Friday Sep 13, 2013

About LTFS - Library Edition

Oracle just launched the T10000D tape drive with its incredible 8.5 TB of native capacity and LTFS-Library Edition (LTFS-LE), which expands the LTFS concept to an entire library. The Oracle T10000D has some neat features that I would like to address in the future, but today I’d like to talk about LTFS-LE since it really is a new concept.

About LFTS-LE

LTFS is an open source specification for writing data to tape on single tape drives. It is supported by Oracle and other tape vendors. The version you can download from Oracle is called StorageTek LTFS, Open Edition (LTFS-OE).

When an LTFS-compatible T10000 or LTO tape is formatted for LTFS, it is split into two partitions. The first partition holds the metadata that tells the user which files are on the tape and where they are located. The second partition holds the files themselves.

Benefits of Using LTFS-LE

There are a few nice benefits for those who utilize LTFS. Most important is the peace of mind that you will always be able to recover your data regardless of your backup application or any other proprietary software because it’s based on an open source specification. It also improves the portability of tape because two parties don’t both need the same application to read a tape. In fact, LTFS has seen tremendous adoption in industries that require the ability to transport large amounts of data.

The limitation with the open source version of LTFS is that it’s limited to just a single drive. Users with even the smallest archives would like to have their entire environment to be LTFS-based. That’s the impetus for StorageTek LTFS, Library Edition (LTFS-LE), but it also serves as a backup application eliminator because of how it’s architected. With LTFS-OE, after you download the driver, a tape looks like a giant thumb drive. LTFS-LE makes the tape library look like a shared drive with each tape appearing as a sub-folder. It’s like having a bucket full of thumb drives that are all accessible simultaneously!

Just as before, you don’t need any additional applications to access files. And end users are almost completely abstracted from the nuances of managing tape. All they need is a Samba or CIFS connection and they have access to the tape library. LTFS-LE is agnostic to corporate security architectures so a system administrator could make some folders (tapes) available to some users while restricting others based on corporate security guidelines.

Security and Performance Considerations

However, security is arguably one of the more straightforward considerations when deciding how to integrate an LTFS-LE implementation into your environment. An additional consideration is to ensure that LTFS-LE can meet your performance expectations. Tape drives are remarkably faster than they are given credit for (the Oracle T10000D can write at 252 MB/sec.), but sometimes networks aren’t designed to handle that much traffic so performance requirements need to be considered accordingly. In addition, it may take some time before a read operation actually starts as the library needs time to mount a tape. As a result, system administrators need to be cognizant of how end user applications will accept response times from any tape storage-based solution.

A final performance consideration is to be aware of how many tape drives are in your library relative to how many users may be accessing files directly from tape. If you have a disproportionately large number of users you may want to consider a more traditional enterprise-level archiving solution such as StorageTek Archive Manager (SAM), which writes files based on the Tape Archive Record (TAR) open source standard.

Ultimately, LTFS-LE provides exciting new opportunities for system administrators looking to preserve files with a format that isn’t dependent on proprietary solutions. It also makes it easy for users who need access to large amounts of storage without a lot of management difficulties. Support for LTFS continues to grow. Oracle is actually one of the co-chairs of the SNIA committee that’s working towards standardizing LTFS. And this is just the start for LTFS-LE as well, as Oracle will continue expanding its capabilities in the near future.

picture of 2008 Harley Davidson FXSTC taken by Rick Ramsey
- Brian Zents

Follow OTN Garage on:
Blog | Facebook | Twitter | YouTube |

Thursday Mar 21, 2013

How to Protect Your Oracle Solaris Zone Cluster

source

We just published an article by Subarna Ganguly that describes how to build a secure zone cluster. In other words, a zone cluster with trusted extensions. If you want to go straight to the article, scroll down to the bottom of this blog. If you're new to zones, clustering, or trusted extensions, I'll try to explain what's interesting about this article.

Vanilla Solaris

In the beginning there was root and user. Root could do anything anywhere, user could do very little. We improved that with the notion of roles. Access rights (permissions) were assigned to roles instead of users. And individual users were assigned to one or more roles. Access Control Lists (ACL) improved this even more.

Oracle Solaris has about 80 different roles. You can see the privileges each one has by looking at the /etc/user_attr.d directory

Trusted Extensions

Trusted extensions add "sensitivity" labels. These labels are similar to a security clearance in the military: confidential, secret, top secret, etc. With trusted extensions, you first label users, data, processes, peripherals, and pretty much everything that a user or process can access. Then you give uses and processes their own label. A user or process can only access something that has a label with the same or greater access.

"Trusted extensions ... is not something that can be just 'turned on' like a firewall. Trusted extensions fits into a framework where there's a formal security policy, possibly an LDAP server where users and their clearances are defined, as well as network access points that are labeled."
- Book: Oracle Solaris 11 System Administration, Chapter 18

Solaris Zones

Zones are virtual instances of the Solaris environment launched and controlled from the base OS environment, known as the non-global zone.

"Oracle Solaris Zones let you isolate one application from others on the same OS, allowing users to log in and do what they want from inside one zone without affecting anything outside that zone. In addition, Oracle Solaris Zones are secure from external attacks and internal malicious programs. Each Oracle Solaris Zone contains a complete resource-controlled environment that allows you to allocate resources such as CPU, memory, networking, and storage."
- OTN Article: How to Get Started Creating Zones in Oracle Solaris 11

Solaris Cluster

Oracle Solaris Cluster lets you deploy the Oracle Solaris operating system across different servers. If the server in your Barbados data center gets washed away by a hurricane that hates you and dropped off in West Africa, the other servers pick up the load, and the operating system continues to operate without interruption.

"Oracle Solaris Cluster delivers the high availability and disaster recovery capabilities of Oracle Solaris 11 and extends, with version 4.1, its built-in support for the Oracle software and hardware stack, to protect business critical application deployments in virtualized and traditional environments."
- White Paper: Oracle Solaris and Oracle Solaris Cluster

Zone Clusters

A zone cluster is a cluster created from Solaris zones that are physically located on different servers. That's similar to a regular cluster, but it uses zones instead of entire OS instances.

"Such large amounts of idle processing capacity present an almost irresistible opportunity for better system utilization. Organizations seek ways to reclaim this unused capacity, and thus are moving to host multiple applications on a single cluster. However, concerns about interactions between applications, especially in the areas of security and resource management, make people wary. Virtualization technologies address these security concerns and provide safe ways to host multiple applications in different clusters on a single hardware configuration.
- White Paper: How to Deploy Virtual Clusters and Why

Trusted Zone Clusters and Saburna's How To Article

Oracle Solaris Trusted Zone clusters became available in Oracle Solaris Cluster 4.1. They are zone clusters with the security capabilities (mandatory access control or MAC) provided by Trusted Extensions. The zones in the cluster are labeled in the same way that other objects are labeled, so that only other objects with the same (or higher) sensitivity label can access them. Saburna Ganguli walks you through the steps required to set one up:

OTN Article: How to Build a Trusted Zone Cluster with Oracle Solaris Cluster 4.1

More Cluster Resources

Note: Get big discounts on Safari Books online by subscribing to the OTN Systems Community Newsletter

- Rick

Follow me on:
Blog | Facebook | Twitter | YouTube | The Great Peruvian Novel

Wednesday Sep 05, 2012

Is 'Old-School' the Wrong Way to Describe Reliable Security?

source

The Hotel Toronto apparently knows how to secure its environment.

"Built directly into the bedrock in 1913, the vault features an incredible 4-foot thick steel door that weighs 40 tonnes, yet can nonetheless be moved with a single finger. During construction, the gargantuan door was hauled up Yonge Street from the harbour by a team of 18 horses. "

1913. Those were the days. Sysadmins had to be strong as bulls and willing to shovel horse maneur. At least nowadays you don't have to be that strong. And, if you happen to be trying to secure your Oracle Linux environment, you may be able to avoid the shoveling, as well. Provided you know the tricks of the trade contained in these two recently published articles.

Tips for Hardening an Oracle Linux Server

General strategies for hardening an Oracle Linux server. Oracle Linux comes "secure by default," but the actions you take when deploying the server can increase or decrease its security. How to minimize active services, lock down network services, and many other tips. By Ginny Henningsen, James Morris and Lenz Grimmer.

Tips for Securing an Oracle Linux Environment

System logging with logwatch and process accounting with psacct can help detect intrusion attempts and determine whether a system has been compromised. So can using the RPM package manager to verifying the integrity of installed software. These and other tools are described in this second article, which takes a wider perspective and gives you tips for securing your entire Oracle Linux environment. Also by the crack team of Ginny Henningsen, James Morris and Lenz Grimmer.

- Rick

Website Newsletter Facebook Twitter

Wednesday Aug 01, 2012

Just because I’m paranoid doesn’t mean…

KeyholeWhile I’m a passionate computer user–recognized within my family and circle of friends as a reigning (or at least old) geek–I spend at least as much time warning people to be careful as I do showing them the cool things they can do with their computers. I’m shocked at the widespread complacency over computer and network security and privacy: we should all be afraid. Very afraid. I only need remind you of recent security breaches with LinkedIn and Dropbox!

I have been in the business of publishing systems best practices for over a decade: security has been a keystone topic all those years. The good news is that high levels of security can be achieved: you just have to be smart about it. With a few exceptions, security isn’t something we actually sell, because it is dominated by relatively unglamorous concepts, processes, and practices, not extra hardware and software.

Because of this, security experts often find themselves trying to teach really fundamental (and after-the-fact, obvious) concepts. For example, in building a secure environment, you want to make sure your platform fulfills four important points:

  • It must be able to prevent or minimize the damage caused from both accidental and malicious actions. This is referred to as survivability.
  • It provides a layered set of defenses exist so that secure operations continue even after a vulnerability or the failure of a single security control. This is referred to as defense in depth.
  • It provides only those services that are absolutely necessary to the function or user. This is referred to as least privilege.
  • It is critical to be able to detect and report a breach. This is referred to as accountability.

We just posted an important article, written by three security experts I have worked with for a long time: Best Practices for Securely Deploying the SPARC SuperCluster T4–4. In building a solution that will survive a world of sophisticated cyber-criminals, it is more important than ever to pick the correct hardware and software platform. This article gives you a crash course in the things to consider, and explanation of the special features of the SPARC SuperCluster T4–4 that will make your job of creating a secure environment easier, and (most importantly) how to go about putting things together.

This is a big and important topic. Once you have digested this “Reader’s Digest” article, I’m confident that you’ll want to look at the references listed at the end. Now is the time to get smart about security.

–Kemer

Tuesday Jul 17, 2012

How to Protect Your Oracle Linux System from the Higgs Boson

Now that the Higgs Boson particle has been gently coaxed out of hiding, you know what's gonna happen, don't you? Your boss is gonna walk into your office and demand a plan for protecting your Oracle Linux system against it.

You could act like a smart aleck sysadmin and inform him or her that it took a team of scientists 10 years and 500 trillion collisions to get conclusive evidence of its existence, and let's not even talk about how difficult it was for God to create the elusive thing, but that would violate the first law of corporate survival:

Never, ever make your boss look stupid

Instead, jump out of your chair and say "OMG! I hadn't though of that!" Then read our latest article and use what you learn to write up a plan that will make your boss look real good to his or her boss. (Just make sure your name appears nowhere.)

Tips for Hardening an Oracle Linux Server

Lenz Grimmer and James Morris provide guidelines for:

  • Minimizing the software footprint
  • Minimizing active services
  • Locking down network services
  • Disabling or tightening use of SSH
  • Configuring mounts, file permissions, and ownerships
  • Managing Users and Authentication
  • Other Security Features and Tools
  • Cryptography
I hope you enjoy reading the article as much as I did. And good luck with your career.

- Rick

Website Newsletter Facebook Twitter

Wednesday Mar 21, 2012

Want to Patch your Red Hat Linux Kernel Without Rebooting?

Patched Tube by Morten Liebach
Patched Tube by Morten Liebach (CC BY 2.0)

Are you running Red Hat Enterprise Linux? Take back your weekend and say goodbye to lengthy maintenance windows for kernel updates! With Ksplice, you can install kernel updates while the system is running. Stay secure and compliant without the hassle.

To give you a taste of one of the many features that are included in Oracle Linux Premier Support, we now offer a free 30-day Ksplice trial for RHEL systems. Give it a try and bring your Linux kernel up to date without rebooting (not even once to install it)!

For more information on this exciting technology, read Wim's OTN article on using Oracle Ksplice to update Oracle Linux systems without rebooting.

Watch Waseem Daher (one of the Ksplice founders) telling you more about Ksplice zero downtime updates in this screencast "Zero Downtime OS Updates with Ksplice"

- Lenz

Thursday Nov 03, 2011

Solaris Security Resources on OTN

image courtesy of Faisal's photo stream on Flikr

An Overview of Oracle Solaris 10 Security Controls

Glenn Brunette describes how to more easily secure ZFS file systems compared to UFS file systems in this white paper, along the following lines:

UFS file systems have the following characteristics:

  • UFS file systems are directly tied to disk slices
  • Disk slice space is not easily expanded to increase capacity for UFS file systems because the disk generally contains other disk slices for active file systems
  • In some cases, you have to reinstall the OS to increase the size of the UFS root file system
  • UFS file system space is controlled by using UFS quotas

ZFS file systems have the following advantages:

  • ZFS uses a pooled storage model where all the file systems in pool use available pool space.
  • No relationship exists between ZFS file systems and disk slices except for the ZFS root file system.
  • A long-standing boot limitation is that a ZFS root file system must be created on a disk slice.
  • During installation, you define the size of the root pool disk slice or mirrored slices that contain the root file system.
  • The root file system contains separate directories of system-related components, such as etc, usr, and var, unless you specify that var is separate file system.
  • You can put a reservation and a quota on the /var file system to determine how much disk space is reserved for /var and how disk space it can consume.

For example, you might consider configuring a separate /var file system when installing a system that will be used as a mail server. This way, you can control the size of var with a quota so that root pool's space capacity is not exceeded.

In addition, if the ZFS root file system and the /var file system begin to exceed the pool's capacity, you can easily replace the root pool disk with a larger disk without having to unmount, restore a backup, or reinstall the root file system.

How should you configure your ZFS data sets for optimum security? Read Glenn's paper to find out. He not only provides security-based recommendations for ZFS, but also for:

  • Software installation clusters
  • Minimization
  • Non-executable stacks
  • Filesystems
  • USB Support
  • Plugable Authentication Modules
  • Service Management Facility
  • Cryptographic services management
  • Zones
  • And lots more

If you're inclined to read more about security, try these other two papers we published recently, plus OTN's security collection.

Oracle Solaris 11 Security: What's New for Developers

Recommendations for Creating Reduced or Minimal Solaris Configurations

OTN's Security Collection

- Rick Ramsey and Cindy Swearingen
Website
Newsletter
Facebook
Twitter

Friday Sep 16, 2011

The Confederate Hellcat and Other Minimal Configurations

I've been looking for a reason to use this picture of the Confederate HellCat for a while, now. A souped-up Harley engine in a radical sportbike chassis. Makes you want to run into the garage and roll around in dirty oil rags, doesn't it?

Here's another minimal configuration:

Recommendations for Creating Reduced or Minimal Oracle Solaris Configurations

Some sites use OS minimization to reduce the security footprint of their Oracle Solaris installations. Others do it to reduce the administrative burden of patching and updating software. But minimization has both risks and benefits. Glenn Brunette provides his recommendations for mitigating the risks and reaping the benefits. Covers initial installation, package removal, patching, and what to watch out for. Applies to Oracle Solaris 10 and prior releases.

And since we're talking about simplification, this article might also be apropos (that's French for "I like American beer"):

How I Simplified the Installation of Oracle Database on Oracle Linux

Ginny Henningsen describes how she simplified the installation of Oracle Database 11g by automatically pre-configuring Oracle Linux with the required software packages and correct kernel parameters. Hint: using the "oracle-validated " RPM package.

- Rick
Website
Newsletter
Facebook
Twitter

Wednesday Sep 14, 2011

OTN Sysadmin Day - Seattle

OTN Sysadmin Day held in Sacramento on Sep 8 was the first time we presented two tracks of hands-on labs:

Time Session
8:00 am System Shakedown
9:00 am Oracle's Dual OS Strategy / Overview of OTN
 

Oracle Solaris Track

Oracle Linux Track

10:00 am HOL: ZFS HOL: managing packages, configuring services
11:30 am HOL: Exploring OS, network, and storage virtualization HOL on Storage Part I: managing storage and file systems
1:00 pm Lunch Break
2:00 pm HOL: Managing software with IPS HOL on Storage Part II: Device Mapper, BTRFS
3:00 pm Presentation: Oracle Enterprise Manager Ops Center 11g
4:00 pm Discussion: What are the most pressing issues for sysadmins today?
5:00 pm We all go home

Participants found the hands-on labs particularly valuable. You get to learn by doing. And what you get to do is install, configure, and manage the technologies of Oracle Solaris 11 and Oracle Linux in the same way as you would in the real world.

Next Sysadmin Day

We are doing another one in Seattle, on September 22nd. From 8:00 am to 5:00 pm. It's free, but you must register. Please stay for the feedback session at the end. They tend to be pretty spirited, and you might win a neat prize. I'll tell you more if you make it to Seattle.

Our next Sysadmin Day won't happen till January 18 (Salt Lake City), so do what you can to make it to Seattle. It's being held at the Seattle Westin Hotel, 1900 5th Avenue.

If you'd like to see some pictures from the Sacramento event, go to the "OTN Sysadmin Day Sacramento" photo folder on the OTN Garage on Facebook.

- Rick
Website
Newsletter
Facebook
Twitter

Friday Apr 29, 2011

OTN's First Sysadmin Day

image courtesy of Shutter Eye

Before winding up at Berkeley, I went to school for four quarters at the San Diego campus of the University of California. I paid the bills by working first as a dishwasher at a restaurant called The Magic Pan, not far from campus. Eventually I made busboy, then host, and finally waiter. The only time I had left to surf was dawn.

So while it was still dark I'd don my wetsuit, grab my board, and head out to the beach. I'd sit on the sand with my board on my lap, waiting for enough light to see the surf. Four of us were there every morning, spread about 25 yards apart, doing the exact same thing. We never spoke, just nodded to each other. San Diego's Dawn Patrol. I never did find out who those other guys were.

Winter, Spring, Summer, and Fall, we enjoyed pristine surf till about 8:00 am, when the waves would get so crowded with surfers we lost the zen of it. That's when I'd ride my last wave in, then head off to class, smelling like seaweed.

So it's kinda cool that our OTN's first Sysadmin Day will be held in San Diego. May 17 at the Hyatt Regency La Jolla. We're going to have some excellent hands-on labs to make sure you master some of the key Oracle Solaris 11 Express technologies. You can get the details here.

Treat yourself to a vacation day the day after, and spend some time on the beach. I'm going to see if I can't finagle a day off, myself.

By the way, blogs.sun.com will become blogs.oracle.com over the next few weeks. When the migration is complete, you'll find this blog at http://blogs.oracle.com/OTNGarage. You won't see any new content posted until the migration is complete. Once it is, though, we'll pick up where we left off, and might even have a few new technical guys joining the garage.

- Rick
Systems Community of the Oracle Technology Network

Friday Feb 25, 2011

Back Page: Content Collections on OTN




Rough coupla weeks, here. Mostly for those of you who rely on our docs to do your jobs. But also for those of us who care about making your life a little easier.




This doesn't come close to solving the doc problem, but it's a small step in the right direction: The Back Page of OTN Systems (Sysadmin and Developer Community of OTN) re-creates the Collections of BigAdmin. If you need to find content related to, say, security, go to the Security Collection. It lists all security-related content we've published, whether in a blog, a technical article, or a web page.

Speaking of security, don't forget to keep an eye on our new Solaris Security forum, moderated by Alex Barclay.)

Unfortunately, our OTN Collections don't include the content we published previously on BigAdmin or SDN. That content as migrated to OTN, but we don't have the resources to go back and reorganize it by topic. (If you have a particular favorite, let me know, and I'll hunt it down.)

Regarding the docs, we're not going to be able to solve the entire problem right away. The docs team is working on improving Search, which may be the most helpful. I'll hunt down hidden docs and broken links when we hear about them, and a few of us may put together some online index cards to help you find the docs, too. I hope we can be a little more helpful in the coming weeks.

But don't forget that it's Friday, And sometimes you just gotta take your mind off your troubles.

- Rick

Tuesday Jan 25, 2011

Is Someone Spying on Your Virtualized Environment?

Spy

Virtualization is one of those hot topics that dominates the thoughts of systems architects. Of course, the newer and more visible a technology trend, the more likely it is cyber pests are looking to exploit some weakness.

Oracle VM Server for SPARC (previously called Sun Logical Domains or LDoms) technology is one implementation of virtualization based on the UltraSPARC T1, T2, T2 Plus and SPARC T3 processors. It's been around for a while, so we have the advantage of a more mature implementation with associated security best practices. Oracle engineer Stefan Hinker has written a comprehensive paper, Securing Oracle VM Server for SPARC, that addresses these issues in detail: it discusses the eleven threats you may encounter, along with a detailed discussion of the 28 countermeasures you can take.

Security Needs

Finally, this paper lays out three deployment scenarios based on your security needs. How do you assess that? Simple: Security Needs=Value of Data∗Probability of Breach. This paper is one of those critical references you should read and keep it close. Because, someone may be watching you...

- Kemer

Thursday Aug 05, 2010

Great New Article on Oracle Solaris 10 Security


In "Using Oracle Solaris 10 to Overcome Security Challenges," Mark Thacker describes how Oracle Solaris 10 uses the principle of least privilege to reduce the vulnerabilities of applications that perform privileged operations as root.

"Over 65 discrete, fine-grained privileges are built into the kernel and user access space. The concept of privileges as implemented in Oracle Solaris 10 is extended throughout the operating system — even the built-in tools take these rights and privileges into account. Using this approach, administrators can grant new or existing applications only the appropriate privileges necessary to perform tasks. Many system components such as NFS, the Oracle Solaris Cryptographic Framework, IP Filter, file system mount commands, and more, are already configured to run with reduced privileges by default, with no configuration required by the administrator.

Mark goes on to provide clear explanations of how the following Solaris 10 security features work:

  • User Rights Management (role-based access control), which an administrator uses to limit access to administrative functions while providing access to specific operating functions.
  • Network Security and Encryption, which includes Secure-By-Default (one of those "Duh, why didn't I think of that" ideas), IP packet filtering firewall, an integreated cryptographic framework, and an arsenal of other tools that sysadmins can use to both keep out network intruders and comply with privacy regulations.
  • Minimized and Hardened OS, which reduces the size of the target for hackers by only installing basic features and securing them at the same time.
  • Containers and Trusted Extensions that enable sysadmins to isolate and protect applications and users in a virtualized environment.

This article is clear, easy to understand, and does a great job of explaining exactly how an admin can use the security tools of Solaris 10 to protect and certify an operating environment.  Includes a solid list of security resources.

I found the picture of the bull in this BBC story.

- Rick

Monday Jun 14, 2010

Loving This Book!

You know you're a closet geek when you get a secret thrill reading the stories of how technologies were developed.  OK, I may not not know all the arguments to the dumpadm(1M) command by heart, but I would get a kick out of learning why the engineers chose those particular arguments.

(By the way, in case you're not reading this on a Solaris system, here's the entire Oracle Solaris 10 manpage collection.)

Which is why I'm enjoying Solaris 10 Security Essentials so much.   It's written by the Sun (now Oracle) engineers who "conceptualized the services, wrote the specifications, and coded the security software" for Solaris 10. 

You couldn't get closer to the source even if you convinced Dick Cheney to write a book about the Bush presidency. 

Here's a peek...Chapter 1 includes two tables that list each of the security features in Solaris 10, what their default configurations are or why you might want to re-configure them, and the chapter in which they are described in detail.  They cover:

  • Passwords
  • User authentication
  • Roles and superuser
  • Authorizations
  • Cryptographic services
  • Privileges
  • Remote login
  • Key Management Framework (KMF)
  • File protection
  • File permissions and Access Control Lists (ACL's)
  • Service Management Facility (SMF)
  • NFS
  • Network security
  • Containers
  • Monitoring
  • Execution protection
  • Trusted extensions

It's a great birds-eye view, and makes you want to plunge into the rest of the book.

I'll find other cool things about the book to post in future blogs.

Be sure to also check out the excellent Solaris 10 System Administration Essentials, part of the same series of Solaris 10 Essentials books being published by InformIT.   

- Rick

About

Contributors:
Rick Ramsey
Kemer Thomson
and members of the OTN community

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Blogs We Like