Montag Feb 20, 2012

Solaris 11 submitted for EAL4+ certification

Solaris 11 has been submitted for certification by the Canadian Common Criteria Scheme in Level EAL4+. They will be certifying against the protection profile "Operating System Protection Profile (OS PP)" as well as the extensions

  • Advanced Management (AM)
  • Extended Identification and Authentication (EIA)
  • Labeled Security (LS)
  • Virtualization (VIRT)

EAL4+ is the highest level typically achievable for commercial software,
and is the highest level mutually recognized by 26 countries, including Germany and the USA. Completion of the certification lies in the hands of the certification authority.

You can check the current status of this certification (as well as other certified Oracle software) on the page Oracle Security Evaluations.

Mittwoch Dez 21, 2011

Which IO Option for which Server?

For those of you who always wanted to know what IO option cards were available for which server, there is now a new portal on  This wiki contains a full list of IO options, ordered by server, and maintained for all current systems. Also included is the number of cards supported on each system.  The same information, for all current as well as for all older models, is available in the Systems Handbook, the ultimate answerbook for all hardware questions ;-)

(For those that have been around for a while: This service is the replacement for the previous "Cross Platform IO Wiki", which is no longer available.)

Montag Dez 05, 2011

Hard Partitioning!

Good news for all users of Oracle VM Server for SPARC (aka LDoms) with Oracle Software:  Since December 2, LDoms count as "Hard Partitioning".  This makes it possible to license only those cores of a server with Oracle software that you really need.  Details are available from License Management Services.

Dienstag Nov 08, 2011

Oracle TDE and Hardware Accelerated Crypto

Finally, there's a clear and brief description of the hardware and software required to use hardware accelerated encryption with Oracle TDE..  Here's an even shorter summary ;-)

  • SPARC T4 or Intel CPU with AES-NI
  • Solaris 11 or Linux (a patch for Solaris 10 will be provided eventually)
  • Oracle
    • If you use Linux, Oracle DB with patch 10296641 will also work.

The longer version of this summary is available as MOS-Note 1365021.1

Happy crypting!

Freitag Okt 07, 2011

Solaris 11 Launch

There have been many questions and rumors about the upcoming launch of Solaris 11.  Now it's out:  Watch the webcast on

November 9, 2011
at 10am ET

Be invited to join!

(I hope to get around summarizing all the OpenWorld announcements, especially around T4, soon...)

Donnerstag Sep 08, 2011

Core Factor for T4 published

Oracle has published an update to the Processor Core Factor Table that lists the (yet to be released) T4 CPU with a factor of 0.5.  This leaves the license cost per socket the same compared to T3 and puts T4 in the same league as SPARC64 VII+ and all current x86 CPUs.  We will have to wait for the announcement of the CPU until we can actually speak about performance.  But this core factor (which is by no means a measure of CPU performance!) seems to confirm what the few other available bits of information seem to be hinting at:  T4 will deliver on Oracle's performance claims. 

Montag Aug 01, 2011

Oracle Solaris Studio 12.3 Beta Program

The beta program for Oracle Solaris Studio 12.3 is now open for participation.  Anyone willing to test the newest compiler and developer tools is welcome to join.  You may expect performance improvements over earlier versions of Studio as well as GCC that make testing worth your while.

Happy testing!

Donnerstag Jul 28, 2011

No humor left?

Just in case we all forgot that originally, Unix people were blessed with lots of humor:
OTN ID 1172413.1: How to make a grilled cheese sandwich

Dienstag Jul 05, 2011

Some Thoughts about the new SPARC Roadmap

As most of you know by now, Oracle has recently released an updated roadmap for its SPARC based servers.  Of course, others also publish roadmaps, and we all know how CPUs tend to slip and roadmaps sort of evolve backwards over time.  So what's the value in this new roadmap?

When Oracle aquired Sun, there were all these big promises about increased investement in SPARC and Solaris.  We've already seen the first delivery on these promises:

  • The SPARC T3 CPU doubled the throughput per socket for the T-Series line of servers.
  • Solaris 11 Express gives customers a supported (!) preview of what's coming with Solaris 11
  • M-Series servers can be upgraded yet again for up to an additional 20% performance gain.

All this is shown in the new roadmap as tick-off items.  All this was already well into completion at the time of the aquisition, although the speed with which T3 came to market can already be attributed to Oracle's accelerated investment.  Nevertheless, the real prove point will be the next promise on that roadmap.  It says: "3x Single Strand" for a T-Series CPU.  By now, we all know that the name will probably be "T4".  Rick Hetherington told us a while ago, that the chip will have 8 cores and will execute single threaded workloads up to 5 times faster than T3.  That would be even more than the 3x promised by the roadmap.  The only question that remains is:  Will Oracle deliver?

While no one can tell until the chip and systems are actually announced, chances are good it will.  Why else would Oracle invite customers to participate in a T4 Beta Program?

Back to the original question:  What's the value of this new roadmap?  Well, the foundation of trust, based on delivering on promises, looks good for that part of the roadmap arrow that's already past.  Oracle delivered, and it delivered on time.  That's more than some others can claim.

A little disclaimer to keep everyone happy:  This is my personal view and not an official statement from Oracle.

Donnerstag Jun 09, 2011

OVM Server for SPARC 2.1 is here!

The newest version of OVM Server for SPARC aka LDoms is released!  Here's the press release...

What, already a new version again?  Well, the most missed feature in the previous versions was finally completed, and we didn't want to keep everyone waiting ;-)  The new version 2.1 turns "Warm Migration" into "Live Migration".  All the other improvements can be found in "What's New".  Once I have further details about Live Migration, I'll post them here.  You can find the download on MOS and the documentation on OTN.

Mittwoch Jun 08, 2011

Erasing disks securely

Actually, both the question and the answer are old and well known.  However, these things tend to be forgotten and pop up as questions from time to time.  Hence a little reminder for all of us:

Solaris makes it easy to erase a disk so that all the data can't be restored, even with sophisticated methods.  There is a subcommand "analyze/purge" in the command format(1M) that does it all for you.  It will overwrite the selected area of your disk (usually s2) a total of four times with different patterns to achieve this.  Of course, depending on the size of the disk, this might take a while.  But it's secure enough to comply with Department Of Defence(DOD) wipe disk standard 5220.22-M.

Some more details are here:

Note that this method does not apply to SSDs of all kind!  And of course, to avoid any risk of losing your data with your disk, simply encrypt it!  It's quite easy using ZFS or Oracle TDE :-)

Update 2015-05-29:

  • The link to the original DoD standard doesn't work anymore and has been replaced by a link to Wikipedia.
  • Here's an additional link to a more recent NIST publication.
  • Note that with modern drives, destroying data with OS or application level tools will not satisfy higher security requirements.  The sector management of these drives might make defective sectors with sensitive data unavailable to such tools - but not to more intrusive methods of active data recovery.  If you want to protect against those, physical destruction is your only reliable option.

Update 2015-09-29:

This is my final comment on this matter:

  • If you are worried about the data on storage devices you no longer use, physical destruction of those devices is the only truly secure option.
  • Encrypt your data right from the start to avoid this issue.  Encryption is easily and in many cases freely available.  If you don't care enough about your data to encrypt it, you are unlikely to worry about data on decommissioned storage devices.
  • If you are worried enough not to trust encryption, no erasing technique will be good enough to satisfy your requirements.  And the cost of physically destroying those devices will not matter to you.

Dienstag Mai 24, 2011

ILOM for ALOM Users

ALOM ist dead, long live ILOM! The current T3 systems use the new ILOM 3.0.  This version no longer supports the legacy ALOM commands.  That's a change for all those that got used to the alom command syntax over the years.  A table comparing the old and new commands would be helpful.  But where would one find such a table?  In the dokumentation!

But it's not always easy to find what you're looking for right away. To help, here's a link to exactly that table:

ALOM ILOM Commando Comparison

Dienstag Apr 26, 2011


This blog will move.  Starting May 6th 2011, the new address will be  Everything else will remain unchanged :-)

Donnerstag Mrz 31, 2011

What's up with Solaris 11?

Interested in the upcoming Solaris 11?  What will be the highlights?  What exactly is the new packaging format, how does the new installer work?  What do the analysts think?

All this will be covered in the Solaris Online Forum on April 14, starting at 9 am PST.  This will be a live event where you can ask questions. (A recording will be available afterwards.)  Speakers are all high level members of development and product management.

All further details can be found at the registration page.

Freitag Jan 28, 2011

Cash for Clunkers 2.0

This ad is too nice to not repeat it here... Enjoy!
Of course this is quite serious: Trading in an HP Superdome for an M8000 or M9000 is indeed a deal you can only win!


Neuigkeiten, Tipps und Wissenswertes rund um SPARC, CMT, Performance und ihre Analyse sowie Erfahrungen mit Solaris auf dem Server und dem Laptop.

This is a bilingual blog (most of the time). Please select your prefered language:
The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.


« December 2015