Tuesday Sep 01, 2015

Applying read-only protection with Immutable Zones

A while back, I wrote an article that focus on how you can achieve a secure and compliant application deployment from development, through test and production. This article took advantage of a number of Oracle Solaris technologies including Oracle Solaris Zones, Unified Archives, Immutable Zones, Automated Installer and the integrated compliance framework.

We've had a number of customers get really excited by Immutable Zones and being able to lock down their environments. Not only does this provide an additional layer of security, but also protects against the potential cost of human error and ensures that organisations can meet their compliance requirements routinely. Darren Moffat and Casper Dik have already written great blog entries on how to do this, but I've also recently published another How-To article on Applying read-only protection with Oracle Solaris Immutable Zones. In this article we cover immutable non-global and global zones, and show how we can make administrative changes such as applying critical security fixes using the Trusted Path. Hope you find it useful!

Friday Aug 01, 2014

Secure, compliant application deployment with Oracle Solaris 11

One of the really exciting features that was introduced in Oracle Solaris 11.2 is called Unified Archives. Unified Archives provide system cloning and disaster recovery capabilities for the platform. Built on the foundations of Oracle Solaris ZFS, an archive can quickly be taken on a live running system thanks to snapshot and cloning. A single archive can be created for a complete system that includes a number of virtual environments. Once captured, it can be deployed using Automated Installer or using the existing zonecfg(1M) and zoneadm(1M) utilities during Oracle Solaris Zone creation. Thanks to integration with the IPS packaging system, an archive can be partially deployed with complete flexibility - across different systems of the same architecture, or using physical-to-virtual or virtual-to-physical transforms. They're completely flexible. Jesse Butler, the architect for Unified Archives, has already covered a lot of the basics in two blog posts: Introducing Unified Archives in Oracle Solaris 11.2 and Cloning Zones with Unified Archives.

Unified Archives are a pretty critical piece of the overall application lifecycle. Combined with Oracle Solaris Zones, Immutable Zones (read-only VMs), and our new compliance framework, we have a very nice set of technologies that can be combined to really aid developers and administrators in creating and deploying compliant application environments, from development through to test and eventually production. I've written an article that helps explain how you can achieve this, and greatly cut down the cost of ensuring certified and compliant applications and reducing the cost of human error or security exploits.

Take a look at How to Ensure Secure, Compliant Application Deployment with Oracle Solaris 11.

Tuesday Mar 26, 2013

The Building Blocks of an Oracle Solaris 11 Application Deployment

A while back I blogged about a simple deployment example using some of the new and old technologies included in Oracle Solaris 11. Together they provide some of the basic building blocks that you can use for a more complex deployment in your data center. I've been meaning to put some audio to the presentation and got some time today to do just that. So if you haven't seen the original set of slides, watch the 30 min presentation below with voice over from yours truly. Enjoy!

Friday Nov 23, 2012

A simple deployment example using Oracle Solaris 11

Last week I was over in Melbourne and Sydney to present at an Oracle Technology Network System Administration Day. During a set of morning sessions, I presented on some of the new things that we've done in Oracle Solaris 11 and our focus for the future. One of the sessions I presented was giving a quick technical overview of what a typical application deployment scenario would look like using technologies like the Image Packaging System (IPS), Service Management Facility (SMF), Oracle Solaris Zones, and network virtualization. While it's just a simple example, it provides the basic building blocks for a more advanced configuration that a data center would typically deploy. Given these would likely be of general interest, I thought I'd upload the slides for others to view - enjoy!

You can download the original source PPTX without some of the formatting errors in the above.


To learn more about Oracle Solaris 11, check out an extensive list of resources including technical articles, cheat sheets and screencasts on Oracle Technology Network


« December 2015