Sunday May 31, 2009

Updating to OpenSolaris 2009.06

Update:  See the screencast on how to update at the CommunityOne website.

For What's New in OpenSolaris 2009.06, see this PDF presentation... 

If you have OpenSolaris 2008.11 installed, the repositories have now been updated to include the 2009.06 packages. You do NOT have to do a clean install. Simply update your packages.  The complete download image will be available on Monday June 1st.

However, the Update manager GUI tools will tell you that no new packages are available. You must use the command line tools to update SUNWipkg first. Attempting to run the "pfexec pkg image-update" command will give you a message indicating that you need to run:

pfexec pkg install SUNWipkg

in order to update the package tools. Once this process is complete, you can use the command line or the GUI Update Manager to move to 2009.06. Update manager will create a new boot environment (using ZFS) and make it the default BE. OpenSolaris will be featured prominently during Community One/JavaOne this week.

One more bit of information.  If you have created zones on your opensolaris installation, you may need to uninstall the zones before updating. Otherwise, the update manager will give you an error (for which there is a bugID 8313 )

"Unable to clone current boot environment"

To remove the zones:

pfexec zoneadm -z zonename uninstall

Tuesday Mar 24, 2009

Sharing Folders in VirtualBox

One of the new features of the recently posted VirtualBox 2.2 beta1 is that you are finally allowed to share folders from an OpenSolaris guest to a MacOS host.  This increases the usability of VBox substantially for me because I've been using a workaround for a while.

It's easy to setup the sharing capability in the Virtualbox GUI. With your VM running:

Devices > Shared Folders

Enter the path of a folder on our Mac and the "Share" name that you will be using to reference it on your OpenSolaris system.  The folder name does not need to be related to the actual folder path.

UPDATE NOTE:  In Solaris 11 express build 151a, the initial user is NOT configured as Primary Administrator by default and the pfexec command listed below will not work until you give the user that role. 

  • System > Adminstration > Users and Groups
  • Click on your username and Properties
  • User Profiles tab, select  Primary Administrator and click OK 

On the OpenSolaris side, you need to mount the file system to make it visible to the user.

bash-3.2$ id
uid=101(jlaurent) gid=10(staff) groups=10(staff)

bash-3.2$ mkdir mac
bash-3.2$ pfexec mount  -F vboxfs -o uid=101,gid=10 jlaurent /export/home/jlaurent/mac

This, however, is annoying to do each time you reboot so it would be nice to have the file system mount on boot up.  Adding a line to /etc/vfstab should help.

 jlaurent    -    /export/home/jlaurent/mac    vboxfs    -    yes    uid=101,gid=10

Unfortunately, in my testing, this prevented the system from booting.  Thanks to Michael, I learned that this is because Solaris process vfstab BEFORE it completes the ZFS mount of my home directory in /export/home.  Changing the line to:

jlaurent    -    /mac    vboxfs    -    yes    uid=101,gid=10

Fixed the problem.  

However, it's not very convenient at /mac.  There are a few other options.

You can also add the line you your .bashrc file but that only takes effect when you start a new terminal window.  The best option for me was to place the line in the Gnome session startup scripts.

System > Preferences > Sessions > Add


There's a little trick, however, that was non-intuitive to me the first time I did this.  My file system was NOT mounting on login and I didn't know why.  I checked into my .xsession-errors file and found the message: mount: command not found.

As you can see in the screen shot above, the absolute pathname is required for commands executed during login.

Issues:

StarOffice and Gedit do NOT want to save data back into this folder even though cp and vi have no problem with it.  I'm still researching this issue.



Thursday Oct 23, 2008

Comparing Solaris/OpenSolaris/Red Hat and Win2003 server

Many of you have previously seen my comparison chart for Solaris 10, Red Hat Enterprise Linux 5 and MS Windows 2003, all of which can be purchased from Sun running on Sun hardware.  All of the current open source development effort for Solaris is going on in the OpenSolaris community and Sun has produced a binary distribution of OpenSolaris which is available (along with support contracts) at OpenSolaris.com.  

Development from Sun's engineers and outside contributors continues at a fast pace on OpenSolaris and there are hundreds of projects and thousands of community members.  Occasionally, features from OpenSolaris get back ported to Solaris 10 when there is sufficient business case, customer demand and engineering determines that the new feature will not reduce the stability of Solaris 10.  Past examples includes Trusted Extensions, ZFS CPU Caps and more.  Eventually, OpenSolaris with form the basis for the next major version of Solaris with long term support.  In the mean time, you can put OpenSolaris binary distrbution into production today and get support for it from Sun.

With that in mind, I have updated my comparison chart to included OpenSolaris in addition to the other OSes.

Why should you care?

OpenSolaris provides significant new features for Sun users for developers as well as infrastructure operators. Examples include:

  • ZFS automatic snapshot
  • Network auto configuration
  • Image Packaging system and update GUI
  • CIFS server in kernel
  • Improved Gnome user interface and accessibility
  • More GNU utilities.

Download it today for Intel and AMD based laptops, workstations or servers.

Try it out with Sun Studio Developer tools, optimized AMP Stack or other open source software in our repository.



Friday Sep 12, 2008

Updating your OpenSolaris to the latest build

One of the nicest features of OpenSolaris is the new package management feature.  Using the pkg command you can quickly update your system to the latest bits available in the repository.  It turns out, however, that with OpenSolaris 2008.05 there is a workaround that you must use in order for this to work properly.  It caught me by surprise recently (not reading those forums thoroughly enough).

Like the rest of the world, I downloaded the OpenSolaris 2008.05 ISO image to my MacBook Pro and installed it into (Sun's free and open source hypervisor) VirtualBox 2.0.  The 2008.05 edition is based upon build 86. To get the complete update to the latest build 97, I simply:

time pfexec pkg image-update -v

About 35 minutes later the system has been updated, a ZFS snapshot of my original system has been made and the grub menu automatically updated to add a new boot image.  All I need to do now is reboot.  This is where the pain started.  After the initial Solaris banner, the system simply reset itself repeatedly.

Luckily, thanks to the snapshot, I can still choose the original boot environment from the GRUB menu.

Thanks to the great community of OS Ambassadors within Sun, I had my solution within hours as posted at this forum.

  • beadm list
  • pfexec beadm mount <my boot env> /mnt
  • pfexec /mnt/boot/solaris/bin/update_grub -R /mnt
 
  

Final step was getting my favorite Gnome theme to help my Solaris box look more like a Mac and place the close widget in the upper left corner where God and Steve Jobs intended it to be.

Finally, if you are a Linux user and unfamiliar with the "pfexec" command, see Glenn Brunette's blog about the benefits of pfexec vs. sudo.


Thursday Aug 14, 2008

Updated: Solaris 10 and OpenSolaris enhanced for Intel XEON

I added some additional YouTube video links to my blog on enhancements for Intel in Solaris 10 and OpenSolaris. 

Monday Aug 11, 2008

Updated: Solaris 10 and OpenSolaris enhanced for Intel XEON

Many of you have heard that Solaris 10 and open-source OpenSolaris runs on both SPARC and X86/X64 architectures.  You probably even know Solaris is available on both AMD and Intel processors in Sun servers as well as non-Sun platforms. In fact, Dell, IBM and Fujitsu/Siemens are Solaris OEMs on their platforms. You may even know that Solaris has set a number of world record benchmarks for scalability and performance on the Intel processor.  But do you really know how we did it? 

Sun and Intel work together on a number of areas in the Solaris OS and development tools including:

  • I/O optimizations
  • Scalability and performance
  • Power Management
  • Compiler optimizations
  • Virtualization enhancements
  • Fault Management

There are a number of resources available where you can learn why Solaris is a great choice on Intel XEON processors.

These are just a few of the projects that make Solaris run better than any other OS on Intel Xeon based processors.  Many more have been completed or are planned in the future including enhancement specifically for the Intel Nehalem microarchitecture

Download Solaris 10 or OpenSolaris today and try it out on your favorite Intel based PC, Server or Virtual Machine.




Wednesday Mar 26, 2008

FAQ: Difference between OpenSolaris, Solaris Express etc, etc.

 

I'm often asked the relationship between the various Solaris named products that Sun provides.  Here is my view on them:

OpenSolaris is a SOURCE code project at opensolaris.org from which a number of actual products may be derived including:

  • Portions of Solaris 10
  • Solaris Express and SX Dev. Edition
  • xVM Server
  • Project Indiana

Solaris Nevada is the portion of Open Solaris community code that includes only the kernel (OS and Networking consolidations). Running uname on this build indicates SunOS 5.11.

Solaris Express Community Edition is Sun's binary release for OpenSolaris developers (code named "Nevada"). It is built from the latest OpenSolaris source and additional technology that has not been published in the OpenSolaris source base. This release is unsupported. Developers can build the OpenSolaris source by using this release as the base system. It is updated every other Friday.

Solaris Express Developers Edition, includes Solaris Express Community Edition along with the development tools (Netbeans, Studio etc) in a single installation to simplify life for developers. The Developer Edition is released every three to four months and replaces the Solaris Express monthly release.

Project Indiana is currently in preview edition two.  The OpenSolaris Developer Preview is the first milestone of Project Indiana. It is a single CD combined live/install image: a core operating system, kernel, system libraries, a desktop environment and a package management system. It is not a final release and is intended for developers to try, test, and provide feedback.

Solaris 10
is our enterprise ready, supported version of Solaris.  It is updated less frequently and provdes a stable platform for deployment of long term applications.
 

They are ALL free to download use in a production environment.  If you need support for Solaris 10 you can choose from a variety of Solaris 10 subscriptions on Sun or non-Sun hardware (Sparc, Intel or AMD based).

Monday Mar 10, 2008

Updated: Type Enforcement security project joins the OpenSolaris security community

Update:  Our own architect of Solaris 10 Trusted Extensions corrected me on my statements about MLS capability and Type Enforcement.  I've corrected my table.  Glenn writes in a comment:

It isn't accurate to state that Type Enforcement enables multilevel security. Although you could define relationships between various types that have similar semantics to Bell & Lepadula rules, this is not practical in general. Types, unlike sensitivity labels, don't have implicit hierarchical relationships. Instead the flexibility of the relationships between types is seen as an advantage over the more rigid MLS rules.

One reason this is confusing is that FLASK in SELinux supports both Types and MLS labels, whereas the Solaris implementation of FLASK will just focus on Types since MLS labels are already associated with zones.

 -----

Great News! 

One of the benefits of open sourcing Solaris is the ability to take advantage when "Innovation Happens Elsewhere" (to quote Sun co-founder Bill Joy).  One of the innovative projects that originated elsewhere is an implementation of Type Enforcement (aka "Flask") for OpenSolaris.  Type Enforcement is a form of Mandatory Access Control that has already appeared in the Security Enhanced Linux project first developed at NSA.  SELinux has worked its way from a science project into major Linux distributions today.

What does this mean for Open Solaris?

  • First, it means that we have active development and external contributions to the OpenSolaris community.
  • Secondly, it means that (when completed), customers and governments who prefer the Type Enforcement to Sun's own Solaris 10 Trusted Extensions model, will have that choice without having to give up the other advanced features of Solaris.

Who is doing this work?

When can I get it?

The project has only recently been created at in the OpenSolaris security community.  The source code has yet to be written and posted.   Nothing has been integrated in to the next version (Nevada) of the Solaris kernel yet and there are no plans yet for it to be in Solaris 10.  As the project progresses it may be fully integrated into the Nevada kernel and eventually find its way into a commercial release of Solaris.  Join the community to keep up to date on the latest information.

How will Type Enforcement complement the current Solaris security model?

Read Glenn Faden's most recent blog entry.

Why should I care?

If you have been looking at using SELinux in your project, you should join the community and contribute your comments, feedback, testing and even code to the project creating a better Solaris.


Saturday Mar 01, 2008

DTrace Toolkit makes DTrace easier to use

As an OS Ambassador at Sun, I have spoken hundreds of times around the country about the Dynamic Tracing facility built in (no extra charge) to Solaris 10 since 2005 and part of the Open Solaris community.  I've described it as a "CAT Scan" into the system when we previously only used X-Ray.  I've said that this allows us to be good doctors (healing the sick) rather than coroners (diagnosing the dead).

Many customers, however, are put off by the programming language or 400 page manual that describes DTrace, however and therefore never really get started.  They don't always realize that we have enhanced PostgreSQL, Ruby, Java, PHP and other higher level languages to make good use of DTrace.  They haven't felt the power of being able to root cause any problem in their system.

While DTrace will never be an "Easy" or "Go Fast" button for your system, there are a number of tools that make it more palatable to the casual user.

Dtrace Toolkit

This collection of pre-written scripts provide some easy tools for collecting the type of data that  system administrators are starving for.

DExplorer

DExplorer automatically runs a collection of DTrace scripts to examine many areas of the system, and places the output in a meaningful directory structure that is tar'd and gzip'd.

Chime Visualization tool

Chime is a graphical tool for visualizing DTrace aggregations. It provides an alternative to similar CLI-based tools (such as intrstat) that is more visually appealing and potentially more useful. In particular, its ability to display data over time adds a missing dimension to system observability. Among its recent new features is the ability to display moving averages.

DTrace NetBeans GUI Plugin

Graphical User Interface (GUI) for running DTrace scripts that can be installed into the Sun Studio 12 IDE, NetBeans IDE 5.5, NetBeans IDE 5.5.1, and NetBeans IDE 6.0.

DTrace BidAdmin community

Includes a collection of tips, tricks, documentation and discussions on DTrace

Why should you care?

Want to be a hero?  Use DTrace to determine why your system isn't working properly.  Save you boss money.  Get more transaction through your systems.  We've done this at a number of customers on live, production systems and you can to.  Download the free DTrace Toolkit today and get started.

PS.  For those who think that System Tap in the Linux community is "just like DTrace," see Adam's rebuttal.

Monday Feb 11, 2008

What's new in Solaris Express Developer's release?

Solaris Express developer's release is a regular packaging of the code being developed by the OpenSolaris community targetted towards developers. It contains some of the latest features that we would like our developers to test out and provide feedback for.

Some of the new capabilities that you might like include:

  • xVM virtualization (based on the work of the Xen community) for X64 systems
  • CIFS built into the Solaris kernel
  • Improved installation experience
  • Improved networking and wireless support
  • Improved development, compiler and desktop tools
  • See the complete list
Download the January edition today and let us know

 

Comparing Solaris 10, RHEL 5 AND Windows 2003

My big boss (Bill Vass, President and COO of Sun Federal) has posted a new blog entry describing the updated comparison chart that I've been working on to compare Solaris 10 with RHEL 5.  This time we have added MS Windows 2003 Datacenter Edition.

All three of these operating systems run and are sold and supported by Sun on our X64 based servers featuring Intel or AMD processors. 

Feel free to comment on errors and corrections that you may see.

 

 

Tuesday Feb 05, 2008

Solaris resurgent in European financial community

For those who think Solaris is dead and "Linux" will take over the world, a recent survey by Forrester Research (NOT paid for by Sun) points out that Solaris is one of the top three "strategic" OS platforms. This shows the value of communities and openness in the software space.  More about this at Jonathan Schwartz blog.

Some interesting quotes include:

Solaris is back on the winner's podium. Sun Solaris has regained its "historical significance" in European financial services.

Linux has lost traction.

Pure J2EE is still strategically very important.
 

Want to get Solaris for free?  Download Solaris 10 today or participate in the OpenSolaris community. 

Sun invites you to read the independent Forrester report titled "European Financial Services Architecture Shows Clear Strategic Direction"(January 2008) in which Forrester reports Solaris as one of the top 3 most strategically positioned operating systems in European Financial Services Firms.

Thursday Nov 01, 2007

Installing Open Solaris "Indiana Preview" on my Mac (part 1)

NOTE:  No CD-ROM was harmed in this exercise. I shall waste no plastic before its time.

Warning:  I am testing a Preview product on top of a beta product using virtulization on MacOS.  You results may vary.

This is just what I could get on the blog the first day.  More to come....  First I must prioritize my day job activities!

Wow!  Project Indiana is available today in a developer preview.  I had to have it to see if everything they told us at the recent OS Amb preview was true.  My system:

  • MacBook Pro 2.4 Ghz with 2 GB RAM
  • VMware Fusion 1.1RC1 beta

 What is Project Indiana?

It is intended to be a binary distribution of the OpenSolaris code provided by and supported by Sun.  This developer preview is the first step to a released product expected in March 2008.  It includes the latest technologies and will have a faster changing and shorter life cycle than Solaris 10.  More detail is available at the Project Indiana FAQ.

Who should use project Indiana?

At this time it is intended for developers and testers only.  When it becomes a supported product in 2008, we anticipate it will be used by a wide variety of customers inproduction who required the advanced features of OpenSolaris and can tolerate the shorter life cycle support model. 

How did it go? 

First I downloaded it and read some of the release notes and caveats including important points such as:

  • Live CD format provide (yes that's CD not DVD)
  • X86 version ONLY today (the liveCD uses the 32-bit kernel but will install both 32 and 64-bit capability)
  • ZFS as the native root file system
  • Network Automagic included
  • No custom disk partitioning.

With the ISO on my Mac, I created a VM for it to live in with 1 GB of RAM and 10 GB of disk space.  The ISO booted perfectly into "Live CD mode."  NWAM automatically detected my network address.  I wasted no time in clicking the Installer.  After a few questions about time zone, root password and initial non-root user, the installation started and took about 22 minutes to complete.  After installations was complete, I clicked the Reboot button and the system started up from the virtual HD.  The installation experience was quite easy and fast.

At this time, VMware Fusion 1.1RC1 has a bug that causes the 64-bit kernel to "hang" for about 1-2 minutes during the early boot process.  Changing the Grub menu to boot the 32-bit kernel is a workaround for this issues.

Once I logged into the new Gnome 2.20 interface, I attempted to install the Vmware tools.  This is necessary for the proper screen displays and file sharing. Unfortunately, I received the error that it could not copy a file to /usr/dt/config/Xsession.d/9999.autostart-vmware.user.sh  Manually creating the Xsession.d directory allowed the VMware tools to complete.  Although the installation of tools complete, it caused a problem with login where my keyboard was mapped wrong.  I could NOT log into Gnome because of this issue and didn't have time to workaround it. 

What's different for the user?

  • Default shell is bash
  • Java Desktop System is not installed by default. This means that there is no "Launch" menu in the lower left.  Menus are in the upper right.  Panels are enabled at the top and bottom.
  • /usr/gnu/bin is at the beginning of the user's path
  • There is a minimal set of software loaded.  The pkg command can be used to get additional components from the software repository.
  • The grub menu is now in  /zpl_slim/boot/grub/menu.lst  rather than /boot/grub/menu.lst

Interesting bug/oddities

The file browser lists a "Documents" in the Favorites sidebar, but clicking on it produces an error because it doesn't exist.

Dave Miner has published instructions on how to place Indiana in a USB drive. 

Why should you care?

If you are interested in testing, developing and contributing to the future of Solaris, this preview will give you a taste of where we want Solaris to go and the opportunity to joint the community.



 

Wednesday Oct 10, 2007

BUSTED! 11 Myths about Solaris on X86/X64 platforms

Most Sun employees and Solaris fans know that Solaris has run on X86 platforms since 1994  However, in my visits to customer sites as an OS ambassadors I hear these questions frequently.  Today, I'd like to dispel some of the most common myths about Solaris.

Myth: Sun is not serious about the X86 market.

At this time, Sun is the 3rd largest server vendor in the world and #5 in the x86 server market. We have a variety of hardware platforms using the Intel and AMD chips from under $1000 to complete blade server systems.  We have two OEMs for Solaris signed up (IBM and Intel) with more expected to come in the near future. Intel recommends Solaris as the enterprise OS for their Xeon processor family. We have also agreed to become an OEM for MS Windows server software. We can sell, train, support and take your trade-ins on our complete line of SPARC and X86 systems.  We are QUITE serious.

Myth: Solaris on SPARC and X86 platforms are different OSes.

There is only one Solaris source code base.  You can see and contribute to it at the OpenSolaris web site. 95% of the code is common.  Examples of code that is NOT common includes chip specific features such as memory management, cache, hardware features, boot proms and virtualization technologies.  Features such as Solaris containers, SMF, ZFS, Trusted Extensions, resource management and more work the same on Sparc, X86 or virtualized platforms such as VMware.

Myth: Sun's support organizations are different for SPARC and X86 platforms

The same engineering and customer support team is used to design, develop, test and support Solaris.  You can call 800-USA-4-SUN and get support for Solaris whether it is on Sun systems or any of the over 900 systems on our hardware compatibility list.  Many of our engineers actually do their development work on PC hardware. 

Myth: Solaris for X86 platforms is not on the same schedule as SPARC platforms

Solaris updates and patches are released at the same time for each platform.  The only exception to this is when a patch ONLY applies to a specific platform, such as an Intel memory management fix that does not apply to AMD or SPARC chips.

Myth: You can only get Solaris from Sun

IBM recently announced that they will be selling Solaris for their blade and rack mounted servers.  We anticipate more companies to announce OEM agreements in the future.  Intel has also announced that Solaris is its preferred OS for enterprise deployment on Xeon platforms.

Myth: Solaris only runs on a few X86 platforms.

The hardware compatibility list has hundreds of platforms from Sun, HP, Dell, IBM and others.  It includes the latest Quad-core Intel and AMD chips, blade servers and more. Of our 10 million Solaris registrations, 63% of them were on non-Sun platforms.

Myth: Solaris doesn't work on VMware

Solaris 10 is a supported platform in the VMware support matrix. VMware is also listed at the Sun hardware compatibility list. Pre-built Solaris vmware images at the Sun Download Center

Myth:  It's too hard to move code from Solaris 8 to 10 or from SPARC to X86 platforms.

Solaris is guaranteed to be binary compatible moving forward from Solaris 2.5.1 on each platform.  This means that a binary running on an Ultra 2/2.5.1 can be transferred to Solaris 10 on Sun's latest T2000 and is GUARANTEED to run.  In addition, Solaris is source code compatibile between the two instruction sets.  If you need assistance on the best compiler practices for building 64-bit applications or using the proper performance options see the huge collection of white papers at our Solaris developer's portal.

Myth:  Only Solaris Nevada, OpenSolaris or Solaris Express run on X86 hardware.

Our production ready distribution of Solaris (known as Solaris 10) was first released in March 2005 with complete support for SPARC and X64/X86 platforms just as it has since 1994.  Available for Solaris 10 is enterprise level support and a long life cycle.  Our development for the next version of Solaris (known as Nevada) is currently ongoing as an open source project at www.opensolaris.org.  Periodically we produce binary versions known as Solaris Express community edition or developer edition for users to try out new features. Download Solaris 10 now for free for both SPARC and X86 platforms.

Myth: Solaris is hard to install

If you've heard this before, please check out our latest Solaris Express Developer's Edition.  It has an updated installer, improved wireless networking support and simpified networking setup. Our Flash archive, Live upgrade and jumpstart technologies simplify data center practices for patching and upgrades.

Myth:  You have to dedicate an entire PC to test out Solaris

Solaris works quite well in multi-boot or virtualized environments.  The vast majority of Sun system engineers run Solaris either on a Windows or Linux-based PC or in a virtual machine such as VMware Fusion or Parallels on MacOS X. Solaris include the GRUB boot loader to allow you to choose between multiple OS images to boot. We make virtulization easy with pre-built Solaris vmware images at the Sun Download Center

Bonus Myth (thanks to Bob for Suggesting)

Myth: There are no open source or ISV applications for Solaris on X86 platforms.

You can find a prepackaged and easy to install repository of the most common open source applications from blastwave.org.  Solaris on X86 has more ISV packages than Red Hat and other competitors.  Many freeware packages like PostGreSQL, gcc, gmake, perl, apache, webmin and more are built into Solaris or included on the companion CD.

Tuesday Aug 28, 2007

Linux Shop Embraces Solaris and Chip multi-threading on T2000

See this excellent article at ServerWatch that describes how web startup Real Time Matrix found that Solaris 10 met their needs better than a Linux based OS.

ServerWatch quoted the CEO: "We need a stable, robust infrastructure to process millions of items a day, match against millions of preferences and run 24/7," said Jeff Whitehead, CEO of The Real Time Matrix Corp of Oakland, Calif. "For high-speed, high-performance, 100 percent raw computing, we are finding it is cheaper and better on Sun and Solaris." 

"For us, Solaris was a no-brainer," Whitehead said. "We immediately went from a couple of hundred to 10,000 matches per second and up to 32 concurrent processes."

He couldn't argue with the results obtained on the T2000 running Solaris. It replaced six x86 boxes and is cheaper to run.

"Our administrative costs went down with the one big machine as we can segment it," Whitehead said. "But with our business model requiring high-speed, high-performance, 100 percent uptime and maximum raw computing power, we are finding it is cheaper and better to be on Sun and Solaris. I'd estimate that we spend 50 percent less than if we had we gone with our original power, hardware and leasing arrangement."

Why you should care

If you want an open source OS that runs on Intel, AMD and Sparc commodity processors, Solaris 10 is free to download and put into production.  Check out our Startup Essentials program to help you get started.


 

 

Thursday Aug 16, 2007

IBM Chooses Solaris!

IBM has agreed to be an OEM for Solaris subscriptions on it's X-series and Blade Center servers.  Read the complete press release and audiocast

Excerpts:

Bill Zeitler, senior vice president & group executive, IBM Systems & Technology Group says, "IBM is the first major x86 vendor to have such an agreement with Sun; and the first big vendor apart from Sun to offer Solaris on blade servers. 

"We're thrilled to be working with IBM to bring the Solaris OS to the broadest market possible - they are a natural partner for Sun," said Jonathan Schwartz, president and CEO of Sun Microsystems. "Solaris adoption continues to accelerate, among both the open source and commercial communities -- driven by bundled virtualization for servers and storage, support for thousands of ISVs, including nearly the entirety of IBM's software portfolio, and outstanding operational economics. Solaris is clearly a choice customers are demanding." 

 Why should I care?

 I frequently get told that a customer's reason for choosing Red Hat over Solaris is that RHEL can be purchased from multiple sources.  Customers now have the choice to purchase Solaris subscription support from Sun or from IBM (can HP and Dell be far behind?)


 

Thursday Apr 12, 2007

Ian Murdock Joins Sun as Solaris strategy officer

OK, I admit that this is old news.  I've been on vacation and consumed by my day job and have been unable to comment for a while. 

Who is Ian Murdock?  He has both a blog and a Wikipedia entry for the full details.  Primarily he is the founder of Debian and has been heavily involved in the open source movement for years.

What will he do at Sun?  According to this article, as the Chief Operating Platforms Officer he plans to make Solaris more Linux-like.  He's NOT referring to the Linux kernel, however, but the user environment built around the Linux kernel.  This includes developer tools, admin tools and user interfaces.  We wouldn't want to use a Linux kernel because the Solaris kernel is better and provides a stronger platform for innovation.

What would I like to see him do at Sun?  As a systems engineer at Sun, I'm fortunate to have the skills to deal the the "idosyncracies" of Solaris.  However, as a computer user who is 100% Microsoft free (Solaris at work and on my laptop, MacOS X at home), I would like to see him bring better usability to Solaris in a number of areas including:

  • Quicktime built into Solaris
  • Improve ability to add open source packages
  • Simple, accessible management tools
  • Easier installation process
  • Suspend/resume on laptops

On a broader basis, I think he needs to:

  • Improve the credibility of Solaris in the various open source communities with which we interact (having come from the Free Software Foundation, he should know how they think)  This may include changing the license model for OpenSolaris
  • Increase the "cool" factor for Solaris with high school and college students as well as developers and customers.
  • Work with our enterprise customers to get the message out louder and clearer that:

Welcome on board Ian and good luck!

Why should you care?

The hiring of Ian Murdock is a strong message from Sun to the industry and developer community that Solaris will continue to be a focus area for Sun, and we will improve its market position on Intel and AMD platforms (from Sun or other vendors).

If you have more questions about Sun's strategy for Solaris and are a US Federal Government customer, contact Sun Federal at 703 204 4100 in McLean VA.


 


 


Wednesday Mar 07, 2007

FAQ: Securing Solaris for use in the US DoD

As an OS Ambassador at Sun who works very closely with the US DoD, I'm frequently asked how one secures Solaris for use in the DoD. The definitive source for this information is the DISA Field Security office "Security Technical Implementation Guide" (aka STIG). DISA owns and operates the data centers and neworks for the US DoD. Security checklists and about 500 pages of documentation are included. 

They can be downloaded at: http://iase.disa.mil/stigs/stig/index.html

In addition, DISA provides "Security Readiness Review" scripts which audit your system and report discrepancies.  They were last updated in January 2007 and include S10 support.  The SRRs are available at: http://iase.disa.mil/stigs/SRR/index.html

Some DoD organizations have created a Solaris Security Toolkit profile which accomplishes about 90% of what the STIGs require. The SST is Sun's supported "security lockdown tool" that is a free download and easily customizable. It typically executes in about 4 minutes drastically reducing the time required to secure a system and providing automated, reproducible  results.  The SST also include "undo" and "audit"  functions. The SST can significantly reduce the time that it take you to reach "Authority to Operate" status on a DoD network.

The DISA STIGs require a wide variety of changes to the Solaris OS including:

  • Solaris auditing enabled with specific items being audited.
  • Basic Auditing and Reporting Tool enabled
  • root home directory changed to /root
  • McAfee antivirus installed (yes, even though it really only checks for Windows viruses)
  • Massive permissions and umask changes
  • TCPwrappers enabled
  • certain services must be disabled (FTP, Telnet etc)
  • Certain commands must be disabled (snooop, rsh, rexec etc)
  • Password history, lockout and construction settings
  • Banner page changes
  • PROM password settings
  • etc.

Other documents that might be of interest for security conscious customers include:

Why should you care?

 The US DoD takes computer security very seriously.  Their STIG documents provide a detailed definition of all the activities required to secure a Sun Solaris system.  Utilization of their tools and method can result in a highly secure data center operation.

The Solaris Security Toolkit can simply this process and make to predictable, repeatable and faster than a manual process.

For the highest level of security (equivalent to the old NSA B1 level) Solaris 10 11/06 includes the capability to at Trusted Extensions to your environment. Solaris Trusted Extensions provide full label aware services to meet the most stringent multi-level OS requirements.


 



About

Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today