Friday Nov 13, 2015

Security - It's Not Just About Keeping Your Password Safe Anymore

Well, really, it never was. It's just that, nowadays, everyone needs to be aware and pro-active, especially enterprises.

So, recently my company, Oracle, had an intimate get-together in San Francisco. Maybe you've heard of it -- it's called "Oracle OpenWorld". And at that cozy little gathering our boss, a one Mr. Larry Ellison, spoke about the need for end-to-end Security. Everywhere. All the time. By default.

Always on, as it were.

Now, I don't usually comment on, or even pass along, things that come down from the C-Suite of my company. Because there are plenty of places to hear about it. Plenty of sales folk willing to talk to you about it, for example. Yes, our new servers powered by SPARC M7 and Solaris 11.3 are cool and the more secure than ever and have a raft of whizzy new features, and new security features, all the way down to the CPU level. But that's not what I'm doing. I'm doing something much simpler here. 

I simply wanted to say "Yes." It resonates with me, the grizzled, jaded veteran of thirty-five years (I dare not write that in numerals)  in the business. It's time. It's past time. It's not something "someone else should probably do." We all need to do it, lest those inconvenient breaches bring havoc to all our lives.

Whoa. That sounds deep and serious. Well, it is. Technology, no matter how cool, how enabling, how freeing -- can be hijacked and misused, and the potential negative impact can be just as severe, if not more, than the positive impact.

So, yeah. I'm going to be talking a bit more about this stuff starting today. In part because the combination of our platforms and our partners' software offerings can address this issue to a modest degree. In part because I work with some of those partners on these platforms, and have seen this need merge with this potential of late.

Imagine systems that encrypt your data without a huge performance penalty, without expensive hardware add-ons. Imagine systems that do that with record price-performance, with unrivaled availability, with the software frameworks and offerings you use in your enterprise. Imagine end-to-end security from the start.

Always on, as it were.

Sunday Aug 02, 2015

Solaris Home Fileserver - The Next Generation

Well, it's been five years since 1) Oracle acquired Sun, and 2) I last updated my home fileserver. At the behest of my manager, I wanted to write a little bit about the latest incarnation. Smaller, faster, with more storage and using less power. Of course. Moore's Law continues to be the Gift That Keeps on Giving.

I've been very happy with Solaris, ZFS and external USB disk drives to provide a cheap and reliable family fileserver, but the temptation of newer hardware eventually becomes impossible to resist. Earlier this year, I gave up and gave in.

My intent this time was to keep with the basic principles as before:

  • Green/low-power
  • Use Solaris
  • Increase storage capacity and performance

In the end, I moved off the Shuttle SFF line (there are so many more choices available in 2015), moved from USB2.0 to USB3.0, and changed out 3.5" powered external drives to larger 2.5" self-powered external drives. Performance is better, these disks spin down after a time (as did the previous disks), and power usage is lower. I'm using internal builds of Solaris, which seems to support every feature of the server except for the WiFi card (which I never intended to use).

Old Fileserver  New Fileserver

Shuttle X27D SFF
 Built-in dual-core Atom 330 CPU @ 1.6GHz
 2GB DDR2 memory
 2.5" 120GB internal SATA disk 

Gigabyte Brix GB-BXi3-4010
 Built-in Core i3-4010U @ 1.7GHz
 8GB DDR3L memory
 64GB mSATA flash drive
 Oracle Solaris

3 x Simpletech SimpleDrive 3.5"
500GB USB2.0 disk drives
3 x Western Digital My Passport Ultra 2.5"
1TB USB3.0 disk drives
26W idle
32W under load
15W idle
18W under load
Performance  ~14MB/s write (NFS)
 ~18MB/s read (NFS)

 ~ 6MB/s write (NFS)
(I am not yet sure why this is
so slow - stay tuned)

 ~ 83MB/s read (NFS)

 RAID-Z1 ZPool (1TB usable)  RAID-Z1 ZPool (2TB usable)
 5GB ZIL on mSATA flash drive
 SMB (builtin); AFP (freeware); NFS  SMB (builtin); AFP (freeware); NFS

Stay tuned as I try to figure out why NFS writes are so slow. 

Thursday Jul 26, 2012

New version of Oracle Solaris Pre-Flight Application Checker

Some very hard-working folks in my organization, Oracle Systems ISV Engineering, have just released a new version of the Solaris Pre-Flight App Checker. You can get it for free from the Solaris Download Page

As with the original release, this tool is the single easiest way to check your application for Solaris 11 compatibility issues while still running on Solaris 10. This latest release incorporates several improvements:

1. Fully globalized product, currently with support for English,  Simplified Chinese and Japanese 
2. Now detects issues due to static linking of system libraries
3. Now detects mutex alignment issues
4. Now checks usage of private kernel interfaces (binary as well source scanner) 
5. An improved script scanner to flag issues due to usage of removed, relocated commands as well as issues due to usage of new shell ksh93 (instead  of old ksh88 )

Friday Mar 23, 2012

Attention Developers: Announcing a New Solaris Webinar Series

We're launching a new bi-weekly free webinar series: Oracle Solaris 11 Developer Webinar Series. My ISVe colleagues and I will be presenting a variety of one-hour topics over the next few months.

I'm kicking off the series next Tuesday, March 27th at 0900PDT with a discussion of Solaris and Modern Packaging Technologies. Come check us out!

Webinar Series overview and schedule: here

Tuesday's packaging webinar page: here

Wednesday Dec 21, 2011

Oracle Solaris Binary Application Guarantee extended to Solaris 11

This is Good News.

The Oracle Solaris Binary Application Guarantee now covers both Oracle Solaris 10 and Oracle Soalris 11. Oracle has extended the program through 2013. The program covers a source code guarantee as well as a binary guarantee. Details can be found in the program description.

Tuesday Sep 23, 2008

Today's coolness: ZFS Snapshots and Reproducible test states

I had a lovely 'aha' moment today. This 'aha' is nothing new, except to me.  Today, I tried ZFS snapshots for the first time, and it made my life SO much easier! My thanks to colleague Tom Daly for the suggestion!

We're testing Drupal on Webstack on OpenSolaris. The MySQL database we're using totals about 20GB on disk - not big, but heretofore it was created via a script of MySQL commands, including lots of inserts. To populate the database to a 'fresh' state took about 50 minutes on a Sun SPARC Enterprise T5120.

"Why not try ZFS rollback," asks Tom, nonchalantly. Ding! Aha!

OpenSolaris uses ZFS for everything, even booting. It's the default filesystem type. Our database resides on a ZFS mount (in a Zone, no less, back-mounted from the global zone!). This is a perfect use of the ZFS 'snapshot' and 'rollback' commands. To wit:

First, we need re-instantiate the database only once, and get it to just the place we want as our 'unsullied starting-point' database. 

Time: 1 hour.

Snapshot the ZFS mount in the global zone (before the '@' is the ZFS volume, after is the snapshot name):

bash# zfs snapshot /tank2/db0/data@freshdb      
bash# zfs list -t snapshot
NAME                             USED  AVAIL  REFER  MOUNTPOINT
tank2/db0/data@freshdb              0      -  13.5G  

Time: 10 seconds

Test to your heart's content, mess up the database all your want. Ready for a fresh, unspoiled MySQL database? Well, just roll it back!

bash# zfs list -t snapshot
NAME                             USED  AVAIL  REFER  MOUNTPOINT
tank2/db0/data@freshdb           166M      -  13.5G  -

bash# zfs rollback /tank2/db0/data@freshdb

bash# zfs list -t snapshot
NAME                             USED  AVAIL  REFER  MOUNTPOINT
tank2/db0/data@freshdb              0      -  13.5G  -
Time: 8 seconds

Do this as many times as you need. Fresh databases in seconds, not upwards of an hour.

Just wanted to share...

Friday Aug 15, 2008

Drupal on OpenSolaris

The folks over in the Webstack area of OpenSolaris are experimenting adding some higher-level packages to the Webstack repository. Jyri recently added Drupal 6.3 to the repository. If you are using or investigating OpenSolaris, check out the repository. It's a first cut, and intended for now for demos and to solicit input from the Drupal and OpenSolaris communities. Nonetheless, it already installs easily within the pkg framework for OSOL 2008.05 or one of the later development snapshots.

Friday Dec 21, 2007

Drupal Performance: Solaris vs Linux

I posted final numbers today as to how Drupal 5 performs on a small Sun server, comparing Solaris 10 to SLES 10 (two of the OS offerings available from Sun on this server). The intent of this test was to see how Drupal behaved under increasing load (in this case, Guest hits on the Main Page). I'm pleased to report that Solaris (with the latest CoolStack) appears to provide better throughput, better response time, and lower incidence of 'Server Busy' errors under load.

Let me, at this point, state for the record.. yes, I would have published these results even if the outcome had been the other way 'round. One of the rules we live by in Sun ISV Engineering Open Source is that of transparency. If we set out to test something, it's to determine and share the reality, not the spin. We had a hunch that CoolStack would provide a huge performance improvement, but that was only a hunch. I'm sure that, at some point in the future, we could also find that a well-tuned Drupal-on-LAMP offering meets or beats this Solaris performance - it is, after all, the same hardware.

Lots more Drupal testing to come from from us in the weeks and months to come. Wanna see something in particular? Let us know here or here or right here in the Blog Comments!


Tuesday Dec 18, 2007

Real Solaris inroads against Linux?

 [Read More]

Main Sequence: 1) an astronomy term denoting the lifecycle of a majority of known stars. 2) err @ Sun/Oracle: long-time (since 1988) Sun/Oracle veteran, still shining in an ever-changing high-tech universe


« November 2015