this prevented the system from booting.  Thanks to Michael, I learned that this is because Solaris process vfstab BEFORE it completes the ZFS mount of my home directory in /export/home.  Changing the line to:

jlaurent    -    /mac    vboxfs    -    yes    uid=101,gid=10

Fixed the problem.  

However, it's not very convenient at /mac.  There are a few other options.

You can also add the line you your .bashrc file but that only takes effect when you start a new terminal window.  The best option for me was to place the line in the Gnome session startup scripts.

System > Preferences > Sessions > Add

There's a little trick, however, that was non-intuitive to me the first time I did this.  My file system was NOT mounting on login and I didn't know why.  I checked into my .xsession-errors file and found the message: mount: command not found.

As you can see in the screen shot above, the absolute pathname is required for commands executed during login.

Issues:

StarOffice and Gedit do NOT want to save data back into this folder even though cp and vi have no problem with it.  I'm still researching this issue.

If you happen to be attending the Federal Office Systems Exhibition (FOSE) this week at the convention center in Washington D. C. drop in on my OpenSolaris session.  It will be held Thursday at 11:30 in room 158A. Come and see the benefits of ZFS, Dtrace, Zones and other new features in OpenSolaris.

Come visit Sun's booth #2309 to learn more about all of our systems, storage, software and services. 

• See Sun Ray thin clients in action
• Learn more about open source software such as MySQL, OpenSSO, OpenSolaris and VirtualBox
• See our X64 based servers running Windows, Red Hat or Solaris.
• Learn more about our Openstorage System 7000
• and more
  

I also provided a 5 minute "lightning talk" and panel discussion on Cloud Computing on Tuesday. About 120 people attended. Read more about Sun's cloud initiatives at our web site. Stay alert for upcoming announcement about Sun's cloud offerings.

Catch me if you can at Sun's table in the Cloud area of the exhibit hall and play "stump the geek."

 You can download OpenSolaris or Solaris 10 for free usage.  Do it today and get started learning.

 In a resounding endorsement for the Solaris 10 enterprise grade operating system.  Today, Sun and Hewlett-Packard announced an expanded multi-year partnership agreement for HP to distribute and support Sun's Solaris 10 OS. The top five x86/x64 based system vendors (Sun, HP, IBM, Fujitus/Siemens, Dell) now all ship Solaris with their systems.

If you don't happen to have an HP system, feel free to check out Sun's servers based on the Intel, AMD or Sparc processors or download Solaris 10 or OpenSolaris for free and try it out on your laptop or PC.  If you don't like the ugly mess of muti-booting using GRUB, try it in Sun's free and open-source VirtualBox environment.  VBOX allows you to run Solaris 10, OpenSolaris, Red Hat or Windows on top of a variety of hosts such as Windows, Linux, Solaris or Mac OS.

Sun's VirtualBox type II hypervisor is a great free tool for running multiple guest OSes on your desktop.  I use VBOX on my Mac to run Solaris 10 and OpenSolaris.

One of the weaknesses of VBOX at this time is that the "guest additions" don't yet support file sharing from a Solaris guest OS.  There are ways around this, however, using SMB protocols.  Here's how....

• Configure SMB sharing on your Mac
• Apple Menu > System Preferences > File Sharing pref pane
• Enable File sharing
• Click Options
• Enable Share files and folders using SMB
• Enable your username account for file sharing. Doing this exposes your home folder on the network as a Windows shared folder. Make sure you have a good password!
• Install Solaris or OpenSolaris in VirtualBox
• Configure NAT networking
• Open a Nautilus file browser
• Go > Location
• Enter: smb://10.0.2.2/<usernameonmac>
• Enter your password
• A new file browser should open with your mounted files.
• Bookmarks > Add Bookmark
  

This works because when NAT networking is configured the Solaris guest gets an IP address of 10.0.2.xx.  The VBOX hypervisor acts not only as DHCP server but also as gateway and host at IP address 10.0.2.2.

In OpenSolaris, you can also do this using the Places > Connect to server menu item.  Choose Custom Location from the pull-down menu and enter the SMB address.

For more on accessing Windows Sharing check out Brian Leonard's blog entry.

Meanwhile, make sure to get the free downloads of Solaris 10, OpenSolaris or VirtualBox.

Yesterday I attended the DoD Open Technologies conference sponsored by the Association For Enterprise Integration. The presentation slides have been posted. It was a well attended event at the Reagan building in Washington DC.  The keynote address was provided by Sun Federal's president and COO Bill Vass.  Bill pointed out how, during his time working at OSD (before he came to Sun), the intelligence agencies were beginning to adopt open source software for a number of reasons:

• More secure
• Higher quality
• Lower procurement barriers
• Faster deployment
  
• Lower cost to exit
• Allows government participation and customization
  

He also pointed out that software (whether open source or proprietary) is developed in Russia, India and China. He left no doubt that the government is using and should continue to use Open Source software throughout their IT programs.  Feel free to review all of Bill's slides.

Mark Tolliver (formerly of Sun) for Alamida software discussed the importance of software component analysis (SCA).  SCA is the process of auditing your software to determine:

• What OSS components you are using
• What licenses apply
• What vulnerabilities might exist
  

In one example, he used his company's tools to scan a piece of ISV software and found that 65% of it consisted of OSS software.  His experience shows that the industry average is now up to 50%.  This causes a number of issues because licensing issues and vulnerabilities in OSS software become YOUR issues when you deliver a product to your customer.  If you are not fully aware of all of the components, you may be passing on vulnerabilities from older versions of software that have already been fixed in the community.  SCA is important because you can't secure what you don't know that you have.

His recommendations to the government included:

• Require vendor to document OSS code contents
• Audit code acquired
• create a strategy for application security
• Enforce ongoing training for engineers on how to get the code, vet the code and integrate the OSS code
• Document the use of all code for future generations of maintainers
  
• Use automated scanning tools (his product, of course)
• Static Analysis
• Dynamic Analysis
• Compositional analysis
• Anti-virus
  

John Garing CIO of Defense Information Systems Agency (DISA) described how the Hitler had trouble invading Russion because of differences in the train guage standards between the two.  He drew parallels between this and his current personal problem in the DoD where they have contracted with two different Collaboration solutions (to provide competition).  A person chatting in one community can't "see" or interact with a person in the other community.  To summarize, open standards and open interfaces are key to getting services faster to the warfighter.

A panel of government and industry discussed a variety of topics related to open source.

Dan Risacher of OSD/NII reported that a new OSD guidance memo was expected to be released soon.  Dan is a big advocate of open source in the government.

Bdale Garbee of HP is an open source participant in the industry and suggested that government needs to go further to allow both government employees and system integrators to participate and contribute to OSS projects without running afoul of government property rights, employer policies or patent issues.  They also discussed the issues surrounding license and ITAR export control.

The afternoon panel discussed how tactical approaches to open source are being carried out.

Stu Lewin of BAE systems described their detailed creation of a governance board, processes, documentation and training to ensure that the OSS brought into BAE projects is properly vetted, licensed, documented and maintained.

Allan Hardy of Lockheed Martin described how they audit OSS use and perform risk mitigation.  He noted that OSS touches every stage of the software life cycle from proposal through design, test, documentation and support.  He credited a strong process as well as ongoing training of engineers to a successful use of OSS.

Colin Roufer is a lawyer at Boeing and discussed the legal issues surrounding OSS. Important points include:

• There is no negotiation of a license such as the GPL.  Get over it
• The GPL does NOT require that you give the source to everyone in the world, one those who receive the binary
• The recipients of GPL code are bound by the same requirement to pass source code and license down to second level recipients
  

Peter Vescuso of Black Duck software described a case study of a small company who provided OSS to Broadcom.  The Broadcom chip was in turned built into a Linksys router. Linksys was in turn bought by Cisco.  At this point, Cisco did not know that there was OSS content as was not properly conveying that information to its customers.  OSS management requires a cross-function team including:

• legal
• purchasing
• export control
• QA
• Configuration management
• engineering

Summary

Open source is good for the government.  It can lower costs, improve quality and reduct time to mission accomplishment.  Sun Microsystems is the largest contributor of open source software in the industry.  You can take advantage of OpenSolaris, MySQL, Netbeans, OpenStorage and many other products today at low cost.

 Please join our OpenStorage launch on November 10th to learn more.

Many of you have previously seen my comparison chart for Solaris 10, Red Hat Enterprise Linux 5 and MS Windows 2003, all of which can be purchased from Sun running on Sun hardware.  All of the current open source development effort for Solaris is going on in the OpenSolaris community and Sun has produced a binary distribution of OpenSolaris which is available (along with support contracts) at OpenSolaris.com.  

Development from Sun's engineers and outside contributors continues at a fast pace on OpenSolaris and there are hundreds of projects and thousands of community members.  Occasionally, features from OpenSolaris get back ported to Solaris 10 when there is sufficient business case, customer demand and engineering determines that the new feature will not reduce the stability of Solaris 10.  Past examples includes Trusted Extensions, ZFS CPU Caps and more.  Eventually, OpenSolaris with form the basis for the next major version of Solaris with long term support.  In the mean time, you can put OpenSolaris binary distrbution into production today and get support for it from Sun.

With that in mind, I have updated my comparison chart to included OpenSolaris in addition to the other OSes.

Why should you care?

OpenSolaris provides significant new features for Sun users for developers as well as infrastructure operators. Examples include:

• ZFS automatic snapshot
• Network auto configuration
• Image Packaging system and update GUI
• CIFS server in kernel
• Improved Gnome user interface and accessibility
• More GNU utilities.
  

Download it today for Intel and AMD based laptops, workstations or servers.

Try it out with Sun Studio Developer tools, optimized AMP Stack or other open source software in our repository.

My previous blog entry attempted to establish the fact that Solaris 10 (including Containers/Zones) is used through the US DoD.  On a related note, I received this direct quote from one of my customers in the US DoD.

Just as a reminder, I'm the DNS guy for all of <Deleted> We're running
zones for our DNS servers (authoritative and recursive) world-wide from
Hawaii to Stuttgart and places in between and they are functioning
beautifully.  Sol 10 is the most versatile OS ever!

Keep the good new coming!

As an OS Ambassador for Sun Federal, I'm frequently asked the questions:

Are Solaris containers "certified" for use by the US Government or DoD?

• Short answer: Yes!  Read on for the long answer.
  
• Solaris 10 has received the highest commercial level of Common Criteria Certification.  This is known as EAL4+ and we did this using 3 protection profiles:
• Controlled Access Protection profile
• Role Based Access Control Protection Profile
• Labeled Security Protection Profile
• If you review our documentation and security target, you'll find that the "Trusted Extensions" component of Solaris 10 which implements the LSPP is based upon Solaris containers.  We use Solaris containers in a unique manner by providing each container with a security label which cannot be violated by a user inside the container.
• In addition, you should note that Sun includes the GUI, Multi-level desktop (Gnome and CDE), LDAP server and management tools in our evaluation.  Red Hat's CC evaluation is for a command line installation only.
  
• I'm unaware of any other government "certification" which would apply to Solaris containers.  If you know of any, please let me know.
  

Who is using Solaris containers in the US Government?

• My customer, DISA, is using containers in their Defense Enterprise Computing Centers as part of the Capacity Computing contract that they awarded to Sun in 2006 to provide Solaris computing on demand.  They have used containers and Sun's capacity computer service to experience significant consolidation and cost savings for the taxpayer.  This is being done on classified and unclassified networks.
• DISA's mission critical Global Command and Control System is also using Solaris containers to support the warfighter.
  
• The US Air Force used Solaris containers and Logical Domains to provide significant savings in floor space and improved system utilization for their Global Combat Support System.
• The US Army is using Solaris 10 and Sun Cluster Software
  
• I'm certain that the are many other examples of which I'm not aware because of the fact that Solaris 10 containers are:
• Built into Solaris 10 since 2005
• Free to use and deploy
• Lower overhead, easy to use virtualization tools
  

Is Solaris 10 (or MySQL or JCAPs other other Sun product) on my federal agency's "approved products list?" 

• Whenever I get this question I ask my own questions:
• For which agency?
• Please show me a public web site that hosts the "approved products list."
• Whom should I contact to have my product added to the "approved products list?"
• What are the specific requirements to be on the "approved products list?"
  
• In many cases I'm met with blank stares and the person who asked me the question doesn't know where to find the APL. Sometimes it doesn't actually exist.  In other cases there are waiver procedures available to bypass the APL. While I'm not saying that there are no APLs in federal agencies, I believe that a lot of people believe that there is when there isn't.  There most certainly is NOT one big APL for the federal government or DoD.
  
• One example of an APL is the DoD's Joint Interoperbility Test Command's IPv6 APL.  There you will find Solaris 10, and we are in the process of adding additional products.

Summary

Solaris 10 is in use today in a wide variety of government and DoD applications including many of its advanced features such as containers, ZFS, SMF and much more.

Download Solaris 10 today and try it or look into the future with OpenSolaris.

Why is Solaris 10 so successful in the market?  It's all about platforms, developers, OEM providers and application availability.

Platforms

Solaris 10 runs on the major volume platforms in the industry: Sparc, Intel and AMD.  Contrary to popular opinion (and competitive FUD), the Sparc architecture is NOT a proprietary architecture.  It is an industry standard and open source architecture that anyone can replicate (and have already).  On the other hand, the Intel X86 architecture (while a defacto standard) is propriety and can only be replicated using an expensive and legally difficult clean room reverse engineering process.

Developers

Solaris 10 supports developers by being available for free download, being able to run on low-cost x86 laptop and desktop systems and providing a vibrant open source community for developing new enhancements.  Don't forget our great development toolkit.

OEM Vendors

Solaris 10 can be purchased from the major hardware vendors in the industry through OEM agreements: Sun, Dell, IBM, Fujitsu/Siemens and Intel.

Applications

Solaris 10 has a larger application catalog than any other Unix or Linux product in the market place.

Why should you care?

You don't buy hardware or operating systems because they're cool or keep your data center warm.  You buy for applications.  Choosing a platform that is available from major vendors, runs on a variety of platforms (large and small), supports your developers and has a larger application catalog should be high on your list.

Yes, I know, I promised I wouldn't post my vacation pictures on my blog, but this one was just to good to resist.  I'll be very brief.

Fifteen passengers and 5 boatman put in to the Colorado River at Lee's Ferry about 10 miles south of Lake Powell, named for the brave explorer who first traversed the Grand Canyon in 1869.  We spent five days of perfect weather on the chilly (55 degrees) river enjoying smooth water and rough.  The river was surrounded by cliffs up to 2500 feet high. The food was great and prepared by our boatmen each night.  It included steaks, fish, fettuccine, salad, fruit and nightly dessert. The nights were cool sleeping under the stars on the riverside beaches.  Our sleeping companions included scorpions, tarantulas and at least one rattlesnake that we found four feet from my head one morning.  The valley was also populated with bighorn sheep, deer, ducks, rainbow trout and falcons.

In addition to floating on the big 18 foot rafts, we also got to take turns on a smaller inflatable kayak or a catamaran style inflatable boat called a "shredder."  The waves were great!

We enjoyed daily hikes into side canyons to hunt for indian ruins and petroglyphs, final resting places of long dead river runners as well as hidden waterfalls.  The last day included a 7.8 mile hike from the inner gorge to the south rim (4500 feet up) and back to civilization capped with a few cold beers.  It took 5.5 hours but provided great views of the canyon and wildlife  as well as a few mule trains passing us on the way down.

The staff of Moki Mac took great care of us and there were only a few involuntary dunkings in the cold river.

See the Photos

Also, see the brief Quicktime movie

One of the nicest features of OpenSolaris is the new package management feature.  Using the pkg command you can quickly update your system to the latest bits available in the repository.  It turns out, however, that with OpenSolaris 2008.05 there is a workaround that you must use in order for this to work properly.  It caught me by surprise recently (not reading those forums thoroughly enough).

Like the rest of the world, I downloaded the OpenSolaris 2008.05 ISO image to my MacBook Pro and installed it into (Sun's free and open source hypervisor) VirtualBox 2.0.  The 2008.05 edition is based upon build 86. To get the complete update to the latest build 97, I simply:

time pfexec pkg image-update -v

About 35 minutes later the system has been updated, a ZFS snapshot of my original system has been made and the grub menu automatically updated to add a new boot image.  All I need to do now is reboot.  This is where the pain started.  After the initial Solaris banner, the system simply reset itself repeatedly.

Luckily, thanks to the snapshot, I can still choose the original boot environment from the GRUB menu.

Thanks to the great community of OS Ambassadors within Sun, I had my solution within hours as posted at this forum.

• beadm list
• pfexec beadm mount <my boot env> /mnt
• pfexec /mnt/boot/solaris/bin/update_grub -R /mnt

Final step was getting my favorite Gnome theme to help my Solaris box look more like a Mac and place the close widget in the upper left corner where God and Steve Jobs intended it to be.

Finally, if you are a Linux user and unfamiliar with the "pfexec" command, see Glenn Brunette's blog about the benefits of pfexec vs. sudo.

With the release of Virtual Box 2.0, I'm happy to report that VB for Mac now supports "host networking." What does this mean to you?  In the 1.x version of VB for Mac, only NAT support was included which made it extremely difficult for your Solaris OS within VB to actually act as a server on the network.  With the new host networking, the Solaris VM can now assign itself an IP address on your network.

With this in mind, I set about to reproduce the steps I detailed earlier this year for creating a Sun Ray thin client server on my Mac.  After configuring a new Solaris 10 VM with 1 GB of RAM, 8 GB of disk and host network, I installed the Sun Ray server software (using my handy instructions previously posted),  and it worked with no problem.

In case you haven't heard of it, Virtual Box is:

• a type 2 hypervisor
• Free
• one of Sun's many Open Source projects
  
• supported on a variety of host OSes (Windows, Linux, Macintosh and OpenSolaris)
• capable of running a variety of guest OSes
• now owned and being developed by Sun Microsystems as part of the open source xVM family of virtualization products

I added some additional YouTube video links to my blog on enhancements for Intel in Solaris 10 and OpenSolaris. 

Many of you have heard that Solaris 10 and open-source OpenSolaris runs on both SPARC and X86/X64 architectures.  You probably even know Solaris is available on both AMD and Intel processors in Sun servers as well as non-Sun platforms. In fact, Dell, IBM and Fujitsu/Siemens are Solaris OEMs on their platforms. You may even know that Solaris has set a number of world record benchmarks for scalability and performance on the Intel processor.  But do you really know how we did it? 

Sun and Intel work together on a number of areas in the Solaris OS and development tools including:

• I/O optimizations
• Scalability and performance
  
• Power Management
  
• Compiler optimizations
• Virtualization enhancements
• Fault Management
  

There are a number of resources available where you can learn why Solaris is a great choice on Intel XEON processors.

• Sun and Intel webcast
• Intel projects at OpenSolaris.org
  
• Solaris on Xeon whitepaper
• Solaris 10 05/08 and Intel enhancements video 
• OpenSolaris and Intel YouTube video produced by Intel 
• CPU Power management
• Episode #1 – Why Intel and OpenSolaris?
  
• Episode #2 – Power Management
• Episode #3 - Getting instant performance boosts
  
• Episode #4 – Predicitive Self-Healing
  
• Episode #5 – Virtualization
  
• Episode #6 – I/O Acceleration Technology
  

These are just a few of the projects that make Solaris run better than any other OS on Intel Xeon based processors.  Many more have been completed or are planned in the future including enhancement specifically for the Intel Nehalem microarchitecture

Download Solaris 10 or OpenSolaris today and try it out on your favorite Intel based PC, Server or Virtual Machine.

Solaris 10 is free for download and security patches are also free.  Additional patches, however, require a subscription or service contract from Sun.  The question frequently comes up on how to get the free security patches.  In the past, they were built into a bundle, however, I have this information from the Solaris sustaining engineering team.

The patch bundles at SunSolve.sun.com contain the recommended patches.
This includes security AND other non-security patches.
- The bundle of patches contains all the patches that fix the Sun Alert issues.
- The Sun Alert categories are defined as security + availability + data_loss
- This is stated in the README for the patch bundle

As the "other" non-security patches are NOT free, the whole bundle of patches
cannot be made free.

Note that as with patches themselves, the README for the bundle is free, just the
actual patches are NOT free.

But assuming that your customer has a service plan, he should be able to get this.

To see which patches are free in the Sol 10 SPARC set, you can go to:-

  http://sunsolve.sun.com/show.do?target=patches/zos-s10

But you need to view this when logged in as a regular user without a contract.
Then it will show you a red key symbol next to each patch that is NOT free.

The security patches alone, do not appear in any bundle.
You must download any patch individually.
Or you can use PCA - a free non-Sun tool for patch management.

Sun advertises this free PCA tool located at http://www.par.univie.ac.at/solaris/pca/

Like most System Engineers at Sun, I'm often called upon to demonstrate Sun's technology especially Solaris 10 and Sun Ray thin clients.  In the past, demonstrating Sun Rays meant bringing a customer into our Sun office OR setting up a network server and device at the customer's location. 

To make this much easier, I decided to follow the example of others and turn my Sun issued MacBook Pro into a Sun Ray server.  As a result of this configuration, I can set two devices on my customer's desk with only one ethernet cord and no power cords (have to keep those batteries charged) to display the power of the Sun Ray thin client.  I also have a configuration (thanks to Matt) the provides a multi-level Solaris environment via Solaris 10 Trusted Extensions along with the ability to display an MS Windows desktop using Win2003 running in a separate virtual machine on the same Mac.  Very Cool!

To do this I needed:

• A MacBook Pro (mine is running 10.5.4)
• VMware Fusion 1.1.3 (unfortunately Virtual Box does not yet support bridged networing on MacOS X)
  
• Solaris 10 05/08 (free download available)
  
• Sun Ray Server Software 4.0
• Patch 127554-02
• A General Dynamics Tadpole Comet 15 mobile thin client (or other Sun Ray compatible device)
  

Here's how I did it:

• Install Solaris 10 using VMware Fusion and these settings.
  
• 1024 MB of RAM
• Bridged networking
• Install the Solaris 10 Entire Distribution
• Configur the Solaris IP address as 192.168.1.3
  
• Download the Sun Ray Server Software (it's free)
• unpack the downloaded tar image, this creates a directory srss_4.0
• install the apache tomcat server.  In my case:
• su
• cd /opt
• tar xvf /Documents/srss_4.0/Supplemental/Apache_Tomcat/apache-tomcat-5.5.20.tar
• mv apache-tomcat-5.5.20 apache-tomcat
  

• install Sun Ray Server Software

• cd ~jlaurent/Dcouments/srss_4.0
• ./utinstall  (installs the Sun Ray server tools in /opt/SUNWut)
  
• patchadd 127554-02
• reboot
• PATH=$PATH:/opt/SUNWut/sbin
• Use utadm to add the 192.168.1.0 subnet as a shared Sun Ray network.  Make sure to choose the option to offer IP addresses.
  

 # utadm -A 192.168.1.0
### Configuring /etc/nsswitch.conf
### Configuring Service information for Sun Ray
### Disabling Routing
  Selected values for subnetwork "192.168.1.0"
    net mask:           255.255.255.0
    no IP addresses offered
    auth server list:   192.168.1.3
    firmware server:    192.168.1.3
  Accept as is? ([Y]/N): n
  new netmask: [255.255.255.0]
  Do you want to offer IP addresses for this subnet? (Y/[N]): y
  new first Sun Ray address: [192.168.1.245]
  number of Sun Ray addresses to allocate: [10]
  auth server list:     192.168.1.3
To read auth server list from file, enter file name:
Auth server IP address (enter <CR> to end list):
If no server in the auth server list responds,
should an auth server be located by broadcasting on the network? ([Y]/N):
  new firmware server: [192.168.1.3]
  new router: [192.168.1.1]
  Selected values for subnetwork "192.168.1.0"
    net mask:           255.255.255.0
    first unit address: 192.168.1.245
    last unit address:  192.168.1.254
    auth server list:   192.168.1.3
    firmware server:    192.168.1.3
    router:             192.168.1.1
  Accept as is? ([Y]/N): y
### Configuring firmware version for Sun Ray
### Successfully enabled tftp for firmware downloads
        All the units served by "sunray" on the 192.168.1.0
        network interface, running firmware other than version
        "4.0_127553-02_2008.03.06.15.04" will be upgraded at their next power-on.

### Configuring Sun Ray Logging Functions
### Turning on Sun Ray LAN connection

NOTE: utrestart must be run before LAN connections will be allowed

DHCP is not currently running, should I start it? ([Y]/N): y

• utrestart -c
• utconfig
  

Configuration of Sun Ray Core Services Software

This script automates the configuration of the Sun Ray Core Services
software and related software products.  Before proceeding, you should
have read the Sun Ray Core Services 4.0 Installation Guide and filled
out the Configuration Worksheet.  This script will prompt you for the
values you filled out on the Worksheet.  For your convenience, default
values (where applicable) are shown in brackets.

Continue ([y]/n)? y
Enter Sun Ray admin password:
Re-enter Sun Ray admin password:

Configure Sun Ray Web Administration? ([y]/n)?
Enter Apache Tomcat installation directory [/opt/apache-tomcat]:
Enter HTTP port number [1660]:
Enable secure connections? ([y]/n)?
Enter HTTPS port number [1661]:
Enter Tomcat process username [utwww]:
Enable remote server administration? (y/[n])?

Configure Sun Ray Kiosk Mode? (y/[n])? y

Enter user prefix [utku]:

Enter group [utkiosk]:

Enter userID range start [150000]:

Enter number of users [25]:
Configure this server for a failover group? (y/[n])?
About to configure the following software products:

Sun Ray Data Store 3.0
    Hostname: sunray
    Sun Ray root entry: o=utdata
    Sun Ray root name: utdata
    Sun Ray utdata admin password: (not shown)
    SRDS 'rootdn': cn=admin,o=utdata

Sun Ray Web Administration hosted at Apache Tomcat/5.5.20
    Apache Tomcat installation directory: /opt/apache-tomcat
    HTTP port number: 1660
    HTTPS port number: 1661
    Tomcat process username: utwww
    Remote server administration: Disabled

Sun Ray Core Services 4.0
    Failover group: no
    Sun Ray Kiosk Mode: yes

Sun Ray Kiosk Mode 4.0
  User name prefix:   utku
  Base user ID:       150000
  Number of accounts: 25
  Kiosk group name:   utkiosk
  Kiosk group ID:     auto

Continue ([y]/n)? y
Updating Sun Ray Data Store schema ...
Updating Sun Ray Data Store ACL's ...
Creating Sun Ray Data Store ...
Restarting Sun Ray Data Store ...
Starting Sun Ray Data Store daemon .
Wed Jul  2 11:02 : utdsd starting

Loading Sun Ray Data Store ...
Executing '/usr/bin/ldapadd -p 7012 -D cn=admin,o=utdata' ...
adding new entry o=utdata
adding new entry o=v1,o=utdata
adding new entry utname=sunray,o=v1,o=utdata
adding new entry utname=desktops,utname=sunray,o=v1,o=utdata
adding new entry utname=users,utname=sunray,o=v1,o=utdata
adding new entry utname=logicalTokens,utname=sunray,o=v1,o=utdata
adding new entry utname=rawTokens,utname=sunray,o=v1,o=utdata
adding new entry utname=multihead,utname=sunray,o=v1,o=utdata
adding new entry utname=container,utname=sunray,o=v1,o=utdata
adding new entry utname=properties,utname=sunray,o=v1,o=utdata
adding new entry cn=utadmin,utname=sunray,o=v1,o=utdata
adding new entry utname=smartCards,utname=sunray,o=v1,o=utdata
adding new entry utordername=probeorder,utname=smartCards,utname=sunray,o=v1,o=utdata
adding new entry utname=policy,utname=sunray,o=v1,o=utdata
adding new entry utname=resDefs,utname=sunray,o=v1,o=utdata
adding new entry utname=prefs,utname=sunray,o=v1,o=utdata
adding new entry utPrefType=resolution,utname=prefs,utname=sunray,o=v1,o=utdata
adding new entry utPrefClass=advisory,utPrefType=resolution,utname=prefs,utname=sunray,o=v1,o=utdata

Added 18 new LDAP entries.

Creating Sun Ray Core Services Configuration ...
Adding user account for 'utwww' (ut admin web server user) ...done
Sun Ray Web Administration enabled to start at system boot.
Starting Sun Ray Web Administration...
See /var/opt/SUNWut/log/utwebadmin.log for server logging information.

Unique "/etc/opt/SUNWut/gmSignature" has been generated.

Restarting Sun Ray Data Store ...
Stopping Sun Ray Data Store daemon
Sun Ray Data Store daemon stopped
Starting Sun Ray Data Store daemon .
Wed Jul  2 11:02 : utdsd starting
Adding user admin ...
User(s) added successfully!

Creating new Sun Ray Kiosk Mode configuration ...

Validating new user ids.
Validating new user accounts.
Creating kiosk group utkiosk
Configuring new kiosk user accounts:
.........................
25 users configured

***********************************************************
The current policy has been modified.  You must restart the
authentication manager to activate the changes.
***********************************************************
Configuration of Sun Ray Core Services has completed.  Please check
the log file, /var/adm/log/utconfig.2008_07_02_11:01:42.log, for errors.

In MacOS

• Apple Menu > System Preferences > Network
• Location > Edit Locations
• Click the '+' Sign to create a new location and name it.
• Click on Ethernet
• Configure Manually
• IP address 192.168.1.1
• Netmask 255.255.255.0
• Click Apply
• Turn your Airport Wireless connection OFF. (This appears to interfere with the networking path to Solaris)
  

Connect the Sun Ray device directly to the Mac with a single ethernet cord.  No hub required.

If you have done this correctly, when you power on the Sun Ray device it will get an IP address from Solaris and display a login screen.

Access the Sun Ray web based management tool by pointing your browser to http://localhost:1660

Virtual Box 1.6 has been released and is no longer in beta for MacOS X.  One of the advertised features is the ability to import VMDK image files from VMware into Virtual Box.  Being the eternal optimist, I decided to try it.  How long could it take?  A few minutes maybe?  I have quite a few different VMs in Fusion and did this with Solaris 10 08/07.

Virtual Box is:

• a type 2 hypervisor
• Free
• Open Source
• supported on a variety of host OSes (Windows, Linux, Macintosh and OpenSolaris)
• capable of running a variety of guest OSes
• now owned and being developed by Sun Microsystems as part of the open source xVM family of virtualization products

The first part was easy. Extract the VMDK file and import it into Virtual Box

• Right click on your chosen VM.  Choose "Show Package Contents"
• Find a file with a .vmdk suffix.  Click once to select
• Command-D (duplicate it) Wait a few minutes while Mac OS copies the multi-GB file
• Drag the copied file to another location
• Start Virtual Box
• File > Virtual Disk Manager
• Click Add.  Locate and select the copied .vmdk file. Click OK.
• Create a New VM as usual using the added vmdk file
• Boot the VM
  

That should have been it, right?  Unfortunately, after seeing the grub screen and attempting to boot Solaris, I entered an infinite loop of rebooting OS.  Obviously, it's mostly working but something is still wrong.  Luckily, inside of Sun, we archive our mail aliases and Rudolf Kutina had already posted a solution to the problem.

The rebooting sequence resulted from the fact that VMware Fusion emulates SCSI disks (c0t0d0s0) while VBox emulates IDE disks (c0d0s0).  Because of this, the Solaris device trees and vfstab mount entries are not correct.  Rudolf's solution is not for the weak of heart but DOES work.  After all, it's all just a virtual machine and if I screw it up, I just make another copy.  What have you got to lose?

1. Boot into Solaris Safeboot mode. You can get access at the Grub menu, usually is the 2nd or 3rd option.
2. Mount the found Solaris partition on /a , Safeboot will usually find the slice on the disk with Solaris and ask if you want it to mount on /a. Select Yes.
3. Move /a/dev, /a/devices, and /a/etc/path_to_inst to another name (I just append .orig) and then create new directories, (mkdir) /a/dev and /a/devices, and touch file /a/etc/path_to_inst.
4. Run "devfsadm -r /a" to rebuild the device tree
5. set TERM so we can use 'vi', TERM=vt100; export TERM
   
6. Now we need to fix boot disk patch changes Edit /a/boot/solaris/bootenv.rc and fix the line with "setprop bootpath '/pci@0,0....' to match the path you'll find mounted for /a (i.e. run a 'df -k' command, and you should see /a mounted from /dev/dsk/c1d0s0 or something, then run 'ls -l /dev/dsk/c1d0s0' or whatever your device listed was, and you should see the actual link point to ../../devices/pci@0,0/...ide..)
7. Fix also disk naming in /a/etc/vfstab to match IDE "c0d0sx" scheme. Change each instance of c1t0d0s0 to c0d0s0 etc.
8. Recreate archive "bootadm update-archive -v -R /a" to rebuild the boot-archive on /a
9. Force to reconfigure on next boot with 'touch /a/reconfigure'
10. Delete /etc/dhcp.e1000g0 /etc/hostname.e1000g0 create /etc/dhcp.pcn0.
11. Run "cd /; sync; sync; sync; umount /a"
12. reboot with 'init 6'
    

Enjoy your new Virtual Box machine.

Instructions are also available for importing a Windows XP .vmdk file to Virtual Box.

You may have seen my earlier blog entry on myths and facts about swap space in which I mentioned that ZFS file systems cannot be used for swap files.

# cd /zpool1
# mkfile 10g swapfile
# swap -a /zpool1/swapfile
"/zpool1/swapfile" may contain holes - can't swap on it.

You can, however, use zvols to add swap space onto a ZFS pool:

#
# Add swap partition in the /export/home zfs partition
#
echo "adding zfs swap"
if [ ! -L /dev/zvol/dsk/export/swap ]
then
       echo "creating swap area"
       zfs create -V 1gb export/swap
fi
echo "/dev/zvol/dsk/export/swap -  -  swap  -  no   -" >> /etc/vfstab
/usr/sbin/swap -a /dev/zvol/dsk/export/swap
 

 Thanks to Jim Litchfield for pulling this info from the documentation for zpool