Thursday Jul 30, 2015

Docker coming to Oracle Solaris

It seems like you can't stop the good news at the moment. Hopefully you've already seen the announcement about Oracle joining the Open Container Initiative; to follow that appetiser today we announced that we will be bringing Docker over to Oracle Solaris.

For me the last year or so has been fascinating as the other parts of the industry first discovered and then got really excited about OS virtualization and containers, something we've had in Oracle Solaris for a long time. The move to the cloud, the rise of DevOps, microservices and all the ecosystem around that just seems like the perfect storm for container adoption. Could it be the silver bullet that some IT people are looking? Possibly, it certainly is a significant step in the right direction. On a personal level it is also satisfying to see a technology I have so much personal faith in go "mainstream".

Which brings us to our own mature container technology Oracle Solaris Zones (originally called Solaris Containers). It started out being used as a virtual environment for developers but its zero overhead, scalability and - very important in today's climate - high security meant it soon moved to facilitating consolidation and running every kind of app, from small web servers to gigantic databases. Our customers then showed their smarts and brought business agility to the picture with things like rapid deployment and flying zones, extending the value of zones in the data center. Just recently we had an addition to the family, Kernel Zones which, unsurprisingly gives you a zone with an independent kernel. You can now check them out doing secure live migration in our Oracle Solaris 11.3 Beta release. Finally (well I can't mention everything we've done that would be a book not a blog) it all underpins the Oracle Openstack for Oracle Solaris distribution we made available.  

And so we come to our latest adventure and our announcement that we will bring Docker over to Oracle Solaris. The combination of Docker and Oracle Solaris is particularly nice because on the one side Oracle Solaris delivers a great undercloud: secure, speedy and simple. And on the other Docker helps get your apps distributed, packages them up, makes them available to all, and avoids inconsistencies across different platforms in a way that is open. Now you can get your applications securely into production faster than ever.

It's great to join the Docker party, I'm certainly looking forward to working with the Docker community and watching this project grow and develop. Hopefully you'll join us on the ride.

Friday Jul 24, 2015

Oracle Joins the Open Container Initiative

As you may have heard, Oracle has joined the Open Container Initiative (OCI). We are happy to see an open standard being established for container technologies. We feel containers have some real advantages for cloud deployments when used properly, and we see this as an opportunity to bring our experience with containers to the community. You see, our interest in container technologies didn’t happen recently. We’ve been working on them for more than 10 years.

I find it amusing that the industry has come full circle on containers. With the OCI and technologies like Docker, we’ve comeback to application containers, which is where Solaris originally started with zones.

When I was a kernel engineer in the early 1990’s, we used chroot(1) to create build environments so that the build wouldn’t modify the system we were running on. That worked, but it didn’t prevent me from accidentally performing “rm –rf *” as ‘root’ one night at 2am working against a deadline and not realizing I was not in the chroot environment. (Ouch!) My admin team friends never let me live that one down.

Then, there were BSD Jails. They were the next step in container technologies. They helped prevent those kinds of stupid user mistakes by partitioning a system up into a virtualized environment.

In 2005, Sun Microsystems introduced containers in Solaris 10, called Solaris Zones. Originally, the engineers wanted to build lightweight application containers. This was at a time when the industry was moving toward virtual machines, and it was decided that a full OS container would be better.

Over time, we added great capabilities to Solaris 10 Zones like resource management and exclusive IP Stacks. Security has always been a focus for Solaris and was one of the driving reasons for containers as a technology. Now, you didn’t need to share the stack any longer. We embedded those capabilities into Trusted Solaris. Oracle certified Solaris Zones as a hard partition boundary. So, you could run the Oracle Database in a Solaris Zone and reduce your license costs and only use the hardware you needed; a benefit that’s still in use today.

The work didn’t stop there; we introduced other types of zones, which we use today to support older releases of Oracle Solaris in a zone. And there was even a time when Solaris supported versions of Linux in a zone.

After the Oracle acquisition of Sun Microsystems, the rate of innovation accelerated. Oracle infused new life (and money) into (now) Oracle Solaris development. The Zones team grew significantly.

With the first release of Oracle Solaris 11 11/11 (Yes, we really did that), we gave zones the ability to create secure virtual networks with our built-in network virtualization, code named “Crossbow”.

Continuing on the theme of security, with Oracle Solaris 11, you could delegate administration for Oracle Solaris Zones. You no longer had to give the “Zone Administrator” administrator privileges for the entire system.

We added the ability to update and rollback zones seamlessly with the Boot Environments made possible with the integration of ZFS as the root file system. This meant user errors could simply be rolled back rather than having to hand unroll changes or take backups for every change that was made to a system or a zone. But one of my favorite capabilities of zones was the Immutable Zone! With Immutable Zones, you can make a Zone read-only (or partially read-only) so that not even the almighty “root” can modify it... Hmm... Too bad we didn’t have zones and ZFS when I was a new engineer!

Amazingly, that’s only a few of the highlights of zones in Oracle Solaris 11 11/11. There are many, many more.

Oracle Solaris 11.1 was released about one year after Solaris 11 and we added zones on shared storage (ZOSS). ZOSS allows you to host a zone on a remote disk.

About 18 months after the release of Oracle Solaris 11.1, we released Oracle Solaris 11.2. This was a milestone release for the Oracle Solaris Zones Team (now known as the Oracle Solaris Virtualization Team). Speed has also always been a critical motivating factor for containers. But, with that speed, there’s a tradeoff with containers. That is flexibility. With containers, you share the underlying kernel. So, when you need to patch a container, you patch all the containers on a system at the same time, and then you need to reboot the system, and thus, take all the containers down at the same time! There go your SLAs!

It was about the time that we were releasing Oracle Solaris 11.2 that containers began to get traction as a viable virtualization technology for cloud. I remember reading an article while I was waiting in an airport lounge that said that containers were going to “save the cloud.” I found it ironic that this person had just seemingly come to the conclusion that full virtual machines had a significant amount of overhead that was impacting efficiency of cloud technologies.

I found this particularly funny because I was about to get on an airplane to go tell hundreds of people about 11.2 and a new type of container our team had built into Oracle Solaris 11.2 that acts like a type-2 hypervisor. We call them “Kernel Zones.” So, you are able to run a full kernel in a container, solving one of the biggest problems container technologies have. But even more importantly, our brilliant engineers managed to make the new kernel zones have only marginally more overhead on the system than what we now call a “Native Zone.” So, you get the performance of a native zone (container) and the flexibility of a type-2 hypervisor for Oracle Solaris without the hypervisor overhead. You can read more about kernel zones here.

But kernel zones, while great, aren’t the entire picture. In Oracle Solaris 11.2, we also gave you the ability to reconfigure a Zone while it was running. No more reboots to add memory, disk, CPU, etc.! When you combine that capability with Oracle Database running in an Oracle Solaris Zone, you have the ability to do capacity on demand for the Oracle Database. Allowing multiple Oracle Databases to share a single system in a secure way that doesn’t impact their performance. That’s just cool.

In Oracle Solaris 11.2, we also gave you a full distribution of OpenStack, now called Oracle OpenStack for Oracle Solaris, where we tightly integrated both Oracle Solaris Zones and kernel zones into OpenStack Nova compute.

The final piece to the Oracle Solaris 11.2 puzzle with Zones is Unified Archives. Zones is integrated with Unified Archives. So, you can snapshot a running Zone, and redeploy it elsewhere easily, but because of the integration, you can resize the Zone as it’s being deployed and change the type of virtualization too. So, your dev/test environment is only a 2 vCPU Zone with 2GB of RAM. But you want to deploy it into a much larger 128 vCPU/8TB Immutable Kernel Zone? Engineers use virtual machines, but your production environments use containers or the other way around? No Problem! Just change the virtualization type and/or the size as your needs demand.

Earlier this month, we announced Oracle Solaris 11.3 Beta. You can download it here. In Oracle Solaris 11.3, we give you secure live migration. What makes our live migration “secure?” We automatically offload the Zone to the processor crypto engines as it’s being transmitted from the source. Then, on the destination, we decrypt it via the same hardware automatic hardware offload. Meaning that the Zone is secure during the migration, and there is nearly no performance penalty to do it. Making security simple is one of the important things we focus on. The more complicated security is, the less likely people will get it right. Here’s just one way we make it simple to be secure.

Now, with the Open Container Initiative, we have the opportunity to take all of that technology we’ve been building into Oracle Solaris Zones, and apply them to the original concept zones were born out of, application containers. It’s been more than 10 years in the making, but we’ve come back to our roots.

It’s going to be interesting to see where we go next and where this all takes us. We look forward to being a part of the Open Container Initiative.

Keep an eye out for some more news coming very soon.

Tuesday Jul 07, 2015

Oracle Solaris 11.3: Securing and Simplifying the Enterprise Cloud

This morning, we’ve opened up access to the beta release of Oracle Solaris 11.3.  If you’ve been following along (and if not, why not?), you know there have been some big advances in Oracle Solaris 11, including lightning-fast intelligent provisioning and maintenance, and some key additions to our already highly-regarded “defense in depth” security.

Most notable for the latter is the work we’ve done to simplify compliance checking and mitigation, making it possible for administrators to quickly and easily check system security configurations against industry standards, and get a “report card” showing compliance, with guidance for any areas that may need addressing.

Oh, and did I mention fully-integrated OpenStack?  This is a win in two ways: it not only brings access to the fastest growing open cloud platform to Oracle Solaris users, it brings the incredible breadth of Oracle Solaris enterprise capabilities to the fingertips of OpenStack users.

…and that of course brings to mind some of the above-mentioned Oracle Solaris 11 features, such as built-in, zero-overhead virtualization, a new and super-powerful Unified Archive capability for rapid, safe, compliant deployment, and all the things we’ve done in terms of performance and administrative ease to make Oracle Solaris the best platform for deploying both Oracle’s own and 3rd party software.

So what’s left to do?  In this beta release, you'll find we're taking those capabilities and making them even better.

OpenStack: We’ve moved forward to the OpenStack Juno release, and also done some behind-the-scenes work to make it easy to continue to bring you new OpenStack goodness quickly and reliably.

Virtualization: In Oracle Solaris 11.2, we introduced “Kernel Zones”, making it possible to deliver hypervisor agility while still maintaining the low overhead and ease of administration you expect from Zones.  In 11.3, we introduce secure live migration for Kernel Zones,  live zone reconfiguration, and verified boot.

And, we’ve extended the new Zones on Shared Storage (ZOSS) capabilities.  You can now place zones on FC-SAN, iSCSI, or NFS devices.

Oracle Solaris 11.3 is all about “more”, so now you have more flexibility and more security in your virtualization.

Database: If you’re an Oracle Database fan, you know we’ve been giving you “more” for years: more observability, more performance, more flexible administration.  Now we’re also giving you “less” — less down time.  We’ve slashed database startup and shutdown times.  These are not only faster than it’s ever been on Solaris; it’s faster—a lot faster—than on any other platform.

Security: We’ve extended the compliance capabilities mentioned above, so that you can more easily tailor compliance policy configurations to suit your site’s requirements.  Oracle Solaris and Oracle Solaris Studio are also ready for Software in Silicon application data integrity (ADI).  To learn more about this and start working with it today, visit the SWiS Cloud.

Data Management: You've already come to know and love what Oracle Solaris brings to the table with the first 21st century filesystem, ZFS.  In Oracle Solaris 11.3, we extend its built-in compression capabilities to include LZ4 support, we give you the ability to compare snapshots recursively, and have introduced a wealth of scalability and performance improvements to make it faster than ever. We’ve also enhanced its monitoring features, and upgraded its built-in SMB support.

There’s more than this, but this should give you a taste of what we’ve got in store for you today.  You can download it now, and take a look at the “What’s New” document to see what we’re doing to make your data center cloud-ready, secure, fast, and simple.

Saturday Jan 31, 2015

10 at 10

Can it have been so long already?  Today is the 10th anniversary of the first release of Solaris 10. This was a breakthrough release for Solaris, Sun, and really, the industry -- it breathed new life into a class of systems software that some companies had written off long before.  How did it do that?  By including a wealth of groundbreaking new features that raised the bar for what an enterprise operating system should be.  To use one of my favorite phrases: innovation matters, and the operating system is too critical a place in the application delivery stack not to innovate.

Many of these features are still ahead of the curve even 10 years later, and form the core of yet more innovation in Oracle Solaris 11: Zones and ZFS in particular stand out as enabling technologies that give our customers the power of zero-overhead virtualization, "nineteen 9s" data integrity, and simple, fast, reliable provisioning and service management.  If you look at the underpinnings of OpenStack as deployed in Oracle Solaris 11 today, innovation that's still fresh from Solaris 10 will be staring right back at you.  And it's exciting to see that the same fundamental concepts like these that we thought were important to build into the OS in 2005 are starting to come into vogue with operating systems from other companies just ten short years later.

Thanks to everyone who has contributed to the success of Solaris 10 and beyond!

Thursday Jul 31, 2014

Oracle Solaris 11.2 and Oracle Solaris Cluster 4.2 Now Available

Oracle Solaris 11.2 is now in full release (aka "General Availability"), and that means there are even more great things for you to take advantage of. Although there’s been a lot written about it since the launch event in April, it’s worth taking a step back and considering what it all means.

“Zero to Cloud” in minutes

A lot of the press for this release has been about OpenStack, but how does it really help our customers?  First off, OpenStack itself has some very compelling features. It’s an open, interoperable way to deploy and manage compute, network, and storage resources through a single management pane — so just that adds a lot more power to Oracle Solaris.

However, where the combination of Oracle Solaris and OpenStack (the "Havana" release, by the way) really shines is deep integration in three directions: with Oracle Solaris’ existing and new underlying features; with the Oracle stack; and, with products from literally hundreds of other companies that are also part of the OpenStack project.

Let’s use that integration to introduce some of the other new features in 11.2, and how they tie in.

Unified Archives

11.2 introduces the latest addition to an area that has seen, in my opinion, the biggest advances since Solaris 10: provisioning, installation and software maintenance.  Or, just “software life cycle”, for short.

With IPS, AI and fully-integrated boot environments, this is more than just a major leap from where Solaris was before; it put us far ahead of what other companies are offering, by simplifying and accelerating the end-to-end delivery and upkeep of service environments.

Unified Archives is a worthy addition to this list. It gives our customers the ability to create a single system archive that can be installed over the net or booted locally, and then installed in either physical or virtual environments.

All of this is deeply integrated with Glance, OpenStack’s image service, meaning that OpenStack users get instant access to many of the most sophisticated capabilities Oracle Solaris offers, using the same standardized management tools and APIs used on other platforms.

Kernel Zones

Oracle Solaris built-in virtualization capabilities just got a boost in flexibility.  Individual zones can now be further isolated from their underlying global environment without sacrificing the enormous scalability advantages they give. Zones can now have their own separate kernel instance, allowing them to be updated separately and run at different version levels than the global zone or other zones.  This sets the stage for other benefits in the future; more on that later.

The OpenStack compute scheduler (Nova) leverages the virtualization capabilities built into Oracle Solaris, allowing provisioning and updating on bare metal or any of the variety of virtualization options available.

SDN - Elastic Virtual Switch

Software-defined networking (SDN) has been enhanced throughout the life of Oracle Solaris 11, and in 11.2 we introduce the Elastic Virtual Switch, extending SDN capabilities throughout a collection of physical or virtual systems. Again, it’s manageable through the Neutron component of OpenStack, and is also fully integrated into Oracle Solaris Zones.

And even better, it’s tied into higher-level application layers—Oracle Database and Java applications can  define how they use the network, making it possible to define service levels throughout a cloud environment.  This not only simplifies network configuration, it simplifies both management and hardware requirements, driving down both acquisition and support costs throughout your service deployment life cycle

Security and Compliance

Oracle Solaris’ reputation for security is well-established (and well-deserved), but a key “lifestyle” choice we made a few years ago—adding a compliance framework as a fundamental part of the OS—is getting even more feature-rich.  In Oracle Solaris 11.2, we introduce the compliance command, based on the SCAP standards and protocol suite.  This allows you to run preconfigured assessments, based on security and compliance benchmarks.  We also include ready-made benchmarks against PCI-DSS and our own internally-developed recommended standards. These can all be customized for your environment.

Also of note is a new extension to the concept of “Immutable Zones”, the ability to give a zone a read-only root environment, making it essentially “tamper-proof”.  In 11.2, we extend this concept to the global zone.

And of course, this is all designed and integrated so that it can be leveraged through OpenStack.

Is that all?

There’s more, of course — OpenStack integration with ZFS technologies makes cloud data management simpler, more reliable, and incredibly scalable; we’re adding even more standard management capabilities such as Puppet and Chef ...and we haven’t even talked about Oracle Solaris Cluster 4.2 yet!

If you aren’t one of the thousands who have already tried Oracle Solaris 11.2 during its beta release, now’s the time to dig in and learn more.

Download: Oracle Solaris 11.2

Monday Dec 16, 2013

Partners Weigh in on Oracle Solaris 11

Here's a quick rundown on some recent news from some of our friends outside of Oracle:
In this video, Marcel Hofstetter of JomaSoft gives his views on when to use Zones and when to use Oracle VM Server for SPARC.

Another video; in this one, Henning Voss of Portrix Systems, Oracle's 2012 German Partner of the Year, shares how their customers benefit from Zones, virtualization and DTrace.

Infosys Finacle addresses banks’ specialized needs in easy-to-configure modules. In this white paper, you can read about how the Infosys software on proven Oracle infrastructure delivers strong performance, scalability, and consolidation opportunities.

We'll keep checking in with more success stories; meanwhile, there's an ever-growing list of ISVs who support Oracle Solaris 11 available for you to peruse at any time.

Friday Nov 02, 2012

Oracle Solaris 11.1 Blog Post Roundup

Here are a few recent posts about the also-recent Oracle Solaris 11.1 release:

Title Author
What's New in Solaris 11.1?
Karoly Vegh
New ZFS Encryption features in Solaris 11.1
Darren Moffat
Solaris 11.1: Encrypted Immutable Zones on (ZFS) Shared Storage
Darren Moffat
High Resolution Timeouts Steve Sistare
Solaris 11.1: Changes to included FOSS packages Alan Coopersmith
Documentation Changes in Solaris 11.1
Alan Coopersmith
How to Update to Oracle Solaris 11.1 Using
the Image Packaging System

Peter Dennis
svcbundle for easier SMF manifest creation
Glynn Foster
Controlling server configurations with IPS
Bart Smaalders
IPS changes in Solaris 11.1, brought to you by
the letter ‘P’

Tim Foster

You can also see Markus Weber's list of interesting posts about Oracle Solaris 11 from last year, or take a look at my shortcut on how to search for Solaris posts by tag.

(Got some more? Leave a comment below.)

If that's not enough information for you, don't forget to register for next Wednesday's Oracle Solaris 11.1 and Oracle Solaris Cluster 4.1 webcast with a live Q&A. It's November 7th, at 8 AM PT.

The last time we did this, we got almost 300 questions, so for Wednesday, we're making sure we've got lots of engineers with fingers poised over their keyboards, ready for action.

Tuesday May 29, 2012

Roll Your Own Solaris Blogroll

Something handy I just ran across:

There are lots of people here who blog about Solaris, either as their main topic, or as the occasional tangent. If the blogger has tagged their post appropriately, here's a quick way to find them:

Note that this is a little different from using the "word cloud" you can find in the right-hand column on this page, since that only finds articles tagged in this blog. The above links will find all tagged posts.

Some topics are a little trickier to nail down, because there may not be a standardized tag for the topic, so building a more conventional "blogroll" is on my to-do list.

UPDATE: Steph and Jeff beat me to it -- see the list on OTN.

In the meantime, you can also refer to the post Markus Weber made of interesting Solaris 11 launch-related posts.

Friday Mar 23, 2012

Oracle Solaris 11 Developer Webinar Series

Pupils in a Canadian school train, 1950.This coming Tuesday, a new series of webcasts (not to be confused with a series of tubes) is kicking off, aimed at developers.

Register today

Next week's session covers IPS and related topics:

What: Modern Software Packaging for Enterprise Developers

When: Tuesday, March 27, 9 AM Pacific

Who: Eric Reid, Oracle Systems ISV Engineering

We've got several more queued up -- here's the full schedule, with registration links for each one. Or, see the series overview, which includes a link to a "teaser" preview of all the sessions.


(all sessions 9 AM Pacific)


Modern Software Packaging for Enterprise Developers

March 27th

Eric Reid
(Principal Software Engineer)

Simplify Your Development Environment with Zones, ZFS & More

April 10th

Eric Reid (Principal Software Engineer)
Stefan Schneider (Chief Technologist, ISV Engineering)

Managing Application Services – Using SMF Manifests in Solaris 11

April 24th

Matthew Hosanee
(Principal Software Engineer)

Optimize Your Applications on Oracle Solaris 11: The DTrace Advantage

May 8th

Angelo Rajadurai
(Principal Software Engineer)

Maximize Application Performance and Reliability on Oracle Solaris 11

May 22nd

Ikroop Dhillon
(Principal Product Manager)

Writing Oracle Solaris 11 Device Drivers

June 6th

Bill Knoche
(Principal Software Engineer)

Monday Feb 14, 2011

Virtualization in Solaris 11 Express

In Oracle Solaris 10 we introduced Oracle Solaris Containers -- lightweight virtual application environments that allow you to consolidate your Oracle Solaris applications onto a single Oracle Solaris server and make the most of your system resources.

The majority of our customers are now using Oracle Solaris Containers on their enterprise systems for applications ranging from web servers to Oracle Database installations. We can also make these Containers highly available with Oracle Solaris Cluster, the industry's first virtualization-aware enterprise cluster product. Using Oracle Solaris Cluster you can failover applications in a Container to another Container on a single system or across systems for additional availability.

We've added significant features in Oracle Solaris 11 Express to improve and extend the Oracle Solaris Zone model:
  • Integration of Zones with our new Solaris 11 packaging system (aka Image Packaging System) to provide easy software updates within a zone
  • Support for Oracle Solaris 10 Zones to run your Solaris 10 applications unaltered on an Oracle Solaris 11 Express system
  • Integration with the new Oracle Solaris 11 network stack architecture (more on this in a future blog post)
  • Improved observability with the zonestat management interface and commands
  • Delegated administration rights for owners of individual non-global zones
  • Tight integration with Oracle Solaris ZFS to allow dedicated datasets per zone
  • With ZFS as the default file system we can now provide easy to manage Boot Environments for zones
This quick summary is just to whet your appetite to learn more about Oracle Solaris 11 Express Zones enhancements. Fortunately we can serve a full meal at the Oracle Solaris 11 Express Technology Spotlight on Virtualization page on the Oracle Technical Network.


Security. Speed. Simplicity.
An efficient, open, affordable cloud platform for SPARC and x86 systems.


« November 2015