Jim Laurent's Weblog

Each year the Defense Information Systems Agency hosts a customer conference all their customers.  DISA is responsible for hosting, designing and operating DoD datacenters, networks and critical command and control programs. The DISA customer conference is attended each year by 3000-4000 IT professionals throughout the US DoD and other countries. This year's conference is in sunny Orlando and Sun Federal will again be attending to demonstrate some of our advanced technologies for desktop virtualization, security, identity management and more. Here's a preview of what you will see when you visit our booth (or in case you can't come to the conference).  The Sun team at the booth will be happy to answer any questions you have about this or any of Sun's products and services.  Among the things you need to know about Sun is that we are the largest commercial contributor to the open source software communities. Come visit us May 5-8 at booth # 331.

Sun Ray Ultra-Thin Client Technology

This innovative solution to current desktop cost and management issues can significantly reduce costs while increasing user flexibility, mobility and security.  Weighing less than a pound and with no moving parts Sun Ray is ecologically better than a PC.  It last longer, uses less energy, makes less noise and fills fewer landfills. The Sun Ray DTU can be used to display a Solaris, Windows, Linux or mainframe desktop environment. 

Trusted, multi-level Operating System 

Do you need to share confidential data while knowing exactly who has access? Sun's award winning open source Solaris 10 operating system with Trusted Extensions provides a robust, scalable security solution for customers with multiple levels or compartments of data access.  Sun, HP, IBM and Dell platforms (Sparc or X64) are fully supported.  Dell, Fujitsu and IBM are OEMs for Solaris on their platforms. Solaris 10 is Common Criteria evaluated.

Screenshot: Solaris 10 displaying MS Windows and Red Hat 5 in windows of different classifications on the same screen.

Identity management implementing the DoD 2875 process

The 2875 demonstration was created to show the feasibility of using the Sun Java Systems Identity Manager Suite to manage the SYSTEM AUTHORIZATION ACCESS REQUEST (SAAR) process. This process is used through out the Federal Government as a method for end users requesting access to systems. Sun IDM automates, audits and simplifies the process.

Sun Modular DataCenter

The Sun Modular Datacenter is a low cost, quick deploying solution for those who are running out of data center space and need additional computing power quickly with lower real estate, power and cooling costs.  Although the actual Modular Datacenter truck will not be here, we will have a scale model for you to enjoy.

Photo: The Sun Modular Datacenter on tour at the Pentagon in April with a small contingent of the Sun Federal Sales and Marketing team. 

Windows/Linux interoperability

Sun is a full OEM for MS Windows and Red Hat operating systems.  We sell and support both OSes on our market leading Intel and AMD based servers.  As a licensee of MS technologies, Solaris interoperates well with your existing desktop infrastructure. 

Capacity based computing

Sun is one of the winners in the DISA Capacity Computing contract awarded in 2006.  Using this contract, DISA purchases Solaris computing cycles as a managed service based upon actual metered utilization. Sun provides systems and capacity management in DISA datacenters while speeding procurement cycles, reducing capital expenditures and consolidating applications. Ask us about how this contract can work for you.

Partners joining Sun in our booth include:

Mitel is a leading provider of communications solutions for a range of organizations.  Their integration of Sun's Ultra-thin client with a VOIP telephone handset can significantly reduce desktop device costs while increasing flexibility, security and user mobility.  This intelligent phone ties your phone session and you desktop computing session to your identity and smart card for increased convenience.

BlueSpace - sponsored by Sterling Computers. BlueSpace is an enterprise software company based in Austin, Texas, that provides electronic messaging and mail software as well as multi-level secure (MLS) middleware to enable MLS applications. TransMail Trusted Edition is a version of TransMail specifically designed for the defense and intelligence communities. It integrates with Solaris 10 with Trusted Extensions to provide label security support, while providing the user with a single, multi-level inbox. TransMail Trusted Edition is the first commercial-off-the-shelf (COTS) end user, multi-level secure application.

Dynamic Systems is an information technology infrastructure expert and Sun Microsystems Value Added Reseller.  Dynamic Systems holds the SSTEW contract which offers extended warranty, maintenance, education, and professional services for all Sun Microsystems® products. The extended warranty and maintenance covered in this contract includes flexible and comprehensive hardware and software support ranging from basic to mission-critical service.This 8(a) set aside Blanket Purchase Agreement that offers time and money saving options through order consolidation and volume discounts. SSTEW is an Enterprise Software Agreement (ESA) under the DoD Enterprise Software Initiative (ESI).

We're looking forward to seeing you in Orlando. 

Solaris 10 5/08 is now available on the Sun Download center.  It's free for commercial use and based on an open source development project. Watch this video by Larry Wake of Solaris Marketing team to learn what's new.

 

I recently had a problem. It was actually good news!  My niece decided to get a Mac Book Pro and convert from Windows.  My problem?  How to collect all the knowledge that Sun Mac users have collected and make it available to her.

There is quite an active Mac community at Sun.  Perhaps it's because we don't like MS Windows or perhaps it's because Mac OS is Unix-based and shares a number of Solaris technologies such as DTrace and ZFS.  Perhaps it's just because it's easier to use and easy on the eyes.  Regardless of the reason, we have built quite a bit of knowledge internally on the Sun network.  I've taken a bunch of it, stripped it of Sun specific content and made it available here.  It consists of some "getting started" tips, frequently used software and FAQs.

 Enjoy!

Some Web resources for new Mac users

• Customize your Mac user interface
• 123Macmini.com
• Apple's "Find Out How" tutorial site.
• Washington Apple Pi (Apple User Group)
• How to Move to Mac (from Windows)

Getting Started

• Power on
• Complete the user name creation and network configuration wizard
• Log in
• (optional if required) Configure network location and proxies
  •  
    • Apple Menu > Location > Network Preferences
    • Select your network device (built-in or AirPort)
    • Click Configure
    • Location Pull down > New Location
    • Enter a name such as SWAN
    • Show > Select your network device to configure
    • Click on Proxies Tab
    • For each protocol (FTP, HTTP, HTTPS) Click the check box and enter proxy name and port
    • Click Apply Now
• Get the latest MacOS X software updates
  • Apple menu > Software updates
  • Reboot as requested
  • Repeat until no software updates are available (some updates are dependent on earlier updates.)
• Configuration settings
  • FileVault (enable FileVault per security recommendations below or use encrypted disk images for protection of  proprietary or government data)
• Download NeoOffice for Intel Macs and run the installer
• Download the most recent NeoOffice patch for Intel Macs and run the installer
• Set up Apple Mail or Thunderbird to access your mail account
• Review all the other System Preference panels and configure as desired

Recommend Security settings for Mac OS X

•  Apple menu > System preferences
  • Security Panel
    • Turn on Filevault 
      
    • Require password to wake this computer from sleep
    • Disable automatic login
    • Require password to unlock each secure system preference
    • In Leopard (10.5) the firewall settings are also here.
  • Desktop and screen saver panel
    • Start screensaver after xx minutes
  • Energy Saver panel
    • Put computer to sleep after xx minutes
    • Put Display to sleep after xx minutes
  • Sharing panel
    • Firewall Tab (in Sharing for 10.4 and Security for 10.5)
      • Click the lock and enter admin password to make changes
      • Click the Start button
      • Enable only services that are required.
      • Apple Remote Desktop must be enabled
    • Services Tab (10.4)
      • Only enable services that are required
      • Apple Remote Desktop must be enabled.
    • 10.5 Sharing panel
      • Only enable service that are required
      • If you enable file, sharing, you may wish todelete the users "Public" folders from being shared.
  • Accounts panel
    • Uncheck "allow user to adminster the computer" for non admin users
    • Delete or disable unused or guest accounts
    • Login Options tab
      • Uncheck "Automatically login"
      • Check  "Enable fast user switching"
  • Finder > Preferences > Advanced (NOTE: This does NOT appear to work)
    • Click "Empy Trash Securely" checkbox
    • Use: Finder > Secure Empty Trash when emptying trash.

  See also: NSA Security Guidelines for OS X

Popular software tools (alphabetically)

• Adium IM client for AIM, Yahoo, Jabber
• ChangeQuote Thunderbird plug-in for customized reply quote text
• Chicken of the VNC
• ConceptDraw Free Viewer for Visio XML files.
• ConceptDraw 7
• Cronnix GUI tool for Unix cron jobs
• CyberDuck or FUGU (Free FTP and SFTP GUI client)
• Dashboard Wigets
  • iStat
  • iStumbler
• Disk Cleanup tools
  • Tidy up! $30   shareware
  • OmniDiskSweeper $14.95 (demo version avail.)
• EraseCDRW plugin adds an item to your contextual menu in the finder.
• File Synchronization software
• Flip4Mac Windows Media Viewer
• Jing - screen video capture tool free - output s in .swf
• Lightning calendar plugin for Thunderbird.
• MenuMeters menu bar perf meters
• Missing Sync (alternate PDA sync software)
• NetBeans
• Notetaking programs
  • iGTD
  • NoteBook
  • OmniOutliner
• Process Wizard allows you to change process priorities (Unix nice value).
• RDP client from Microsoft.  and an alternative at sourceforge, an another.
• Skype
• Sync your Palm or Windows Mobile device directly to EdgeCal
• USB to Serial Console connection:This KeySpan device ($39) has been reported to work with Zterm
• VLC Media player
• Web Based Vcard to LDIF converter

Random Tips from the Mac Masters

• Drag Applications, Utilities, Documents, Desktop and other frequently used folders to the right side of the dock.  You can now access them with a single right mouse click using a heirarchical menu.  Dragging your Hard Disk icon provides complete access to everything.
• Use Applications > Utilities > Disk Utility to:
  • Repair permissions after an upgrade or software install
  • Check the file system integrity (must boot from install DVD to repair)
  • Burn ISO images to DVD or CD
  • Erase R-W media
  • Build your own Disk Image files
• MacOS Keyboard Shortcuts
• Set your default browser using the Safari Preferences.  Set you default Mail reader using Apple Mail preference
• Monitor and kill processes using Applications > Utilities > Activity Monitor
• Apple equivalent to CTL-ALT-DEL
  • Command-Option-Escape to bring up a dialog to kill a hung process.
  • Apple Menu > Force Quit
  • Right click on the dock icon and select Force Quit
  • Option-Right Click on the dock icon and select Force Quit if force quit does NOT show in the contextual menu
• Buy a 3-button wheelie mouse (wireless bluetooth enabled is supported)
  • Right click works in many applications to bring a contextual menu
  • Wheel click in Safari works to open a new tab
  • Control-Click or Click and hold are one button (touchpad) alternatives to right-click
• Drag frequently used applications to the left side of the dock.
• Turn on Dock hiding and adjust the size of the dock.  Apple menu > System preferences > Dock
• Put less frequently used applications in your "Utilities" folder rather than Applications
• Learn to use Expose and Dashboard widgets  Apple menu > System preferences > Expose
• Create an "Installers" folder on your desktop to keep all those xxx.dmg files that you download.
• Move your iTunes, iPhoto, and Solaris images files OUT of your home directory, the large files slows down FileVault substantially.

MacOS X 10.5 (Leopard)

•  Leopard is now shipping with all new Mac
• Detailed Leopard review at ArsTechnica
• Application compatibility notes (when available)
  • NeoOffice reported to work on Leopard
  • VMware Fusion latest version is reported to work on Leopard
  • Classic mode (OS 9 app support) will NOT work on Leopard
  • Disk utilities such as Disk Warrior, etc will require an update from vendor
  • Java 6 is not available in Leopard.
  • Unsanity APE apparently causes problems in performing an upgrade to Leopard.
  • Partial list of apps that don't work with Leopard at MacRumors
  • Time Machine and File Vault are apparently incompatible with each other. See this tip.
  • MacBooks and MacBook Pros keyboard becoming non-responsive has been fixed with an update.
  • When using Mail 3.1 Mail downloads go to  ~/Library/Mail Downloads folder regardless of what the mail preferences report. This can result in many megabytes of stuff (and potentially Sun or customer proprietary data) piling up in a folder that is generally "invisible" to the casual user.
• User changes
  • Make a backup before upgrading.
    • Suggested freely available full disk backup solutions include:
      • SuperDuper
      • Carbon Copy Cloner
    • Choose the upgrade option rather than clean install.    
• Security Changes
  • There is currently a reported issue with the Leopard Firewall.  A SunIT warning has come out about it.
  • Enable "Stealth IP Mode"
    • Apple > System Preferences > Security > Firewall
    • Click Advanced
    • Click Enable Stealth Mode
  • Firewall Settings are now in the Security system preference instead of the Sharing preference
  • Sharing system preference for File Sharing now has an "Options" button to enable AFP, Windows or FTP file sharing separately.
• Resources
  • Sam's Teach Yourself Mac OS X Leopard All in One at Safari Books

Apple's Boot Camp software

•  Boot Camp is a part of MacOS X 10.5 which allows you to create a separate partition for a native OS to be installed.  Windows, Solaris and Linux variants are supported. It has advantages and disadvantages when compared to virtualized solutions
• Advantages
  • OS runs natively on the hardware for higher performance and able to use all of memory.
  • Simplifies troubleshooting by eliminating the effects of MacOS and virtual machine
  • Allows you to claim you are running Solaris directly on the MacOS Intel based HW
• Disadvantages
  • Requires a separate hard partition and boot loader
  • Requires a reboot to switch between MacOS X and Solaris
  • Cannot run both MacOS and Solaris simultaneously
  • More difficult to keep multiple images and take backups of images.
  • Cannot take advantage of canned VMs, cut and paste, file sharing, sleep/suspend etc.
• See this blog entry for tips on using BootCamp with Solaris

Resources

• Apple's "Find Out How" tutorial site.
• Apple Support Forums
• NeoOffice support forums
• MacFixit Troubleshooting site
• MacOSX Hints site

MS Windows

• MS Windows can also be installed directly on the hardware using Apple's beta BootCamp package.  BootCamp is built into Leopard.

FAQs

• Where to I change my computer's name?
• How do I find my MacBook's serial number?
• How do I create an encrypted disk image
• How do I change the Keyboard shortcuts.
• How do I make applications start when I login?
• How do I add/remove/change items on my dock?
• How do I use my Apple remote to control NeoOffice presentations
  • Download iRed Lite and add it to your "Login Items"  iRed Lite Manual
• How do I force my screen saver to start manually with hot corners?
• Should I "Shut Down" my Mac or put it to sleep.
  • Unlike Windows, the MacOS is remarkably reliable and we know users with "uptimes" exceeding two months.  Just close the lid and go.
• How do I change the icon on a file or folder?
• How do I add the date to my menubar clock?
  • in the terminal type: defaults write -g AppleICUTimeFormatStrings -dict-add 2 "MMMM d, hh':'mm':'ss' 'a"
  • then: killall SystemUIServer  (to restart menubar)
  • Alternate Solution using the GUI
• How do I take a screen shot?
• How do I type a "forward-delete" characters on the laptop.  Use FN-DELETE
• How do I extend my MacBook display to other monitors?
  • Open System Preferences and click Displays.
  • Click Arrangement and follow the onscreen instructions.
• How do I change the desktop login background image?
  • The login screen is a file located at /System/Library/CoreServices/DefaultDesktop.jpg.  Just replace that file with something you like.
• How to I eliminate the transparent menubar in Leopard?
  • With the release of 10.5.2, there is a system preference to control this
    • Apple menu > System Preferences > Desktop and screensaver > Desktop tab
    • Uncheck the "Translucent menu bar" box.
  • If usiing 10.5 or 10.5.1:
    
    • Open a terminal:
    • sudo defaults write /System/Library/LaunchDaemons/com.apple.WindowServer 'EnvironmentVariables' -dict 'CI_NO_BACKGROUND_IMAGE' 1
    • Then reboot.
• What is Mac OS "Safe Sleep" or Why won't my Mac wake up and what is that funny progress bar?
  • Apple tech tips on safe sleep
    • http://docs.info.apple.com/article.html?artnum=302477
    • http://docs.info.apple.com/article.html?artnum=303329
    • Customize Safe Sleep settings
• How many ways can I quickly lock my screen?
• What is a "Sparse Bundle" disk image?
• How do I sync my Palm using Bluetooth with Mac OS?
• How do I reduce the size of my PDF documents?
• How do I auto-hide the main menu bar of an application?
• How do I add a "Recent Applications" item to my dock?
  • In a terminal (I use iTerm), type:
  • defaults write com.apple.dock persistent-others -array-add  '{ "tile-data" = { "list-type" = 1; }; "tile-type" = "recents-tile"; }'
  • killall Dock
• What happened to my Dashboard Widgets?
• How do I remove language support from applications to save disk space?
  • Choose an application (iPhoto for example)
  • Click once.
  • File > Get Info
  • Open the Languages triangle
  • Select the languages you don't need (shift click to select multiple contiguous items)
  • Click the - sign
  • Close the window.
  • Repeat until you get bored.
• Why doesn't Time Machine backup my VMware Fusion VM images?
  • Fusion sets the "exclusion flag" on images because the entire image will be backed up with every change.  See this discussion thread more more information.  Back them up manually.
• How do I get rid of those horrible "stacks" in Leopard and revert to menus as in 10.4?
• Drag a folder to the right side of the Dock
• Right-click (control-click)
• Select "Display as Folder"
• Right-Click
• Select "View Content as List"
  

The Sun Modular Data Center (aka Project Blackbox) is on a nationwide tour.  It spent part of last week in the Washington D. C area.  It had stops in northwest DC, two days at the Pentagon and Sun's Annapolis Junction office (near Ft. Meade and the National Security Agency).  This week it's traveling to Ft. Monmouth.

Check out the tour schedule to see if it's coming to a world-wide location near you.  It also won an award at the Federal Office System Exhibition for Best in show (category: Other, I guess there was no specific category for large transportable data centers ;>)

They don't like you taking pictures of the Pentagon.  Because I respect guards with large caliber weapons, these photos are taken with my back to the Pentagon south wall.  The truck (with its operational data center, chiller and generator) were parked in the south parking lot within a couple hundred feet of the building.  We had quite a few visitors over two days including a 3-star general.  At least once we saw the SecDef drive by, and I heard on the news that the President was in the building that day being briefed by the Joint Chiefs of Staff.  He didn't stop by to say "Hi," however.

We received some powerful feedback including comments such as, "I could have used about 30 of these at the beginning of the war and save a lot of money." 

A small contingent of the Sun Federal Sales and Marketing team was there to provide tours and information (as well as collect any orders!)  To date, Sun has shipped a number of Modular Data Centers including two to the Stanford Linear Accelerator and one near Moscow. 

If you are interested in deploying data center capacity quickly, at a low cost and in an energy efficient manner, contact us at 703-204-4100.   It's only 20 feet long, 8 feet wide and can accommodate 240 rack units of your favorite Sun or other vendor's equipment.  It can be located nearly anywhere.

 

The spiky things in the background are the recently dedicated US Air Force memorial.

 

The Sun Federal Sales and Marketing team 

 

A view of the back doors during a tour 

 

Solaris 10 has become the first Unix or Linux Operating System to receive IPv6 Certification from the DoD Joint Interoperability and Test Command (JITC).  JITC is the DoD organization responsible for validating products for use in the US DoD.  This most recent certifcation of Solaris for IPv6 standards extends our earlier IPv6 logo certification performed at the University of New Hampshire Interoperabity Lab.

Solaris is the ONLY product currently listed in the "Advanced Server" Category.  Testing was completed on SPARC as well as x86/x64 platforms.

Why should you care?

Sun's continuing commitment to standards in support of the Federal Government means that our customers will be able to move quickly into their transition to the next generation of the internet.

If you'd like to try out Solaris 10 or our next generation of Solaris, known as Solaris Express, they are both available via free downloads and include free right-to-use license.  If you are not sure of the difference between the various Solaris editions, please see my earlier blog entry.

 

I'm often asked the relationship between the various Solaris named products that Sun provides.  Here is my view on them:

OpenSolaris is a SOURCE code project at opensolaris.org from which a number of actual products may be derived including:

• Portions of Solaris 10
• Solaris Express and SX Dev. Edition
• xVM Server
• Project Indiana

Solaris Nevada is the portion of Open Solaris community code that includes only the kernel (OS and Networking consolidations). Running uname on this build indicates SunOS 5.11.

Solaris Express Community Edition is Sun's binary release for OpenSolaris developers (code named "Nevada"). It is built from the latest OpenSolaris source and additional technology that has not been published in the OpenSolaris source base. This release is unsupported. Developers can build the OpenSolaris source by using this release as the base system. It is updated every other Friday.

Solaris Express Developers Edition, includes Solaris Express Community Edition along with the development tools (Netbeans, Studio etc) in a single installation to simplify life for developers. The Developer Edition is released every three to four months and replaces the Solaris Express monthly release.

Project Indiana is currently in preview edition two.  The OpenSolaris Developer Preview is the first milestone of Project Indiana. It is a single CD combined live/install image: a core operating system, kernel, system libraries, a desktop environment and a package management system. It is not a final release and is intended for developers to try, test, and provide feedback.

Solaris 10 is our enterprise ready, supported version of Solaris.  It is updated less frequently and provdes a stable platform for deployment of long term applications.
 

They are ALL free to download use in a production environment.  If you need support for Solaris 10 you can choose from a variety of Solaris 10 subscriptions on Sun or non-Sun hardware (Sparc, Intel or AMD based).

Update:  Our own architect of Solaris 10 Trusted Extensions corrected me on my statements about MLS capability and Type Enforcement.  I've corrected my table.  Glenn writes in a comment:

It isn't accurate to state that Type Enforcement enables multilevel security. Although you could define relationships between various types that have similar semantics to Bell & Lepadula rules, this is not practical in general. Types, unlike sensitivity labels, don't have implicit hierarchical relationships. Instead the flexibility of the relationships between types is seen as an advantage over the more rigid MLS rules.

One reason this is confusing is that FLASK in SELinux supports both Types and MLS labels, whereas the Solaris implementation of FLASK will just focus on Types since MLS labels are already associated with zones.

 -----

Great News! 

One of the benefits of open sourcing Solaris is the ability to take advantage when "Innovation Happens Elsewhere" (to quote Sun co-founder Bill Joy).  One of the innovative projects that originated elsewhere is an implementation of Type Enforcement (aka "Flask") for OpenSolaris.  Type Enforcement is a form of Mandatory Access Control that has already appeared in the Security Enhanced Linux project first developed at NSA.  SELinux has worked its way from a science project into major Linux distributions today.

What does this mean for Open Solaris?

• First, it means that we have active development and external contributions to the OpenSolaris community.
  
• Secondly, it means that (when completed), customers and governments who prefer the Type Enforcement to Sun's own Solaris 10 Trusted Extensions model, will have that choice without having to give up the other advanced features of Solaris.

Who is doing this work?

• Stephen Smalley is a researcher at the NSA who has published a number of papers on Type Enforcement and the Security Enhanced Linux project
• John Weeks is an engineer in Sun Federal who has worked for years in the government and security realms. 

When can I get it?

The project has only recently been created at in the OpenSolaris security community.  The source code has yet to be written and posted.   Nothing has been integrated in to the next version (Nevada) of the Solaris kernel yet and there are no plans yet for it to be in Solaris 10.  As the project progresses it may be fully integrated into the Nevada kernel and eventually find its way into a commercial release of Solaris.  Join the community to keep up to date on the latest information.

How will Type Enforcement complement the current Solaris security model?

Read Glenn Faden's most recent blog entry.

Why should I care?

If you have been looking at using SELinux in your project, you should join the community and contribute your comments, feedback, testing and even code to the project creating a better Solaris.

 

 I received this question from a customer today:

We are looking into Solaris or Unix conferences that are held yearly (such as the MS tech net conference) that you feel are worthwhile for learning or finding out cutting edge news. 

Are there any you would recommend or is there a schedule with prices you could direct me to?

I have a number of suggestions but I'm certain that others out there have their own favorites.  Here's my list. 

• JavaOne 
  
• Sun Tech Days 
  
• Locally run OpenSolaris user's groups
  
• OSCON: Open Source Convention (Sun is a platinum sponsor)
  
• Usenix sponsored conferences
  
• LISA 
  

Have your own favorite conference?  Jump into the comments section and let us all know about it.

Why should you care? 

To quote Sy Sims, "An educated consumer is our best customer."

Go out and get educate.  Some of the brightest and most enthusiastic Sun Engineers speak and attend many of these conferences.

As an OS Ambassador at Sun, I have spoken hundreds of times around the country about the Dynamic Tracing facility built in (no extra charge) to Solaris 10 since 2005 and part of the Open Solaris community.  I've described it as a "CAT Scan" into the system when we previously only used X-Ray.  I've said that this allows us to be good doctors (healing the sick) rather than coroners (diagnosing the dead).

Many customers, however, are put off by the programming language or 400 page manual that describes DTrace, however and therefore never really get started.  They don't always realize that we have enhanced PostgreSQL, Ruby, Java, PHP and other higher level languages to make good use of DTrace.  They haven't felt the power of being able to root cause any problem in their system.

While DTrace will never be an "Easy" or "Go Fast" button for your system, there are a number of tools that make it more palatable to the casual user.

Dtrace Toolkit

This collection of pre-written scripts provide some easy tools for collecting the type of data that  system administrators are starving for.

DExplorer

DExplorer automatically runs a collection of DTrace scripts to examine many areas of the system, and places the output in a meaningful directory structure that is tar'd and gzip'd.

Chime Visualization tool

Chime is a graphical tool for visualizing DTrace aggregations. It provides an alternative to similar CLI-based tools (such as intrstat) that is more visually appealing and potentially more useful. In particular, its ability to display data over time adds a missing dimension to system observability. Among its recent new features is the ability to display moving averages.

DTrace NetBeans GUI Plugin

Graphical User Interface (GUI) for running DTrace scripts that can be installed into the Sun Studio 12 IDE, NetBeans IDE 5.5, NetBeans IDE 5.5.1, and NetBeans IDE 6.0.

DTrace BidAdmin community

Includes a collection of tips, tricks, documentation and discussions on DTrace

Why should you care?

Want to be a hero?  Use DTrace to determine why your system isn't working properly.  Save you boss money.  Get more transaction through your systems.  We've done this at a number of customers on live, production systems and you can to.  Download the free DTrace Toolkit today and get started.

PS.  For those who think that System Tap in the Linux community is "just like DTrace," see Adam's rebuttal.

 

Update 2/28: Made some minor corrections.  Provided an English and high quality version of the German video.  Added a ZFS GUI screenshot and instructions.  Added a link to Constantin's ZFS and Virtual Box blog entry.

---

This week I am at "Immersion Week" in suburban Chicago.  Immersion Week is an annual training event for Sun Technical staff in the field sales and professional services organizations.  Included in our "goodie bags" was a USB hub and three USB memory sticks along with the suggestion that we use them to demonstrate the open source ZFS file system included with Solaris 10.

Being a Solaris (and Mac) propeller head and fueled by a few Coronas, I found it hard to refuse this challenge. For an advanced version of this, check out this YouTube video (high quality MP4 version) from my colleagues across the pond.  Here are the steps that I followed.

System under test:  MacBook Pro running MacOS 10.5.2, VMware Fusion 1.1.1 and Solaris 10 08/07.

 1. Enable USB device access per the VMware Fusion instructions: 

1	Open the virtual machine without powering it on. You cannot configure the USB controller while the virtual machine is powered on.

2	Choose Virtual Machine > Settings or click the Settings button in the toolbar to open the virtual machine Settings sheet.

3	Select + and Add USB controller.

4	Select one or both of the options:

•	Enable USB 2.0 Support

•	Automatically Connect USB Device

5	Click Apply.

2. Boot the Solaris VM. Login. Open a Solaris terminal window.  Assume root privileges.  Disable the Volume Management service volfs.  This prevents Solaris from automounting the removable disks. This stays in effect across reboots until you "enable" it.

    svcadm disable volfs 

3. Insert the USB hub with 3 sticks into the Mac's USB port

4. Fusion menus: Virtual Machine > USB > Connect ....  for each of the 3 USB devices.  This "grabs" them away from MacOS into Solaris control.

5. Find out the device names for the three USB disks:

# rmformat
Looking for devices...
     1. Logical Node: /dev/rdsk/c0t0d0p0
        Physical Node: /pci@0,0/pci-ide@7,1/ide@1/sd@0,0
        Connected Device: NECVMWar VMware IDE CDR10 1.00
        Device Type: DVD Reader/Writer
     2. Logical Node: /dev/rdsk/c2t0d0p0
        Physical Node: /pci@0,0/pci15ad,790@11/pci15ad,770@2/storage@1/disk@0,0
        Connected Device: CBM      Flash Disk       5.00
        Device Type: Removable
     3. Logical Node: /dev/rdsk/c3t0d0p0
        Physical Node: /pci@0,0/pci15ad,790@11/pci15ad,770@2/storage@2/disk@0,0
        Connected Device: USB      Flash Disk       1100
        Device Type: Removable
     4. Logical Node: /dev/rdsk/c4t0d0p0
        Physical Node: /pci@0,0/pci15ad,790@11/pci15ad,770@2/storage@3/disk@0,0
        Connected Device: CBM      Flash Disk       5.00
        Device Type: Removable

6.  Create a zpool using RAID Z on the three devices.

# zpool create usbdisk raidz c2t0d0p0 c3t0d0p0 c4t0d0p0
invalid vdev specification
use '-f' to override the following errors:
raidz contains devices of different sizes

Wasn't that nice of ZFS to warn us!

# zpool create -f usbdisk raidz c2t0d0p0 c3t0d0p0 c4t0d0p0
# # zpool status

  pool: usbdisk
 state: ONLINE
 scrub: none requested
config:

        NAME          STATE     READ WRITE CKSUM
        usbdisk       ONLINE       0     0     0
          raidz1      ONLINE       0     0     0
            c3t0d0p0  ONLINE       0     0     0
            c2t0d0p0  ONLINE       0     0     0
            c4t0d0p0  ONLINE       0     0     0

errors: No known data errors

# zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
usbdisk                 360M     91K    360M     0%  ONLINE     -

7.  Now lets have some fun......

8. Create a 5 MB file

cd /usbdisk
mkfile 5m test
# ls -l
total 10245
-rw------T   1 root     root     5242880 Feb 27 23:43 test
# du -ak
5122    ./test
5124    .

Notice how du and ls agree on sizes.

9. Enable compresssion

zfs set compression=on usbdisk
# pwd
/usbdisk
# mkfile 5m testcompression
# ls -l
total 10246
-rw------T   1 root     root     5242880 Feb 27 23:43 test
-rw------T   1 root     root     5242880 Feb 27 23:48 testcompression
# du -ak
5122    ./test
0       ./testcompression
5124    .

 Notice that ls shows a 5 MB file but du -ak shows a zero size file because zero filled files compress so well.

10.  Now remove one of the USB memory sticks from the hub and attempt to create file.

# mkfile 5m test2
# zpool status

  pool: usbdisk
 state: ONLINE
status: One or more devices has experienced an unrecoverable error.  An
        attempt was made to correct the error.  Applications are unaffected.
action: Determine if the device needs to be replaced, and clear the errors
        using 'zpool clear' or replace the device with 'zpool replace'.
   see: http://www.sun.com/msg/ZFS-8000-9P
 scrub: none requested
config:

        NAME          STATE     READ WRITE CKSUM
        usbdisk       ONLINE       0     0     0
          raidz1      ONLINE       0     0     0
            c2t0d0p0  ONLINE       0     0     0
            c3t0d0p0  ONLINE       0   156     0
            c4t0d0p0  ONLINE       0     0     0

errors: No known data errors

zpool status reports that although a device is missing, data is intact.

Re-insert the removed memory stick and...

# zpool scrub usbdisk
# zpool status

  pool: usbdisk
 state: ONLINE
status: One or more devices has experienced an unrecoverable error.  An
        attempt was made to correct the error.  Applications are unaffected.
action: Determine if the device needs to be replaced, and clear the errors
        using 'zpool clear' or replace the device with 'zpool replace'.
   see: http://www.sun.com/msg/ZFS-8000-9P
 scrub: resilver completed with 0 errors on Thu Feb 28 00:37:03 2008
config:

        NAME          STATE     READ WRITE CKSUM
        usbdisk       ONLINE       0     0     0
          raidz1      ONLINE       0     0     0
            c2t0d0p0  ONLINE       0     0     0
            c3t0d0p0  ONLINE       0   254     0
            c4t0d0p0  ONLINE       0     0     0

errors: No known data errors
# zpool clear usbdisk
# zpool status

  pool: usbdisk
 state: ONLINE
 scrub: resilver completed with 0 errors on Thu Feb 28 00:37:03 2008
config:

        NAME          STATE     READ WRITE CKSUM
        usbdisk       ONLINE       0     0     0
          raidz1      ONLINE       0     0     0
            c2t0d0p0  ONLINE       0     0     0
            c3t0d0p0  ONLINE       0     0     0
            c4t0d0p0  ONLINE       0     0     0

errors: No known data errors

zpool scrub examines all data in the specified pools to verify that it checksums correctly. For  replicated  (mirror  or raidz)  devices,  ZFS  automatically  repairs any damage discovered during the scrub.

11.  Now for some real fun with export and import.

# cd /
# zpool export usbdisk
# zpool list

Note that the pool usbdisk is no longer listed.  Remove all three memory sticks.  Mix them up.  Re-insert them.

# zpool import
  pool: usbdisk
    id: 13155150575270542445
 state: ONLINE
action: The pool can be imported using its name or numeric identifier.
config:

        usbdisk       ONLINE
          raidz1      ONLINE
            c2t0d0p0  ONLINE
            c4t0d0p0  ONLINE
            c3t0d0p0  ONLINE
# zpool import usbdisk
# zpool status
 
  pool: usbdisk
 state: ONLINE
 scrub: none requested
config:

        NAME          STATE     READ WRITE CKSUM
        usbdisk       ONLINE       0     0     0
          raidz1      ONLINE       0     0     0
            c2t0d0p0  ONLINE       0     0     0
            c4t0d0p0  ONLINE       0     0     0
            c3t0d0p0  ONLINE       0     0     0

errors: No known data errors

Notice how politely, ZFS tells you the name of the pool (even if you forgot it) and asks you to import it by name.  It doesn't matter that the actual "disks" have changed location.

12.  Transfer the disks to another systems (in this case a MacOS system). First note the files that exist and then export the file system. 

 On the Solaris system....

# ls -l
total 20473
-rw------T   1 root     root     5242880 Feb 28 00:32 test
-rw------T   1 root     root     5242880 Feb 28 00:49 testcompression
# du -a
10236   ./test
1       ./testcompression
20477   .
# cd /
# zpool export usbdisk

Shutdown the virtual machine and exit VMware to avoid confusion. Remove the USB hub from the Mac.

Now on Mac OS X 10.5 Re-insert the USB hub. MacOS X Finder produces an error: "Disk inserted was not readable by this computer."

Click "Ignore." Open the MacOS X terminal applications.

$ sudo -s
Password:
bash-3.2# zpool import
  pool: usbdisk
    id: 13155150575270542445
 state: ONLINE
status: The pool is formatted using an older on-disk version.
action: The pool can be imported using its name or numeric identifier, though
    some features will not be available without an explicit 'zpool upgrade'.
config:

    usbdisk     ONLINE
      raidz1    ONLINE
        disk4   ONLINE
        disk3   ONLINE
        disk5   ONLINE
bash-3.2# zpool import usbdisk
bash-3.2# cd /Volumes/usbdisk
bash-3.2# ls
test        testcompression
bash-3.2# du -a
10236    ./test
1    ./testcompression
10241    .
# zfs get all usbdisk
NAME     PROPERTY       VALUE                  SOURCE
usbdisk  type           filesystem             -
usbdisk  creation       Thu Feb 28  0:32 2008  -
usbdisk  used           5.14M                  -
usbdisk  available      200M                   -
usbdisk  referenced     5.03M                  -
usbdisk  compressratio  1.00x                  -
usbdisk  mounted        yes                    -
usbdisk  quota          none                   default
usbdisk  reservation    none                   default
usbdisk  recordsize     128K                   default
usbdisk  mountpoint     /Volumes/usbdisk       default
usbdisk  sharenfs       off                    default
usbdisk  checksum       on                     default
usbdisk  compression    on                     local
usbdisk  atime          on                     default
usbdisk  devices        on                     default
usbdisk  exec           on                     default
usbdisk  setuid         on                     default
usbdisk  readonly       off                    default
usbdisk  zoned          off                    default
usbdisk  snapdir        hidden                 default
usbdisk  aclmode        groupmask              default
usbdisk  aclinherit     secure                 default
usbdisk  canmount       on                     default
usbdisk  shareiscsi     off                    default
usbdisk  xattr          on                     default
usbdisk  copies         1                      default

Like magic, the USB-based ZFS array is now accessible (read-only) to MacOS X 10.5.  A future update is expected to support R/W access. The compression property is still turned on as it was in Solaris.

PS.  I tried mounting the devices in Solaris using Virtual Box by Innotek (recently acquired by Sun).  This software for MacOS X is currently in Beta test.  I received some rather nasty messages about: Failing to create proxy device for USB device.  Virtual Box also runs on Linux, Windows and OpenSolaris hosts.

 See here what Constantin has done with Virtual Box on Open Solaris with ZFS.

Using the ZFS GUI.

I used the command line but ZFS also has a fully capable browser interface.  To use it the webconsole service must be enabled:

 

# svcadm enable webconsole

Point your browser to:  https://localhost:6789.  Login with the root username and password.

Solaris Express developer's release is a regular packaging of the code being developed by the OpenSolaris community targetted towards developers. It contains some of the latest features that we would like our developers to test out and provide feedback for.

Some of the new capabilities that you might like include:

• xVM virtualization (based on the work of the Xen community) for X64 systems
• CIFS built into the Solaris kernel
• Improved installation experience
• Improved networking and wireless support
• Improved development, compiler and desktop tools
  
• See the complete list

Download the January edition today and let us know

 

My big boss (Bill Vass, President and COO of Sun Federal) has posted a new blog entry describing the updated comparison chart that I've been working on to compare Solaris 10 with RHEL 5.  This time we have added MS Windows 2003 Datacenter Edition.

All three of these operating systems run and are sold and supported by Sun on our X64 based servers featuring Intel or AMD processors. 

Feel free to comment on errors and corrections that you may see.

 

 

For those who think Solaris is dead and "Linux" will take over the world, a recent survey by Forrester Research (NOT paid for by Sun) points out that Solaris is one of the top three "strategic" OS platforms. This shows the value of communities and openness in the software space.  More about this at Jonathan Schwartz blog.

Some interesting quotes include:

Solaris is back on the winner's podium. Sun Solaris has regained its "historical significance" in European financial services.

Linux has lost traction.

Pure J2EE is still strategically very important.
 

Want to get Solaris for free?  Download Solaris 10 today or participate in the OpenSolaris community. 

Sun invites you to read the independent Forrester report titled "European Financial Services Architecture Shows Clear Strategic Direction"(January 2008) in which Forrester reports Solaris as one of the top 3 most strategically positioned operating systems in European Financial Services Firms.

The internet is a wonderful egalitarian place where everyone can have their say.  Who am I to complain?  I get to put my information up here on blogs.sun.com and actually asked for corrections and comments regarding my comparison chart between Solaris 10 and RHEL 5.  Naturally, I got some comments and corrections.  Information week picked it up on Jan 2nd (must have been a slow holiday in the old newsroom.)  Today, while googling a totally unrelated topic (I wasn't googling myself, I promise) I ran across an entry titled: So Mr. Laurent, Solaris is all that *and* a bag of chips?

Written by "Spencer Shimko, Real Genius" who describes himself as "the source of this dribble." Spencer is currently working with technologies related to security and SELinux for Tresys Technology, LLC. We always like to thank and credit those who comment an help improve our information.

While I fully admitted my Solaris bias in creating the chart, I did try to be as complete and factual as I could.  I hardly think that I fit his description of Sun Guys who are (expletives deleted.)

I do have to take issue with some of his counterpoints however:

Platform support.  Mr. Shimko seems to be implying that I'm playing fast and loose with HW and SW support numbers.  I try to deal in facts and tried only to quote numbers that I could verify. Both Sun and RHAT have issues here because ISVs are so darn "Independent!"  They don't always tell vendors when they port a product to a platform and the information that they provide us changes rapidly and is not always accurate. I had to work with numbers at Sun's and RHATs ISV pages because for me to make up any other number for would truly be lying.  As far as his reference to 3000 RHEL applications, my comparison is only with RHEL 5.  Because they don't guarantee binary compatibility and vendors don't always support the latest OS version, I refuse to extrapolate all available RHEL apps to be available for RHEL 5.

Life cycle support.  While we might argue about what "support" and updates" consist of, I can provide a number of examples of our actual timelines for the last 4 EOL versions. It's true that our Solaris lifecycle page quotes 10 years, but as you can see, support lifespans range from 10-12 years.  This varies based upon customer "acceptance" of OS versions.  Solaris 8 was heavily adopted and Solaris 10 even more so and may end up with a lifespan longer than 12 years.  You can see from this that Sun has a long history of extended life cycle support for our OS.

OS Version	First shipped	End of phase one support	End of phase two support
Solaris 8	Feb 2000	March 2009	March 2012
Solaris 7	November 1998	August 2005	August 2008
Solaris 2.6	July 1997	July 2003	July 2006
Solaris 2.5.1	May 1996	Sept 2002	Sept. 2005

Commercial license costs.  Apparently there was no argument here.  Solaris just costs less than RHEL 5 and is available free for download and production use to all of our customers.

Subscription costs.  I was NOT attempting to compare the cheapest Solaris subscription to the cheapest RHEL subscription but the most comparable subscription level.  Solaris is cheaper at the enterprise level.

Unique OS Advanced technologies.  Mr. Shimko would like to remove certain items from the Solaris list such as binary compatibility guarantee, massive scalability, memory placement optimizations etc.  I could find no references to proof of these items in  RHEL 5.  Solaris, however, is proven in all these areas.  Even Linus Torvads admits that he would like to have ZFS in the Linux codebase.

Virtualization.  He calls Solaris zones "stupid, pointless," but I can assure you that a wide variety of enterprise customers including the US DoD find containers useful, easy and cost effective in their data center environments for consolidation of applications.

Application containment.  He predicts the death of Solaris Trusted Extensions and again disrespects containers.  Solaris TX, however, provide capabilities that SElinux cannot, that is a true multi-level Gnome (or CDE) desktop environment that can be displayed on an ulta-thin client.  This technology is currently going through a Protection Level 5 (highest) accreditation at a government customer.  I'll add here that because Solaris is developed using an open source process, the ability to add Type Enforcement is certainly there.  A little bird tells me that there may already be an effort underway to do just that.

Meanwhile, look forward to an updated version of the chart coming to a blog near you.  This time, we will be adding Windows 2003 server to the list since it is one of the OS platforms that Sun can sell and support now.

Thanks for listening and keep those cards and letters coming.

 

Glenn Brunette just published an excellent blog listing his 5 favorite Solaris security features.  Among the valuable quotes are:

• Solaris has had its auditing facility in place since Solaris 2.3, but I can't even begin to count how often I talk with people who do not know that it exists.  (I frequently get this question)
• Zones are IMHO one of the most significant security features in the Solaris 10 OS. Kernel and most user-land forms of root kits are essentially rendered non-effective when running your applications in a sparse-root non-global zone. (I even recommend to customer when only running one application on a box to run it in a local zone for enhanced security.)
• For those wanting something a little more advanced, you can use RBAC to implement a two-person (or four-eyes) access control scenario.  (An excellent recommendation for security conscious DoD customers

He also points you to a number of learning resources on Solaris:

• Solaris 10 Security Home Page
• Solaris 10 Security Learning Center
• Solaris 10 Security Best Practices
• Solaris Security Library
• Solaris Security Presentations
• OpenSolaris Security Community
• Sun Blogs (tagged Solaris + Security)

Why should you care?

You chose Solaris because of its stellar reputation for security.  Don't be "living in the 90s."  Take the time to learn the new features of Solaris 10 so that you can build and maintain a more robust and secure infrastructure for your organization.

If security is your main area of interest, join the OpenSolaris security community and participate.  Don't forget to get your free download of Solaris 10 or OpenSolaris for Sparc or X64 platforms.

I always get a little concerned when I walk into the office and my boss tells me, "Congratulations on being quoted in Information Week."  Although I admit my mind is still fuzzy from a week and a half away from work, I am positive that I never sat for an interview with an InfoWeek reporter.  Nonetheless, there is the article in black and white electrons under the title: Sun Shines In Solaris 10, Linux Comparison.  I guess I can't complain about the title can I?

This serves as a good reminder to us all what risks and potential problems can result from blog entries that are poorly written, researched or misrepresented.  Thankfully, although I admit that my original entry and the chart are not perfect, I haven't yet been accused of outright lies or propaganda.

As a Sun stockholder, I can't complain when the company gets more good publicity and attention driven to our products and services.

Read my original blog entry and see the Solaris vs. RHEL 5 comparison document.  Feel free to comment.

Bill Vass (SunFederal President and COO) also makes reference to this in his blog entry.

Thanks to Information Week for picking this up.

Last week I attended:

3rd Annual DoD Open Conference
Sponsored by AFEI in McLean VA.  December 11-12th
Sun Attendees:  Jim Laurent, Tom Syster, Bill Vass (Keynote speaker) Paul Tatum
Agenda:  http://www.afei.org/brochure/8a03/index.cfm

This is an annual conference attended by government, industry and consultants (Mitre/IDA) to discuss open source technology, open systems and open development methodologies.  Approximately 100 people in attendance.  The President and COO of Sun Federal Bill Vass was one of the keynote speakers.

It's clear from attending this conference again (this is my third time) that there is no avoiding the use of open source tools in the Federal Government.  Whether it is something as simple as glassfish and openssh or more advanced technologies like the UltraSPARC T1 and T2 processors, open source is everywhere in the DoD.

Nick Guertin, Directory Open Arch. PEO IWS Navy

Discussed the Navy's open architecture designed to achieve modularity, interoperability, standards compliance.
Discussed business issues and licensing issues around open source

Mark Tolliver, President of Palamida SW.  (formerly of Sun Micro)

Palamdia delivers auditing and compliance software that compares your software build to existing DB of open source projects providing you with an audit of which OSS you are using, there versions etc.

His experience in code analysis indicates that most projects consist of 30-50% open source components.  Many of these are often found to be below rev and have security vulnerabilities.  Most projects have 50% to 300% MORE OSS than they think they do.

Primary message:  Control your SW supply chain through:
    Policy
    Education
    Transparency
    Compliance (his SW can help, of course)

Mentioned Solaris/OpenSolaris

Bill Vass discussed the value of OSS and Sun's use of it.

OSS is unstoppable because of:
    Security benefits
    Cost
    No vendor lockin

Bill reviewed Sun's strong position in the open source communities and our benefits derived from open sourcing Solaris, Glassfish, OpenOffice etc.  Handed out complete JES CD kits to all attending.  (Sun was a platinum sponsor for the conference.)

He then lead a panel for Q and A including Dewey Houck of Boeing and Bob Gourley, former CIO of DIA.  Intelligence agencies a big proponent of open source.  There was active participation from the audience.

I received feedback from several people during the breaks at the Sun table that they didn't know Sun was so active and aggressive in the OSS community.

Terry Bollinger ASD/NII discussed open Source Governance including:

Evaluation of OSS
    Creating policy
    Auditing
    Education
    Monitoring

Don Adams of Tibco discussed their Open AJAX toolkit known as Bossie.

Eric Pugh of OpenSource Connections discussed the use of the "Agile Methodology" and open source development for thePathFinder program, NGIC and GCGS-A.   www.agilemanifesto.org

Chris Runge of Red Hat provided two case studies of how open source technologies allowed something to happen that was "impossible otherwise."

NSA dev of SE Linux being incorporated into productions OSes such as RHAT and Suse.  First MLS OS that is part of the standard OS distribution

Real-time Linux enhancements working with IBM, and DDG-1000 (aka DDX program) in the Navy.
RHEL 4 + Real time kernel + IBM RT Java + Blade servers

Coming Soon:  Red Hat MRG = RHEL 5.1 = Messaging toolkit + Real time + Grid technologies
Important in financial/trading communities

Nick Weatherby of the Open Source Software Initiative discussed how industry is trying to facilitate OSS adoption by working with Government.

Created Government Technology Task Force to help accelerate and clear out obstancles in standards, procurement, legal issues.  Working with DISA, DoNavy, Army, AF, OSD, JFCOM, DHS, Justice, etc

Example:  FIPS 140-2 validation of the Open SSH libraries

working on IAVA security validation and Common Criteria process for Open Source

Ball Aerospace rep provided a case study of how they took a GeoSpatial toolkit developed for the government through the process of putting it on a public open source project.  Goal was to increase adoption of their framework thereby increasing their bus. oppty for consulting services.
Obstacles included ITAR approvals, Legal, internal politics, ownership issues.

Ed Beck of CSC in NJ

discussed how they used open source modules to reduce costs and increase speed in their deployment of an AEGIS missile update for Display console and systems management tools
Display console now 60% open source based
Sys. Mgt. tools now 40% OSS based

#1 issue was licensing.  DoD is very sensitive about the fact that using the GPL license might mean giving away technology to the bad guys.  Tools used included tcl/tk, Flex/Bison, XPM, Mozilla, etc

BG Gen. Nick Justice of the US Army

discussed value and benefit of OSS in the DoD including acceleration of mission apps, lower cost, increased security etc.  Mentioned Red Hat several times.  FBPC2 is a huge RH deployment.  Future Combat System (FCS) is apparently also going to RHEL.

General Justice is a very engaging and entertaining speaker.  By all means, if you get a chance to here him speak, do it.  He is one of the few high level military people who runs Linux on is laptop.

Andre Boisvert of Pentaho SW (formerly at Oracle, IBM and SAS institute)

Discussed how he had worked at various proprietary, closed source companies and has invested money in 3 new ventures using only open source.
OSS provides:
    Better Code
    Faster innovation
    Self policing of quality, security

Pentaho provides OSS business intelligence including ETL, OLAP etc
Zenoss provides OSS Systems management based on Python
Compiere for OSS ERP SW
Described OSS as a "disruptive force in the SW industry."

KS Shanker of IBM Federal

discussed the security aspects of open source and how he took the linux community through the Common Criteria eval process even though they didn't think it mattered originally.

David Wheeler of Institute for Defense Analysis discussed the security aspects of OSS
Vendor lockin = a security problem.
Open design is a fundamental in creating a secure systems
"Would the Trojan Horse have worked if it had been made of glass?"

Not ALL OSS is secure:
    Developers need to have security skills
    Needs to be widely used and reviewed
    Problems must be fixed on demand when found.

When I asked him when IBM was going to release its huge software portfolio (Tivoli, z-OS, ClearCase, AIX, WebSphere) to the open source community, he responded by pointing out that Websphere has incorporated Apache as its web server.  That sound to me like taking from the OSS community rather than giving.

Booz Allen Hamilton rep discussed the use of an Open Source Security Test Methodology.

As an employee of Sun Microsystems Federal, my big boss is Bill Vass.  Bill recently posted a blog entry which references a comparison chart between Solaris 10 and Red Hat EL 5.  As the primary author of the comparison chart I felt that I should come out from behind the veil of my COO.  Admittedly, the list is composed from the point of view of a long time (12 years) Sun employee and Solaris ambassador.  Although I tried to be as complete as possible in collecting the relevant RHEL 5 information, there may be items that I missed.

Feel free to let me know where I made mistakes and provide your input and comments so that the list can continue to be as complete as possible.  It's somewhat like using the "open source" methodology to put many eyes on the code to ensure correctness.  Go ahead!  I can take it!

The general point of the chart should lead you to the conclusion that I've stated before, namely:

• Solaris costs less than Red Hat
• Solaris does more than Red Hat
• Solaris runs on more SPARC and X86/X64 platforms than Red Hat
• Solaris is developed as an open source project 

Download Solaris today or check out the OpenSolaris source code.  While you're at it, you might want to join the xVM community for open virtualization server and management development.

Why should you care?

There are a wide variety of products on which you can base you computing infrastructure.  Having the most complete and correct information can help you to make decisions based upon facts rather than religious factors. 

If you do any work with Solaris, you NEED to know about Sun BigAdmin portal.  This is the place to find useful operational tips on a wide variety of Sun products and services targeted at the technical systems adminstration audience.

Examples of recently posted information include:

• Solaris Trusted Extensions Technical FAQ
• Live upgrade with zones
  
• Solaris patching
• Security Guidance for Solaris 10 11/06 and 08/07
• and much more.

See the "What's new section for a complete list.

In addition to useful technical information, you will also find our Hardware and Software compatibility lists, newsletters and discussion forums where you can ask or answer a question.

Join the community today! 

 

If you've never heard of our Sun Ray thin client technology, you are missing the opportunity to save some real money while increasing your data security. You can read more about Sun Ray thin clients in my previous blog entry.  You don't have to believe me, however, see for yourself how the Navy's Integrated Warfare Systems Laboratory deployed 270 Sun Rays.

Some of the benefits they experienced include:

• Improved performance over previous X terminal solution
• Exceeded capabilities of existing, aging solution
• Provided a solution that complied with security requirements
• Reduced client deployment time by 80%
• Simplified maintenance, updating only four servers instead of hundreds of desktops
• Reduced cost per client by 50% to approximately $500 with a savings of about $500 per client

Why should you care?

Saves you money.  Enough said! 

On the internal mail aliases within Sun, I see these questions asked frequently about Solaris kernel tunables.

Where can I find out about kernel tunables?

In the documentation, naturally.  Make yourself familiar with the Solaris Tunable Parameters Reference Manual for Solaris 10. 

What should I do with my /etc/system file when I upgrade from Solaris 8 or 9  to 10?

Solaris kernel tunables change in their usage and default values from one revision to the next or even one update to the next.  To help you keep up with these changes we include a change history appendix for the manual. For example, in Solaris 10 we completely removed some parameters (more on that later) and added new ones.  In fact, if you ask most of our kernel engineers about /etc/system, they'll describe it as a "bug that needs to be removed."  Their goal is to make the OS kernel completely adaptive and (where it can't determine the best value automatically) tunable online without requiring the reboot that /etc/system needs to take effect.  Just as a modern car doesn't need manual choke (remember that?), manual spark advance or carb tuning, we would like Solaris to adjust dynamically to changes in memory size, CPU configuration and I/O load.

We suggest that you review all of the tunable parameters in the file to see if they still apply or need to be adjusted.  In many cases, Solaris 10 will perform for you perfectly well if you remove the prior parameters, get a new performance baseline and then (if necessary) make your modifications.

What happened to the shared memory and semaphore settings required by Oracle?

You'll be happy to learn that these are NO LONGER adjusted in /etc/system. In Solaris 10 release, all System V IPC facilities are either automatically configured or can be controlled by resource controls.  Resource controls allow IPC settings to be made on a per-zone, per-project or per-process basis on the local system or in a name service environment. Many applications that previously required system tuning to function might now run without tuning because of increased defaults and the automatic allocation of resources.  This change has several specific benefits including:

• Reboot is no longer required to change them increasing availability
• The larger defaults may mean that no operator intervention is required simplifying systems management.
• They can be tuned differently for different Oracle instances or Containers within a single system increasing flexibility
• Allows centralized control via a naming service such as LDAP
  

 How do I know what to change and when?

The actual process of performance management and tuning the OS is beyond the scope of this article.  Keep in mind, however, that a "well behaved" system should show between 20-25% "system time" in vmstat.  Tuning the kernel can reduce this "system time" overhead.  However, even if you are really good at it and get a 10% improvement, that only takes your system down to 18-23%. Your time is probably better spent looking at your application or disk layout.

Jim Mauro and Rich McDougall have written excellent books about Solaris Internals which address some of the actions you can take in excruciating detail.  See their Solaris Internals wiki for more FAQ and to purchase the books.

Why should you care?

The enhancements made to system tunables are designed to make your life easier when using Solaris, reduce your downtime and simply system management and performance analysis.  By removing as many of the "wacky knobs" as possible, we reduce the potential for errors and downtime.

Dell has joined Fujitsu, IBM and Intel in becoming yet another provider of Solaris on non-Sun hardware.  You have a wide variety of sources to purchase your Solaris based systems today.  Read the press release or listen to the audiocast.

 Would you like to test it out first?  Download your free copy of Solaris 10 or OpenSolaris today.  It is supported on a wide variety of Sparc or X64 based hardware.

 

As one of the 60 or so OS Ambassadors in Sun world wide, I frequently see the question asked about how to configure Solaris swap.  Apparently, there is quite a bit of mystery about swap space even though it is clearly documented in the Solaris administrator collection.  I decided to publish a collection of my favorite myths and facts about Solaris swap space.  Note that certain applications (such as Oracle) that use "Intimate Shared Memory" will require more swap than most applications. Please refer to the application docs for swap size recommendations.

Myth:  Always set Solaris swap to 2 x RAM size

This myth is clearly a case of users who have been around since the SunOS 4.x days.  Virtual memory today consists of the sum total of physical RAM and swap space on disk.  Solaris DOES NOT require any swap space to be configured at all.  If you choose this option, once RAM is full, you will not be able to start new processes.  There are recommendations for swap space size in the Solaris documentation but the rule of thumb in general is that swap should be configured about 30% of physical RAM. 

Myth: Solaris swap requires raw partitions to be available

Swap can easily be added using standard UFS files in addition to raw disk slice, online without a reboot.  The added swap space takes effect immediately.  The instructions are documented but because I'm a nice guy (and it is so easy) I'll put an example here.

• mkfile 500m /swapfile
• swap -a /swapfile
• Make this added swap area persistent across reboots by adding a new entry in /etc/vfstab
  

There now, that didn't hurt a bit did it?  The file can be any size you choose and any location in a UFS file system.  You can add as many swap files as you like. ZFS is not currently supported for swap files.  You can use the vmstat or swap commands to show the changes.  Swap space is used in a round robin rotation.

Myth: Swap partitions are also dump partitions

It was back in the Solaris 8 timeframe (late 1999) that the dumpadm command was added to Solaris. To quote the S8 documentation (because I'm lazy): The new dumpadm command, which allows system administrators to configure crash dumps of the operating system. The dumpadm configuration parameters include the dump content, dump device, and the directory in which crash dump files are saved.  See the Solaris 10 dumpadm documentation for more information.

Myth:  You can't control swap space for Solaris 10 containers

 With the latest update of Solaris 10 08/07, we added new resource controls for swap space and containers.  These provide significantly better control and help eliminate denial of service attacks caused by memory leaks and "malloc bombs."

• zone.max-locked-memory
• zone.max-msg-ids
• zone.max-sem-ids
• zone.max-shm-ids
• zone.max-shm-memory
• project.max-locked-memory - Replaces project.max-device-locked-memory
• zone.max-swap - Provides swap capping for zones through the capped-memory resource

Fact: Swap and tmpfs are the same

This is true.  This design has a number of benefits but we also offer a number of options for controlling tmpfs usage.  I'll refer you directly to the documentation again. 

Fact:  Using swap is bad for performance

Think of swap space as an overflow area for RAM.  It's OK if non-active processes are using swap space, however, if actively used processes are constantly having their pages moved back and forth from RAM to disk based swap areas, performance will suffer.  You can monitor this using the vmstat FREE column.  In Solaris 7 and earlier this number wass relatively meaningless.  Since Solaris 8, however, the FREE column provides an accurate indicator of your free memory.  If the number is too low, page scanning begins (as indicated by the 'sr' column in vmstat).  Any non-zero number in the 'sr' column for an extended period of time is an indicator that it's time to buy more RAM. 

Jim Maura and Rich McDougall have written excellent books about Solaris Internals which described memory utilization in excruciating details.  See their Solaris Internals wiki for more FAQ and to purchase the books. 

 Why should you care?

Solaris continues to be updated and improved with every update based upon feedback from our customers.  If you are not staying up with the latest technology, you're still "living in the 90s" and not getting the most from your compute resource.  We work hard to provide you the facilities in Solaris to increase your availability and utilization of you compute farms.

When I first heard Jonathon Schwartz announce that MacOS 10.5 (aka Leopard) would include ZFS, I was psyched!  As a Microsoft free user of Macs and Unix since the late 1980s, I was looking forward to seeing Sun's open source file system in MacOS and was convinced that its snapshot capability would be the basis of Time Machine, Apple's new backup facility.  Imagine my disappointment when news trickled out that the first release of Leopard would only included a basic, read-only implementation of ZFS.  What good is a read only file system?

Leopard shipped two weeks ago and ZFS is almost impossible to find by anyone but developers and OS nuts like me.  It's completely invisible to the typical Mac user.  Then I heard a different piece of news.  Apple shipped 2 MILLION copies of Leopard in the first weekend!  Once ZFS becomes a more prominent part of MacOS, they will be able to touch many more people than Sun ever could in our enterprise ready Solaris OS.  I feel confident that Apple will continue to innovate on top of ZFS.  And in typical Apple style, the end user (like my 82 year old mother who loves her Mac and has no idea that she's running Unix) may never know what ZFS is, but they will appreciate the benefits that they get.   The same will no doubt be true  in their  implementation of Sun's Dtrace technology.

With that in mind, I set about to find a way to prove to myself that ZFS is in there and compatible with ZFS in Solaris 10.  Here's what I did using my MacBook Pro, VMware Fusion 1.1RC1 beta and Solaris 10 08/07.

• Halt Solaris and shut down the VM
• VM > Settings > + > Add USB controller
• Boot Solaris
• Plug in the USB memory stick. (the VM must have focus)
• This was actually the most time consuming part of the whole exercise.  It did not mount reliably)
  
• If you're lucky, mount shows: /rmdisk/noname on /vol/dev/dsk/c2t0d0/noname:c
• umount /rmdisk/noname 
  
• zpool create usbpool /vol/dsk/noname
• zpool list
  NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
  usbpool                 120M     88K    120M     0%  ONLINE     -
  
• zfs list
  NAME         USED  AVAIL  REFER  MOUNTPOINT
  usbpool       85K  87.9M  24.5K  /usbpool
  
• zpool export usbpool
  
• Suspend the VM and quit Fusion to avoid confusion
• Re-insert the USB stick.
• Finder complains that the disk is not readable.  Click Ignore
  
• Open a terminal on the Mac.
  
• sudo bash
• zpool import
    pool: usbpool
      id: 13927799406997242219
   state: ONLINE
  status: The pool is formatted using an older on-disk version.
  action: The pool can be imported using its name or numeric identifier, though
      some features will not be available without an explicit 'zpool upgrade'.
  config:
  
      usbpool     ONLINE
        disk2     ONLINE
• zpool import usbpool 
• Mount shows:
• usbpool on /Volumes/usbpool (zfs, local, read-only)
• I was then able to view and copy files from the newly mounted pool
• Woooo Hoooo! 

Why should you care?

ZFS is a truly easy to use, open source, endian independent, scalable, reliable file system.  This is the first example of it being ported to a commercial, consumer oriented product.

Things to like about ZFS:

• Open source
• Multi-platform (Solaris, MacOS, BSD unix, Sparc, X86, PowerPC)
• Freely included in Solaris 10 (download now)
  
• Easy to use
• Built in data integrity
• Linux Torvalds likes it. 
• Scalable 128 bit file system
  

Learn more at the ZFS learning center.

Here you will find my chronicles of several hours of failed attempts to add disk space to a Solaris VM disk image.  It turns out that some "newthink" was required.  If you want the correct solution, just skip to the end.

I'm running my Solaris images under VMware Fusion on a MacBook Pro.  The question has come up on how to expand the virtual disk size. 

• Download the VMware Virtual Disk manager for MacOS X. This is a GUI to command line tools provided with Fusion.  If you really like command lines, you can find it at: /Library/Application\ Support/VMware\ Fusion/vmware-vdiskmanager. Figure it out yourself.  I know you're man enough!
• Duplicate your virtual machine.  Only work on the copy! Select it in the Finder and choose Edit > Duplicate. (Apple-D). The VM must NOT be running or even in use and suspended when you make the copy. Fusion complains about this.
  
• Start Fusion
• File Open... your new VM Copy
• Fusion notices that the name has changed and asks you if you have copied it. 
  
• Suspend the VM
  
• You must discard any snapshots before expanding this disk. Virtual Machine > Discard Snapshot.
• Start the Vdiskmanager GUI
• Click Expand and locate the vmdk file in your VM.  Select your desired size.
• Click Go (the GUI echoes the command line it uses at the bottom of the windows for cheaters)
  
• The GUI does NOT show the progress of this activity.
• The Results Tab will open when complete with the status.
  

Now the real fun begins.  Format, however, shows my disk at its original 10 GB size rather than the new 18 GB size.  This is where fdisk comes into play.

fdisk /dev/rdsk/c8t0d0p0 shows that my disk has one partition that is 56% of the entire disk.  This proves that the operation worked. Now we will attempt to delete the partition and recreate it with a larger size while the OS is running (holding breath). Unfortunately, this attempt failed, if you don't care about learning from my failures, skip to the next section.

• fdisk /dev/rdsk/c8t0d0p0
• Select 3 to delete the partition, select partition 1 and confirm
• Select 1 to create a partition. Specify 100% of the Disk.
• Select 5 to exit and pray!
• Run Format and crash (Oh crap!  Glad it was only a copy!)
• System reboots and Grub has no menu. All attempts to boot the kernel fail.Oops. try again.
  

Ok, so Solaris doesn't like me removing and recreating it's fdisk partition while it's running.  How about creating a separate partition and mounting it?  Throw away this VM and make another copy of the original.  Repeat the steps to enlarge the disk, then... This attempt also failed, if you don't care about learning from my failures, skip to the next section.

• reboot is required for fdisk to recognize the new larger size
• fdisk /dev/rdsk/c8t0d0p0
• 1 to create new partition, enter size, do NOT make active

Now I'm stuck again.  I can't find a way to get format to recognize the disk in order to build slices.  newfs refuses to write a new file system with no partition table.

In SunSolve, I found this bug 6307998 which has been closed with these comments.

I have verified that fundamentally Solaris has a limitation in that 
it does not allow more than one physical Solaris partition on the same disk.

This lack of functionality goes beyond the installer, it's something lacking in
Solaris in general.  Having 2 Solaris partitions on the same disk is not
supported in Solaris because the disk driver assumes there's only one
Solaris partition per disk.  For example, if we reference /dev/dsk/c0d0s0, how do
we determine which Solaris partition we're intending to access on c0d0.

 ZFS to the rescue

Who needs that nasty old format and mkfs stuff when you have ZFS! 

• reboot is required for fdisk to recognize the new larger size
• fdisk /dev/rdsk/c8t0d0p0
• 1 to create new partition, enter size, do NOT make active
• zpool create mypool /dev/dsk/c8t0d0p1
• zfs create mypool/jim
  

I've successfully increased by virtual storage!

 Alternative method:  Add a second disk to the image

In order to add second hard disk with Fusion.

• solaris must be halted.
• VM must be shut down.
• Click the + sign, add disk and enter a size.
• devfsadm  (almost typed reboot -- -r but that would be "old think" so that format sees the new device.)
  

format
Searching for disks...done


AVAILABLE DISK SELECTIONS:
       0. c1t0d0 <DEFAULT cyl 1302 alt 2 hd 255 sec 63>
          /pci@0,0/pci1000,30@10/sd@0,0
       1. c1t1d0 <DEFAULT cyl 2557 alt 2 hd 128 sec 32>
          /pci@0,0/pci1000,30@10/sd@1,0

# zpool create mypool /dev/dsk/c1t1d0
# zfs create mypool/jim

# zpool status
  pool: mypool
 state: ONLINE
 scrub: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        mypool      ONLINE       0     0     0
          c1t1d0    ONLINE       0     0     0

# zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
mypool                 4.97G    116K   4.97G     0%  ONLINE     -
 

Why should you care

I found myself guilty here if something that my customers also do frequently.  That is, deal with Solaris 10 as if it were Solaris 2.2.  The new capabilities of the open sourced ZFS are not only easier to use, they support a wider variety of options for the user.

 

NOTE:  No CD-ROM was harmed in this exercise. I shall waste no plastic before its time.

Warning:  I am testing a Preview product on top of a beta product using virtulization on MacOS.  You results may vary.

This is just what I could get on the blog the first day.  More to come....  First I must prioritize my day job activities!

Wow!  Project Indiana is available today in a developer preview.  I had to have it to see if everything they told us at the recent OS Amb preview was true.  My system:

• MacBook Pro 2.4 Ghz with 2 GB RAM
• VMware Fusion 1.1RC1 beta

 What is Project Indiana?

It is intended to be a binary distribution of the OpenSolaris code provided by and supported by Sun.  This developer preview is the first step to a released product expected in March 2008.  It includes the latest technologies and will have a faster changing and shorter life cycle than Solaris 10.  More detail is available at the Project Indiana FAQ.

Who should use project Indiana?

At this time it is intended for developers and testers only.  When it becomes a supported product in 2008, we anticipate it will be used by a wide variety of customers inproduction who required the advanced features of OpenSolaris and can tolerate the shorter life cycle support model. 

How did it go? 

First I downloaded it and read some of the release notes and caveats including important points such as:

• Live CD format provide (yes that's CD not DVD)
• X86 version ONLY today (the liveCD uses the 32-bit kernel but will install both 32 and 64-bit capability)
  
• ZFS as the native root file system
• Network Automagic included
• No custom disk partitioning.
  

With the ISO on my Mac, I created a VM for it to live in with 1 GB of RAM and 10 GB of disk space.  The ISO booted perfectly into "Live CD mode."  NWAM automatically detected my network address.  I wasted no time in clicking the Installer.  After a few questions about time zone, root password and initial non-root user, the installation started and took about 22 minutes to complete.  After installations was complete, I clicked the Reboot button and the system started up from the virtual HD.  The installation experience was quite easy and fast.

At this time, VMware Fusion 1.1RC1 has a bug that causes the 64-bit kernel to "hang" for about 1-2 minutes during the early boot process.  Changing the Grub menu to boot the 32-bit kernel is a workaround for this issues.

Once I logged into the new Gnome 2.20 interface, I attempted to install the Vmware tools.  This is necessary for the proper screen displays and file sharing. Unfortunately, I received the error that it could not copy a file to /usr/dt/config/Xsession.d/9999.autostart-vmware.user.sh  Manually creating the Xsession.d directory allowed the VMware tools to complete.  Although the installation of tools complete, it caused a problem with login where my keyboard was mapped wrong.  I could NOT log into Gnome because of this issue and didn't have time to workaround it. 

What's different for the user?

• Default shell is bash
• Java Desktop System is not installed by default. This means that there is no "Launch" menu in the lower left.  Menus are in the upper right.  Panels are enabled at the top and bottom.
• /usr/gnu/bin is at the beginning of the user's path
• There is a minimal set of software loaded.  The pkg command can be used to get additional components from the software repository.
• The grub menu is now in  /zpl_slim/boot/grub/menu.lst  rather than /boot/grub/menu.lst
  

Interesting bug/oddities

The file browser lists a "Documents" in the Favorites sidebar, but clicking on it produces an error because it doesn't exist.

Dave Miner has published instructions on how to place Indiana in a USB drive. 

Why should you care?

If you are interested in testing, developing and contributing to the future of Solaris, this preview will give you a taste of where we want Solaris to go and the opportunity to joint the community.

 

Thanks IBM for becoming a good OEM for Solaris and providing a great endorsement of its benefits to the enterprise.  To summarize, their list of competitive advantages:

• Great product
• Great price
• Open
  

I couldn't have said it better.

<Head expanding> 

My recent entry must have touched a nerve with a lot of people.  I actually made it into the top half of the "Popular Blogs" roll for the first time.  Thanks for reading!  Keep up the discussion and continue to post your favorite Myths and Legends. jimgris is thinking of a similar post for OpenSolaris.

 <back to work>

<head shrinking>
 

Most Sun employees and Solaris fans know that Solaris has run on X86 platforms since 1994  However, in my visits to customer sites as an OS ambassadors I hear these questions frequently.  Today, I'd like to dispel some of the most common myths about Solaris.

Myth: Sun is not serious about the X86 market.

At this time, Sun is the 3rd largest server vendor in the world and #5 in the x86 server market. We have a variety of hardware platforms using the Intel and AMD chips from under $1000 to complete blade server systems.  We have two OEMs for Solaris signed up (IBM and Intel) with more expected to come in the near future. Intel recommends Solaris as the enterprise OS for their Xeon processor family. We have also agreed to become an OEM for MS Windows server software. We can sell, train, support and take your trade-ins on our complete line of SPARC and X86 systems.  We are QUITE serious.

Myth: Solaris on SPARC and X86 platforms are different OSes.

There is only one Solaris source code base.  You can see and contribute to it at the OpenSolaris web site. 95% of the code is common.  Examples of code that is NOT common includes chip specific features such as memory management, cache, hardware features, boot proms and virtualization technologies.  Features such as Solaris containers, SMF, ZFS, Trusted Extensions, resource management and more work the same on Sparc, X86 or virtualized platforms such as VMware.

Myth: Sun's support organizations are different for SPARC and X86 platforms

The same engineering and customer support team is used to design, develop, test and support Solaris.  You can call 800-USA-4-SUN and get support for Solaris whether it is on Sun systems or any of the over 900 systems on our hardware compatibility list.  Many of our engineers actually do their development work on PC hardware. 

Myth: Solaris for X86 platforms is not on the same schedule as SPARC platforms

Solaris updates and patches are released at the same time for each platform.  The only exception to this is when a patch ONLY applies to a specific platform, such as an Intel memory management fix that does not apply to AMD or SPARC chips.

Myth: You can only get Solaris from Sun

IBM recently announced that they will be selling Solaris for their blade and rack mounted servers.  We anticipate more companies to announce OEM agreements in the future.  Intel has also announced that Solaris is its preferred OS for enterprise deployment on Xeon platforms.

Myth: Solaris only runs on a few X86 platforms.

The hardware compatibility list has hundreds of platforms from Sun, HP, Dell, IBM and others.  It includes the latest Quad-core Intel and AMD chips, blade servers and more. Of our 10 million Solaris registrations, 63% of them were on non-Sun platforms.

Myth: Solaris doesn't work on VMware

Solaris 10 is a supported platform in the VMware support matrix. VMware is also listed at the Sun hardware compatibility list. Pre-built Solaris vmware images at the Sun Download Center

Myth:  It's too hard to move code from Solaris 8 to 10 or from SPARC to X86 platforms.

Solaris is guaranteed to be binary compatible moving forward from Solaris 2.5.1 on each platform.  This means that a binary running on an Ultra 2/2.5.1 can be transferred to Solaris 10 on Sun's latest T2000 and is GUARANTEED to run.  In addition, Solaris is source code compatibile between the two instruction sets.  If you need assistance on the best compiler practices for building 64-bit applications or using the proper performance options see the huge collection of white papers at our Solaris developer's portal.

Myth:  Only Solaris Nevada, OpenSolaris or Solaris Express run on X86 hardware.

Our production ready distribution of Solaris (known as Solaris 10) was first released in March 2005 with complete support for SPARC and X64/X86 platforms just as it has since 1994.  Available for Solaris 10 is enterprise level support and a long life cycle.  Our development for the next version of Solaris (known as Nevada) is currently ongoing as an open source project at www.opensolaris.org.  Periodically we produce binary versions known as Solaris Express community edition or developer edition for users to try out new features. Download Solaris 10 now for free for both SPARC and X86 platforms.

Myth: Solaris is hard to install

If you've heard this before, please check out our latest Solaris Express Developer's Edition.  It has an updated installer, improved wireless networking support and simpified networking setup. Our Flash archive, Live upgrade and jumpstart technologies simplify data center practices for patching and upgrades.

Myth:  You have to dedicate an entire PC to test out Solaris

Solaris works quite well in multi-boot or virtualized environments.  The vast majority of Sun system engineers run Solaris either on a Windows or Linux-based PC or in a virtual machine such as VMware Fusion or Parallels on MacOS X. Solaris include the GRUB boot loader to allow you to choose between multiple OS images to boot. We make virtulization easy with pre-built Solaris vmware images at the Sun Download Center

Bonus Myth (thanks to Bob for Suggesting)

Myth: There are no open source or ISV applications for Solaris on X86 platforms.

You can find a prepackaged and easy to install repository of the most common open source applications from blastwave.org.  Solaris on X86 has more ISV packages than Red Hat and other competitors.  Many freeware packages like PostGreSQL, gcc, gmake, perl, apache, webmin and more are built into Solaris or included on the companion CD.

 

Recently Scott McNealy spoke to the Sun OS Ambassadors at our semi-annual conference in Menlo Park CA.  He told us that he is frequently asked by customers:

• Why Sun is doing this whole "open source" thing and giving away software for free?
• How can Sun expect to make any money with free software?
• How is this good for customers?
  

He gave us his five reasons.

1. Free means low barrier to entry.  Stated another way, "College students and developers don't pay for software anyway, we want to make sure that the software they're using is Sun's, so why not give it to them." By providing our core OS, developer tools and web infrastructure tools to students, companies and independent developers at no charge, we gain mind share among those people who "join things rather than buy things."  When they move into the enterprise, they will start buying products and support from those companies with which they are familiar.
   
2. Open source as a research and development multiplier.  Sun can multiply our $2 billion in R&D funds by leveraging the R&D of the open source communities.  Open sourcing of Java, OpenOffice, Solaris and other technologies allows us to take advantage of the HUGE R&D budgets of IBM, ATT, Nokia and others.  Not to mention the plentiful resources in the emerging markets in China, India and South America.
   
3. Security. Whitfield Diffie has said, "the secret to strong security: less reliance on secrets."  As an anecdotal example, Java is the single largest platform in the world installed on billions of devices (much more widely deployed than MS Windows).  Yet you would be hard pressed to name a Java virus.  This is due in part to its open, community driven development model.
4. Partnering and proliferation of our technology.  Having the Sparc processor technology easily licensed, for example, has allowed our partner Fujitsu to design their own implementation of the Sparc V9 chip architecture.  As a result, our new M-series servers are available from both Sun and Fujitsu providing a dual-source option for customers.  Products from both companies run Solaris and our other software products.  Since open sourcing the UltraSparc T1 chip design, at least two other implementations have been designed for embedded devices further opening new markets to Sun's intellectual property.
   
5. Low barriers to exit.  By conforming to open document formats and web standards we can ensure our customers that they won't have that "locked-in feeling" they get when they choose Microsoft, Oracle, BEA, z/OS or other proprietary product families.  The cost to exit these proprietary technologies dwarfs the acquisition costs.  Sun can help reduce customers' cost to exit by using open standards and open source implementations.  This also provides customers with more choice.  In the case of ODF, for example, customers can now choose office automation packages from Adobe, Sun, IBM, Google or the free OpenOffice suite rather than having the data held hostage by proprietary MS Office formats. They can choose to run these suites on Windows, MacOS, Solaris, BSD or any of the Linux variants.
   

Why should you care?

To summarize, Sun's strategy of making our products free and open is designed to make the entire planet familiar with Sun's products.  We then have the opportunity to offer support, services, training and systems for their enterprise computing needs. This helps customers by providing them more choices at lower cost and allowing them to move from one vendor to another more easily.