Wednesday Oct 10, 2007

CEC: T2 product launch

The T2 launch was interesting, having technical staff on hand to ask technical questions was fun (as was the for those of you who are wondering why the questions are are getting seem so technical)

Is this Web 2.0?

The whole gallery, being updated as frequently as possible.

CEC: Concerning Capacity

Bob Sneed

Bob is a fount of knowledge, I highly recommend any course/session/conversation with him. Unfortunately we are trying to pack what could be days of discussion into a tiny fraction of the time.

Bob was wondering if anyone had an LG phone charger, his is dead.

Why capacity: reduce capacity escalations, raise awareness

What is capacity: Submarine 100% underwater vs. at crush depth (the physical metaphor is what people understand) CPU 100% vs. unacceptable application performance.

Look for the Business problem not some easily observed numbers from the system (CPU, IOPS)

Capacity done wrong: over-provisioning

  • HW is cheap, why not buy more (power, cooling)
  • good if you sell computers
  • better safe than sorry (problems pointed at insufficient HW(why didn't you buy more, it is cheap)

Bad QoS management in Small Iron == Bad QoS management on Big Iron

  • Over provisioning reduces the incentive to "do it right"
  • eco-reckless
  • Inefficiencies on small hardware are MORE inefficient on big hardware, only you can waste more before it is a problem
Not a problem when: Done wrong but no one cares (performance perception can be a major factor in escalations)

Utilization has no "quality" dimension it is a measurement of busy. Utilization does not reflect the performance of useful work.

See Adrian's blog or paper (search on) "utilization is a virtually useless metric"

Without Business Metrics all you have are a bunch of numbers.

The whole gallery, being updated as frequently as possible.

CEC: Tuesday Hall Session

During lunch Radia wandered b our table. I was wearing my xkcd sudo shirt yesterday and we talked briefly. Jim stopped her to say hello and thank her again for the session last night. Jim and Radia started talking about one of the stories from last night (determine the problem before solving it).

We started talking about network protocols and families and children and, and and. Then we got kicked out of the lunch room so we set up shot in the hallway for the next 1.5 hours and talked more about network protocols, security deployments and experience.

It was cool, THIS is what large face to face conferences are about. Serendipitous meetings and conversations that we have yet to mimic/facilitate/experience in virtual worlds.

Jim and Radia, identification will be left up to the reader

The whole gallery, being updated as frequently as possible.

CEC: Solaris 10 performance issues

Bob Sneed, of course it was absolutely as far as it could be from Capacity and immediately after.

Upgrade to S10U4 now :) (this could almost be the whole message)

Performance issues are: perceived + industry + real (all three must be addressed)

See b.s.c. timc "event driven utilization"

Application performance on Solaris 10 is NOT always better BUT can almost always be made to work better under S10 than with previous versions of Solaris.

2 presentations of 60 - 90 minutes done via speed reading

Upgrade to S10U4

Upgrade to S10U4

Upgrade to S10U4

Upgrade to S10U4

Upgrade to S10U4

Upgrade to S10U4

CEC: Monday General Session

The whole gallery, being updated as frequently as possible.

Tuesday Oct 09, 2007

CEC: Enterprise Level Role Based Access Control and the Coming Perfect Storm

IdM and RBAC are the next "new thing" Manage roles not users.

Why is it a perfect storm. SOX, Periodic Access Review. larger numbers of users, LDAP has good penetration. RBAC clarification in the industry from NIST.


  1. Level 1, flat
  2. Level 2 hierarchial
    1. Inherited
    2. Activated
  3. Level 3, constrained
    1. must enforce separation of duties at the role level
    2. static and dynamic (check at session creation and deny)
  4. Level 4, symetrical with permission review
    1. SOD inspection of permissions granted by roles in addition to role conflicts
    2. performance must be roughly equiv
Federation/Extranet: Some interesting concepts gaining traction. Sun Managed Operations could use this (theoretical) to centralize synamic user management without requiring customers to add our users to their systems. (all dependent on customer requirements, this is not a solution that we support now and may never support :) this is a forward looking random note)

CEC: Certification

Blowing my own horn!

Sunday took and passed the Solaris Certified Network Administrator exam!

Monday took and passed the Solaris Certified Security Administrator exam!

(This one I was really worried about but passed with a 79.7 (or so) score)

I would go take more tests but I already have the S10 admin and I have serious doubts that I could do anything with the Java or Cluster exams.

It is currently my understanding that only two people have taken the Security exam so aside from me, Glenn Brunette (of Glenn Brunette's Security Blog) who wrote the exam.

(Glenn is the front most guy)

The whole gallery, being updated as frequently as possible.


Name: Shawn Ferry
Name of candidates company (if provided): Sun Microsystems
Student ID:
Test Title: Sun Certified Network Administrator for Solaris 10 OS
Start time: 10/7/2007 5:01:07 PM (GMT-7:00) (cst)
End time: 10/7/2007 5:48:42 PM (GMT-7:00) (cst)
Passing Score: 62%
Your Score: Pass - 73.44% (47 earned out of 64 possible)

Congratulations! You passed the exam.

This score is very close to what I got on the practice exams (74% and 75%) Not a surprise here,

IPv6 is still something that I deal with infrequently. If you are looking to take

this exam you would benefit from being familiar with IPv6. Also pntadm and dhtadm it helps if your method of

doing DHCP doen't commonly include "oops, wanted the other one."


Name: Shawn Ferry
Name of candidates company (if provided): Sun Microsystems
Student ID:
Test Title: Sun Certified Security Administrator for the Solaris 10 OS
Start time: 10/8/2007 5:27:46 PM (GMT-7:00) (cst)
End time: 10/8/2007 6:11:50 PM (GMT-7:00) (cst)
Passing Score: 52%
Your Score: Pass - 79.66% (47 earned out of 59 possible)

You passed the exam.

I did a bit better on the practice exam but I am fairly happy with this score.

The test was harder than I was expecting, priv.  management is good to know. Keeping straight

auth/user/prof whatever attr and what you need to do to add/modify privs was a bit dicey. I normally

find myself looking at the man pages or in the files to remind myself of exactly what I am doing when I am making

modifications. Testing is harder when you can't use man! Also important defaults values, security concepts, not surprisingly

just about everything in the goals statement for the testing/training.

Monday Oct 08, 2007

CEC: Performability: Analysis of Performance and Availability in Complex Computing Systems

Richard Elling

Performability = Ability to Perform

Simple: when up performance = 100, down = 0

This is not an accurate(realistic,real life) representation of system performance and availability for complex systems..

This is something that Sun Managed Operations has been dealing with for years. Say you have 100 identical web servers, if 10 are down what state are you in.

This is even harder in complex environments. All of managed ops PSEs should attend this presentation, it isn't something that we all deal with, but as trusted solution providers/advisers this is right up our alley. Everything is done in tradeoffs.

CEC: Myths, Missteps and Folklore in Networking

Radia hates computers :) The goals of this session and some other stuff:

  • Empower
  • Entertain
  • Don't believe what you don't understand
  • We need PKI passwords are ridiculous
  • I don't know what they are saying, but they always say stuff like that
  • She finds herself entertained by slide junk even though it adds no value

The whole gallery, being updated as frequently as possible.

Some things are so obvious that we shouldn't need to talk about them, however everyone gets it wrong. IPv4 spec says use a version number of 4 but ignore the field. What if you send IPv6? No idea, bogus.

I am really enjoying this presentation. "There is no reliable 'I am dead' message protocol"

OSI layers above 5 are boring :)

So what about loops? spanning tree, came with a poem, this is why Radia thinks it made her so popular (Algorhyme) which was also the abstract of her paper.

Bridges fail dangerous, start forwarding if you don't see other bridge messages. Boston Hospital network meltdown when bridges couldn't keep up with wire speed.

TRILL - TRansparent Interconnection of Lots of Links (in IEFT)

Brain infestation: Data making it be there when you want it but making it gone when you want it gone (assured delete)

Woot! Slide decks are not the way to disseminate information, small papers and such.

Interesting observation: If everything was encrypted end to end you can't detect spam before it gets to you.

Now a short rant on VLANs

This was great!

CEC: Putting the Science into Services

John used to be the CIO of SevenSpace, it was interesting to hear his take on the direction things are going in the management of complex systems and agile development of services.

Big Sun Managed Operations turnout, we had most of the front stage right corner and some more dissidents sprinkled in the crowd.

I think there are some really useful things coming out of the field. Didn't take any notes though, I was charging my laptop.

Dtrace and Java: Spanning the Observability Gap

Not being a Java programmer this session may not be as useful as I will have hoped. However many, many, many of my customers are doing more, more and more java apps.

It will end up that I was correct, this is interesting and good to know, but it isn't going to be quite as useful for day-to-day and I had hoped it might be.

OK, DAVE is cool (missed acronym) something like Dtrace Advanced Visualization Environment. The call tree view...neet. I can see where this would have immediately pointed to something that we worked our way to and then had to argue about. (I'm not sure that if we had it we could have run it, but still cool and the developers could have done it)

JSDT (self defined probes...also cool)

CEC 2007: Opening Day

Paris Hotel and Casino, home of Sun CEC 2007


In Vegas

The whole gallery, being updated as frequently as possible.




« June 2016
Sun Managed Operations