Jim Laurent's Weblog

On the internal mail aliases within Sun, I see these questions asked frequently about Solaris kernel tunables.

Where can I find out about kernel tunables?

In the documentation, naturally.  Make yourself familiar with the Solaris Tunable Parameters Reference Manual for Solaris 10. 

What should I do with my /etc/system file when I upgrade from Solaris 8 or 9  to 10?

Solaris kernel tunables change in their usage and default values from one revision to the next or even one update to the next.  To help you keep up with these changes we include a change history appendix for the manual. For example, in Solaris 10 we completely removed some parameters (more on that later) and added new ones.  In fact, if you ask most of our kernel engineers about /etc/system, they'll describe it as a "bug that needs to be removed."  Their goal is to make the OS kernel completely adaptive and (where it can't determine the best value automatically) tunable online without requiring the reboot that /etc/system needs to take effect.  Just as a modern car doesn't need manual choke (remember that?), manual spark advance or carb tuning, we would like Solaris to adjust dynamically to changes in memory size, CPU configuration and I/O load.

We suggest that you review all of the tunable parameters in the file to see if they still apply or need to be adjusted.  In many cases, Solaris 10 will perform for you perfectly well if you remove the prior parameters, get a new performance baseline and then (if necessary) make your modifications.

What happened to the shared memory and semaphore settings required by Oracle?

You'll be happy to learn that these are NO LONGER adjusted in /etc/system. In Solaris 10 release, all System V IPC facilities are either automatically configured or can be controlled by resource controls.  Resource controls allow IPC settings to be made on a per-zone, per-project or per-process basis on the local system or in a name service environment. Many applications that previously required system tuning to function might now run without tuning because of increased defaults and the automatic allocation of resources.  This change has several specific benefits including:

• Reboot is no longer required to change them increasing availability
• The larger defaults may mean that no operator intervention is required simplifying systems management.
• They can be tuned differently for different Oracle instances or Containers within a single system increasing flexibility
• Allows centralized control via a naming service such as LDAP
  

 How do I know what to change and when?

The actual process of performance management and tuning the OS is beyond the scope of this article.  Keep in mind, however, that a "well behaved" system should show between 20-25% "system time" in vmstat.  Tuning the kernel can reduce this "system time" overhead.  However, even if you are really good at it and get a 10% improvement, that only takes your system down to 18-23%. Your time is probably better spent looking at your application or disk layout.

Jim Mauro and Rich McDougall have written excellent books about Solaris Internals which address some of the actions you can take in excruciating detail.  See their Solaris Internals wiki for more FAQ and to purchase the books.

Why should you care?

The enhancements made to system tunables are designed to make your life easier when using Solaris, reduce your downtime and simply system management and performance analysis.  By removing as many of the "wacky knobs" as possible, we reduce the potential for errors and downtime.

Dell has joined Fujitsu, IBM and Intel in becoming yet another provider of Solaris on non-Sun hardware.  You have a wide variety of sources to purchase your Solaris based systems today.  Read the press release or listen to the audiocast.

 Would you like to test it out first?  Download your free copy of Solaris 10 or OpenSolaris today.  It is supported on a wide variety of Sparc or X64 based hardware.

 

As one of the 60 or so OS Ambassadors in Sun world wide, I frequently see the question asked about how to configure Solaris swap.  Apparently, there is quite a bit of mystery about swap space even though it is clearly documented in the Solaris administrator collection.  I decided to publish a collection of my favorite myths and facts about Solaris swap space.  Note that certain applications (such as Oracle) that use "Intimate Shared Memory" will require more swap than most applications. Please refer to the application docs for swap size recommendations.

Myth:  Always set Solaris swap to 2 x RAM size

This myth is clearly a case of users who have been around since the SunOS 4.x days.  Virtual memory today consists of the sum total of physical RAM and swap space on disk.  Solaris DOES NOT require any swap space to be configured at all.  If you choose this option, once RAM is full, you will not be able to start new processes.  There are recommendations for swap space size in the Solaris documentation but the rule of thumb in general is that swap should be configured about 30% of physical RAM. 

Myth: Solaris swap requires raw partitions to be available

Swap can easily be added using standard UFS files in addition to raw disk slice, online without a reboot.  The added swap space takes effect immediately.  The instructions are documented but because I'm a nice guy (and it is so easy) I'll put an example here.

• mkfile 500m /swapfile
• swap -a /swapfile
• Make this added swap area persistent across reboots by adding a new entry in /etc/vfstab
  

There now, that didn't hurt a bit did it?  The file can be any size you choose and any location in a UFS file system.  You can add as many swap files as you like. ZFS is not currently supported for swap files.  You can use the vmstat or swap commands to show the changes.  Swap space is used in a round robin rotation.

Myth: Swap partitions are also dump partitions

It was back in the Solaris 8 timeframe (late 1999) that the dumpadm command was added to Solaris. To quote the S8 documentation (because I'm lazy): The new dumpadm command, which allows system administrators to configure crash dumps of the operating system. The dumpadm configuration parameters include the dump content, dump device, and the directory in which crash dump files are saved.  See the Solaris 10 dumpadm documentation for more information.

Myth:  You can't control swap space for Solaris 10 containers

 With the latest update of Solaris 10 08/07, we added new resource controls for swap space and containers.  These provide significantly better control and help eliminate denial of service attacks caused by memory leaks and "malloc bombs."

• zone.max-locked-memory
• zone.max-msg-ids
• zone.max-sem-ids
• zone.max-shm-ids
• zone.max-shm-memory
• project.max-locked-memory - Replaces project.max-device-locked-memory
• zone.max-swap - Provides swap capping for zones through the capped-memory resource

Fact: Swap and tmpfs are the same

This is true.  This design has a number of benefits but we also offer a number of options for controlling tmpfs usage.  I'll refer you directly to the documentation again. 

Fact:  Using swap is bad for performance

Think of swap space as an overflow area for RAM.  It's OK if non-active processes are using swap space, however, if actively used processes are constantly having their pages moved back and forth from RAM to disk based swap areas, performance will suffer.  You can monitor this using the vmstat FREE column.  In Solaris 7 and earlier this number wass relatively meaningless.  Since Solaris 8, however, the FREE column provides an accurate indicator of your free memory.  If the number is too low, page scanning begins (as indicated by the 'sr' column in vmstat).  Any non-zero number in the 'sr' column for an extended period of time is an indicator that it's time to buy more RAM. 

Jim Maura and Rich McDougall have written excellent books about Solaris Internals which described memory utilization in excruciating details.  See their Solaris Internals wiki for more FAQ and to purchase the books. 

 Why should you care?

Solaris continues to be updated and improved with every update based upon feedback from our customers.  If you are not staying up with the latest technology, you're still "living in the 90s" and not getting the most from your compute resource.  We work hard to provide you the facilities in Solaris to increase your availability and utilization of you compute farms.

When I first heard Jonathon Schwartz announce that MacOS 10.5 (aka Leopard) would include ZFS, I was psyched!  As a Microsoft free user of Macs and Unix since the late 1980s, I was looking forward to seeing Sun's open source file system in MacOS and was convinced that its snapshot capability would be the basis of Time Machine, Apple's new backup facility.  Imagine my disappointment when news trickled out that the first release of Leopard would only included a basic, read-only implementation of ZFS.  What good is a read only file system?

Leopard shipped two weeks ago and ZFS is almost impossible to find by anyone but developers and OS nuts like me.  It's completely invisible to the typical Mac user.  Then I heard a different piece of news.  Apple shipped 2 MILLION copies of Leopard in the first weekend!  Once ZFS becomes a more prominent part of MacOS, they will be able to touch many more people than Sun ever could in our enterprise ready Solaris OS.  I feel confident that Apple will continue to innovate on top of ZFS.  And in typical Apple style, the end user (like my 82 year old mother who loves her Mac and has no idea that she's running Unix) may never know what ZFS is, but they will appreciate the benefits that they get.   The same will no doubt be true  in their  implementation of Sun's Dtrace technology.

With that in mind, I set about to find a way to prove to myself that ZFS is in there and compatible with ZFS in Solaris 10.  Here's what I did using my MacBook Pro, VMware Fusion 1.1RC1 beta and Solaris 10 08/07.

• Halt Solaris and shut down the VM
• VM > Settings > + > Add USB controller
• Boot Solaris
• Plug in the USB memory stick. (the VM must have focus)
• This was actually the most time consuming part of the whole exercise.  It did not mount reliably)
  
• If you're lucky, mount shows: /rmdisk/noname on /vol/dev/dsk/c2t0d0/noname:c
• umount /rmdisk/noname 
  
• zpool create usbpool /vol/dsk/noname
• zpool list
  NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
  usbpool                 120M     88K    120M     0%  ONLINE     -
  
• zfs list
  NAME         USED  AVAIL  REFER  MOUNTPOINT
  usbpool       85K  87.9M  24.5K  /usbpool
  
• zpool export usbpool
  
• Suspend the VM and quit Fusion to avoid confusion
• Re-insert the USB stick.
• Finder complains that the disk is not readable.  Click Ignore
  
• Open a terminal on the Mac.
  
• sudo bash
• zpool import
    pool: usbpool
      id: 13927799406997242219
   state: ONLINE
  status: The pool is formatted using an older on-disk version.
  action: The pool can be imported using its name or numeric identifier, though
      some features will not be available without an explicit 'zpool upgrade'.
  config:
  
      usbpool     ONLINE
        disk2     ONLINE
• zpool import usbpool 
• Mount shows:
• usbpool on /Volumes/usbpool (zfs, local, read-only)
• I was then able to view and copy files from the newly mounted pool
• Woooo Hoooo! 

Why should you care?

ZFS is a truly easy to use, open source, endian independent, scalable, reliable file system.  This is the first example of it being ported to a commercial, consumer oriented product.

Things to like about ZFS:

• Open source
• Multi-platform (Solaris, MacOS, BSD unix, Sparc, X86, PowerPC)
• Freely included in Solaris 10 (download now)
  
• Easy to use
• Built in data integrity
• Linux Torvalds likes it. 
• Scalable 128 bit file system
  

Learn more at the ZFS learning center.

Here you will find my chronicles of several hours of failed attempts to add disk space to a Solaris VM disk image.  It turns out that some "newthink" was required.  If you want the correct solution, just skip to the end.

I'm running my Solaris images under VMware Fusion on a MacBook Pro.  The question has come up on how to expand the virtual disk size. 

• Download the VMware Virtual Disk manager for MacOS X. This is a GUI to command line tools provided with Fusion.  If you really like command lines, you can find it at: /Library/Application\ Support/VMware\ Fusion/vmware-vdiskmanager. Figure it out yourself.  I know you're man enough!
• Duplicate your virtual machine.  Only work on the copy! Select it in the Finder and choose Edit > Duplicate. (Apple-D). The VM must NOT be running or even in use and suspended when you make the copy. Fusion complains about this.
  
• Start Fusion
• File Open... your new VM Copy
• Fusion notices that the name has changed and asks you if you have copied it. 
  
• Suspend the VM
  
• You must discard any snapshots before expanding this disk. Virtual Machine > Discard Snapshot.
• Start the Vdiskmanager GUI
• Click Expand and locate the vmdk file in your VM.  Select your desired size.
• Click Go (the GUI echoes the command line it uses at the bottom of the windows for cheaters)
  
• The GUI does NOT show the progress of this activity.
• The Results Tab will open when complete with the status.
  

Now the real fun begins.  Format, however, shows my disk at its original 10 GB size rather than the new 18 GB size.  This is where fdisk comes into play.

fdisk /dev/rdsk/c8t0d0p0 shows that my disk has one partition that is 56% of the entire disk.  This proves that the operation worked. Now we will attempt to delete the partition and recreate it with a larger size while the OS is running (holding breath). Unfortunately, this attempt failed, if you don't care about learning from my failures, skip to the next section.

• fdisk /dev/rdsk/c8t0d0p0
• Select 3 to delete the partition, select partition 1 and confirm
• Select 1 to create a partition. Specify 100% of the Disk.
• Select 5 to exit and pray!
• Run Format and crash (Oh crap!  Glad it was only a copy!)
• System reboots and Grub has no menu. All attempts to boot the kernel fail.Oops. try again.
  

Ok, so Solaris doesn't like me removing and recreating it's fdisk partition while it's running.  How about creating a separate partition and mounting it?  Throw away this VM and make another copy of the original.  Repeat the steps to enlarge the disk, then... This attempt also failed, if you don't care about learning from my failures, skip to the next section.

• reboot is required for fdisk to recognize the new larger size
• fdisk /dev/rdsk/c8t0d0p0
• 1 to create new partition, enter size, do NOT make active

Now I'm stuck again.  I can't find a way to get format to recognize the disk in order to build slices.  newfs refuses to write a new file system with no partition table.

In SunSolve, I found this bug 6307998 which has been closed with these comments.

I have verified that fundamentally Solaris has a limitation in that 
it does not allow more than one physical Solaris partition on the same disk.

This lack of functionality goes beyond the installer, it's something lacking in
Solaris in general.  Having 2 Solaris partitions on the same disk is not
supported in Solaris because the disk driver assumes there's only one
Solaris partition per disk.  For example, if we reference /dev/dsk/c0d0s0, how do
we determine which Solaris partition we're intending to access on c0d0.

 ZFS to the rescue

Who needs that nasty old format and mkfs stuff when you have ZFS! 

• reboot is required for fdisk to recognize the new larger size
• fdisk /dev/rdsk/c8t0d0p0
• 1 to create new partition, enter size, do NOT make active
• zpool create mypool /dev/dsk/c8t0d0p1
• zfs create mypool/jim
  

I've successfully increased by virtual storage!

 Alternative method:  Add a second disk to the image

In order to add second hard disk with Fusion.

• solaris must be halted.
• VM must be shut down.
• Click the + sign, add disk and enter a size.
• devfsadm  (almost typed reboot -- -r but that would be "old think" so that format sees the new device.)
  

format
Searching for disks...done


AVAILABLE DISK SELECTIONS:
       0. c1t0d0 <DEFAULT cyl 1302 alt 2 hd 255 sec 63>
          /pci@0,0/pci1000,30@10/sd@0,0
       1. c1t1d0 <DEFAULT cyl 2557 alt 2 hd 128 sec 32>
          /pci@0,0/pci1000,30@10/sd@1,0

# zpool create mypool /dev/dsk/c1t1d0
# zfs create mypool/jim

# zpool status
  pool: mypool
 state: ONLINE
 scrub: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        mypool      ONLINE       0     0     0
          c1t1d0    ONLINE       0     0     0

# zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
mypool                 4.97G    116K   4.97G     0%  ONLINE     -
 

Why should you care

I found myself guilty here if something that my customers also do frequently.  That is, deal with Solaris 10 as if it were Solaris 2.2.  The new capabilities of the open sourced ZFS are not only easier to use, they support a wider variety of options for the user.

 

Thanks IBM for becoming a good OEM for Solaris and providing a great endorsement of its benefits to the enterprise.  To summarize, their list of competitive advantages:

• Great product
• Great price
• Open
  

I couldn't have said it better.

Most Sun employees and Solaris fans know that Solaris has run on X86 platforms since 1994  However, in my visits to customer sites as an OS ambassadors I hear these questions frequently.  Today, I'd like to dispel some of the most common myths about Solaris.

Myth: Sun is not serious about the X86 market.

At this time, Sun is the 3rd largest server vendor in the world and #5 in the x86 server market. We have a variety of hardware platforms using the Intel and AMD chips from under $1000 to complete blade server systems.  We have two OEMs for Solaris signed up (IBM and Intel) with more expected to come in the near future. Intel recommends Solaris as the enterprise OS for their Xeon processor family. We have also agreed to become an OEM for MS Windows server software. We can sell, train, support and take your trade-ins on our complete line of SPARC and X86 systems.  We are QUITE serious.

Myth: Solaris on SPARC and X86 platforms are different OSes.

There is only one Solaris source code base.  You can see and contribute to it at the OpenSolaris web site. 95% of the code is common.  Examples of code that is NOT common includes chip specific features such as memory management, cache, hardware features, boot proms and virtualization technologies.  Features such as Solaris containers, SMF, ZFS, Trusted Extensions, resource management and more work the same on Sparc, X86 or virtualized platforms such as VMware.

Myth: Sun's support organizations are different for SPARC and X86 platforms

The same engineering and customer support team is used to design, develop, test and support Solaris.  You can call 800-USA-4-SUN and get support for Solaris whether it is on Sun systems or any of the over 900 systems on our hardware compatibility list.  Many of our engineers actually do their development work on PC hardware. 

Myth: Solaris for X86 platforms is not on the same schedule as SPARC platforms

Solaris updates and patches are released at the same time for each platform.  The only exception to this is when a patch ONLY applies to a specific platform, such as an Intel memory management fix that does not apply to AMD or SPARC chips.

Myth: You can only get Solaris from Sun

IBM recently announced that they will be selling Solaris for their blade and rack mounted servers.  We anticipate more companies to announce OEM agreements in the future.  Intel has also announced that Solaris is its preferred OS for enterprise deployment on Xeon platforms.

Myth: Solaris only runs on a few X86 platforms.

The hardware compatibility list has hundreds of platforms from Sun, HP, Dell, IBM and others.  It includes the latest Quad-core Intel and AMD chips, blade servers and more. Of our 10 million Solaris registrations, 63% of them were on non-Sun platforms.

Myth: Solaris doesn't work on VMware

Solaris 10 is a supported platform in the VMware support matrix. VMware is also listed at the Sun hardware compatibility list. Pre-built Solaris vmware images at the Sun Download Center

Myth:  It's too hard to move code from Solaris 8 to 10 or from SPARC to X86 platforms.

Solaris is guaranteed to be binary compatible moving forward from Solaris 2.5.1 on each platform.  This means that a binary running on an Ultra 2/2.5.1 can be transferred to Solaris 10 on Sun's latest T2000 and is GUARANTEED to run.  In addition, Solaris is source code compatibile between the two instruction sets.  If you need assistance on the best compiler practices for building 64-bit applications or using the proper performance options see the huge collection of white papers at our Solaris developer's portal.

Myth:  Only Solaris Nevada, OpenSolaris or Solaris Express run on X86 hardware.

Our production ready distribution of Solaris (known as Solaris 10) was first released in March 2005 with complete support for SPARC and X64/X86 platforms just as it has since 1994.  Available for Solaris 10 is enterprise level support and a long life cycle.  Our development for the next version of Solaris (known as Nevada) is currently ongoing as an open source project at www.opensolaris.org.  Periodically we produce binary versions known as Solaris Express community edition or developer edition for users to try out new features. Download Solaris 10 now for free for both SPARC and X86 platforms.

Myth: Solaris is hard to install

If you've heard this before, please check out our latest Solaris Express Developer's Edition.  It has an updated installer, improved wireless networking support and simpified networking setup. Our Flash archive, Live upgrade and jumpstart technologies simplify data center practices for patching and upgrades.

Myth:  You have to dedicate an entire PC to test out Solaris

Solaris works quite well in multi-boot or virtualized environments.  The vast majority of Sun system engineers run Solaris either on a Windows or Linux-based PC or in a virtual machine such as VMware Fusion or Parallels on MacOS X. Solaris include the GRUB boot loader to allow you to choose between multiple OS images to boot. We make virtulization easy with pre-built Solaris vmware images at the Sun Download Center

Bonus Myth (thanks to Bob for Suggesting)

Myth: There are no open source or ISV applications for Solaris on X86 platforms.

You can find a prepackaged and easy to install repository of the most common open source applications from blastwave.org.  Solaris on X86 has more ISV packages than Red Hat and other competitors.  Many freeware packages like PostGreSQL, gcc, gmake, perl, apache, webmin and more are built into Solaris or included on the companion CD.

Once again Solaris 10 (on either Sparc or X64 platforms) features a larger collection of available third party ISV applications than the competition.  The numbers speak for themselves.  Want freeware?  Go to blastwave.org or sunfreeware.com

 

Why should you care?

 When choosing an enterprise operating system platform, you need to be sure that you have the widest choice of workloads available to you.  Add that to the fact the Solaris 10 is developed as an open source project, runs on commodity Sparc and X64 hardware and is free to download and the choice is simple.

 

See this excellent article at ServerWatch that describes how web startup Real Time Matrix found that Solaris 10 met their needs better than a Linux based OS.

ServerWatch quoted the CEO: "We need a stable, robust infrastructure to process millions of items a day, match against millions of preferences and run 24/7," said Jeff Whitehead, CEO of The Real Time Matrix Corp of Oakland, Calif. "For high-speed, high-performance, 100 percent raw computing, we are finding it is cheaper and better on Sun and Solaris." 

"For us, Solaris was a no-brainer," Whitehead said. "We immediately went from a couple of hundred to 10,000 matches per second and up to 32 concurrent processes."

He couldn't argue with the results obtained on the T2000 running Solaris. It replaced six x86 boxes and is cheaper to run.

"Our administrative costs went down with the one big machine as we can segment it," Whitehead said. "But with our business model requiring high-speed, high-performance, 100 percent uptime and maximum raw computing power, we are finding it is cheaper and better to be on Sun and Solaris. I'd estimate that we spend 50 percent less than if we had we gone with our original power, hardware and leasing arrangement."

Why you should care

If you want an open source OS that runs on Intel, AMD and Sparc commodity processors, Solaris 10 is free to download and put into production.  Check out our Startup Essentials program to help you get started.

 

 

IBM has agreed to be an OEM for Solaris subscriptions on it's X-series and Blade Center servers.  Read the complete press release and audiocast

Excerpts:

Bill Zeitler, senior vice president & group executive, IBM Systems & Technology Group says, "IBM is the first major x86 vendor to have such an agreement with Sun; and the first big vendor apart from Sun to offer Solaris on blade servers. 

"We're thrilled to be working with IBM to bring the Solaris OS to the broadest market possible - they are a natural partner for Sun," said Jonathan Schwartz, president and CEO of Sun Microsystems. "Solaris adoption continues to accelerate, among both the open source and commercial communities -- driven by bundled virtualization for servers and storage, support for thousands of ISVs, including nearly the entirety of IBM's software portfolio, and outstanding operational economics. Solaris is clearly a choice customers are demanding." 

 Why should I care?

 I frequently get told that a customer's reason for choosing Red Hat over Solaris is that RHEL can be purchased from multiple sources.  Customers now have the choice to purchase Solaris subscription support from Sun or from IBM (can HP and Dell be far behind?)

 

You may have read my earlier blog discussing the requirement for Anti-virus scanning software on Solaris in the US DoD.   The Field Security Office of DISA maintains Security Checklists to help their system admins secure a system before attaching to a DoD network. 

The good news is that this requirement was lowered from a Category I finding (highest) to a Category II finding (out of a possible IV).  Although Sun would prefer an even lower rating, we are happy to see this change.

The bad news is that the checklist requires, "An approved DOD virus scan program" with no definition of which products are approved.  Many of the most popular products do not yet support Solaris on X64 platforms.  I've updated my earlier blog with products that I've been able to identify so far.  Some of these products support Solaris 10 on both the Sparc and X86 platforms.

At this point I'm trying to find out what the "approved DoD products" are from DISA FSO. 

For a great presentation on how Solaris 10 and DTrace helped Twitter improve their performance by 15% see Adam Levanthal's  most recent blog entry along with his presentation provided at OSCON.

 In this case, the application was written in Ruby and the DTrace provider in Ruby really helped.

Why should you care?

 If you are building a fast growing company (as Twitter is) it's inevitable that you will run into performance issues.  Solaris 10 and Dtrace provide the kind of visibility into your application's performance that can help you grow smoothly.
 

The next update of Sun's open source Solaris 10 (tentatively named 8/07) has completed its certification for the IPv6 logo program.  This certification was completed by the Univ. of New Hampshire Interoperability Lab.

The certification document is a mind-numbing 298 pages of tests for every possible networking capability related to IPv6.

Earlier versions of Solaris 10 also completed the "MoonV6" phase I and II trials sponsored by the US DoD and UNH.  However, just because Solaris 10 has completed these certifications doesn't mean that earlier versions of Solaris aren't IPv6 capable.

What does it mean to be IPv6 capable or compliant?

That's a good question because the US Federal Acquisition Regulations (FARs) now require:

1. Adding a new paragraph (A)(2) in FAR 7.105 (b)(4)(ii) to ensure 
agency planners comply with the Internet Protocol Version 6 (IPv6) 
capability requirements as a part of acquisition planning;
    2. Adding paragraph (e) to FAR 12.202 to state that requirements 
documents for information technology shall include Internet Protocol 
Version 6 (IPv6) capable products and services; and
    3. Adding paragraph (e) to FAR 39.101 to state when acquiring 
information technology, agencies shall include the appropriate 
requirements for Internet Protocol Version 6 (IPv6) capable products 
and services, and for agencies to establish procedures for granting 
exceptions.

They don't define, however, what it means to be capable.  They don't reference specific standards or protocols. 

Solaris has supported IPv6 since it was first introduced in Solaris 8 in 2000 and has been adding standards and features throughout the development of Solaris 8, 9 and 10.   IPv6 consists of a broad collection of IETF RFCs that define various networking capabilities and features.  This collection of standards is constantly evolving and expanding as requirements change over time.  Just because you don't support every one yet doesn't mean that your platform is NOT IPv6 capable.

Why should you care?

IPv6 is the next generation of IP networking standards and has been mandated by the US DoD, Civilian Agencies as well as governments and commercial customers around the globe.  Sun has been a leader in developing and supporting IP standards ever since we included TCP/IP and Ethernet interfaces in our first workstation in 1982.  With Solaris 10, we provide a highly robust, scalable platform for IPv6 deployments that runs on Sparc, Intel and AMD based platforms ranging from laptop computers to 144 processor core super servers.

First introduced over 7 years ago, Sun's IPv6 capabilities have improved and expanded through three generations of Solaris. Solaris IPv6 capability is only part of our industry leading networking support in Solaris 10.  Soon to be added will be our "Crossbow" network virtualization technology now being developed as part of OpenSolaris.

Finally, if you would like to try out Solaris or OpenSolaris, they are available for download and free use in test, development and production environments.

Congratulations to the Sun Cluster team!

On the second anniversary of Open Solaris, Sun has announced the we are beginning the process of open sourcing all of our Solaris Cluster software.  The first components to join the OpenSolaris community are the cluster agents.

Join the Open HA Cluster community today.

 

 

Sun recently has been playing a radio ad on WTOP in the Washington DC area that reinforces my earlier blog entry about Solaris costing less than Red Hat and doing more.

For those who haven't heard it, listen now and open your mind.

 

 

 

There are some cool new reports comparing ZFS to other file systems.  In order to same myself some time, I'll just refer you to others who have already summarized the results.

 http://blogs.sun.com/Peerapong/entry/solaris_zfs_performance
 

There's also quite a bit of discussion about ZFS for MacOS and Linux going on including public statements by Linus Torvalds and Johnathan Schwartz.  See: 

http://blogs.sun.com/jimgris/entry/zfs1 

 Full reports

 Solaris ZFS vs Linux Ext3 :
http://blogs.sun.com/Peerapong/resource/zfs_linux.pdf

 Solaris ZFS vs VERITAS VxFS:
http://blogs.sun.com/Peerapong/resource/zfs_veritas.pdf

Solaris ZFS vs W2K NTFS: 
http://blogs.sun.com/Peerapong/resource/zfs_msft.pdf

Solaris ZFS vs Linux RAID : http://unixconsult.org/zfs_vs_lvm.html

 

Pardon the bad grammar but I couldn't resist paraphrasing the well known advertising line..... 

 

The developer edition of Solaris Express has been updated with a wide variety of new features to make it easier to install, operate and develop on.  Naturally, this generates a lot of questions from customers and developers.

 What is Solaris Express Developer Edition?

Solaris Express Developer Edition is a free, quarterly release of Sun's next generation Solaris Operating System built from the source code repository at OpenSolaris.org. The release includes the latest tools, technologies, and platforms to create applications for the Solaris OS, Java Application Platforms, and Web 2.0.

Ummm.. What does that mean to me?

• It's based upon the latest builds of OpenSolaris including:
• Solaris (Solaris Express Community Edition build 64a) UPDATED
• Solaris Containers - better integration with resource management capabilities
• ZFS - GZIP compression supported, iSCSI integration, recursive snapshots
• Gnome 2.16
• Firefox 2.0 Browser UPDATED
• Thunderbird2.0 with the new Lightning calendar module NEW
• Evolution 2.8.1.1
• StarOffice 8 with product update 6 office productivity suite UPDATED
• It's targeted to developers who have X64 platforms.
• It has a simplified installation procedure which pre-installs Sun's premiere suite of developer tools including:
• NEW Sun Studio 12 C, C++ and Fortran compilers
• NetBeans 5.5:
  • IDE
  • Enterprise Pack including the GlassFish Application Server
  • Profiler NEW
  • Visual Web Pack NEW
• Java Platform, Standard Edition 6
• PostgreSQL 8.2.4 NEW
• Plus a variety of open source tools that are either not in Solaris 10 or updated relative to the versions in Solaris 10. See below.

• NEW Wireless Chipsets Supported:
• Intel Pro/Wireless 2100de
• Intel Pro/Wireless 2200BG/2915ABG
• Intel Pro/Wireless 3945
• Wireless WPA Supplicant
• Agere 11b and PrismII 11b
• Cisco Aironet 340/350
• NEW Automatic Network Configuration
• This release includes the first putback of the OpenSolaris project codenamed Network Automagic a project to automatically configure active network interfaces.

Great, how do I get it?

Download it or order a free DVD kit!

Why should I develop my application on Solaris?

• It does more than Red Hat
• It cost less than Red Hat
• It runs on the more X64 platforms than Red Hat
• It is the recommended enterprise OS by Intel for Xeon.
• It support real-time programming
• It is standards compliant
• Is supports multi-level security.
  
• With over 8 million registrations, it's extremely popular on both Sparc and X64 platforms (from Sun, HP, Del, IBM and others)
  
• Virtualization is built in
  
• Is scales like crazy
• It has rock solid availability
  
• There are multiple distributions available.
  
• It is a great Web 2.0 platform
• It's a better "Linux than Linux" 

 Try it out and post your experience or join the communities at www.opensolaris.org.
 

John Weeks of Sun has created an interesting application using Java for Solaris 10 Trusted Extensions.  It implements "tearlines" that allow a single document to be viewed differently by users with different levels of classification on the system.  A "Public" user might only see the basic description of a Sun bug report, for example, while an "Internal" user would see the basic description along with internal information such as responsible engineer, comments, release schedule etc.

Review John's presentation from JavaOne. Read more about it in the sidebar to this Government Computer News article.

Why should you care?

Sharing information has become a high priority for the US Government agencies responsible for defense and homeland security.  However, proper precautions must be taken to ensure that the right people see only the information they are allowed to see by law or policy.  Solaris 10 with built in Trusted Extensions facilitates this capability by providing a mature  multi-level operating system. 

This feature is available on Sun's Sparc, Intel and AMD platforms as well as those from other vendors such as IBM, Dell and HP. 

As someone who used to work at Gould Computer System division (aka Encore Computer), I've always had a soft spot in my heart for real-time computing.  Gould produced proprietary HW platforms and OS used in flight simulation, nuclear power simulation and data telemetry collection.  I remember when we used to brag about 32 microsecond response time to interrupts and 3 MB/s data interfaces.  Unfortunately, general purpose computers put the big RT players (Gould, Harris, Modcomp, Concurrent) out of business.  Initially it was SGI with their big iron and real-time extensions to Irix.  Later with Solaris 8, Sun introduced real-time extensions which could be used on our Sparc as well as AMD based systems.

Solaris 10 today can meet those same stringent 32 microsecond response times in a general purpose OS with high ISV acceptance that is available on Sparc, Intel and AMD (soon PowerPC) platforms. 

One of the key proponents of real-time computing within Sun has recently joined the blogging world.

Please check out "The jel's weblog Musings on realtime" 

In his initial entry he discusses:

• The foundations of Solaris real-time
• Real-time benchmark details
• How good is Solaris real-time? (Short answer: really good with 32 microsecond response time)
  

And I shouldn't forget to mention that our code for real-time extensions is all part of OpenSolaris 

Why should you care?

Real-time computing is NOT just for the lunatic fringe anymore.  It is a key component in any system that requires predictable response times including financial trading systems, military command and control systems and others.  Solaris has a signficant lead on other unix/linux vendors in this area.
 

Recently, IBM announced the feature set of its upcoming AIX version 6, and I can tell you that Sun and the Solaris engineering team are extremely flattered that IBM has finally conceded that Sun has the jump on them when it comes to advanced technology.  According to their product preview AIX 6 will feature:

• Workload partitions, a software virtualization technology
• Sun introduced these as Solaris 10 Containers in 2005 with resource management, security containment, and we continue to enhance them with each update of Solaris 10.
• A wide variety of customers already have Solaris 10 containers in production and have found that they allow flexibility and consolidation in the data centers.
• Solaris 10 containers are supported on all platforms (Sparc, AMD, Intel) whether from Sun or third parties (including IBM's Blade Center)
  
• Solaris 10 containers are the basis for our Trusted Extenstions providing multi-level security.
• I'm not sure why they decided to build their own rather than taking the code for Containers from the OpenSolaris site.
  
• Role Based Access Control
• Introduced by Sun in 2000 with the release of Solaris 8 (yes, 7 years ago)
  
• The basis for our completed Common Criteria evaluations which have included the RBACPP in Solaris 9 and 10.
• Integrated with our auditing, identity and process privilege model
• Trusted AIX
• Trusted versions of Solaris have been available for almost 15 years.
• Solaris 10 with Trusted Extensions has been available since December 2006 and is currently under CC evaluation for the Labeled Security Protection Profile.
• Trusted Extensions have been open sourced including our multi-level contributions to X.org and Gnome.
  
• Secure by Default
• Introduced in Solaris 10 12/06, this allows you to install Solaris 10 with all network services turned off except for SSH.
• Dynamic Tracing
• This facility, known as DTrace, was introduced with Solaris 10 in March of 2005.
• It is an award winning tool from Sun that can provide complete visibility into the operation of kernel or user application behavior and performance
• Has already been extended by Sun and third parties to include Java, Postgres and Ruby on Rails support.
• Was the first component of Solaris to be open sourced.
• Has been picked up by Apple for MacOS as well as the BSD community for inclusion in their products.
• Binary Compatibility
• An area in which Sun excels, we have been offering guaranteed binary compatibility since the Solaris 7 days.
• Extends to both our Sparc as well as our X86 product lines (IBM doesn't have this option because AIX doesn't run  on X86 architectures.)
  
• I did NOT see the word guarantee at the AIX web site.  What do they do if your application does NOT run?
  
• Open Beta Program
• Sun introduced the Solaris Express program well before the initial release of Solaris 10 to allow customers to get their hands on code and provide feedback directly to developers.
• Sun's "Developer Edition" is specifically targeted at developers with X86 based PCs to give them early exposure to Sun's new technology and source code.
• Solaris Express DOES NOT require our partners, customers and developers to own expensive proprietary hardware.
• Based upon the mid 2007 start point of this program, we do not expect AIX 6 to be available until 2008 giving Solaris 10 fully a three year lead on AIX 6.
  

In addition to those direct comparisons, I feel honor bound to point out:

• IBM did NOT announced open sourcing of any of their AIX code.  I could be wrong, but I don't believe that they have the rights to open source AIX.
  
• AIX 6 does NOT support the volume leading platforms in the market today (OpenSparc based, Intel, AMD) thereby forcing developers to use their expensive proprietary hardware.
• According to the IBM store, the least expensive P-series servers is $3400.  This is not exactly within the budget of most developers.  IBM's least expensive workstation is $6000.
• Sun's AMD workstations start at $900 and our Sparc workstations start at $2900.  Of course, you don't have to choose one of ours. You can get a Dell, Sony, Acer or white box to start your Solaris 10 development now.
  
• Solaris 10 provides a consistent user interface and source compatibility between the Sparc and X86 platforms.
  
• I didn't see any mention of free downloads for AIX
  
• Solaris outsells AIX and HP-UX combined
• More volume leads to more ISV support, third party hardware and community support
  

In summary, thank you, IBM, for validating Sun's technology leadership and distribution model.  You are still a little bit short and we are at least 3 years ahead.

Why should you care?

If you truly need an enterprise OS that you can download for free, run on your laptop and participate in an open source community, Solaris 10 is your only choice.

Those who have seen me speak to customers, know that I have a "mantra" when asked to compare Solaris to various Linux distributions.  It goes like this:

• Solaris does more than Red Hat
• Solaris costs less than Red Hat
• Solaris is open source like Red Hat
• Solaris runs on more Intel, AMD and Sparc platforms than Red Hat. 

As a result, one FAQ I get is, "How much less does Solaris 10 cost?"  According to our Sun site and the Red Hat site list price comparisons for support and licenses are:
 

	Standard service 1 year (5 x 12)	Premium service 1 year (7 x 24)
Solaris 10 (up to 2 sockets)	$720	$1080
Solaris 10 (unlimited sockets)	$1320	$1980
Red Hat Enterprise Linux 5 (up to 2 sockets)	$799	$1299	11-20% more than Solaris
Red Hat Enterprise Linux 5 (unlimited sockets)	$1,499	$2,499	13-26% more than Solaris

 

Hmmmm....  So much for the idea that "Linux is cheap or free." 

Other important notes about Solaris 10:

• It supports (in addition to our own AMD based workstations, servers and blades) those by Dell, HP, IBM and more.
• It also runs on our scalable (up to 144 processors and 2 TB of RAM) Sparc servers and workstations
  
• It is FREE to download and use in production without paying the license or service support contract. (Sparc or X86)
  
• With each update of Solaris 10 you can download the new update (which include rolled up patches) for free as well
• Solaris 10 includes a binary compatibility guarantee as well as indemnification
  

Red Hat touts a number of new features in RHEL 5 that Solaris has had for years including:

• Multi-level security which was first built into SunOS 4 back in the early 90s and is now included in Solaris 10 in the form of Trusted Extensions.
  
• Real-time processing which was first featured in Solaris 8 over 7 years ago
• Virtualization which was introduced in Solaris 10 in 2005
  
• Open source development model which Solaris introduced 2 years ago
• Integrated LDAP directory which Solaris 8 included in the year 2000
• Auditing features which have been built into Solaris since version 2.3
• SystemTap profiler which is a poor substitute for Solaris 10 advanced, award winning Dynamic Tracing Facility
  

Other advanced, open source features in Solaris 10 include:

• ZFS, an advanced, easy to manage scalable file system
• Service management facility to simpify operation and security
• Secure by default to control network services out of the box
• Predictive self-healing to provide the highest RAS available.
• A large collection of third party applications
  

In short Solaris is a better "Linux than Linux"

Why should you care?

If you are interested in a data center quality operating system used for years by the most demanding customers at a low price, Solaris should be your first choice.

If you have more questions about Sun's strategy for Solaris and are a US Federal Government customer, contact Sun Federal at 703 204 4100 in McLean VA.

OK, I admit that this is old news.  I've been on vacation and consumed by my day job and have been unable to comment for a while. 

Who is Ian Murdock?  He has both a blog and a Wikipedia entry for the full details.  Primarily he is the founder of Debian and has been heavily involved in the open source movement for years.

What will he do at Sun?  According to this article, as the Chief Operating Platforms Officer he plans to make Solaris more Linux-like.  He's NOT referring to the Linux kernel, however, but the user environment built around the Linux kernel.  This includes developer tools, admin tools and user interfaces.  We wouldn't want to use a Linux kernel because the Solaris kernel is better and provides a stronger platform for innovation.

What would I like to see him do at Sun?  As a systems engineer at Sun, I'm fortunate to have the skills to deal the the "idosyncracies" of Solaris.  However, as a computer user who is 100% Microsoft free (Solaris at work and on my laptop, MacOS X at home), I would like to see him bring better usability to Solaris in a number of areas including:

• Quicktime built into Solaris
• Improve ability to add open source packages
  
• Simple, accessible management tools
• Easier installation process
• Suspend/resume on laptops

On a broader basis, I think he needs to:

• Improve the credibility of Solaris in the various open source communities with which we interact (having come from the Free Software Foundation, he should know how they think)  This may include changing the license model for OpenSolaris
  
• Increase the "cool" factor for Solaris with high school and college students as well as developers and customers.
• Work with our enterprise customers to get the message out louder and clearer that:
• Solaris does more than Red Hat
• Solaris costs less than Red Hat
• Solaris is open source like Red Hat
• Solaris runs on more Intel, AMD and Sparc platforms than Red Hat.
  

Welcome on board Ian and good luck!

Why should you care?

The hiring of Ian Murdock is a strong message from Sun to the industry and developer community that Solaris will continue to be a focus area for Sun, and we will improve its market position on Intel and AMD platforms (from Sun or other vendors).

If you have more questions about Sun's strategy for Solaris and are a US Federal Government customer, contact Sun Federal at 703 204 4100 in McLean VA.

 

 

Solaris 10 introduced a powerful virtualization capability in March of 2005 with Solaris Containers.  This allowed hundreds of separate applications to run on a single Solaris kernel while providing security isolation.  It has almost zero performance impact and very little storage and memory impact.  However, a single kernel has caused concern for some customers who need stronger isolation or various kernel patch releases.

Enter "Logical Domains" for the UltraSparc T1 processor current featured in our T1000/T2000 servers.

Logical domains take advantage of the hypervisor built into the US T1 processor allowing up to 32 separate, complete Solaris kernels to run on a single server.

We have a release candidate for external download from Sun Download  Center. This is an unsupported technology preview of Logical Domains  software, providing early access to those interested in the technology.

http://www.sun.com/download/products.xml?id=45b14cf9

A blueprint article (Beginners Guide to LDoms, by Tony Shoumack) was published. It's intended to assist the reader in gaining an  understanding of how to easily and effectively deploy Sun's Logical  Domains technology. The guide works through step-by-step examples that  include the commands to set up, deploy, and manage logical domains and looks at commonly asked questions and advanced techniques.

http://www.sun.com/blueprints/0207/820-0832.html

BigAdmin site: (an external discussion forum will be set up shortly)
http://www.sun.com/bigadmin/hubs/ldoms/

How to they compare?

I've created this brief (not all inclusive) comparison of Solaris containers and Logical Domains

Feature	Solaris 10 Containers	Logical Domains
How Many?	Thousands per server	32 per server today, 64 in next generation
What platforms?	All	UtraSparc T1 and future Sun4v chips
Number of unique Solaris Kernels	1	up to 32
Patching	Once for all containers	Each one separately
Installations	Once for Solaris 10	Once for each OS image
Resource Management	Yes, CPU pools or shares	Yes manual virtual CPU assignment
Sub-CPU granularity	Yes, fine granularity via fair share scheduler	Yes, 4 logical domains per T1 core
Time to create a new instance	Minutes	Greater than 1 hour
Disk space required per instance	100 MB	Gigabytes
Other OS support	No	Yes in the future (Linux)

FAQ: Can I run Solaris Containers withing a logical domain?

Answer: Yes.  Think of a logical domain as just another platform.

Why should you care?

Customers wanting to make maximum use of their Sun hardware while meeting specific availability, security or management requirement may want to consider logical domains as an alternative (or in parallel with) Solaris containers.

Logical domains are only one of Sun's many virtualization technologies which include:

• Hardware domains  in the E4900, E6900 and E25K class servers
• Solaris containers for both Sparc and X64/X86 platform
• Xen (coming later) for the X64/X86 platform
• VMware running under Solaris 10 on X64/X86 platform
• Resource Management in Solaris 9 and 10 on all platforms
  

 

You may have read my previous article about Solaris 10 Trusted Extensions and the security enhancements that it provides.  Glenn Faden is the lead architect for our Trusted Solaris products and has published two articles on Sun's Bigadmin web site.  Glenn has been in charge of our Trusted Solaris projects for over 15 years at Sun and knows security inside and out.

In two Bigadmin articles he compares the security models of Solaris 10 Trusted Extensions with RHEL 5.

 Solaris Trusted Extensions and Red Hat Enterprise Linux: Multilevel Security Policy Feature Summary Comparison
Glenn Faden (Distinguished Engineer, Sun Microsystems), February 2007

http://www.sun.com/bigadmin/features/hub_articles/mls_trusted_exts_table.jsp

Comparing the Multilevel Security Policies of the Solaris Trusted Extensions and Red Hat Enterprise Linux Systems
Glenn Faden (Distinguished Engineer, Sun Microsystems), February 2007

http://www.sun.com/bigadmin/features/hub_articles/mls_trusted_exts.jsp

Why should you care?

If security and separation of roles, networks and data is important, you should seriously consider using Solaris 10 11/06 which includes the Trusted Extensions.  There is no additional cost and it is developed as an open source project.  Feel free to join the community, contribute your comments, code and expertise.

Once again Ken Milberg has published an article about IBM technologies (this time Linux on Mainframe) full of misrepresentations, omissions and errors.  I commented on his last article as did Jeff Savit and others.

 The best example of Mr. Milberg's content free writing is this paragraph on "price."

Price -- Though there is plenty of open source software that runs on Unix, open source and Linux go together like peanut butter and jelly. While not all open source software is free, one is certainly free to modify its source code.

Yes, that's the whole paragraph.  To quote one of the children in Mary Poppins after hearing the word "Supercalifragilisticexpialidocious" , "But it doesn't mean anything!"

For a detailed deconstruction of the article by Jeff Savit, check out Jeff's blog entry 

IBM Systems Mag recently posted an article comparing Sun, HP and IBM virtualization offerings entitled, "IBM, Sun and HP: Comparing UNIX Virtualization Offerings" By Ken Milberg.

You can read the article at: 

http://www.ibmsystemsmag.com/ME2/Audiences/dirmod.asp?sid=&nm=&type=Publishing&mod=Publications%3A%3AArticle&mid=8F3A7027421841978F18BE895F87F791&AudID=1CE1C4C1B85E4DBD88C47DD63CCCB59C&tier=4&id=1678B712944D4E4480CCB81F2F563585

This article covers a variety of issues some accurate and some horribly inaccurate.  I will only address the Solaris portion of the article:

It took over a hundred commands and hours of architectural work, including partitioning drives and planning for replicas.

While I will admit that Solaris Volume Manager (aka DiskSuite) is not the easiest to set up via the command line, the Solaris Mgt. Console can be used to make this easier. Ken doesn't say exactly what he was trying to do but "hundreds of commands and hours of time" sounds to be a bit of an exaggeration. In addition, ZFS can create a mirrored storage pool in two commands and also supports an easy to use web GUI. In addition ZFS provides data integrity capabilities and nearly infinite storage capabilities.  ZFS is also open source and being ported to BSD variants including MacOS X.

this method requires all partitions have the same OS and patch levels. Their virtualization essentially virtualizes an OS environment more-so than hardware. In fact, they don't emulate any of the underlying hardware. The virtualized OS will make the calls to the hardware. That's where multiple partitions run on the same server, but with one kernel. To reiterate, every OS level must be exactly the same across all containers. One kernel fault will bring down every container.

This is true, however, as the author points out later in the article there is SIGNIFICANTLY less overhead in CPU, memory and disk space incurred in the Solaris Containers virtualization.  Logical Domains in the T2000 and Single CPU domains in the APL (due later this year) will alleviate this issue by allowing multiple, different OS versions to run.  The author fails to point out, however, that a single kernel is easier to manage and patch than multiple kernels.  In addition, we have taken significant steps to enhance the availability of the kernel (SMF, Predictive Self-healing.)

There's also limited security isolation as a result of a single kernel across containers. What that means is one breach will impact every container in the OS image.

Although a breach of the Global zone can impact every container, the global zone can be configured without an IP address making it impossible to attack without direct console access.  This is, in fact, the preferred configuration.  User applications and logins should not be allowed in the Global zone. The local zones themselves, if attacked, are completely isolated from the other zones via reduced privs.  They can be rebooted independently without affecting other zones.  Another benefit of a single kernel image is the ability to use Dynamic Tracing (DTrace) to diagnose problems across all the Solaris containers.  This is impossible using virtualization with separate OS instances.

From a licensing perspective, one must also be aware ISVs will charge on a per CPU basis across all containers in the single image, even though they may need only a part of the OS image capacity.

This varies by ISV.  Oracle, for instance, respects Sun CPU pools when set up in the global zone and attached to local zones for licensing purposes.  Most licensing system are based upon the Honor system.  Negotiate the best deal you can with your ISVs.

Sun containers also can't share I/O, which is not a good thing.

This is not true.  Containers can share ethernet ports, FCAL channels, devices, disk drives and even mounted file systems in read-only or read-write access modes.

You could use the Solaris Container Manager, though I suspect you may have similar problems that I had with the Solaris Management Console in configuring storage resources

You can also use webmin from webmin.com to manage containers, SMF, users, cron jobs and many other aspects of Solaris.  Webmin is an open source, lightweight, web based management interface.

When Red Hat came up with virtualization for RHEL5 (still in Beta), they decided not to go the container route, and will introduce version 3 of Xen's hpypervisor. The virtualization is a para-virtualized kernel, which virtualizes part of an OS operating environment and also selectively emulates hardware devices as well. It provides access to the native hardware. Of all the virtualization technologies out there, Xen most closely mirrors IBM's Advanced Power Virtualization (APV). But it's not yet available on the Sparc.

Sun is engaged with the Xen project at opensolaris.org and expects a Xen based distribution later in 2007 for the Intel/AMD platforms.  Logical Domains is a similar technology available for T1000/2000 today.

My Solaris buddies have informed me - with Sun's new line of T2000 servers - one can run Solaris, Unix and also Windows,

I'm not sure which Solaris buddies he is referring to but MS Windows does NOT run on the T2000.  Ubuntu Linux does.

Mr Milberg summarizes with:

• A 39 year history of virtualization, offering a very mature technology.
• Certainly AIX doesn't have a 39 year history!
  
• Capped and uncapped partitions. Allowing users to take advantage of unused clock cycles via a shared processor pool is an innovation that no one else has. HP requires a workload manager system similar to PLM, while Sun has nothing.
• Sun has NOTHING?  We have dynamic resource pools, CPU pools, fair share based scheduling for Zones, projects and users.  You choose!
  
• SMT - Only IBM has it
• And your point is.....?
  
• Dedicated or Shared I/O on a virtual partition - Only IBM has it
• Solarix containers allow shared I/O for disks, networks and devices.
  
• IBM has only one virtualization strategy (APV)
• Sun has several providing the choice of hardware, software or VMware based partitioning to meet a wide variety of needs.
  
• One hardware platform for AIX and Linux partitions (POWER5).
• And thats a good thing?  Solaris provides you the choice of platforms ranging from an Acer Ferrari laptop (on which I'm now typing this) to a 1 TB of RAM, 144 processor super server with identical adminstrative tools and commands.
• IBM has the most bang for the buck
• I suppose its hard to calculate "bang for the buck" on Solaris because the "buck" value is zero. (Solaris is free)
  

Solaris containers are NOT a virtualization technology for everyone. Containers, however, solve both the "server sprawl" as well as the "operating system sprawl" problem that exists in many data centers today.  There are a wide variety of customers (commercial and government) using Solaris containers in production today.  Sun offers now a number of virtualization choices including:

• Logical domains (CMT chips)
• VMware (Intel/AMD chips)
• Hardware Domains (UltraSparce data center servers)
• Solaris containers (all chips, small to large platforms)

and is working on more solutions to come

Per CPU virtualization (APL)
Xen for Solaris 10  (Intel/AMD)

You can find much more on the architecture and implementation of Solaris Containers at our Sun Blueprints web site (perhaps Mr. Milberg was unaware of this resources).  There is also a Solaris Zones FAQ available in the OpenSolaris Communities.  I highly suggest that you (and Ken) review the Solaris Containers Technology Architecture Guide

To summarize, Solaris is the high volume Unix based OS that runs on more platforms, has more applications and the most advanced technology in the world.  Compared to AIX and Red Hat Enterprise Linux 4, Solaris 10:

• Does more
• Costs less
• Runs on more platforms
• Is developed as an open source product

Download Solaris 10 for free (Sparc or X64) and try it out for yourself. 

Why should you care?

We believe that you should have the most accurate information available when choosing a platform to deploy your mission critical applications. 

As a long time member of the OS Ambassadors group within Sun I have the distinct (laborious) pleasure (chore) of maintaining an internal web site with useful (not found anywhere else) tips that make us all look so smart (brilliant).

If you've never met an OS ambassador, we are an elite (small) team of experienced (old) Sun employees with the interests and talents to dive deeply (sometimes painfully) into Solaris technologies.  There are about 60 of us world wide and we are customer facing (sales) engineers who like to work with customers.

I recently updated the page inside of Sun's network and found that there are a number of public facing resources that the rest of the Solaris loving world might find interesting.

With no further ado (delay) and in no particular order: 

• Best Practices for Application Support in Non-Global Zones
• Linux to Solaris Administrators guide (non-Sun source)
• Freeware Zone Manager tools
• How To Guide: Move a Solaris Container
• Solaris 10 Common Criteria security certification
• Open Solaris contributions by external community members
• Solaris RBAC vs. sudo comparison
• Nvidia Display driver for Solaris X64
• Sun X64 Device Detection Tool for Solaris
  

Solaris 10 Common Criteria Security Certification posted on sun.com for customers to view.

http://www.sun.com/software/security/securitycert

Solaris 10 03/05 Operating Environment

The Solaris 10 03/05 operating system is conformant with the Controlled Access Protection Profile (CAPP), Version 1.d, October 8, 1999 and with the Role Based Access Control Protection Profile (RBACPP), Version 1.0, July 30, 1998 and is certified for use on SPARC and AMD based platforms.

The Solaris 10 03/05 Certified software consists of the Solaris 10 03/05 Operating Environment and a subset of Solaris 10 patches which have been reviewed to ensure that their application introduces no new security vulnerabilities.

• Security Target (.pdf 983k)
• Certificate (.pdf 70k)
• Evaluation Report (.pdf 164k)
• Solaris 10 03/05 Security Release Notes (.pdf 291k)
• Solaris 10 03/05 Certified Patch Set for SPARC (69M)
• Solaris 10 03/05 Certified Patch Set for x86 (95M)

To order Solaris 10 03/05 software, request the following media kit:

Solaris 10 03/05 DVD Media Kit.
Part Number: SOLZ9-10AC9A7M

Solaris 10 11/06 (with Solaris Trusted Extensions) is currently in the CC Evaluation process at EAL4+ using the CAPP, RBACPP and LSPP for a multi-level OS.

Why should you care?

 If you need to provide certification documents in order to get accreditation, you will need these documents.
 

Solaris and Java do real-time computing.

Before coming to Sun 11 years ago, I worked for a smaller computer company call Gould Computer Systems Division (also for 11 years). In that job, I was all real-time, all the time.  Gould CSD was later bought by Encore Computer which fizzled out along with all the other RT computer companies as commodity HW and OSes (like Solaris and IRIX) started incorporating RT features into their platforms.

 My definition of real-time computing is: "Get the right answer in the required time."  A correct answer provided after the deadline has expired is an incorrect answer.  Primary applications for RT computing include flight simulation, telemetry, weapons targetting, spacecraft control and so forth.  For example, a typical flight simulator runs on a 60 Hz frame rate.  The entire collection of data (aerodynamics, engine status, controls, visuals) must be recalculated and presented to the pilot accurately within each frame.  Failing to do this not only ruins the simulation it can easily make the pilot sick because his senses are not receiving data consistent with his actions.

Thanks to the work of Bryan Cantrill and others, Sun released Solaris 8 with real-time capability in early 2000.  These features included interrupt control, RT scheduling, high resolution timers, and POSIX system calls.  If you are interested in the details, see this white paper or this presentation.

Java, when introduced in 1995, was uniformly reviled as a slow, partially compiled language (with garbage collection) that could never be used for high performance, scientific or RT computing purposes.  Times have changed quite a bit since then.  The Java Real-Time system provides a high performance, low latency execution environment for Java developers.   Eric Bruno from Sun recently published an article entitled, "Go Inside the Java Real-Time System" at devX.com.

If you need high performance real-time computing, the combination of Solaris 10 with real-time extensions and the Java Real-Time system make for an unbeatable combination when running your your favorite Sparc, Intel or AMD based system (from Sun, HP, Dell or even IBM).

 Why should you care?

While I realize that RT computing is a small part of the market, it is extremely important particularly in the Federal Government.  Whether you do nuclear plant simulation, data collection, satellite tracking or traffic monitoring, the real-time capabilities of Solaris and Java can help to meet your goals.

Solaris 10 is a high volume OS with a huge collection of third party applications.  It is proven in the largest of enterprises as a robust, scalable data center class product.

It's been a long wait.  Internally within Sun we have been talking about integrating multi-level OS features in to the base Solaris operating system for many, many years.  This is the kind of technology that US intelligence agencies use to ensure that "red bits and green bits don't mix to make purple bits."  In the old days it was called B1 level security.  Now it is referred to as Common Criteria EAL4+ with CAPP, RBACPP and LSPP. We are currently in common criteria evaluation. See my earlier blog for more details.

Many intelligence agencies have a wide variety of "classified" network.  Because of the many security rules involved each of these networks are supposed to be kept separate and in some cases, analysts literally have 5-6 workstations sitting on their desk in order to have access to data on different networks.  This is very wasteful of power, floor space, management time and money.

Since the late 1980s Sun has been a pioneer in providing muli-level computing solutions for the US Government.  Customers include the various 3-letter agencies as well as homeland security and law enforcement agencies.  We did this on a high volume, commerical OS (Solaris) with a large ISV catalog of solutions.

In December, we quietly posted "Solaris 10 11/06."  In doing this, we provided a high level of security in a minor update to Solaris without breaking binary compatibility.  The "Trusted Extensions" component that we included is actually a relatively small amount of code that primary enables and configures the system to handle different levels of data classifications in separate Solaris zones.  Most of the heavy lifting is done by code already in Solaris 10 including Zones and privilege model.  As Glenn Faden (product architect) puts it, "The trick was to make the nearly impossible look easy."  You can find an architectual overview to Solaris 10 Trusted Extensions at the opensolaris.org site.

This solution has several benefits over the previous model used in Trusted Solaris 8:

 

Feature	Solaris 10 11/06 with Trusted Extensions	Trusted Solaris 8
Runs on all the latest Sun and X64 hardware	Yes	NO
Uses the same patches as Solaris	Yes	NO
Is supported by ISVs	Yes	NO
Has a small training delta	Yes	NO
FREE	Yes	NO
Is part of the main Solaris development team	Yes	NO
Open Sourced	Yes	NO
Standard Solaris life cycle model	Yes	NO
100% binary compatible	Yes	NO
Integrated into standard Solaris distribution	Yes	NO
Has the full support of other Sun products	Yes	NO

Solaris 10 11/06 is currently available for download at the Sun download center.  If you would like to participate in the development and future features related to Solaris security, join the security community at the OpenSolaris portal.

By the way, did I mention that it is free and runs on over 700 Sparc, Intel and AMD based platforms?

Why should you care?

The Trusted Extensions now available in Solaris 10 11/06 can help make your data and users more security by adding mandatory access control features.  It can help you to comply with mandates such as HSPD12, HIPAA and Sarbanes-Oxley.  It can reduce the risk of break-ins, "data spills" and spoofing attacks.

 It does all this while provding a widely accepted platform with a huge libary of commercial and open source software applications.  In addition, there is a large pool of skilled operators familiar with the Solaris environment.  Unlike other operating systems that run on commodity hardware (Windows, Red Hat, Suse), Solaris can take you from a laptop environment to a 144 processor "super-server" using the same administration tools processes and commands.