Solaris 10, the most advanced UNIX has recently announced its third update. The following is a summary of features, functions and benefits of the new build.
I. Security
- Solaris Trusted Extensions - Customers with government mandated security requirements can now enforce strict access controls based upon data sensitivity in addition to it’s ownership. The Mandatory Access Control policy is the heart of the trusted extensions, which meet the CAPP, RBAC and LSPP at EAL4+.
- Secured by Default Networking - Less experienced customers running Solaris with the Secure Networking by Default profile feature will immediately reduce their risk of exposure on the Internet or LAN.
- Configuration Solaris Container Privileges - Security and system administrators may now configure Solaris containers to allow certain security windows of capability.
Sun Microsystems’ server revenue climbed almost 14 percent since the second quarter last year, pushing Sun ahead of Dell in the rankings. What is Sun’s winning strategy?
Solaris on Opteron
Sun picked up what other vendors like IBM and HP long treat as secondary to Intel Xeon. With the acquisition of Kealia in early 2004, Sun set its sights on creating usefully-differentiated AMD Opteron-based systems.
After two years, Sun now offers from a single-chassis eight-socket server to a four-socket blade that is solely about heavy-duty data center infrastructure to the ultimate Sun Fire X4500 direct-attached storage, all taking standard volume components.
These are computing commodities. Sun is open to put anything on it should the market requires. Combining Sun’s quality with the cost effective volume components, it finally gets out of the deadlock of staying unique and passionate about computers and offering them at a competitive market price.
Success: Become a player in the computing commodities.
NexentaOS is a complete GNU-based open source operating system built on top of the OpenSolaris kernel and runtime. So what’s the big deal?
It’s a “best of both worlds” kind of operating system gluing SunOS kernel with GNU software. SunOS kernel is the most sophisticated UNIX kernel, period. Even Google Inc. is experimenting with the open-source version of Sun Microsystems Inc.’s Solaris operating system as a possible long-term prelude to replacing its massive global network of Linux servers, according to sources. GNU software is what make Linux so popular among different class of users.
Nexenta’s Alpha 5 release is available as an installable ISO or LiveCD that is released on 15 June. NexentaOS currently requires 32- or 64-bit x86/x64 platform with at least 256MB RAM, and a CD-ROM drive. You can try out the OS using the Getting Started Guide (pdf) to install. LiveCD needs 512MB RAM for root partition’s ramdisk and kernel loaded together.
Solaris Service Management Facility (SMF) is a core part of the Predictive Self-Healing technology available in Solaris 10, which provides automatic recovery from software and hardware failures as well as administrative errors. To get a quick start of SMF, follow this link.
Tip 1: Alert you about SMF activities
While the facility eases the support of a large set of services in a unified model on each Solaris system, there is no transparency of the actual process. When a SMF service fails for some reason and automatically restarts, you don’t really know about it unless you keep a close eye on your services logs. This is when a utility written in Perl like SMF Monitor Alert is useful. It runs as a daemon and monitors the SMF service specified in and mail to recipient if something happens. You have a choice of using Mail::Sender Perl module or sendmail. To start the daemon, you need to type something like
#./smfalert.pl -m -p -i "apache:default print/server:default" -r itechnot@itechnote.com
Ever been asked a question similar to “I wanna to find out who is logged in last night at 8:34″?
The last command for Solaris tells who was or still is on the system. You may want to use with ‘| more‘ to be able to page through the log. It offers great feature for tracking who was on your system last, how long they stayed logged in and from which terminal or machine (IP) they came from. It will save your day by tracking those would-be party-crashers.
If you want an enhanced version of last, you may want to try out Matty’s lastx. lastx is an extension of the last utility shipped with Solaris. It prints all 32-characters of the users utmpx entry, and provides facilities to display last data over a period of days. It also allows the user to print unique logins, and the total number of attempted logins. However, you need to compile the program yourself as it comes with source only.
Mr. Cantrill came up with the general idea for DTrace in 1996, while he was a computer-science student at Brown University, but didn’t get to start work on it until late 2001. It took nearly three years for him and his team — Michael Shapiro, a Sun distinguished engineer, and Adam Leventhal, a staff engineer — to make it work; a final version shipped early last year as part of Sun’s Solaris 10 operating system.
Where most debugging takes place as software is being developed, DTrace analyzes problems with systems that are in production — running a company’s database, say, or executing stock trades. It does this with a process called “dynamic tracing,” which enables a developer or systems administrator to run diagnostic tests on a system without causing it to crash. Before DTrace, such tests often took days or weeks to reproduce the problem and identify the cause. With DTrace, performance problems can be tracked to their underlying causes in hours, even minutes.
It is time to get serious about DTrace folks. Sun has provided quite a number of guides to get you started. You can find the official resources at BigAdmin DTrace and also enough examples to get you excited at Brendan Gregg’s Homepage.
via WSJ
Large sequential I/O can cause performance problems due to excessive use of the memory page cache. One way to avoid this problem is to use direct I/O on filesystems where large sequential I/Os are common. Direct I/O is a mechanism for bypassing the memory page cache alltogether.
DIRECTIO_ON allows you to force directio per-file and is used by Oracle database. The idea is that with a properly sized memory area the database can manage its own buffering and avoid the overhead of copying to kernel buffers. Even after the database is shut down directio will persist for a long time. The flag is set in the inode’s i_flag and hangs around cached within the inode in the DNLC and will effect files until the inode is flushed from the DNLC.
John Alderson demonstrated the problem using two simple C programs.
Enabling TCP Wrappers to block inter-zone traffic
1 Comment Published September 25th, 2006 in Solaris.TCP Wrappers has been around for many, many years. It is used to restrict access to TCP services based on host name, IP address, network address, and so on. For more details on what TCP Wrappers is and how you can use it, see tcpd(1M). TCP Wrappers was integrated into the Solaris Operating System starting in the Solaris 9 release, where both Solaris Secure Shell and inetd-based (streams, nowait) services were wrapped. Bonus points are awarded to anyone who knows why UDP services are not wrapped by default.
If you have a Solaris 10 box configured with multiple zones, then each zone on the box is by default able to communicate with any other zone on the box, provided that it has a route. There’s two ways of mediating inter-zone traffic on the same box which do work. The first of these involves a little twist on routing, and the second involves tcp_wrappers.
Continue reading ‘Enabling TCP Wrappers to block inter-zone traffic’
Roch Bourbonnais at Kernel Performance Engineering, Sun Microsystems reckons ZFS is not quite ready for the prime time. The result shows an increasing better performance on each ZFS build and is not far from a super tuned UFS.
To achieve acceptable performance levels:
The latest ZFS code base. ZFS improves fast these days. We will need to keep tracking releases for a little while. The current OpenSolaris release as well as the upcoming Solaris 10 Update 3 (this fall), should perform for these tests, as well as the Build 44 results shown here.
UFS/DIO : 100 %
UFS : xx no directio (to be updated)
ZFS Best : 75% best tuned config with latest bits.
ZFS S10U2 : 50% best tuned config.
ZFS S10U2 : 25% simple tuning.
UFS (with DIO) has been heavily tuned over the years to provide very good support for DBMS. We are just beginning to explore the tweaks and tunings necessary to achieve comparable performance from ZFS in this specialized domain. We knew that running a DBMS would be a challenge since, a database tickles filesystems in ways that are quite different from other types of loads.