By user12611852 on Oct 14, 2008
As an OS Ambassador for Sun Federal, I'm frequently asked the questions:
Are Solaris containers "certified" for use by the US Government or DoD?
- Short answer: Yes! Read on for the long answer.
- Solaris 10 has received the highest commercial level of Common Criteria Certification. This is known as EAL4+ and we did this using 3 protection profiles:
- Controlled Access Protection profile
- Role Based Access Control Protection Profile
- Labeled Security Protection Profile
- If you review our documentation and security target, you'll find that the "Trusted Extensions" component of Solaris 10 which implements the LSPP is based upon Solaris containers. We use Solaris containers in a unique manner by providing each container with a security label which cannot be violated by a user inside the container.
- In addition, you should note that Sun includes the GUI, Multi-level desktop (Gnome and CDE), LDAP server and management tools in our evaluation. Red Hat's CC evaluation is for a command line installation only.
- I'm unaware of any other government "certification" which would apply to Solaris containers. If you know of any, please let me know.
Who is using Solaris containers in the US Government?
- My customer, DISA, is using containers in their Defense Enterprise Computing Centers as part of the Capacity Computing contract that they awarded to Sun in 2006 to provide Solaris computing on demand. They have used containers and Sun's capacity computer service to experience significant consolidation and cost savings for the taxpayer. This is being done on classified and unclassified networks.
- DISA's mission critical Global Command and Control System is also using Solaris containers to support the warfighter.
- The US Air Force used Solaris containers and Logical Domains to provide significant savings in floor space and improved system utilization for their Global Combat Support System.
- The US Army is using Solaris 10 and Sun Cluster Software
- I'm certain that the are many other examples of which I'm not aware because of the fact that Solaris 10 containers are:
- Built into Solaris 10 since 2005
- Free to use and deploy
- Lower overhead, easy to use virtualization tools
Is Solaris 10 (or MySQL or JCAPs other other Sun product) on my federal agency's "approved products list?"
- Whenever I get this question I ask my own questions:
- For which agency?
- Please show me a public web site that hosts the "approved products list."
- Whom should I contact to have my product added to the "approved products list?"
- What are the specific requirements to be on the "approved products list?"
- In many cases I'm met with blank stares and the person who asked me the question doesn't know where to find the APL. Sometimes it doesn't actually exist. In other cases there are waiver procedures available to bypass the APL. While I'm not saying that there are no APLs in federal agencies, I believe that a lot of people believe that there is when there isn't. There most certainly is NOT one big APL for the federal government or DoD.
- One example of an APL is the DoD's Joint Interoperbility Test Command's IPv6 APL. There you will find Solaris 10, and we are in the process of adding additional products.
Solaris 10 is in use today in a wide variety of government and DoD applications including many of its advanced features such as containers, ZFS, SMF and much more.