Red Hat Enterprise Linux to Solaris 11 Evaluation

Red Hat Enterprise Linux to Oracle Solaris 11 Evaluation

The following guide gives an overview of some of the technologies included in Oracle Solaris 11 and the direct benefit you can get by using some of these features. This guide also provides a similar technology mapping, where possible, between Red Hat Enteprise Linux 6 and Oracle Solaris 11, so that administrators with knowledge in the former can kick start their learning experience if planning deploy the latter.

Table of Content
Installation Packaging System Configuration Networking Virtualization	Storage Security High Availability Monitoring

Installation

Oracle Solaris 11 can be installed through a variety of different ways depending on your environment. An Interactive Text Install can be used to install a basic server oriented image onto SPARC and x86 systems. Stepping through a series of short screens, administrators define configuration for disks, time and date, timezone, initial users, and basic network configuration. These installations have a fixed software payload so as to be fast to download and install, ideal for minimized systems. Administrators can continue to customize their system with addition software using package management tools. Installations are by secure by default, meaning that many non-essential network services listening on open ports are disabled.

A Live Media Install (either DVD or USB) is available for administrators wishing to evaluate the operating system prior to installing on an x86 system. Administrators simply boot off the media into RAM to a full desktop environment that enables them to run applications, tools or utilities without having to install it onto their system. Once they make the decision to install, a graphical installation steps administrators through a similar set of screens to define configuration for disks, time and date, timezone, and initial users. For simplicity, network configuration in the Live DVD/USB uses DHCP. It is possible to configure static IP configuration after the installation.

The Automated Installer, or AI, is a new technology included in Oracle Solaris 11 to allow administrators to provision multiple clients automatically across the network. Unlike it's predecessor Jumpstart included in Oracle Solaris 10, Automated Installer reduces a lot of administrative overhead by reducing the complexity of set up particularly in complex network environments and includes a lot of new functionality out of the box such as the ability to automatically provision virtual environments (Oracle Solaris Zones). One substantial difference with AI is that fact that scripts are run on first boot after installation using Oracle Solaris Service Management Facility (SMF) for a much more reliable and repeatable environment.

The Distribution Constructor is a utility to be able to create customized installation media for a variety of different forms, and indeed used to create the standard Oracle Solaris 11 installation media themselves. The construction process allows extensive customization including different package selection and boot archive contents, taking advantage of Oracle Solaris ZFS with resumable checkpointing by taking snapshots through the process.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Platforms	x86, IBM Power and Z Series	x86, SPARC
Interactive Installation	DVD Image (3.5Gb) Single installation media with choice of several different software selections. No Live Media capability out of the box. Additional software available in package repositories.	Interactive Text Installer (~500Mb) Live Media Installer (~800Mb) Each installation option has a fixed software selection for different environments - server or developer/desktop. Additional software available in package repositories.
Automated Installation	Kickstart Input file: - Text based configuration file The Kickstart configuration file can be generated using a graphical interface Commands: system-config-kickstart Red Hat Network Satellite can be used to manage Kickstart profiles at a greater scale through a web interface, along with other capabilities.	Automated Installer Input files: - XML based configuration file called an AI manifest specifies disk layout, software packages and virtual environments - XML based system configuration profiles specify hostname, users, networking, timezone and locale. Can be generated using command line, sysconfig In order to install clients, an automated install service is required to be created using an administrative utility. This utility can be used to manage several installation profiles for different types of systems, including comprehensive selection criteria based on hostname, IP, MAC address, platform, architecture, CPU and memory sizes. Commands: installadm Jumpstart Support for installing Oracle Solaris 10 clients from Oracle Solaris 11 using Jumpstart is supported. Existing Jumpstart rules and provides can be converted. Commands: js2ai Oracle Enterprise Manager Ops Center 12c, included in all Oracle Premier Support agreements, can be used to manage multiple clients at a greater scale through a web interface, along with other capabilities (firmware, virtualization, fault monitoring, network management, etc..).
Custom Media Creation	Customized media can be created by manually modifying a mounted ISO image	Distribution Constructor Input file: - XML based file called a manifest (separate to AI manifest) The Distribution Constructor uses a command line utility distro_const to create customized installation media, taking Oracle Solaris ZFS snapshots along the way allowing administrators to continue the construction process from various checkpoints.

Key Links:
Oracle Solaris 11 Automated Install Guide
How to Perform System Archival and Recovery Procedures with Oracle Solaris 11
How to Create Customized Oracle Solaris 11 Images Using the Distribution Constructor

Packaging

Oracle Solaris 11 includes a new network based package management framework called Image Packaging System, or IPS. IPS greatly advances the system software management lifecycle on Oracle Solaris reducing much of the complexity that existed with SVR4 packages and patches, and should feel familiar to most Linux administrators. System updates are applied to separate cloned filesystems called Boot Environments, which take advantage of the fact that Oracle ZFS is the default root filesystem with no additional setup required. This ensures that administrators can start their system updates well ahead of any planned maintenance windows while running their live production environments, taking down the machine for a reboot when required and boot into a new environment.

IPS uses network package repositories to store software content (over http or file based), relieving the need to bundle all software with installation media. IPS has been fully integrated into the Automated Installation technology for provisioning multiple machines. During a system install, a small boot image is downloaded to the system to allow it to run the necessary package commands and install the rest of the software from package repositories. These package repositories can be easily mirrored locally for administrators operating in network restricted environments, or simply wanting better change control for their systems. IPS also supports package signing to ensure that packages are being installed from a trusted source, and the ability to verify and fix packages that may have been modified on a system by accident.

IPS integrates package and patch management by updating package versions rather than applying patches with full package dependency checking. Installing new versions of packages is extremely bandwidth efficient, with only the exact files that have changed between package versions being downloaded over the wire. IPS can also manage updates across any Oracle Solaris Zones that are provisioned on a system automatically - an update in the global zone will trigger updates in all non-global zones, ensuring consistency is maintained.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Packaging	RPM In its simplest form, RPM is a package manager that can install, update, uninstall, query for packages. Often used in combination with other technologies (yum) to provide automatic package dependency resolution and addition of multiple package repositories. There is no integrated end-to-end tool for repository management. Commands: rpm, rpmdb,rpmsign Yum A front end command line utility around RPM that provides an interface to easily automate and install packages from network package repositories. PackageKit is a graphical front end for the desktop environment. Commands: yum, yum-builddep, yum-config-manager, yumdb, yumdownloader, yum-groups-manager Behind each RPM package is a text based spec file which describes some basic meta-information, package dependencies, what contents the package has, and any scripts that need to be run as part of package install. Binary packages are built using rpm using the text based spec file and source tarball as inputs. Separate packages are typically created for different boundaries of a software component (developer docs, debugging binaries, ...) but can be created from a single spec file.	Image Packaging System (IPS) Command line pkg and graphical Package Manager allows install, update, uninstall, query, etc...Other commands available for creating and publishing packages and repositories. Commands: pkg, pkgsend, pkgrecv, pkgsign, pkgdiff, pkgfmt, pkgmogrify, pkgrepo

Key Links:
Image Packaging System Administration Guide
Image Packaging System One Liners
Introducing the Basics of Image Packaging System

System Configuration

System configuration in Oracle Solaris 11 is handled through a mix of configuration files in /etc and the SMF. Unlike previous versions of Oracle Solaris, much of the typical system configuration associated during an installation (hostname, locale, timezone, name servers) is now stored in the SMF configuration repository. This change has been introduced so as to provide more structured management and consistency of configuration data as systems are upgraded, of new configuration is provided by Oracle. Through a series of configuration layers, administrators have improved control over any local changes made to the system ensuring that they don't get lost during system updates.

Services are handled with SMF on Oracle Solaris 11, though support for legacy RC scripts is still available for legacy applications. SMF provides a framework for tracking dependency and start order of services on the system, and automatically restarting services should a failure occur. SMF is integrated into the Oracle Solaris Fault Management Architecture (FMA) allowing complete software recovery during hardware faults. SMF also provides for the ability to notify administrators of service state changes through email notifications or SNMP traps, especially useful when monitoring critical application services.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Services	Upstart Upstart is an event based init replacement to handle service processes at startup, shutdown and runtime with automatic dependency checking and fault monitoring. Commands: initctl Job definitions: /etc/init/*.conf	Service Management Framework (SMF) The SMF configuration repository is divided into a series of configuration layers that allows administrators to record the source of properties, property groups, instances, and services, and better understand what administrative customizations have been made and which were provided by default. In order of priority, any administrative customization made to systems through the SMF command lines take precedent over the site profile location, which take precedent over the system profile location, which take precedent over the manifest location. These layerings are automatically managed by SMF. Commands: svcadm, svccfg, svcprop, svcs Manifest location: /lib/svc/manifest System profile location: /etc/svc/profile/generic.xml, /etc/svc/profile/platform.xml Site profile location: /etc/svc/profile/site
General System Configuration	Locale: /etc/sysconfig/i18n Timezone: /etc/sysconfig/clock Hostname: /etc/sysconfig/network	The following configuration is managed in the SMF configuration repository. Locale: svc:/system/environment:init Timezone: svc:/system/environment:init Hostname: svc:/system/identity:node
Users	Commands: useradd, userdel, usermod, users, groupadd, groupdel, groupmod, groups, sudo User and group locations: /etc/passwd, /etc/shadow, /etc/group/, /etc/gshadow SELinux is configured to 'targeted' policy and does not use user roles by default.	Commands: useradd, userdel, usermod, users, groupadd, groupdel, groupmod, groups, roleadd, roledel, rolemod, roles, auths, sudo User and group locations: /etc/passwd, /etc/shadow, /etc/group Oracle Solaris 11 also uses extended attributes in conjunction with typical user accounts - these provide additional privileges (authorizations, roles and profiles) to individual users of the system. For example, a user or set of users may be given the ability to install new software or create new virtual environments. By default, the traditional UNIX root account has been converted into a role - this ensures proper accountability and auditing as the system is modified. These commands can also be used to store user and role information in remote LDAP directories. Administrators can use additional utilities to execute a command (or set of commands) within a privileged context Privileged shells: pfexec, pfbash, pfcsh, pfksh93, pfsh, pfzsh, pftcsh

Task

Red Hat Enterprise Linux

Oracle Solaris 11

Services

Upstart
Upstart is an event based init replacement to handle service processes at startup, shutdown and runtime with automatic dependency checking and fault monitoring.
Commands: initctl
Job definitions: /etc/init/*.conf

Service Management Framework (SMF)
The SMF configuration repository is divided into a series of configuration layers that allows administrators to record the source of properties, property groups, instances, and services, and better understand what administrative customizations have been made and which were provided by default. In order of priority, any administrative customization made to systems through the SMF command lines take precedent over the site profile location, which take precedent over the system profile location, which take precedent over the manifest location. These layerings are automatically managed by SMF.
Commands: svcadm, svccfg, svcprop, svcs
Manifest location: /lib/svc/manifest
System profile location: /etc/svc/profile/generic.xml, /etc/svc/profile/platform.xml
Site profile location: /etc/svc/profile/site

General System Configuration

Locale: /etc/sysconfig/i18n
Timezone: /etc/sysconfig/clock
Hostname: /etc/sysconfig/network

The following configuration is managed in the SMF configuration repository.
Locale: svc:/system/environment:init
Timezone: svc:/system/environment:init
Hostname: svc:/system/identity:node

Users

Commands: useradd, userdel, usermod, users, groupadd, groupdel, groupmod, groups, sudo
User and group locations: /etc/passwd, /etc/shadow, /etc/group/, /etc/gshadow

SELinux is configured to 'targeted' policy and does not use user roles by default.

Commands: useradd, userdel, usermod, users, groupadd, groupdel, groupmod, groups, roleadd, roledel, rolemod, roles, auths, sudo
User and group locations: /etc/passwd, /etc/shadow, /etc/group

Oracle Solaris 11 also uses extended attributes in conjunction with typical user accounts - these provide additional privileges (authorizations, roles and profiles) to individual users of the system. For example, a user or set of users may be given the ability to install new software or create new virtual environments. By default, the traditional UNIX root account has been converted into a role - this ensures proper accountability and auditing as the system is modified. These commands can also be used to store user and role information in remote LDAP directories.

Administrators can use additional utilities to execute a command (or set of commands) within a privileged context

Privileged shells: pfexec, pfbash, pfcsh, pfksh93, pfsh, pfzsh, pftcsh

Key Links
Oracle Solaris 11 Common Tasks
Transitioning from Oracle Solaris 10 to Oracle Solaris 11 Administration Guide

Networking

Oracle Solaris 11 uses profile-based network configuration which is comprised of two configuration modes - automatic and manual. These modes differ in how an administrator configures the networking on a system, either manually by using the dladm and ipadm command line utilities, or through applying a series of network profiles either through the command line or through a graphical utility.

With full network virtualization capabilities, administrators can create virtual network interfaces that act and feel like any normal physical ones allowing them to create virtual networks within a system without the restriction on physical devices. Network virtualization is fully integrated into Oracle Solaris Zones giving administrators the ability to create fully exclusive IP networks within each non-global zone - in fact exclusive IP and automatic virtual network interfaces (VNICs) are the default for each new zone creation. Additionally, virtual networks can be fully resource managed allowing traffic to be controlled by IP, transport protocol and port number.

Oracle Solaris 11 has a variety of integrated networking services - link aggregation, tunneling, bridging, and load balancing to name but a few.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Basic Network Configuration (Automatic vs Manual)	Automatic Red Hat Enterprise Linux uses NetworkManager to automatically connect to physical and wireless networks, including support for Mobile, Bluetooth, and VPN connections. A graphical utility or command line option for servers or headless systems is available. Commands: nmcli Manual Manual networking needs to be configured through a series of command line utilities to show or manipulate routing, devices, and a variety of other networking configuration including interface aliasing. Commands: ip, ethtool, iwconfig, ifconfig Interface definitions: /etc/sysconfig/network-scripts/ifcfg-* Hostname and gateway definitions: /etc/sysconfig/network Definition of static routes: /etc/sysconfig/static-routes	Automatic Automatic networking in Oracle Solaris 11 is managed through a series of network profiles (configuration profiles and location profiles). Two network configuration profiles are provided by default, DefaultFixed (ie. manual networking) and Automatic (providing automatic detection of network interfaces and an attempt to obtain an IP address through DHCP). Location profiles manage configuration like naming service or IPfilter. Only one network configuration profile and one location profile can be enabled at any one time. Oracle Solaris 11 supports both graphical interaces or command lines for automatic networking. Commands: netadm, netcfg Manual Manual configuration is handled primarily by two commands - dladm which handles the data-link layer, and ipadm which handles the IP layer. While ifconfig is still provided for compatibility, this utility will only configure interfaces temporarily and will not be persistent across a system reboot. Administrators also have the ability to rename data-links to aid network configuration migration across the data center. Commands: dladm, ipadm IP configuration (private): /etc/ipadm Data-link configuration (private): /etc/dladm Network profiles (private): /etc/nwam Static routes (private): /etc/inet/static_routes
Network Virtualization	Red Hat Enterprise Linux provides some network virtualization support for its virtualization solution, KVM. Administrators can set up access to the host OS, the internet, or resources on the network through a variety of means - from user networking, private virtual bridges or public bridges. Commands: ip, brctl, tunctl	Network virtualization is administered at the data-link level. Once created VNICs act and feel like physical NICs. Virtual switches are automatically created to properly route the network traffic to the physical NIC device. VNICs can also be created over pseudo devices called 'etherstubs' rather than over physical NICs to create private virtual networks with full traffic isolation. Commands: dladm, flowadm, dlstat, flowstat Data-link Protection With virtual environments sometimes having exclusive access to a physical or virtual link, extra protections need to be made to ensure that potentially malicious virtual environments don't cause damage to the network. Link protection on Oracle Solaris 11 offers protection from IP and MAC spoofing, and L2 frame spoofing such as Bridge Protcol Data Unit (BPDU) attacks. Commands: dladm
Bandwidth partitioning and resource control	Linux Traffic Control Red Hat Enterprise Linux supports a number of tools for managing and manipulating the transmission of packets on the network. Among a wide range of different QoS configurations, support for Differentiated Services is also available. Commands: tc, iptables TCP congestion control RHEL supports a wide variety of congestion control algorithms (BIC, CUBIC, HighSpeed, H-TCP, Hybla, Illinois, Reno, Vegas, Westwood+). CUBIC is currently the default. Control Groups (Cgroups) Cgroups are a kernel feature that allows aggregating or partitioning tasks (processes) and all their children into hierarchical organized groups. These groups can be configured to show a specialized behavior that helps with tuning the system to make best use of available hardware and network resources. Commands: cg*, lscgroup	IPQoS IP Quality of Service (IPQoS) enables you to prioritize, control, and gather accounting statistics. Using IPQoS, you can provide consistent levels of service to users of your network. You can also manage traffic to avoid network congestion. IPQoS enables the Differentiated Services (Diffserv) architecture that is defined by the Differentiated Services Working Group of the Internet Engineering Task Force (IETF). In Oracle Solaris, IPQoS is implemented at the IP level of the TCP/IP protocol stack. Commands: ipqosconf Network Resource Management Oracle Solaris 11 supports dynamic QoS through resource management by setting data-link properties that pertain to network resources. By setting these properties, you can determine how much of a given resource can be used for networking processes. For example, you can limit the bandwidth limit per link, or dedicate a number of CPUs for specific network processing. A network flow is a customized way of categorizing packets to further control how resources are used to process these packets - administrators can organize according to IP address, transport name (TCP, UDP, STCP), and application port number for example. Commands: flowadm, dladm TCP congestion control Oracle Solaris 11 supports a number of congestion control algorithms (NewReno, Highspeed, CUBIC, Vegas). NewReno is currently the default.
Link Aggregation	Ethernet/NIC Bonding (link aggregation) allows administrators to combine the bandwidth from several interfaces into a single connection. A number of different modes are supported during the loading of the bonding kernel driver module - round robin, active-backup, XOR, broadcast, 803.2ad dynamic link aggregation, adaptive (transmit) load balancing. Commands: ip, ifenslave	IPMP IP Network multipathing provides physical interface failure detection, transparent network failover, and packet load spreading for systems with multiple interfaces that are connected to a particular LAN. Similar to link aggregation in concept, IPMP operates at the IP layer (Layer 3). In general, IPMP is used where higher degrees of availability are critical rather than increased network performance. There are 3 methods of failure detection - link state based failure detection, ICMP probe-based failure detection and transitive probing. Commands: ipadm, ipmpstat Link Aggregation Oracle Solaris 11 supports the organization of network interfaces into link aggregations, under the 803.2ad Link Aggregation Standard, and is administered at the link layer. Commands: dladm
IP Tunnels	Red Hat Enterprise Linux supports three main types of tunneling - IPIP (IPv4 over IPv4 encapsulation), GRE (IPv4/6 over IPv4 encapsulation) and SIT (IPv6 over IPv4 encapsulation) Commands: ip	Oracle Solaris 11 supports IPv4 (IPv4/6 over IPv4 encapsulation), IPv6 (IPv4/6 over IPv6 encapsulation) and 6to4 tunnels (IPv6 over IPv4 encapsulation, as a preferred way of transitioning from IPv4 to IPv6 addressing for networks that don't yet support IPv6). Commands: dladm
Bridging	Bridging on Red Hat Enterprise Linux supports Spanning Tree Protocol (STP) only. Commands: brctl	Bridging on Oracle Solaris 11 supports two protocols - Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) by default, TRILL. Commands: dladm
WiFI	Wide range of support for 802.11 compatible wireless devices and security protocols. Commands: iw, iwconfig, iwevent, iwgetid, iwlist, iwpriv, iwspy Wireless Configuration: /etc/sysconfig/network-scripts/ifcfg-* WPA Configuration: /etc/wpa_supplicant/wpa_supplicant.conf	Support for 802.11 (a/b/g/n) for common wireless devices Commands: dladm
Load Balancing	Load Balancing functionality is provided with the Load Balancing Add-On to Red Hat Enterprise Linux - comprises of two main components - Linux Virtual Server (LVS) and the Piranha Configuration Tool. LVS supports both NAT and Direct Route load balancing.	ILB The Integrated Load Balancer (ILB) provides Layer 3 and Layer 4 load-balancing capabilities for Oracle Solaris 11. ILB intercepts incoming requests from clients, decides which back-end server should handle the request based on load-balancing rules, and then forwards the request to the selected server. ILB performs optional health checks and provides the data for the load-balancing algorithms to verify if the selected server can handle the incoming request. ILB supports stateless Direct Server Return (DSR) and NAT (full and half) modes for IPv4 and IPv6. Commands: ilbadm VRRP Virtual Router Redundancy Protocol (VRRP) is an Internet standard protocol to implement virtual routers that can be introduced into a LAN to provide continuity of network services in the event of failure. Commands: vrrpadm
Link Layer Discovery	Red Hat Enterprise Linux supports Link Layer Discovery Protocol and Data Center Bridging Commands: lldpad, lldptool	Link Layer Discovery Oracle Solaris 11 adds support for LLP, allowing an Oracle Solaris host to exchange system information and capabilities with a peer networking device. The information exchanged can be used to topology discovery and any misconfiguration on both the ends of a point-to-point connection. Commands: llpadm Data Center Bridging Oracle Solaris 11 also adds support for Priority Flow Control (PFC) and Data Center Bridging Exchange Protocol (DCBX). These protocols provide lossless ethernet, and enable protocols such as Fibre Channel over Ethernet (FCoE), sensitive to packet loss, to work smoothly over Ethernet. Commands: llpadm

Key Links
Oracle Solaris 11 Administration - IP Services
IPQos - Oracle Solaris Network Administration Guide
How to restrict your Application Traffic using Network Virtualization
Comparing IPMP and Link Aggregation - Oracle Solaris Network Administration Guide

Virtualization

Oracle Solaris 11 provides a varied and very mature set of virtualization solutions to meet the demands of different environments, supported either through direct hardware virtualization (Dynamic Domains, Oracle VM Server for SPARC) or operating system virtualization (Oracle Solaris Zones).
Oracle Solaris Zones provides native operating system virtualization, with low CPU and memory overhead. Zones operate as completely isolated virtual environments that run on a single OS instance. With integrated network virtualization, each non-global zone can have independent 'exclusive' IP stacks giving an unprecedented level of flexibility for application deployment in production environments. Oracle Solaris Zones are also integrated with IPS, allowing each non-global zone to have independent software stacks such that administrators can install different application stacks without the need to install those software stacks in the global zone. A simple package update on a system automatically updates each non-global zone, ensuring software version compatibility and application integrity.

Resource management for non-global zones provides further application refinement, including the ability to allow read-only zones for higher levels of security. The administration of Oracle Solaris Zones can also be delegated to another user, or set of users, providing an ideal multi-tenancy cloud environment.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Virtualization	KVM KVM is a full virtualization solution on Red Hat Enterprise Linux (support for para-virtualized Xen is also provided). Red Hat officially supports a limited number of guest OSs (RHEL, Windows), but other OS versions are possible. Along with the command line utilities, a graphical tool (Virtual Machine Manager) can be also used to create and manage virtual environments. Guest, host and process isolation can be achieved using SELinux and cgroups. KVM requires an Intel processor with Intel VT-x and Intel 64 extensions (x86), or an AMD processor with AMD-V and AMD64 extensions. Commands: virsh, virt-clone, virt-convert, virt-image, virt-install, virt-viewer, virt-what, virt-xml-validate Linux Containers Linux containers provide a flexible approach to application runtime containment on bare-metal systems without the need to fully virtualize the workload. Red Hat Enterprise Linux provides application level containers to separate and control the application resource usage policies via cgroup and namespaces. Linux containers is currently considered a technology preview and not currently supported. Red Hat Enterprise Virtualization is an additional offering can be used to manage and monitor virtualization environments at greater scale through a web interface.	Oracle Solaris Zones Oracle Solaris Zones provide native low overhead OS virtualization, with high application isolation and resource management. Oracle Solaris 11 also supports Oracle Solaris 10 Zones, the ability to run applications that require an Oracle Solaris 10 environment within a non-global zone running on Oracle Solaris 11. Commands: zoneadm, zonecfg, zonestat, zonename, zone2pvhck Oracle VM Server Oracle VM Server for SPARC (previously called Sun Logical Domains) provides highly efficient, enterprise-class virtualization by taking advantage of built-in virtualization capabilties on the SPARC T series processor. Each domain is a full virtual machine that can be started or stopped independently. Domains can take on different roles - control, service, I/O or guest. Oracle VM Server for SPARC also has the ability to support Single Root I/O Virtualization (SR-IOV) enabling efficient sharing of PCIe network devices among I/O domains so application workloads can achieve near native I/O performance. Commands: ldm, ldm2v Dynamic Domains Dynamic domains provide electrically isolated hard partitioning for SPARC Enterprise M-Series servers. Each domain executes a unique instance of Oracle Solaris. Since isolation is instantiated all the way to the hardware, configurations can be created in which software changes, reboots, and potential faults in one domain do not impact applications running in another domain. Commands: showhardconf, showboards, setupfru, setdcl, addboard, addfru

Key Links
Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management Administration Guide
How to Get Started Creating Oracle Solaris Zones in Oracle Solaris 11
Resource Management and Oracle Solaris Zones Development Guide
Oracle VM for SPARC Administration Guide

Storage

Oracle Solaris ZFS is the flagship 128-bit filesystem in Oracle Solaris 11. At the heart of the design process, ZFS ensures data integrity and protects against silent data corruption with continuous checksumming. ZFS has integrated file system and volume management, greatly reducing administrative complexity with the concept of virtual storage pools called zpools. With the ability to cache read and write data, administrators can take advantage of SSD disks among hybrid storage pools for improved read performance. ZFS uses a copy-on-write transactional model which provides excellent data efficiency, offering the ability to snapshot and clone filesystems instantly with zero storage costs. Snapshots and clones are the foundation of Boot Environments providing increased safety during important system upgrades using IPS.

Oracle Solaris ZFS includes a number of integrated data services - encryption, data deduplication, shadow migration, and software RAID.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
File Systems	Ext4 Default journaling file system. Maximum file size and volume size of 16TB. Commands: e2fsck, fsck, mount, umount Support for XFS file systems is also supported. LVM Logical Volume Manager (LVM) provides necessary volume management on Red Hat Enterprise Linux. LVM supports the ability to take offline snapshots and supports a number of RAID configurations. Commands: pvchange, pvcreate, pvdisplay, pvmove, pvremove, pvresize, pvs, pvscan, lvchange, lvconvert, lvcreate, lvdisplay, lvextend, lvm, lvmdiskscan, lvmdump, lvreduce, lvremove, lvrename, lvresize, lvs, lvscan Btrfs is currently considered a technology preview and not currently supported. Btrfs has some of the same feature set as ZFS.	Oracle Solaris ZFS Default file system on Oracle Solaris 11. Maximum file size of 16EB, maximum volume size of 16EB. Oracle Solaris ZFS has integrated data services - snapshot and cloning, deduplication, encryption, compression, shadow migration, and RAID. Commands: zfs, zpool Support for a number of other file systems, including UFS, is also available but not as root file system.

Key Links
Oracle ZFS File Systems Administration Guide
How to Size Main Memory for ZFS Deduplication

Security

Security in Oracle Solaris 11 is considered to be the highest priority, which is reflected in both the security services provided by the operating system itself, and during development when it adheres to the Oracle Software Security Assurance process mandating that security is integrated by design, not bolted on afterwards. Oracle Solaris security technologies protect data, applications, users, and the operating system itself from a variety of external and internal threats which reduces risk and prevents breaches.

The Cryptographic Framework provides cryptographic services to users and applications through individual commands, a user-level programming interface, a kernel programming interface, and user-level and kernel-level frameworks. The Cryptographic Framework provides these cryptographic services to applications and kernel modules in a manner seamless to the end user. It also brings direct cryptographic services, like encryption and decryption for files, to the end user. As a practical example, all applications written to the Cryptographic Framework can take advantage of the onboard crypto accelerator on the Oracle SPARC T4 chip with no additional work required.

The Trusted Extensions feature of Oracle Solaris is an optionally enabled layer of secure labeling technology that enables data security policies to be separated from data ownership. Oracle Solaris Trusted Extensions provides labels for local objects and processes, for the desktop and windowing system, for zones and file systems, and for network communications. These labels are to implement a Multilevel Security (MLS) policy that restricts flow of information based on label relationships.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Mandatory Access Control, Role Based Acess and Multi-Level Security	SELinux SELinux is a framework in Red Hat Enterprise Linux for supporting access control policies by providing capabilities that span mandatory access control, multi-level security, role based access control and type enforcement. SELinux is pre-configured in RHEL for the 'targeted' policy where most processes are unrestricted and only specific services are isolated into distinct security domains. Other policies are also available. Commands: sestatus, secon, semodule, set/getenforce, set/getsebool, selinux, setfiles, fixfiles, load_policy, restorecon* Configuration: /etc/selinux/config Trusted Platform Module support is considered a technology preview. Commands: tpm*	RBAC Also known as user rights management, RBAC allows administrators to distribute administrative duties. RBAC is integrated right across the operating system. Commands: profiles, roleadd, roledel, rolemod, roles, auths Trusted Extensions Trusted Extensions supports both traditional discretionary access control (DAC) policies based on ownership, as well as label-based mandatory access control (MAC) policies. Trusted Extensions is integrated into much of the operating system, including Oracle Solaris Zones. Commands: tncfg, txzonemgr, setlabel, getlabel, plabel Privileges Privileges are fine-grained, discrete rights on processes that are enforced in the kernel. Oracle Solaris defines over 80 privileges. Privileges can be granted to a command, a user, a role, or a system. Many Oracle Solaris commands and daemons run with only those privileges that are required to perform their task. The use of privileges is also called process rights management. Commands: ppriv, profiles Trusted Platform Module The Trusted Platform Module (TPM) offers the ability to securely generate, store and access cryptographic keys from processors or external devices. Commands: tpmadm
VPN	Openswan Openswan is a kernel-level IPsec implementation available in Red Hat Enterprise Linux. It employs key establishment protocols IKE (Internet Key Exchange) v1 and v2, implemented as user-level daemons. Commands: ipsec, ip, certutil Configuration file: /etc/ipsec.conf	IPsec IP security (IPsec) protects IP packets by authenticating the packets, by encrypting the packets, or by doing both. Oracle Solaris supports IPsec for both IPv4 and IPv6. Because IPsec is implemented well below the application layer, Internet applications can take advantage of IPsec without requiring modifications to their code. Commands: ipadm, ipsecconf, ipsecalgs, ipseckey Configuration file: /etc/inet/ipsecinit.conf
Firewall	Netfilter and IP Tables IP Tables is used to set up, maintain, and inspect tables of IPv4 packet filter rules in Red Hat Enterprise Linux. Administrators can also use the graphical Firewall Configuration Tool. Command: iptables, iptables-multi, iptables-restore, iptables-save, iptables-xml, system-config-firewall-tui Configuration files: /etc/sysconfig/iptables-config, /etc/sysconfig/ip6tables-config Rules configuration files: /etc/sysconfig/iptables, /etc/sysconfig/ip6tables	IPfilter IPfilter provides packet filtering capabilities. IPfilter is integrated into SMF providing the ability for administrators to configure per service firewall rules. Commands: ipf, ipnat Configuration files: /etc/ipf/ipf.conf, svc:/network/ipfilter:default
Encryption	Linux Unified Key Setup Red Hat Enterprise Linux supports LUKS for file system encryption. LUKS only protects data in a partition that has been encrypted when the system has been turned off. Commands: cryptsetup	ZFS Oracle Solaris ZFS supports full encryption of datasets during creation Commands: zfs Oracle Solaris Cryptographic Framework The Cryptographic Framework provides a common store of algorithms and PKCS #11 libraries to handle cryptographic requirements. Commands: cryptoadm, pktool

Key Links
Oracle Solaris 11 Security Services Guide
Oracle Solaris 11 Security Technologies
Developers Guide to Oracle Solaris 11 Security
Trusted Extensions Configuration and Administration

High Availability

Oracle Solaris 11 has a strong background in providing the highest levels of availability. The Oracle Solaris OS includes an architecture for building and deploying systems and services that are capable of predictive self healing. The service that is the core of the Fault Management Architecture (FMA) receives data related to hardware and software errors, automatically diagnoses the underlying problem, and responds by trying to take faulty components offline.

Oracle Solaris Cluster, an example of kernel-level clustering, provides a high availability solution by having redudant nodes where one or more systems continue to ensure critical services run if the other systems fail. Nodes may be located within the same data center or on different continents.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Availability	Upstart Upstart can be used to automatically respawn services should an unexpected event occur. Commands: initctl Job definitions: /etc/init/.conf The Red Hat Enterprise Linux High Availability Add-On* provides provides on-demand failover to make applications highly available. It delivers continuous availability of services by eliminating single points of failure.	SMF & FMA The Service Management Framework and Fault Management Architecture provide Oracle Solaris' self healing capability, monitoring the operating system for faults whether it's individual hardware components or system or application services, and silently works to isolate those faults or automatically restart services. State notifications have been added to Oracle Solaris 11 so administrators can send emails or SNMP traps for any important events they most are interested in. Commands: svcadm, fmadm Oracle Solaris Cluster is an additional offering that provides high levels of availability through clustering for enterprise applications and databases. Oracle Solaris Cluster is integrated with Oracle Solaris 11 features (ZFS, Zones, SMF, Network Virtualization) giving significant benefits in terms of detection and recovery from failure.

Key Links
Using the Oracle Solaris Fault Manager
Oracle Solaris Cluster Installation Guide

Monitoring

Oracle Solaris 11 has a variety of monitoring tools that spread across different facets of the operating system. Oracle Solaris DTrace, the dynamic tracing framework, allows developers and administrators to safely troubleshoot the kernel and applications on live production systems. DTrace can be used to get an overview of all parts of the operating system (network I/O, CPU and memory) and help the user better understand what is happening at any given point in time. With well over 70,000 different individual probe points of instrumentation, DTrace gives levels of observability few systems can match.

Task	Red Hat Enterprise Linux	Oracle Solaris 11
Monitoring	SystemTap SystemTap provides dynamic instrumentation of Red Hat Enterprise Linux. Commands: stap, staprun, stap-report, stapsh, stap-merge, stap-prep A large selection of other administrative tools provide monitoring capabilities, including the following: Network: netstat I/O: iotop File system: stat CPU: mpstat VM: vmstat Process: top, pidstat, strace, pstree System Latency: latencytop Power Management: powertop File locations: /proc/*	DTrace The DTrace framework includes many providers that distribution thousands of probe points across the operating system. A list of providers cover different aspects of the system, the ability to observe individual processes, and a number of different networking protocols. Support for a number of runtimes (Java, Python, PHP, Ruby) is also provided. Commands: dtrace A large selection of other administrative tools provide monitoring capabilities, helping to aggregate and display much of the same information you can get from DTrace. Network: flowstat, dlstat, netstat, acctadm, ipmpstat Oracle Solaris Zones: zonestat SMF Services: svcs Fault Management: fmstat I/O: iostat File system: fsstat, stat Kernel: kstate CPU: mpstat, pgstat VM: vmstat Process: prstat, truss, ptree Resource Management: poolstat System Latency: latencytop Power Management: powertop Oracle Enterprise Manager Ops Center 12c, included with all Oracle Premier Support agreements, provides extensive monitoring at a greater scale including both Oracle Solaris and Linux systems.

Key Links
Red Hat Enterprise Linux to Oracle Solaris Porting Guide New
Oracle Solaris Dynamic Tracing Guide

Revision date: 06/26/12

	System Administrator
Solaris 11 Downloads Solaris 11 VM Downloads How-To Guides Key Technologies Documentation Training

	System Architect
What's New in Solaris 11 Infrastructure as a Service Enterprise Applications Engineered for Oracle Solaris Cluster Oracle Optimized Solutions

	Developer and ISVs
Solaris 11 Certified Apps Solaris Developer Resources Partners Support Oracle Solaris 11 Oracle Solaris Remote Lab (OSRL) Solaris Ready Program Solaris 11 for ISVs Video

E-mail this page

Printer View

Oracle Cloud

Java

Customer and Events

Communities

Services and Store

Log In to My Oracle Support
Training and Certification
Become a Partner
Find a Partner Solution
Purchase from the Oracle Store
Contact and Chat
Phone: 800-633-0738
Global Contacts
Oracle Support
Partner Support

Products and Services

Solutions

Downloads

Store

Support

Training

Partners

About

Oracle Technology Network

Table of Content