Thursday Mar 28, 2013

Is Tape Storage Still Harder to Manage Than Disk Storage?


-guest post by Brian Zents-

Historically, there has been a perception that tape is more difficult to manage than disk, but why is that? Fundamentally there are differences between disk and tape. Tape is a removable storage medium and disk is always powered on and spinning. With a removable storage one piece of tape media has the opportunity to interact with many tape drives, so when there is an error, customers historically wondered whether the drive or the media was at fault. With a disk system there is no removable media, if there is an error you know exactly which disk platter was at risk and you know what corrective action to take.

However, times have changed. With the release of Oracle’s StorageTek Tape Analytics (STA) you are no longer left wondering if the drive or the media is at risk, because this system does the analysis for you, leaving you with proactive recommendations and resulting corrective actions … just like disk.

For those unfamiliar with STA, it’s an intelligent monitoring application for Oracle tape libraries. Part of the purpose of STA is to allow users to make informed decisions about future tape storage investments based on current realities, but it also is used to monitor the health of your tape library environment. Its functionality can be utilized regardless of the drive and media types within the library, or whether the libraries are in an open system or mainframe environment.

STA utilizes a browser-based user interface that can display a variety of screens. To start understanding errors and whether there is a correlation between drive and media errors, you would click on the Drives screen to understand the health of drives in a library. Screens in STA display both tables and graphs that can be sorted or filtered.

In this screen ...

... it is clear that one specific drive has many more errors relative to the system average.

Next, you would click on the Media screen:

The Media screen helps you quickly identify problematic media. But how do you know if there’s a relationship between the two different types of errors? STA tracks library exchanges, which is convenient because each exchange involves just one drive and one piece of media. So, as shown below, you can easily filter the screen results to just focus in on exchanges involving the problematic drive.

You can sort the corresponding table based on whether the exchange was successful or not. You can then review the errors to see if there is a relationship between the problematic media and drive. You may also want to review the drive’s exchanges to see if media that’s having issues has any similarities to other media that’s having problems. For example, a purchased pack of media could all be having similar problems.

What if there doesn’t appear to be a relationship between media and drive errors? Part of the ingenuity of STA is that just about everything is linked, so root causes are easy to find. First, you can look at an individual drive to see its recent behavior, as show on this screen:

From the table you can see that this particular drive was healthy until recently. The drive indicated it needed a cleaning, and somebody performed that cleaning. However, just a few exchanges later, it started reporting errors. In this case, it’s clear that the drive has an issue that goes beyond the relationship with a specific piece of media and should be taken offline. On the other hand, if the issue appears to be related to the media itself, you should identify a method to transfer the data off of the media, and replace the media.

- Brian Zents

Follow OTN Garage on:
Blog | Facebook | Twitter | YouTube

Wednesday Mar 27, 2013

Why Become a Solaris Sysadmin?

On the one hand Oracle is telling you that Solaris is the key component of the Oracle stack, that we've been investing heavily in it, and that it provides the best platform for managing the stack. Watch these videos:

On the other hand, we are telling your boss to buy our engineered systems because they'll not only reduce the complexity of managing the data center, but they'll need fewer sysadmins to run them.

So, which is it?

Video Interview: Why Become a Solaris Sysadmin?

I asked Larry Wake, Solaris old-timer. Tell me what you think of his answer.

Video Interview: Why Become A Solaris Sysadmin?.

A year or two ago, Justin asked Marshall Choy a similar question. Watch that video here:

Video Interview: Impact of Engineered Systems on the Sysadmin

- Rick

Follow me on:
Blog | Facebook | Twitter | YouTube | The Great Peruvian Novel

Thursday Mar 21, 2013

How to Protect Your Oracle Solaris Zone Cluster


We just published an article by Subarna Ganguly that describes how to build a secure zone cluster. In other words, a zone cluster with trusted extensions. If you want to go straight to the article, scroll down to the bottom of this blog. If you're new to zones, clustering, or trusted extensions, I'll try to explain what's interesting about this article.

Vanilla Solaris

In the beginning there was root and user. Root could do anything anywhere, user could do very little. We improved that with the notion of roles. Access rights (permissions) were assigned to roles instead of users. And individual users were assigned to one or more roles. Access Control Lists (ACL) improved this even more.

Oracle Solaris has about 80 different roles. You can see the privileges each one has by looking at the /etc/user_attr.d directory

Trusted Extensions

Trusted extensions add "sensitivity" labels. These labels are similar to a security clearance in the military: confidential, secret, top secret, etc. With trusted extensions, you first label users, data, processes, peripherals, and pretty much everything that a user or process can access. Then you give uses and processes their own label. A user or process can only access something that has a label with the same or greater access.

"Trusted extensions ... is not something that can be just 'turned on' like a firewall. Trusted extensions fits into a framework where there's a formal security policy, possibly an LDAP server where users and their clearances are defined, as well as network access points that are labeled."
- Book: Oracle Solaris 11 System Administration, Chapter 18

Solaris Zones

Zones are virtual instances of the Solaris environment launched and controlled from the base OS environment, known as the non-global zone.

"Oracle Solaris Zones let you isolate one application from others on the same OS, allowing users to log in and do what they want from inside one zone without affecting anything outside that zone. In addition, Oracle Solaris Zones are secure from external attacks and internal malicious programs. Each Oracle Solaris Zone contains a complete resource-controlled environment that allows you to allocate resources such as CPU, memory, networking, and storage."
- OTN Article: How to Get Started Creating Zones in Oracle Solaris 11

Solaris Cluster

Oracle Solaris Cluster lets you deploy the Oracle Solaris operating system across different servers. If the server in your Barbados data center gets washed away by a hurricane that hates you and dropped off in West Africa, the other servers pick up the load, and the operating system continues to operate without interruption.

"Oracle Solaris Cluster delivers the high availability and disaster recovery capabilities of Oracle Solaris 11 and extends, with version 4.1, its built-in support for the Oracle software and hardware stack, to protect business critical application deployments in virtualized and traditional environments."
- White Paper: Oracle Solaris and Oracle Solaris Cluster

Zone Clusters

A zone cluster is a cluster created from Solaris zones that are physically located on different servers. That's similar to a regular cluster, but it uses zones instead of entire OS instances.

"Such large amounts of idle processing capacity present an almost irresistible opportunity for better system utilization. Organizations seek ways to reclaim this unused capacity, and thus are moving to host multiple applications on a single cluster. However, concerns about interactions between applications, especially in the areas of security and resource management, make people wary. Virtualization technologies address these security concerns and provide safe ways to host multiple applications in different clusters on a single hardware configuration.
- White Paper: How to Deploy Virtual Clusters and Why

Trusted Zone Clusters and Saburna's How To Article

Oracle Solaris Trusted Zone clusters became available in Oracle Solaris Cluster 4.1. They are zone clusters with the security capabilities (mandatory access control or MAC) provided by Trusted Extensions. The zones in the cluster are labeled in the same way that other objects are labeled, so that only other objects with the same (or higher) sensitivity label can access them. Saburna Ganguli walks you through the steps required to set one up:

OTN Article: How to Build a Trusted Zone Cluster with Oracle Solaris Cluster 4.1

More Cluster Resources

Note: Get big discounts on Safari Books online by subscribing to the OTN Systems Community Newsletter

- Rick

Follow me on:
Blog | Facebook | Twitter | YouTube | The Great Peruvian Novel

Monday Mar 04, 2013

What It Takes to Deploy and Manage a Private Cloud


That's what your private cloud will look like if you do it wrong. And there are so many things that can go wrong.

Oracle offers several ways to set up your own private cloud. Richard Friedman describes what's involved in not only deploying it with Oracle VM, but managing it.

Article: What It Takes to Deploy and Manage a Private Cloud

Here are three excerpts:

"A few days ago I had dinner with my friend Dave. He’s a systems administrator for his company’s private cloud. Until recently, his company had relied on a mashup of customized applications, scripts, and handwritten procedures for doing everything from allocating storage to users to provisioning virtualized servers, updating and patching operating systems, and deploying applications over the network. He had been complaining for months about the difficulties of trying to satisfy requests from users and clients quickly and how these custom environments were becoming more and more unreliable and difficult to maintain...

"Organizations typically follow a layered approach to implementing a cloud. The proper layering is important not only from an architecture perspective, but also from an organizational perspective. As Dave mentioned, he has specialized storage administrators for managing storage; sysadmins for managing servers and the operating system infrastructure; and database, middleware, and application administrators for higher layers of the stack. "The cloud is like an orchestra," he said; all these performers play in unison, while being still accountable for their respective components...

"Dave also pointed out that to make his new private cloud fully operational, he needed self-service, elasticity, and chargeback capabilities, and the ability to integrate with third-party components, such as a help desk implementation. Moreover, to offer platform as a service (PaaS) capabilities, the infrastructure management has to be done within the context of platform components, such as the database and middleware. This is where Oracle Enterprise Manager fits in. It can work seamlessly with Oracle VM Manager to provide a fully automated, self-service, capacity-on-demand environment."

Don't do it wrong. Read Richard's article.

- Rick

Follow me on:
Blog | Facebook | Twitter | YouTube | The Great Peruvian Novel


Logan Rosenstein
and members of the OTN community


« March 2013 »
Blogs We Like