Thursday Nov 10, 2011
Thursday Nov 03, 2011
By rickramsey on Nov 03, 2011
image courtesy of Faisal's photo stream on Flikr
Glenn Brunette describes how to more easily secure ZFS file systems compared to UFS file systems in this white paper, along the following lines:
UFS file systems have the following characteristics:
- UFS file systems are directly tied to disk slices
- Disk slice space is not easily expanded to increase capacity for UFS file systems because the disk generally contains other disk slices for active file systems
- In some cases, you have to reinstall the OS to increase the size of the UFS root file system
- UFS file system space is controlled by using UFS quotas
ZFS file systems have the following advantages:
- ZFS uses a pooled storage model where all the file systems in pool use available pool space.
- No relationship exists between ZFS file systems and disk slices except for the ZFS root file system.
- A long-standing boot limitation is that a ZFS root file system must be created on a disk slice.
- During installation, you define the size of the root pool disk slice or mirrored slices that contain the root file system.
- The root file system contains separate directories of system-related components, such as etc, usr, and var, unless you specify that var is separate file system.
- You can put a reservation and a quota on the /var file system to determine how much disk space is reserved for /var and how disk space it can consume.
For example, you might consider configuring a separate /var file system when installing a system that will be used as a mail server. This way, you can control the size of var with a quota so that root pool's space capacity is not exceeded.
In addition, if the ZFS root file system and the /var file system begin to exceed the pool's capacity, you can easily replace the root pool disk with a larger disk without having to unmount, restore a backup, or reinstall the root file system.
How should you configure your ZFS data sets for optimum security? Read Glenn's paper to find out. He not only provides security-based recommendations for ZFS, but also for:
- Software installation clusters
- Non-executable stacks
- USB Support
- Plugable Authentication Modules
- Service Management Facility
- Cryptographic services management
- And lots more
If you're inclined to read more about security, try these other two papers we published recently, plus OTN's security collection.
Tuesday Aug 16, 2011
By rickramsey on Aug 16, 2011
image courtesy of Twenty Words
In the Olden Days before most of us were born, if a woman got a bright idea she got an immediate spanking from John Wayne. Thank goodness John Wayne has stopped doing that, or we wouldn't get to reap the benefits of the research Ginny Henningsen did with Oracle Solaris 11.
When Ginny read about all the different ways to download, install, patch, and manage updates in Solaris 11, she wasn't sure where to start. So she drew on her personal experience, the experience of other sysadmins and systems engineers, the documentation, and the related technical articles posted on OTN.
The result? These three very practical articles.
The SVR4 packaging and patching systems in earlier versions of Solaris were designed by the Chosen for the Faithful. If you loved SunOS you could recite package nomenclature in your sleep and you always, always used the command line. Alas, nobody loves software for its own sake any more. At least, not enough of us do. And so, the latest version of Solaris does away with the mystery, the animal sacrifice, the practice of witchcraft, and the other requirements for mastery of earlier versions. Read how Ginny put away her potions and figured out the best way to use the new tools.
Boot environments in Solaris 11 perform a function similar to Live Upgrade environments in Oracle Solaris 10. Except that they're implemented with ZFS. Which means you can generate snapshots of your boot environments at every point you'd like to record. And the beauty of that is, of course, that you can return to any snapshot of the boot environment that you want to use. In this article, Ginny introduces TimeSlider, shows you how to configure it to take automatic snapshots, and explains how to keep a record of the software updates that have been made to the current boot environment.
Before the Zone there was the Container. And before the Container, the Zone. This is The Way of Software. In her third "Best Way" article, Ginny figures out the best way to manage software updates in Solaris 11 zones which, as you might expect, are different from Solaris 10 zones. After showing you those differences, she shows you how to create, configure, install, and clone a Solaris 11 zone, then how to upgrade both the global and non-global zones. As a bonus, you get to find out what to do if something goes wrong.
We're expecting more "Best Way" articles from Ginny down the road. So read these, try out their recommendations yourself, and tell us what you think.
And don't forget to save the lemur!
Wednesday Mar 30, 2011
By rickramsey on Mar 30, 2011
Not getting enough technical specificity out of "record-breaking?"
How about "industry-leading?"
Not even "performance-enhancing?"
The kind folks in Oracle Solaris marketing have decided to dig a little deeper and unearth the kind of information sysadmins and developers look for. They've put together three technology Spotlights.
Each spotlight provides solid technical info such as podcasts with engineers, how-to guides, quick-reference cards ("one-liners"), technical articles, documentation, training, and more. They're designed to make sure you have all the info you need to start actually using these technologies right now.
These are the current spotlights we have:
- Spotlight on Virtualization
- Spotlight on Network Virtualization
- Spotlight on the Image Packaging System
and members of the OTN community
- Which Type of Virtualization Should I Use?
- New Oracle Solaris/SPARC SIG Launched by IOUG
- More Tips for Remote Access with Oracle Linux
- If You Have to Ask, You Wouldn't Understand
- Four High Performance Configurations for SuperCluster and SPARC Servers
- Configuring COMSTAR to Provide Local iSCSI Storage
- Preserving Unpacked Software During a Package Uninstall
- A Simple Way to Become Familiar with Oracle VM VirtualBox
- Oracle Solaris 11 Resources for the AIX Sysadmin
- If Your Processor Stalls From a Read After Writer Operation ...
Blogs We Like
- /Engineered Systems
- /OTN Hammock
- /Optimized Solutions
- /Systems Developer