What's New in Oracle Solaris 11
By Jeff Victor on Oct 18, 2011
The list of features below is not exhaustive. Complete documentation about changes to Solaris will be made available. To learn more, register for the Solaris 11 launch. You can attend in person, in New York City, or via webcast.
Software management features designed for cloud computingThe new package management system is far easier to use than previous versions of Solaris.
- A completely new Solaris packaging system uses network-based repositories (located at our data centers or at yours) to modernize Solaris packaging.
- A new version of Live Upgrade minimizes service downtime during package updates. It also provides the ability to simply reboot to a previous version of the software if necessary - without resorting to backup tapes.
- The new Automated Installer replaces Solaris JumpStart and simplifies hands-off installation. AI also supports automatic creation of Solaris Zones.
- Distro Constructor creates Solaris binary images that can be installed over the network, or copied to physical media.
- The previous SVR4 (System V Release 4) packaging tools are included in Solaris 11 for installation of non-Solaris software packages.
- All of this is integrated with ZFS. For example, the alternate boot environemnts (ABEs) created by the Live Upgrade tools are ZFS clones, minimizing the time to create them and the space they occupy.
Network virtualization and resource control features enable networks-in-a-boxPreviewed in Solaris 11 Express, the network virtualization and resource control features in Oracle Solaris 11 enable you to create an entire network in a Solaris instance. This can include virtual switches, virtual routers, integrated firewall and load-balancing software, IP tunnels, and more. I described the relevant concepts in an earlier blog entry.
In addition to the significant improvements in flexibility compared to a physical network, network performance typically improves. Instead of traversing multiple physical network components (NICs, cables, switches and routers), packet transfers are accomplished by in-memory loads and stores. Packet latency shrinks dramatically, and aggregate bandwidth is no longer limited by NICs, but by memory link bandwidth.
But mimicking a network wasn't enough. The Solaris 11 network resource controls provide the ability to dynamically control the amount of network bandwidth that a particular workload can use. Another blog entry described these controls. (Note that some of the details may have changed between the Solaris 11 Express details described in that entry, and the details of Solaris 11.)
Easy, efficient data managementSolaris 11 expands on the award-winning ZFS file system, adding encryption and deduplication. Multiple encryption algorithms are available and can make use of encryption features included in the CPU, such as the SPARC T3 and T4 CPUs. An in-kernel CIFS server was also added, and the data is stored in a ZFS dataset. Ease-of-use is still a high-priority goal. Enabling CIFS service is as simple as enabling a dataset property.
Improved built-in computer virtualizationAlong with ZFS, Oracle Solaris Zones continues to be a core feature set in use at many data centers. (The use of the word "Zones" will be preferred over the use of "Containers" to reduce confusion.) These features are enhanced in Solaris 11. I will detail these enhancements in a future blog entry, but here is a quick summary:
- Greater flexibility for immutable zones - called "sparse-root zones" in Solaris 10. Multiple options are available in Solaris 11.
- A zone can be an NFS server!
- Administration of existing zones can be delegated to users in the global zone.
- Zonestat(1) reports on resource consumption of zones. I blogged about the Solaris 11 Express version of this tool.
- A P2V "pre-flight" checker verifies that a Solaris 10 or Solaris 11 system is configured correctly for migration (P2V) into a zone on Solaris 11.
- To simplify the process of creating a zone, by default a zone gets a VNIC that is automatically configured on the most obvious physical NIC. Of course, you can manually configure a plethora of non-default network options.
Advanced protectionLong known as one of the most secure operating systems on the planet, Oracle Solaris 11 continues making advances, including:
- CPU-speed network encryption means no compromises
- Secure startup: by default, only the ssh service is enabled - a minimal attack surface reduces risk
- Restricted root: by default, 'root' is a role, not a user - all actions are logged or audited by username
- Anti-spoofing properties for data links
- ...and more.