What You See Is What You Get Element

Red Hat Enterprise Linux to Oracle Solaris 11 Comparison

Linux administrators can kick start their learning experience when planning Oracle Solaris deployments by reviewing the following summary between Oracle Solaris 11 features and Red Hat Enterprise Linux 7 features. For more information about the Oracle Solaris 11 features, be sure to check out the "Key Links" section in each topic section below. In addition, see the following resources:

Table of Contents
System Configuration
High Availability


Topic Red Hat Enterprise Linux Oracle Solaris 11
Platforms x86, IBM Power, and Z Series x86, SPARC
Booting GRUB2
A modular boot loader that supports a wider range of platforms and firmware types, including booting from Unified Extensible Firmware Interface (UEFI) firmware and booting from GUID Partition Table (GPT) partitioned disks of any size on systems with BIOS or UEFI firmware.
GRUB2 (x86)
A modular boot loader that supports a wider range of platforms and firmware types, including booting from Unified Extensible Firmware Interface (UEFI) firmware and booting from GUID Partition Table (GPT) partitioned disks of any size on systems with BIOS or UEFI firmware.

Commands: boot, boot net:dhcp - install, reboot

A fast reboot (reboot -f) command is available on both SPARC and x86 systems that bypasses firmware, bootloader, or POST tests.
Interactive Installation Graphical installer provides a central hub of configuration options. Text-based installer is for systems with limited resources and uses tmux to provide access to multiple shells.
DVD Image (3.5 GB):Single installation media with choice of several different software selections. No Live Media capability out of the box. Additional software available in package repositories.
Interactive Text Installer: (~500 MB)
Live Media Installer (~800 MB)
Each installation option has a fixed software selection for different environments: server or developer/desktop. Additional software available in package repositories.
Automated Installation Kickstart
Input file: Text-based configuration file

The Kickstart configuration file can be generated using a graphical interface.
Commands: system-config-kickstart
Automated Installer (AI)
Input files:
XML-based configuration file called an AI manifest specifies disk layout, software packages, and virtual environments.
XML-based system configuration profiles specify hostname, users, networking, timezone, and locale. Can be generated on the command line with sysconfig.

Create an automated install service to install client systems by using installadm. The installadm command can be used to manage several installation profiles for different types of systems, including comprehensive selection criteria based on hostname, IP, MAC address, platform, architecture, CPU, and memory sizes. An easy command-line interface is available to interactively edit an AI manifest without having to understand XML.
Commands: installadm
System Upgrades/Updates Preupgrade assistant/Upgrade Tool Upgrade tools are provided but RH currently supports upgrades for specific/targeted use cases only. System Software Updates
System software is updated to include new features and fixes and systems can be updated seamlessly between Oracle Solaris releases with package updates. See the "Packaging" section below.
Commands: pkg update
Golden Image Creation No direct support for creating golden images within the OS itself. Typically applications hosted in virtual environments will be cloned by the underlying infrastructure running on the host system. Unified Archives
Provides a way to create a clone or a disaster recovery archive from a live running system by taking Oracle Solaris ZFS snapshots and clones. Unified Archives can capture a complete system including all virtual environments. When deployed through the existing Oracle Solaris Zones utilities or Automated Installer, archives can be transformed with physical-to-virtual and virtual-to-virtual translations.
Commands: archiveadm
Custom Media Creation Customized media can be created by manually modifying a mounted ISO image. Distribution Constructor
Input file: XML-based file called a manifest (separate from an AI manifest)

The Distribution Constructor uses the distro_const utility to create customized installation media, taking Oracle Solaris ZFS snapshots along the way, allowing administrators to continue the construction process from various checkpoints.

Key Links


Topic Red Hat Enterprise Linux Oracle Solaris 11
Packaging and Package Updates RPM
A package manager that can install, update, uninstall, and query for packages. Often used in combination with other technologies (yum) to provide automatic package dependency resolution and the addition of multiple package repositories. There is no integrated end-to-end tool for repository management.
Commands: rpm, rpmdb,rpmsign

A front-end command-line utility around RPM that provides an interface to easily automate and install packages from network package repositories. PackageKit is a graphical front end for the desktop environment.
Commands: yum, yum-builddep, yum-config-manager, yumdb, yumdownloader, yum-groups-manager

Behind each RPM package is a text-based spec file that describes some basic meta-information, package dependencies, what contents the package has, and any scripts that need to be run as part of package installation. Binary packages are built using rpm using the text-based spec file and source tarball as inputs. Separate packages are typically created for different boundaries of a software component (developer docs or debugging binaries) but can be created from a single spec file.
Image Packaging System (IPS)
The pkg command and graphical Package Manager allows installation, update, uninstall, query, and so on. Other commands are available for creating and publishing packages and repositories. Commands: pkg, pkgsend, pkgrecv, pkgsign, pkgdiff, pkgfmt, pkgmogrify, pkgrepo, pkgsurf

IPS provides integrated packaging and patching with a single update operation. With built-in dependency checking, IPS updates software installed on a system to the latest Support Repository Update (SRU). If a system reboot is required, IPS creates a ZFS boot environment (BE) that you can boot into. If an update fails for any reason, you can reboot back into the older BE, providing for a fail-safe system update.
Interim Diagnostic Relief (IDR) fixes can also be applied temporarily with existing IPS tools.
Commands: pkg update

Key Links

System Configuration

Topic Red Hat Enterprise Linux Oracle Solaris 11
Services Systemd
A system and service manager that replaces Upstart as the default init system. It is backwards compatible with SysV init scripts, and provides features, such as parallel startup of system services at boot time, on-demand activation of daemons, support for system state snapshots, or dependency-based service control logic. Uses unit locations that encapsulate information about system services, and listening sockets that are identified as .service, .target, .automount, and so on.
Commands: systemctl {stop,start, status, disable, enable}
Systemd unit locations: /etc/systemd/system, /run/systemd/system, and /usr/lib/systemd/system
Service Management Framework (SMF)
A configuration repository that is divided into a series of configuration layers that allows administrators to record the source of properties, property groups, instances, and services, and better understand what administrative customizations have been made and which were provided by default. In order of priority, any administrative customization made to systems through the SMF command lines take precedent over the site profile location, which take precedent over the system profile location, which take precedent over the manifest location. These layerings are automatically managed by SMF.
Commands: svcadm, svccfg, svcprop, svcs, svcbundle
Manifest location: /lib/svc/manifest
System profile location: /etc/svc/profile/generic.xml, /etc/svc/profile/platform.xml
Site profile location: /etc/svc/profile/site
General System Configuration In a systemd environment:
Locale: /etc/local.conf and /etc/vconsole.conf
Timezone: /etc/sysconfig/clock
Hostname: /etc/hostname
The following configuration is managed in the SMF configuration repository:
Locale: svc:/system/environment:init
Timezone: svc:/system/environment:init
Hostname: svc:/system/identity:node
Multisystem Management Puppet
You must download this open source configuration management tool separately. It uses declarative language to describe the system configuration for a system or a set of systems, helping to automate repetitive tasks, quickly deploy applications, and manage change across the data center.

Red Hat Network Satellite can be used to manage Kickstart profiles for provisioning hardware, managing subscriptions, and handling patches and updates at a greater scale through a web interface, along with other capabilities.

Open Linux Management Infrastructure (OpenLMI) Provides a set of standard tools and functions for system administrators such as remote API for system management functions and enhanced scripting and command line environment.
Available from an Oracle Solaris 11 package repository, Puppet is an open source configuration management tool. It uses declarative language to describe the system configuration for a system or a set of systems, helping to automate repetitive tasks, quickly deploy applications, and manage change across the data center.

Oracle Enterprise Manager Ops Center 12c
Included in all Oracle Premier Support agreements, can be used to manage multiple clients at a greater scale through a web interface, along with other capabilities (firmware, virtualization, fault monitoring, network management, and so on).
Remote System Management   Remote Administration Daemon (RAD)
Available from an Oracle Solaris 11 package repository, RAD is a system management architecture for working with different OS subsystems. Supports autogenerated client-side bindings for Python, C, and Java. Administrators can use RAD to locally and remotely interact with systems. RAD modules are available for zones, services, users, kernel statistics, datalinks, and elastic virtual switches and ZFS. A RESTful RAD client interface is available also.

Key Links


Topic Red Hat Enterprise Linux Oracle Solaris 11
Basic Network Configuration (Automatic vs Manual) Automatic
Red Hat Enterprise Linux uses NetworkManager to automatically connect to physical and wireless networks, including support for Mobile, Bluetooth, and VPN connections. A graphical utility or command line option for servers or headless systems is available.
Commands: nmcli

Manual networking needs to be configured through a series of command line utilities to show or manipulate routing, devices, and a variety of other networking configuration including interface aliasing.
Commands: ip, ethtool, iwconfig, ifconfig
Interface definitions: /etc/sysconfig/network-scripts/ifcfg-
Hostname and gateway definitions: /etc/sysconfig/network
Definition of static routes: /etc/sysconfig/static-routes
Automatic networking is managed through a series of network profiles (configuration profiles and location profiles). The automatic profile provides automatic detection of network interfaces and any attempts to obtain an IP address through DHCP. Location profiles manage configuration like naming service or IPFilter. Only one network configuration profile and one location profile can be enabled at any one time. Oracle Solaris 11 supports both a graphical interface or command line interface for automatic networking.
Commands: netadm, netcfg

Manual configuration is handled primarily by these commands: dladm, which handles the data-link layer, ipadm, which handles the IP layer, and route, which manages persistent routes. While ifconfig is still provided for compatibility, it only configures interfaces temporarily and does not persist across a system reboot. You also have the ability to rename data-links to aid network configuration migration across the data center.
Commands: dladm, ipadm
IP configuration (private): /etc/ipadm
Data-link configuration (private): /etc/dladm
Network profiles (private): /etc/nwam
Static routes (private): /etc/inet/static_routes
Network Virtualization Red Hat Enterprise Linux provides some network virtualization support for its virtualization solution, KVM. Administrators can set up access to the host OS, the internet, or resources on the network through a variety of means: from user networking, private virtual bridges, or public bridges.
Commands: ip, brctl, tunctl
Network virtualization is administered at the data-link level with the following building blocks: VNICs, virtual switching, and elastic virtual switch (EVS). Once created, VNICs act and feel like physical NICs. Virtual switches are automatically created to properly route the network traffic to the physical NIC device. VNICs can also be created over pseudo devices called "etherstubs" rather than over physical NICs to create private virtual networks with full traffic isolation.
Commands: dladm, flowadm, dlstat, flowstat

Data-link Protection
With virtual environments sometimes having exclusive access to a physical or virtual link, extra protections need to be made to ensure that potentially malicious virtual environments don't cause damage to the network. Link protection on Oracle Solaris 11 offers protection from IP and MAC spoofing, and L2 frame spoofing such as Bridge Protocol Data Unit (BPDU) attacks.
Commands: dladm, ipmp
Bandwidth Partitioning and Resource Control Linux Traffic Control
Red Hat Enterprise Linux supports a number of tools for managing and manipulating the transmission of packets on the network. Among a wide range of different QoS configurations, support for Differentiated Services is also available.
Commands: tc, iptables

TCP Congestion Control
RHEL supports a wide variety of congestion control algorithms (BIC, CUBIC, HighSpeed, H-TCP, Hybla, Illinois, Reno, Vegas, Westwood+). CUBIC is currently the default.

Control Groups (Cgroups)
Cgroups are a kernel feature that allows aggregating or partitioning tasks (processes) and all their children into hierarchical organized groups. These groups can be configured to show a specialized behavior that helps with tuning the system to make best use of available hardware and network resources.
Commands: cg*, lscgroup
IP Quality of Service (IPQoS) enables you to prioritize, control, and gather accounting statistics. Using IPQoS, you can provide consistent levels of service to users of your network. You can also manage traffic to avoid network congestion. IPQoS enables the Differentiated Services (Diffserv) architecture that is defined by the Differentiated Services Working Group of the Internet Engineering Task Force (IETF). In Oracle Solaris, IPQoS is implemented at the IP level of the TCP/IP protocol stack.
Commands: ipqosconf

Network Resource Management
Oracle Solaris 11 supports dynamic QoS through resource management by setting data-link properties that pertain to network resources. By setting these properties, you can determine how much of a given resource can be used for networking processes. For example, you can limit the bandwidth limit per link, or dedicate a number of CPUs for specific network processing. A network flow is a customized way of categorizing packets to further control how resources are used to process these packets - administrators can organize according to IP address, transport name (TCP, UDP, STCP), and application port number for example.
Commands: flowadm, dladm

TCP Congestion Control
Oracle Solaris 11 supports a number of congestion control algorithms (NewReno, Highspeed, CUBIC, Vegas). NewReno is currently the default.
Link Aggregation Ethernet/NIC Bonding (link aggregation) allows administrators to combine the bandwidth from several interfaces into a single connection. A number of different modes are supported during the loading of the bonding kernel driver module - round robin, active-backup, XOR, broadcast, 803.2ad dynamic link aggregation, adaptive (transmit) load balancing.
Commands: ip, ifenslave
IP Network multipathing provides physical interface failure detection, transparent network failover, and packet load spreading for systems with multiple interfaces that are connected to a particular LAN. Similar to link aggregation in concept, IPMP operates at the IP layer (Layer 3). In general, IPMP is used where higher degrees of availability are critical rather than increased network performance. There are three methods of failure detection: link state based failure detection, ICMP probe-based failure detection, and transitive probing.
Commands: ipadm, ipmpstat

Link Aggregation
Oracle Solaris 11 supports the organization of network interfaces into link aggregations, under the 803.2ad Link Aggregation Standard, and is administered at the link layer.
Commands: dladm
IP Tunnels Red Hat Enterprise Linux supports three main types of tunneling: IPIP (IPv4 over IPv4 encapsulation), GRE (IPv4/6 over IPv4 encapsulation), and SIT (IPv6 over IPv4 encapsulation).
Commands: ip
Oracle Solaris 11 supports IPv4 (IPv4/6 over IPv4 encapsulation), IPv6 (IPv4/6 over IPv6 encapsulation), and 6to4 tunnels (IPv6 over IPv4 encapsulation as a preferred way of transitioning from IPv4 to IPv6 addressing for networks that don't yet support IPv6).
Commands: dladm
Bridging Bridging on Red Hat Enterprise Linux supports Spanning Tree Protocol (STP) only.
Commands: brctl
Bridging on Oracle Solaris 11 supports two protocols: Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) by default, TRILL.
Commands: dladm
Wi-Fi Wide range of support for 802.11-compatible wireless devices and security protocols.
Commands: iw, iwconfig, iwevent, iwgetid, iwlist, iwpriv, iwspy
Wireless Configuration: /etc/sysconfig/network-scripts/ifcfg-*
WPA Configuration: /etc/wpa_supplicant/wpa_supplicant.conf
Support for 802.11 (a/b/g/n) for common wireless devices.
Commands: dladm, netcfg, and using a reactive profile to automatically connect to known WLANs
Load Balancing Load Balancing functionality is provided with the Load Balancing Add-On to Red Hat Enterprise Linux, which comprises two main components: Linux Virtual Server (LVS) and the Piranha Configuration Tool. LVS supports both NAT and Direct Route load balancing. ILB
The Integrated Load Balancer (ILB) provides Layer 3 and Layer 4 load-balancing capabilities for Oracle Solaris 11. ILB intercepts incoming requests from clients, decides which back-end server should handle the request based on load-balancing rules, and then forwards the request to the selected server. ILB performs optional health checks and provides the data for the load-balancing algorithms to verify if the selected server can handle the incoming request. ILB supports stateless Direct Server Return (DSR) and NAT (full and half) modes for IPv4 and IPv6.
Commands: ilbadm

Virtual Router Redundancy Protocol (VRRP) is an Internet standard protocol to implement virtual routers that can be introduced into a LAN to provide continuity of network services in the event of failure. Provides both L2 and L3 capabilities.
Commands: vrrpadm
Link Layer Discovery Red Hat Enterprise Linux supports Link Layer Discovery Protocol and Data Center Bridging
Commands: lldpad, lldptool
Link Layer Discovery Protocol
Allows an Oracle Solaris 11 host to exchange system information and capabilities with a peer networking device. The information exchanged can be used to topology discovery and any misconfiguration on both the ends of a point-to-point connection.
Commands: lldpadm

Data Center Bridging
Provides support for Priority Flow Control (PFC) and Data Center Bridging Exchange Protocol (DCBX). These protocols provide lossless Ethernet, and enable protocols such as Fibre Channel over Ethernet (FCoE), which are sensitive to packet loss, to work smoothly over Ethernet.
Commands: lldpadm

Key Links


Topic Red Hat Enterprise Linux Oracle Solaris 11
Virtualization KVM
A full virtualization solution on Red Hat Enterprise Linux (support for para-virtualized Xen is also provided). Red Hat officially supports a limited number of guest OSs (RHEL, Windows), but other OS versions are possible. Along with the command line utilities, a graphical tool (Virtual Machine Manager) can be also used to create and manage virtual environments. Guest, host and process isolation can be achieved using SELinux and cgroups. KVM requires an Intel processor with Intel VT-x and Intel 64 extensions (x86), or an AMD processor with AMD-V and AMD64 extensions.
Commands: virsh, virt-clone, virt-convert, virt-image, virt-install, virt-viewer, virt-what, virt-xml-validate

Linux Containers
Linux containers provide a flexible approach to application runtime containment on bare-metal systems without the need to fully virtualize the workload. Red Hat Enterprise Linux provides application level containers to separate and control the application resource usage policies via cgroup and namespaces.

Linux Container with Docker Format
Only available through the RHEL Extras Channel. Provides a management interface for Linux containers that allow you to run an application inside the container. It provides a lightweight application deployment environment with portability across systems, versioning, and component re-use. A Docker image can be attached to containers, a Docker file can be used to create a Docker image, and you can create a new image from a container's changes. A Linux container with Docker format is only supported on a host with SELinux enabled.

Red Hat Enterprise Virtualization is an additional offering can be used to manage and monitor virtualization environments at greater scale through a web interface.
Oracle Solaris Zones
Provide native low overhead OS virtualization, with high application isolation and resource management. Kernel Zones increase operational efficiency by allowing independent kernel versions and patch levels, secure live migration, and live reconfiguration of CPU and memory resources.

Oracle Solaris 11 also supports Oracle Solaris 10 Zones, the ability to run applications that require an Oracle Solaris 10 environment within a non-global zone running on Oracle Solaris 11.

Zone installation and data can be made available over shared (SAN) storage over FC, iSCSI, NFS, or SAS protocols for more flexible storage management.
Commands: zoneadm, zonecfg, zonestat, zonename, zone2pvhck

Oracle VM Server
Oracle VM Server for SPARC (previously called Sun Logical Domains) provides highly efficient, enterprise-class virtualization by taking advantage of built-in virtualization capabilities. Each domain is a full virtual machine that can be started or stopped independently. Domains can take on different roles: control, service, I/O or guest.

Oracle VM Server for SPARC also has the ability to support Single Root I/O Virtualization (SR-IOV) enabling efficient sharing of PCIe network devices among I/O domains so application workloads can achieve near native I/O performance.
Commands: ldm, ldm2v

Dynamic Domains
Dynamic domains provide electrically isolated hard partitioning for SPARC Enterprise M-Series servers. Each domain executes a unique instance of Oracle Solaris. Since isolation is instantiated all the way to the hardware, configurations can be created in which software changes, reboots, and potential faults in one domain do not impact applications running in another domain.
Commands: showhardconf, showboards, setupfru, setdcl, addboard, addfru

Key Links


Topic Red Hat Enterprise Linux Oracle Solaris 11
OpenStack A full OpenStack distribution is provided through Red Hat Enterprise Linux OpenStack Platform. This cloud offering is based on KVM virtualization for compute nodes (Nova), Open vSwitch for networking (Neutron), and a combination of XFS, Ceph, and Gluster for storage back ends (Cinder and Swift). A full OpenStack distribution is part of Oracle's standard support for Oracle Solaris. This cloud offering is based on Oracle Solaris Zones virtualization for compute (Nova), Elastic Virtual Switching and Oracle Solaris' integrated network virtualization for network (Neutron), and Oracle Solaris ZFS for storage back ends (Cinder and Swift). All the OpenStack software and services and been packaged using IPS and integrated with SMF for service reliability and restart in case of failure. Using the open APIs that OpenStack provides, it is possible to manage a complete data center environment with virtualization technologies from other vendors through a single administrative portal.

Key Links


Topic Red Hat Enterprise Linux Oracle Solaris 11
File Systems XFS
The default file system, which supports metadata journaling and scales better than EXT4. Supports file system sizes from 16TB to 500TB. It can be defragmented and expanded while active and provides user_attr and ACL mount options.

Legacy journaling file system. Maximum file size and volume size of 16 TB.
Commands: e2fsck, fsck, mount, umount

Provides necessary volume management on Red Hat Enterprise Linux. LVM supports the ability to take offline snapshots and supports a number of RAID configurations.
Commands: pvchange, pvcreate, pvdisplay, pvmove, pvremove, pvresize, pvs, pvscan, lvchange, lvconvert, lvcreate, lvdisplay, lvextend, lvm, lvmdiskscan, lvmdump, lvreduce, lvremove, lvrename, lvresize, lvs, lvscan

Btrfs is available as a technology preview and not currently supported. Btrfs has some of the same feature set as ZFS.
Oracle Solaris ZFS
Default file system in Oracle Solaris 11. Maximum file size and maximum volume size of 16EB. ZFS has built-in redundancy and checksumming and integrated data services: snapshot and cloning, deduplication, encryption, and compression. Shadow migration is used to automatically migrate data from other file systems.

Provides support for NFSv4, SMB 2.0, iSCSI, FC, and InfiniBand protocols.
Commands: zfs, zpool

Support for a number of other file systems, including UFS, is also available but not as root file system.

Key Links


Topic Red Hat Enterprise Linux Oracle Solaris 11
Mandatory Access Control, Role Based Access and Multi-Level Security SELinux
A framework for supporting access control policies by providing capabilities that span mandatory access control, multi-level security, role-based access control and type enforcement. SELinux is pre-configured in RHEL for the 'targeted' policy where most processes are unrestricted and only specific services are isolated into distinct security domains. Other policies are also available.
Commands: sestatus, secon, semodule*, set/getenforce, set/getsebool, selinux*, setfiles, fixfiles, load_policy, restorecon*
Configuration: /etc/selinux/config

Trusted Platform Module support is considered a technology preview.
Commands: tpm*
Also known as user rights management, RBAC allows administrators to distribute administrative duties. RBAC is integrated right across the operating system.
Commands: profiles, roleadd, roledel, rolemod, roles, auths

Trusted Extensions
Trusted Extensions supports both traditional discretionary access control (DAC) policies based on ownership, as well as label-based mandatory access control (MAC) policies. Trusted Extensions is integrated into much of the operating system, including Oracle Solaris Zones.
Commands: tncfg, txzonemgr, setlabel, getlabel, plabel

Privileges are fine-grained, discrete rights on processes that are enforced in the kernel. Oracle Solaris defines over 80 privileges. Privileges can be granted to a command, a user, a role, or a system. Many Oracle Solaris commands and daemons run with only those privileges that are required to perform their task. The use of privileges is also called process rights management.
Commands: ppriv, profiles

Trusted Platform Module
The Trusted Platform Module (TPM) offers the ability to securely generate, store and access cryptographic keys from processors or external devices.
Commands: tpmadm
Hardware Data Protection   Real-time Application Data Integrity (ADI)
A feature in Oracle's SPARC M7 and T7 processors that safeguards against invalid, stale memory references and buffer overflows. The hardware does this by allowing software to mark software buffers with special versions. A version number is stored in a portion of a pointer that access memory and this version number is also maintained in the memory cache lines. When a pointer accesses memory, the hardware checks to make sure the two versions match. A SEGV signal is raised when there is a mismatch. This feature can be used by the Oracle database and user applications that manage memory and the OS.

Oracle Solaris Studio 12.4 supports ADI.
Compliance OpenSCAP
OpenSCAP is an open source compliance framework based on SCAP, designed to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.
Commands: oscap
Compliance Framework
Oracle Solaris 11 also implements SCAP and integrates the OpenSCAP set of tools and libraries. A new command, compliance, has been developed that wraps these tools that allows administrators to assess and report against different benchmarks including PCI-DSS.
Commands: compliance, oscap
VPN Openswan
Openswan is a kernel-level IPsec implementation available in Red Hat Enterprise Linux. It employs key establishment protocols IKE (Internet Key Exchange) v1 and v2, implemented as user-level daemons.
Commands: ipsec, ip, certutil
Configuration file: /etc/ipsec.conf
IP security (IPsec) protects IP packets by authenticating the packets, by encrypting the packets, or by doing both. Oracle Solaris supports IPsec for both IPv4 and IPv6. Because IPsec is implemented well below the application layer, Internet applications can take advantage of IPsec without requiring modifications to their code.
Commands: ipadm, ipsecconf, ipsecalgs, ipseckey
Configuration file: /etc/inet/ipsecinit.conf
Firewall Netfilter and IP Tables
IP Tables is used to set up, maintain, and inspect tables of IPv4 packet filter rules in Red Hat Enterprise Linux. Administrators can also use the graphical Firewall Configuration Tool.
Command: iptables, iptables-multi, iptables-restore, iptables-save, iptables-xml, system-config-firewall-tui
Configuration files: /etc/sysconfig/iptables-config, /etc/sysconfig/ip6tables-config
Rules configuration files: /etc/sysconfig/iptables, /etc/sysconfig/ip6tables
IPFilter provides packet filtering capabilities. IPFilter is integrated into SMF providing the ability for administrators to configure per service firewall rules.
Commands: ipf, ipnat
Configuration files: /etc/ipf/ipf.conf, svc:/network/ipfilter:default
Encryption Linux Unified Key Setup
Red Hat Enterprise Linux supports LUKS for file system encryption. LUKS only protects data in a partition that has been encrypted when the system has been turned off.
Commands: cryptsetup
Supports full data encryption during file system creation.
Commands: zfs

Oracle Solaris Cryptographic Framework
The Cryptographic Framework provides a common store of algorithms and PKCS #11 libraries to handle cryptographic requirements.
Commands: cryptoadm, pktool

Key Links

High Availability

Topic Red Hat Enterprise Linux Oracle Solaris 11
Availability systemd
Used to automatically respawn services if an unexpected event occurs.
Commands: systemctl start nginx.service
systemd unit location: /usr/lib/systemd/system/nginx14-nginx

Red Hat Enterprise Linux High Availability Add-On
Provides on-demand failover to make applications highly available. It delivers continuous availability of services by eliminating single points of failure.

Hardware Event Report Mechanism (HERM) New infrastructure for error detection and correction, mostly to generate memory error reports and gather system-reported memory errors. A new user space daemon, rasdaemon, is introduced to replace the tools previously included in the edac-utils package. The rasdaemon identifies all reliability, availability, and serviceability (RAS) events that originate from the kernel tracing infrastructure, and logs them.
Command: ras-mc-ctl --summary
The Service Management Framework and Fault Management Architecture provide Oracle Solaris' self-healing capability, monitoring the operating system for faults whether it's individual hardware components or system or application services, and silently works to isolate those faults or automatically restart services. State notifications have been added to Oracle Solaris 11 so administrators can send emails or SNMP traps for any important events they most are interested in.

FMA automatically generates reports about hardware and software faults and how to correct them.
Commands: svcadm, fmadm

Oracle Solaris Cluster is an additional offering that provides high levels of availability through clustering for enterprise applications and databases. Oracle Solaris Cluster is integrated with Oracle Solaris 11 features (ZFS, Zones, SMF, Network Virtualization) giving significant benefits in terms of detection and recovery from failure.

Key Links


Topic Red Hat Enterprise Linux Oracle Solaris 11
Monitoring SystemTap
Provides dynamic instrumentation of Red Hat Enterprise Linux.
Commands: stap, staprun, stap-report, stapsh, stap-merge, stap-prep

A large selection of other administrative tools provide monitoring capabilities, including the following:
Network: netstat
I/O: iotop
File system: stat
CPU: mpstat
VM: vmstat
Process: top, pidstat, strace, pstree
System Latency: latencytop
Power Management: powertop
File locations: /proc/*
The DTrace framework includes many providers that distribute thousands of probe points across the operating system. A list of providers covers different aspects of the system, the ability to observe individual processes, and a number of different networking protocols. Support for a number of runtimes (Java, Python, PHP, Ruby) is also provided.
Commands: dtrace

A large selection of other administrative tools provides monitoring capabilities, helping to aggregate and display much of the same information you can get from DTrace.
Network: flowstat, dlstat, netstat, acctadm, ipmpstat
Oracle Solaris Zones: zonestat
SMF Services: svcs
Fault Management: fmstat
I/O: iostat
File system: fsstat, stat
Kernel: kstate
CPU: mpstat, pgstat
VM: vmstat
Process: prstat, truss, ptree
Resource Management: poolstat
System Latency: latencytop
Power Management: powertop

Oracle Enterprise Manager Ops Center 12c, included with all Oracle Premier Support agreements, provides extensive monitoring at a greater scale including both Oracle Solaris and Linux systems.

Key Links

Revision date: 9/22/15