Oracle has just released Oracle VM Server for SPARC release 3.2.
This update has been integrated into
Oracle Solaris 11.2 beginning with SRU 8.4. Please refer to Oracle Solaris 11.2
Support Repository Updates (SRU) Index [ID 1672221.1].
This new release introduces the following features:
This blog entry details 3.2 improvements to live migration.
Oracle VM Server for SPARC has supported live migration since release 2.1, and has been enhanced over time
to provide features like cross-CPU live migration to permit migrating domains across different SPARC CPU server types.
Oracle VM Server for SPARC 3.2 improves live migration performance and security.
The time to migrate a domain is reduced in Oracle VM Server for SPARC 3.2 by the following improvements:
This improvement is available on all SPARC servers supporting Oracle VM Server for SPARC,
including the older UltraSPARC T2, UltraSPARC T2 Plus, and SPARC T3 systems.
Some speedups are only be available for guest domains running Solaris 11.2 SRU 8 or later, and will not be
available on Solaris 10. Solaris 10 guests must run Solaris 10/09 or later, as that release introduced code for cooperative live migration that works with the hypervisor.
Oracle VM Server for SPARC 3.2 improves live migration security
by adding certificate-based authentication and supporting the FIPS 140-2 standard.
Live migration requires mutual authentication between the source and target servers.
The simplest way to initiate live migration is to issue an "ldm migrate" command on the source system specifying an adminstrator password
on the target system, or point to a root-readable file containing the target system's password.
That is cumbersome, and not ideal for security.
Oracle VM Server for SPARC 3.2 adds a secure, scalable way to permit password-less live migration using certificates
that prevents man-in-the-middle attacks.
This is accomplished by using SSL certificates to establish a trust relationship between different server's control domainss
as described at Configuring SSL Certificates for Migration.
In brief, a certificate is securely copied from the remote system's /var/opt/SUNWldm/server.crt to the local system's /var/opt/SUNWldm/trust and a symbolic is made from certificate in the ldmd trusted certificate directory to /etc/certs/CA. After the certificate and ldmd services are restarted, the two control domains can securely communicate with one another without passwords.
This enhancement is available on all servers supporting Oracle VM Server for SPARC, using either Solaris 10 or Solaris 11.
The Oracle VM Server for SPARC Logical Domains Manager
can be configured to perform domain migrations using the Oracle Solaris FIPS 140-2 certified OpenSSL libraries
as described at http://docs.oracle.com/cd/E48724_01/html/E48732/fipsmodeformigration.html#scrolltoc.
When this is in effect, migrations are conformant with this standard, and can only done between servers that are all in FIPS 140-2 mode.
For more information, please see
Using a FIPS 140 Enabled System in Oracle® Solaris 11.2.
This enhancement requires that the control domain run Oracle Solaris 11.2 SRU 8.4 or later.
For additional resources about Oracle VM Server for SPARC 3.2, please see the documentation athttp://docs.oracle.com/cd/E48724_01/index.html,
especially the
What's New page, the
Release Notes
and the Administration Guide