Tuesday Aug 21, 2012

Worth the Money?

source

Learning a new technology really is the modern equivalent of doing the Ulysees thing in Homer's Odyssey. If you're the person who has to actually deploy the darned thing. And keep it running.

First, you have to wade through the marketing designed to mesmerize your boss ...

The eData Cloud-Optimized Storage Environment solution increases the adaptability of scalable business continuity while protecting infrastructure integrity optimized for the demands of reliability, availability, and security expressly designed for the unique requirements of the data center while enhanced for today's particular, unique, and demanding enterprise challenges. In a heterogenous computing environment.

So you shake your head vigorously in the hope that most of those words will fall out your ears, and go to the documentation, which is wicked, wicked useful. Once once you have a good idea of what you want to do. But frustrating as hell when you're not sure what you're supposed to be doing. Or why.

The technical articles that OTN publishes help a lot, but they don't give you the complete picture, do they? You wind up knowing how to do some really cool things, but not having a clue how to do others. Or worse: not knowing if there are other things you need to know.

So you go to the forums. And ask a question. OTN's forums are pretty good, but even in our forums you might not get an answer. And you might develop a lasting relationship with somebody born in San Quentin Prison who dedicates himself to stalking you for the rest of his life for wasting 18 seconds of his precious time.

We're all used to this, and repeat it hundreds of times throughout the year.

But wouldn't it be nice to learn something the easy way? Just once? Have somebody who really knows what they're talking about give us the complete picture? First at the high level so we get to see all the pieces and finally understand what it is we're dealing with. That alone is almost priceless. But also in full detail, so we know how to actually install, deploy, manage, and update a technology. From end to end. Because we've done it ourselves. More than once.

For me, that would be Christmas in August. The catch for most sysadmins nowadays is that there just isn't enough time to take a class. You can't get away from the office long enough without the place burning down. Which is why Oracle University came up with its on-demand format. Here's one example:

On Demand Training: Transition to Oracle Solaris 11

Like the average sysadmin, I have little to no free time during my work week. So I can't sign up for a week-long class. And even if I did, I wouldn't pay attention half the time because I'd be answering emails, IM's, and phone calls. So this on-demand format really works for me. Plus, the content is really good. An example of how the instructor sets the context for the new installation tools in Oracle Solaris 11, with just a few words:

"Now, speaking of Solaris installations, we have essentially three different ways that we can install this. We have the automated installer. Now, the automated installer is the replacement for JumpStart. The idea here is we're installing across the network. We have a manifest that lists what component should get installed. We have client profiles that say OK, these are the clients that should get the software.

"Then we have a couple of different interactive installation options. We have a LiveCD. Now, LiveCD is designed for the desktop environment. It has a GUI environment. So for those of you that are dealing with installations that are going to happen on a desktop or notebook computers, generally, you're going to do a LiveCD installation of that. Then we have the text installer. That's typically what you're probably used to in server deployments where it's a text-based interface where you're answering the questions to install the operating system so that you're not having to worry about the resources of a graphical environment."

If you're wondering why I'm blogging about this course on OTN Garage (again), it's simple: I'm taking the course right now, in between my other work, and I'm freakin' loving it! In my case, Oracle is paying for it. But after decades of trying to learn this technology on my own --with access to Oracle's engineers, mind you-- even if Oracle didn't pay for it, I'd be awfully tempted to stop buying motorcycles and pay for it myself. Just for the peace of mind. For the relief of being certain that I know what I'm talking about.

If the link above doesn't work for you, try this one.

- Rick

Website Newsletter Facebook Twitter

Friday Aug 17, 2012

How to Create More Oracle Solaris 11 Zones With Less Effort

If you are familiar with zones in Oracle Solaris 11, you already know how to create them using a procedure like the one described in this article:

How to Get Started Creating Zones in Oracle Solaris 11
Duncan Hardie demonstrates how to perform basic operations with zones: first, how create a single zone using the command line, then how to add an application to a zone, and finally how to clone a zone.

And you may be aware that you can configure your zones so that they are easier to clone, as described in this article:

How to Configure Zones in Oracle Solaris 11 for Easy Cloning
Jeff McMeekin describes how to create a network topology of servers, routers, switches, and firewalls that you can clone right along with Oracle Solaris 11 zones.

However, if you are going to create several zones and perhaps configure them differently, why not make things easier on yourself? Why not prepare a few zone configuration plans? And when you're ready to create one, just push a button to execute one of the plans? This article by Laura Hartman describes how to do just that:

New!
How to Create Oracle Solaris 11 Zones with Oracle Enterprise Manager Ops Center 12c

Here's an overview of the process, lifted from the article:

"First, create an Oracle Solaris 11 zone profile and plan. The profile captures the zone configuration, including defining the storage and network details. The plan executes the configuration on selected targets. You can use and reuse the profile and plan to create zones with a consistent configuration.

"Then deploy the plan to create a new zone. When you deploy a plan, you identify the target operating systems and the number of zones to create. Before you submit the job to deploy the plan, you can modify some of the configuration details."

More info about Oracle Solaris 11 zones here:

- Rick

Website Newsletter Facebook Twitter

Wednesday Aug 15, 2012

It's Better with Btrfs

source

Two recently published articles to help you become proficient with the Btrfs file system in Oracle Linux:

How I Got Started with the Btrfs File System in Oracle Linux

By Margaret Bierman

Scalability and volume management. Write methodology and access. Tunables. Margaret describes these capabilities of the Btrfs file system, plus how it deals with redundant configurations, checksums, fault isolation and much more. She also walks you through the steps to create and set up a Btrfs file system so you can become familiar with it.

How I Use the Advanced Features of the Btrfs File System

By Margaret Bierman

How to create and mount a Btrfs file system. How to copy and delete files. How to create and manage a redundant file system configuration. How to check the integrity of the file system and its remaining capacity. How to take snapshots. How to clone. And more. In this article Margaret explores the more advanced features of the Btrfs file system.

Let us know what you think, and what you'd like to see Margaret write about in the future.

- Rick

Website Newsletter Facebook Twitter

Monday Aug 06, 2012

Basic and Advanced System Services Administration in Oracle Solaris 11

Does taming the behavior of your OS services manually make you feel less than your usual playful self? Lighten up. The Service Management Facility (SMF), introduced in Oracle Solaris 10 and extended in Oracle Solaris 11, provides the discipline those unruly services need. Here are two articles that will help get the most out of it.

Introducing the Basics of the Service Management Facility in Oracle Solaris 11

The SMF keeps track of the relationship between the services in your instance of Solaris. With this information, it can start services much more quickly at boot time, and it restart them automatically in the correct order if any of them fail. And that's only the beginning. In this article Glynn Foster explains what SMF does, and how to perform basic services administration with it, including how to use these four commands to get information about, and manage, your system services:

Command Description
svcadm Manage the state of service instances
svcs Provide information about services, including their status
svcprop Get information about service configuration properties
svccfg Import, export, and modify service configuration

Advanced Administration with the Service Management Facility in Oracle Solaris 11

In this article, Glynn Foster describes how to use some of the more advanced features of SMF, including service bundles, which you can use to deliver custom configuration across systems. And SMF profiles, which modify services to suit a particular installation. The introduction of layers in Oracle Solaris 11 provides better tracking of vendor-supplied customizations and administrative customizations for services and instances of services in four discrete layers, and site profiles, also described in this article, help you manage these layers more easily.

- Rick

Website Newsletter Facebook Twitter

Friday Aug 03, 2012

My Oracle RAC and Oracle Solaris Cluster Cheet Sheet

This gets complicated, so stop watching motoGP crash compilation videos for a sec.

We have Oracle Real Application Clusters (RAC). RAC lets you deploy a single Oracle Database across different servers. If the server in your Des Moines data center gets picked up by a tornado that hates you and dropped off in East Texas, the other servers pick up the load, and the database continues to operate without interruption. That's easy to understand.

We also have Oracle Solaris Cluster. It lets you deploy the Oracle Solaris operating system across different servers. If the server in your Barbados data center gets washed away by a hurricane that hates you and dropped off in West Africa, the other servers pick up the load, and the operating system continues to operate without interruption. A good quote:

White Paper: Extending Oracle Solaris for Business Continuity
"Oracle Solaris Cluster offers comprehensive and robust capabilities for keeping your business IT, including those running Oracle Database and Applications, up and running in the face of nearly every conceivable situation."

That's easy to understand, as well.

So why would somebody complicate our sysadmin lives by suggesting we install Oracle RAC on Oracle Solaris Cluster? What would that be, highly-available high availability?

Turns out that's not what they're suggesting. They're suggesting we install Oracle RAC not on Solaris Clusters, but on zone clusters. What's a zone cluster, you ask?

A zone cluster is a cluster created from Solaris zones that are physically located on different servers. That's similar to a regular cluster, but it uses zones instead of entire OS instances. Don't confuse a zone cluster with a failover cluster. Instead, read this white paper:

White Paper: Zone Clusters: How to Deploy Virtual Clusters and Why
This paper introduces the zone cluster, a virtual cluster in which an Oracle Solaris Zone is configured as a virtual node. The zone cluster supports the consolidation of multiple cluster applications on a single cluster.

That's all very interesting, but what about our original question:

Why would someone want to complicate our sysadmin lives by suggesting we install Oracle RAC on a zone cluster?

Turns out there two good reasons:

  • It's a better high-availability solution for a multi-tier application environment
  • It lets you isolate your database development, test, and deployment environments from each other.

How the Oracle RAC/Zone Cluster Combo Is Better For Multi-Tier Applications

Let's say that you are using your Oracle database as one tier in two different application environments. The first one is an HR application, the one second is an e-business suite. Both access the same database. Well, Oracle RAC would give you the high-availability for that database. But the applications would not be highly available. However, if you installed the database with Oracle RAC inside one zone cluster, and each application inside its own zone cluster, you'd make both application environments highly avaiable. And, if you limit the administrative privileges for each zone cluster, you'd get administrative isolation, as well.

How the Oracle RAC/Zone Cluster Combo Is Safer for Deployment

You've probably heard by now about Knight Capital Group's trading glitch that dropped the company's value by 50% in one day. I don't know exactly what happened, but I wonder if they didn't deploy either their development or their test environment instead of the one that was ready for prime time.

I suppose it's a sysadmin's duty to learn from another sysadmin's misfortune. So, if you divide your zone clusters into development, test, and deployment environments, you might have a better shot at avoiding a similar catastrophe. For example, install Oracle RAC with an Oracle DB into your development zone cluster, and keep it isolated from your test and deployment zone clusters. One sysadmin controls the development cluster. Another the test cluster. And the biggest, baddest sysadmin controls the deployment cluster. When the development environment is ready for testing, the test admin must OK the migration. That goes double for the deployment environment. And all the while, each environment remains highly available.

Resources

Turns out that Oracle and the portion of Oracle that was once Sun Microsystems have been collaborating on Oracle RAC/Solaris Cluster solutions for a long time. Customers like this approach so much that we just published three articles explaining how to do it. Each article covers a different version of the software:

Article RAC Version Solaris Version Cluster Version
How to Deploy Oracle RAC 11.2.0.2 on Oracle Solaris Zone Clusters 11.2.0.2 10 3.3
How to Deploy Oracle RAC 11.2.0.3 on Oracle Solaris Zone Clusters 11.2.0.3 10 3.3
How to Deploy Oracle RAC 11.2.0.3 on Oracle Solaris 11 Zone Clusters 11.2.0.3 11 4.0

And if you want more, we also have a page full of links to all our Solaris Cluster how-to articles and background white papers:

Where to find everything Solaris Cluster-related

Don't be the sysadmin who bankrupts your company in one day. Get educated.

- Rick

Website Newsletter Facebook Twitter

Wednesday Aug 01, 2012

Just because I’m paranoid doesn’t mean…

KeyholeWhile I’m a passionate computer user–recognized within my family and circle of friends as a reigning (or at least old) geek–I spend at least as much time warning people to be careful as I do showing them the cool things they can do with their computers. I’m shocked at the widespread complacency over computer and network security and privacy: we should all be afraid. Very afraid. I only need remind you of recent security breaches with LinkedIn and Dropbox!

I have been in the business of publishing systems best practices for over a decade: security has been a keystone topic all those years. The good news is that high levels of security can be achieved: you just have to be smart about it. With a few exceptions, security isn’t something we actually sell, because it is dominated by relatively unglamorous concepts, processes, and practices, not extra hardware and software.

Because of this, security experts often find themselves trying to teach really fundamental (and after-the-fact, obvious) concepts. For example, in building a secure environment, you want to make sure your platform fulfills four important points:

  • It must be able to prevent or minimize the damage caused from both accidental and malicious actions. This is referred to as survivability.
  • It provides a layered set of defenses exist so that secure operations continue even after a vulnerability or the failure of a single security control. This is referred to as defense in depth.
  • It provides only those services that are absolutely necessary to the function or user. This is referred to as least privilege.
  • It is critical to be able to detect and report a breach. This is referred to as accountability.

We just posted an important article, written by three security experts I have worked with for a long time: Best Practices for Securely Deploying the SPARC SuperCluster T4–4. In building a solution that will survive a world of sophisticated cyber-criminals, it is more important than ever to pick the correct hardware and software platform. This article gives you a crash course in the things to consider, and explanation of the special features of the SPARC SuperCluster T4–4 that will make your job of creating a secure environment easier, and (most importantly) how to go about putting things together.

This is a big and important topic. Once you have digested this “Reader’s Digest” article, I’m confident that you’ll want to look at the references listed at the end. Now is the time to get smart about security.

–Kemer

About

Contributors:
Rick Ramsey
Kemer Thomson
and members of the OTN community

Search

Archives
« August 2012 »
SunMonTueWedThuFriSat
   
2
4
5
7
8
9
10
11
12
13
14
16
18
19
20
22
23
24
25
26
27
28
29
30
31
 
       
Today
Blogs We Like