Tuesday Jul 07, 2015

Oracle Solaris 11.3: Securing and Simplifying the Enterprise Cloud

This morning, we’ve opened up access to the beta release of Oracle Solaris 11.3.  If you’ve been following along (and if not, why not?), you know there have been some big advances in Oracle Solaris 11, including lightning-fast intelligent provisioning and maintenance, and some key additions to our already highly-regarded “defense in depth” security.

Most notable for the latter is the work we’ve done to simplify compliance checking and mitigation, making it possible for administrators to quickly and easily check system security configurations against industry standards, and get a “report card” showing compliance, with guidance for any areas that may need addressing.

Oh, and did I mention fully-integrated OpenStack?  This is a win in two ways: it not only brings access to the fastest growing open cloud platform to Oracle Solaris users, it brings the incredible breadth of Oracle Solaris enterprise capabilities to the fingertips of OpenStack users.

…and that of course brings to mind some of the above-mentioned Oracle Solaris 11 features, such as built-in, zero-overhead virtualization, a new and super-powerful Unified Archive capability for rapid, safe, compliant deployment, and all the things we’ve done in terms of performance and administrative ease to make Oracle Solaris the best platform for deploying both Oracle’s own and 3rd party software.

So what’s left to do?  In this beta release, you'll find we're taking those capabilities and making them even better.

OpenStack: We’ve moved forward to the OpenStack Juno release, and also done some behind-the-scenes work to make it easy to continue to bring you new OpenStack goodness quickly and reliably.


Virtualization: In Oracle Solaris 11.2, we introduced “Kernel Zones”, making it possible to deliver hypervisor agility while still maintaining the low overhead and ease of administration you expect from Zones.  In 11.3, we introduce secure live migration for Kernel Zones,  live zone reconfiguration, and verified boot.

And, we’ve extended the new Zones on Shared Storage (ZOSS) capabilities.  You can now place zones on FC-SAN, iSCSI, or NFS devices.

Oracle Solaris 11.3 is all about “more”, so now you have more flexibility and more security in your virtualization.

Database: If you’re an Oracle Database fan, you know we’ve been giving you “more” for years: more observability, more performance, more flexible administration.  Now we’re also giving you “less” — less down time.  We’ve slashed database startup and shutdown times.  These are not only faster than it’s ever been on Solaris; it’s faster—a lot faster—than on any other platform.

Security: We’ve extended the compliance capabilities mentioned above, so that you can more easily tailor compliance policy configurations to suit your site’s requirements.  Oracle Solaris and Oracle Solaris Studio are also ready for Software in Silicon application data integrity (ADI).  To learn more about this and start working with it today, visit the SWiS Cloud.

Data Management: You've already come to know and love what Oracle Solaris brings to the table with the first 21st century filesystem, ZFS.  In Oracle Solaris 11.3, we extend its built-in compression capabilities to include LZ4 support, we give you the ability to compare snapshots recursively, and have introduced a wealth of scalability and performance improvements to make it faster than ever. We’ve also enhanced its monitoring features, and upgraded its built-in SMB support.

There’s more than this, but this should give you a taste of what we’ve got in store for you today.  You can download it now, and take a look at the “What’s New” document to see what we’re doing to make your data center cloud-ready, secure, fast, and simple.


Monday Apr 27, 2015

Oracle Solaris at OpenStack Summit in Vancouver

Oracle is a premier sponsor for the upcoming OpenStack Summit in Vancouver.  We'll have representation from teams all over the company -- including Oracle Solaris, of course.  There's going to be lots to share and discover; will you be there?  Register today.

When you're at the conference, be sure to see Oracle Solaris engineering VP Markus Flierl's talk:

Making OpenStack secure and compliant for the enterprise
Tuesday, May 19
2:50 p.m. to 3:30 p.m.
Room 116 / 117

As you might imagine, security, compliance, and the cloud are hot topics these days, so this promises to be an interesting session.  But we've been working on a lot more than that, so make sure you get a chance to talk with the team to find out what else is in store.  You'll find them at booth P9 on the Marketplace Expo floor.

To stay up-to-date with all things OpenStack at Oracle, be sure to follow the Oracle OpenStack blog.

OpenStack Summit Vancouver 2015
May 18-22, 2015
REGISTER NOW


Thursday Jul 31, 2014

Oracle Solaris 11.2 and Oracle Solaris Cluster 4.2 Now Available

Oracle Solaris 11.2 is now in full release (aka "General Availability"), and that means there are even more great things for you to take advantage of. Although there’s been a lot written about it since the launch event in April, it’s worth taking a step back and considering what it all means.

“Zero to Cloud” in minutes

A lot of the press for this release has been about OpenStack, but how does it really help our customers?  First off, OpenStack itself has some very compelling features. It’s an open, interoperable way to deploy and manage compute, network, and storage resources through a single management pane — so just that adds a lot more power to Oracle Solaris.

However, where the combination of Oracle Solaris and OpenStack (the "Havana" release, by the way) really shines is deep integration in three directions: with Oracle Solaris’ existing and new underlying features; with the Oracle stack; and, with products from literally hundreds of other companies that are also part of the OpenStack project.

Let’s use that integration to introduce some of the other new features in 11.2, and how they tie in.

Unified Archives

11.2 introduces the latest addition to an area that has seen, in my opinion, the biggest advances since Solaris 10: provisioning, installation and software maintenance.  Or, just “software life cycle”, for short.

With IPS, AI and fully-integrated boot environments, this is more than just a major leap from where Solaris was before; it put us far ahead of what other companies are offering, by simplifying and accelerating the end-to-end delivery and upkeep of service environments.

Unified Archives is a worthy addition to this list. It gives our customers the ability to create a single system archive that can be installed over the net or booted locally, and then installed in either physical or virtual environments.

All of this is deeply integrated with Glance, OpenStack’s image service, meaning that OpenStack users get instant access to many of the most sophisticated capabilities Oracle Solaris offers, using the same standardized management tools and APIs used on other platforms.

Kernel Zones

Oracle Solaris built-in virtualization capabilities just got a boost in flexibility.  Individual zones can now be further isolated from their underlying global environment without sacrificing the enormous scalability advantages they give. Zones can now have their own separate kernel instance, allowing them to be updated separately and run at different version levels than the global zone or other zones.  This sets the stage for other benefits in the future; more on that later.

The OpenStack compute scheduler (Nova) leverages the virtualization capabilities built into Oracle Solaris, allowing provisioning and updating on bare metal or any of the variety of virtualization options available.

SDN - Elastic Virtual Switch

Software-defined networking (SDN) has been enhanced throughout the life of Oracle Solaris 11, and in 11.2 we introduce the Elastic Virtual Switch, extending SDN capabilities throughout a collection of physical or virtual systems. Again, it’s manageable through the Neutron component of OpenStack, and is also fully integrated into Oracle Solaris Zones.

And even better, it’s tied into higher-level application layers—Oracle Database and Java applications can  define how they use the network, making it possible to define service levels throughout a cloud environment.  This not only simplifies network configuration, it simplifies both management and hardware requirements, driving down both acquisition and support costs throughout your service deployment life cycle

Security and Compliance

Oracle Solaris’ reputation for security is well-established (and well-deserved), but a key “lifestyle” choice we made a few years ago—adding a compliance framework as a fundamental part of the OS—is getting even more feature-rich.  In Oracle Solaris 11.2, we introduce the compliance command, based on the SCAP standards and protocol suite.  This allows you to run preconfigured assessments, based on security and compliance benchmarks.  We also include ready-made benchmarks against PCI-DSS and our own internally-developed recommended standards. These can all be customized for your environment.

Also of note is a new extension to the concept of “Immutable Zones”, the ability to give a zone a read-only root environment, making it essentially “tamper-proof”.  In 11.2, we extend this concept to the global zone.

And of course, this is all designed and integrated so that it can be leveraged through OpenStack.

Is that all?

There’s more, of course — OpenStack integration with ZFS technologies makes cloud data management simpler, more reliable, and incredibly scalable; we’re adding even more standard management capabilities such as Puppet and Chef ...and we haven’t even talked about Oracle Solaris Cluster 4.2 yet!

If you aren’t one of the thousands who have already tried Oracle Solaris 11.2 during its beta release, now’s the time to dig in and learn more.

Download: Oracle Solaris 11.2

Friday May 10, 2013

Oracle Solaris Security Recommended Reading

A few recent security-related items you may not have seen yet:

First off, we have a new paper on achieving compliance with security standards using Oracle Solaris 11:

Oracle Solaris 11 and PCI DSS Compliance

This paper specifically takes a look at how customers can use Oracle Solaris 11's extensive security features to comply with Payment Card Industry (PCI) security practices--as you can imagine, customers who need to deal with this want to make sure it's done right. However, the practices it covers are applicable to most any sort of regulatory standards, including SOX, HIPAA, and whatever else your particular auditors might throw your way. This paper was put together by Oracle Solaris engineering in conjunction with a PCI auditor. If you have any feedback on this, be sure to add a comment below; I'll make sure the right people see it.

Meanwhile, Oracle Solaris security expert Glenn Faden, aka "Trusted Blogger," has come out with several new posts. A couple in particular are based on requests for an explanation of the differences between the security models in Oracle Solaris and other environments such as AppArmor and SELinux.

Friday Nov 02, 2012

Oracle Solaris 11.1 Blog Post Roundup

Here are a few recent posts about the also-recent Oracle Solaris 11.1 release:

Title Author
What's New in Solaris 11.1?
Karoly Vegh
New ZFS Encryption features in Solaris 11.1
Darren Moffat
Solaris 11.1: Encrypted Immutable Zones on (ZFS) Shared Storage
Darren Moffat
High Resolution Timeouts Steve Sistare
Solaris 11.1: Changes to included FOSS packages Alan Coopersmith
Documentation Changes in Solaris 11.1
Alan Coopersmith
How to Update to Oracle Solaris 11.1 Using
the Image Packaging System

Peter Dennis
svcbundle for easier SMF manifest creation
Glynn Foster
Controlling server configurations with IPS
Bart Smaalders
IPS changes in Solaris 11.1, brought to you by
the letter ‘P’

Tim Foster

You can also see Markus Weber's list of interesting posts about Oracle Solaris 11 from last year, or take a look at my shortcut on how to search for Solaris posts by tag.

(Got some more? Leave a comment below.)

If that's not enough information for you, don't forget to register for next Wednesday's Oracle Solaris 11.1 and Oracle Solaris Cluster 4.1 webcast with a live Q&A. It's November 7th, at 8 AM PT.

The last time we did this, we got almost 300 questions, so for Wednesday, we're making sure we've got lots of engineers with fingers poised over their keyboards, ready for action.

Sunday Sep 30, 2012

Scenes from OpenWorld Day One

A romantic photo opportunity on the Moscone North stairwaySunday's the day that everything comes together, but there's always that last minute scramble. Here are a few peeks at what everyone's doing, and may still be doing far into the night.

This is the team putting the final touches on the Hands-On Lab room for  HOL10201, "Reduce Risk with Oracle Solaris Access Control to Restrain Users and Isolate Applications". This should be a great learning experience--plus it's a chance to meet up with some of the top Solaris security people, including Glenn Faden and Darren Moffat.

And here's the OTN Garage's own Rick Ramsey, working feverishly to help set up the Oracle Solaris Systems Pavilion. (Moscone South, Booth 733). Several of our featured partners will be demonstrating solutions running on Oracle Solaris systems -- plus, we'll be serving espresso, to help you power through the week.

DEMOgrounds

Another panorama shot, courtesy of iOS 6 -- come for the maps, stay for the photos....

Moscone South is also home once again this year to the systems and storage DEMOgrounds. Plenty to learn and see; you might even catch a glimpse of me there on Tuesday afternoon.

About

Security. Speed. Simplicity.
An efficient, open, affordable cloud platform for SPARC and x86 systems.

Search

Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
8
9
10
11
12
14
15
16
17
18
19
20
21
22
23
25
26
27
28
29
30
31
 
       
Today