Monday Dec 30, 2013

Final Post: Retiring from Oracle

December 31st will be my last day at Oracle.  Although I've been asked by my boss and sales management to stay on, I've decided that now is the time to enjoy as much free time as I can.

I joined Sun in September of 1995 after 11 years at Gould/Encore and have survived through the ups and downs including multiple levels of layoffs at Sun.  I successfully transitioned to the North American Public Sector Hardware (NAPSH) organization of Oracle and have enjoyed working closely with our software colleagues.  At Sun and Oracle I've seen tremendous innovation in technologies such as:

  • Java
  • Solaris
  • Engineered Systems
  • SPARC 
  • Virtualization

as well as a few flops such as:

  • Sun/Netscape Alliance
  • Acquisition of Cobalt
  • Sun A7000 storage acquisition from Encore (my former employer) 

During my time at Snoracle, I've had the pleasure to support our war fighters by providing high performance, secure and scalable systems for the Global Command and Control System, DISA Datacenters, NIPRnet, SIPRnet and other mission critical programs.  I've also worked with key government customer such as NASA, DoT, FAA and others.

My first blog entry here was posted in October of 2006 and with my final entry will be hitting number 136.  In the last two years alone, I've received over 100 comments on my entries.  Whether positive or negative, they are always appreciated.

Thanks to all my readers and coworkers for your comments and contributions over the years.  I'm glad that I've been able to help the global Sun and Oracle community to better understand our technologies.

Solaris 11 STIG update

My work on the Solaris 11 STIG will continue in the able hands of Brett Norman and Glen Brunette. I would like to thank Glenn and others from Oracle (Glenn Faden, Gary Winiger, Darren Moffat, Alex Barclay and Dave Walker) for their assistance.  Without them, the project would have foundered.  Thanks, also to Charlie at DISA FSO for keeping us moving the right direction.

Monday Dec 16, 2013

Solaris 11.1 STIG update

I am still in the process of creating a Solaris 11.1 Security Technical Implementation Guide (STIG) with DISA Field Security Office.  The process is long and detailed requiring significant testing and review by DISA for final approval.  The STIG items are complete (pending DISA's approval).  While I can't predict how long the final approval will take, if you are a DoD customer wishing to run Solaris 11, you may contact your Oracle systems sales team to receive a draft copy in spreadsheet form.

STIGs are guidelines to assist DoD customers in securing their systems.  It is NOT required to have a DISA STIG document to run Solaris 11 in your environment.  In the absence of a DISA approved STIG, customers may use industry or vendor recommended guidelines.  We already have a number of DoD customers running Solaris 11.  Resources available include:


Our customers find that Solaris 11 is much more secure "out of the box" than Solaris 10 and is easier to bring into compliance.  Solaris 11 is now over two years old and provides significant new features and benefits for Solaris 10 including:

  • ZFS default root file system enabling:
    • Easier, safer system updates
    • Automatic alternate boot envioronments
    • Improved zone management 
    • Encrypted file systems
    • Compressed, de-duplicated file systems
    • Simplified RAID and mirror configuration
  • Image Packaging system for:
    • Faster, safer updates
    • Easier system minimization
  • Improved Security including
    • Elimination of root login
    • FIPS 140-2 certified Crypto Framework
    • Multi-level security enhancements
  • Complete network and application virtualization
  • Automated installer
  • Much more

Learn more about What's New in Solaris 11 and 11.1.


Solaris 11 Crypto Framework receives FIPS 140-2 certification

NIST has awarded FIPS 140-2 certificate #2060 to the Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and SPARC T5 (Software-Hybrid), and FIPS 140-2 certificate #2061 for the Oracle Solaris Kernel Cryptographic Framework (Software) module.  The certificates are not yet available, however, the details are already posted on the NIST Validated FIPS 140-2 Website listed below.

The Userland Software and Software-Hybrid validations are still in the NIST Coordination phase.  

Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).


« December 2013