With Oracle Solaris Zones, administrators can rapidly provision enterprise applications in secure, isolated environments of the same instance of the operating system. Fully integrated with the operating system, Oracle Solaris Zones is an efficient virtualization solution with zero performance overhead and a minimal disk footprint. Administrators can quickly configure or clone new environment, and deploy applications faster. Each zone contains a complete application environment and allows administrators to control different resources such as CPU, memory, networking and storage.
Network virtualization and resource management allows for more efficient sharing of network resources, enhancing the ability to consolidate server workloads. Integrated into the operating system, the basic building blocks of virtual network interface controllers (VNICs), virtual switches, VLANs, and link aggregation and IPMP, entire distributed network environments can be created on a single system lowering costs and management complexity.
Network resource management ensures organizations can meet quality of service goals, by setting bandwidth limits, or assigning specific CPU resource to different network traffic or network flows. These flows can be classified by IP address, port number, transport protocol or other attributes.
Additionally, now with Oracle Solaris 11, Zones will get exclusive IP stacks by default, which means the zone administrators can individually control it's network parameters like the routing table and NDD variables.
Image Packaging System (IPS) is a new network based package management system that spans the software lifecycle, addressing software installation, updates, system upgrades, and the removal of software packages. IPS helps to reduce the complexity of managing software in the data center by integrating complex patch management with automatic software version and dependency checking that also spans virtualized environments.
Oracle Solaris 11 takes advantage of new processor designs, like in the T4 systems, that allow dynamic allocation of hardware resources to provide boosts in performance should business events warrant this need. Critical threads, new to Oracle Solaris 11, allows applications to activate these performance boosts that help to guarantee exclusive access to specific hardware resources.
An important part of running your applications on Oracle Solaris is that we understand businesses need to rely on their applications for a long time.
Oracle Solaris has a Binary Compatibility Guarantee in place that states that we guarantee that applications that run on Oracle Solaris 2.3 or later will run on any newer Oracle Solaris version including Oracle Solaris 11. Oracle Solaris has an Application Binary Interface (ABI) which is kept stable so that if an application written to it, which most applications are, the application keeps on working on newer versions of Oracle Solaris. Additionally, the Oracle Solaris Preflight Application Checker tool can help you to determine the Oracle Solaris 11 readiness of an application by analyzing a working application on Oracle Solaris 10.
The two key things this allows you to do: One is move your application from an older version of Oracle Solaris to a newer version, like Oracle Solaris 11; The second is move your application between a smaller SPARC or x86 system to a larger one of the same architecture, to allow it to scale up or down depending on the business needs.
In some cases customers don't have the time to go through an application move from an older version of Oracle Solaris to a newer one, or the expertise how to install the application has left the company. It could also be that a move to Oracle Solaris 11 means a new version of the application. In these cases if you want to still easily move to Oracle Solaris 11 you can use Oracle Solaris 10 Zones. You take a backup of your current environment, this could be a tar or a flash archive file and create a Zone on Solaris 11 with a Solaris 10 brand. This will allow you to unpack the backup into the Zone and run the application unchanged on a Oracle Solaris 10 userland on a Oracle Solaris 11 kernel.
To assist with moving from a Oracle Solaris 10 Global Zone or a Oracle Solaris 10 Non-Global Zone into a Solaris 10 Zone on Oracle Solaris 11, it comes with Physical to Virtual (P2V) and Virtual to Virtual (V2V) tools. This makes the whole experience smooth.
With Secure by Default in Oracle Solaris 11 common security controls are in place and applied by default following industry best practices. For example all network services are turned off by default except for ssh so the system boots securely, and also low impact auditing is turned on by default recording log-on/log-off helping customers meet compliance obligations with less effort. In addition, Oracle Solaris 11.1 provides an OpenSCAP reporting tool to validate the system meets specific compliance criteria. This greatly alleviates the often time consuming process of proving compliance to auditors.
Oracle Solaris 11 has fully integrated encryption which allow applications to use a single API for all their cryptographic operations. This allows the administrator to at a later point for example to switch cryptographic algorithms without needing to rewrite the application. This also allows seamless integration with new hardware acceleration.
Protect information at rest at the dataset level with ZFS encryption using AES encryption. This allows administrators to apply encryption across single datasets or to a subset of resources needing protection or with a compliance obligation. Integration with the Oracle Key Manager allows true management of encrypted information and not just simplistic disk encryption.
The Solaris administrative model is flexible allowing administrators choice depending on deployment scenarios of using a combination of file access controls, role based access control, and delegation of administrative commands. This flexibility allows complex security controls to be defined based on anticipated customer risks. Delegated Administration gives the Global Zone administrator the ability to assign the administrative rights of an individual zone to a single user thereby limiting what they can do allowing multiple departments to consolidate on a single system.
Immutable Zones allow the Global Zone administrator to lock down an individual zone into a read only mode in which the applications within the zone can only read but not write, or only write into certain directories. Especially for internet facing applications this can greatly limit impact of intrusions.
Multilevel or labeled security is used by governmental customers to ensure separation of data and containment of users. Trusted Extensions in Oracle Solaris 11 builds upon 20 years of multilevel security enhancing labeled network, file storage, and secure desktop environments.
Fault Tolerance & Service Availability
Two major contributors to Oracle Solaris built-in high availability are the Fault Management Architecture (FMA) and the Service Management Facility (SMF). FMA monitors and reacts to hardware issues, SMF handles a similar task for software services.
The primary goal of FMA is predictive self healing. If a component is failing it often gives signals of degeneration, e.g. increased recoverable errors. By monitoring these, at some point a threshold is exceeded and the device will be off-lined before it impacts the OS or the applications. Many components are monitored, the primary being CPU, memory, and the I/O devices. In the case of memory, off-lining can have a significant impact on availability. For example on a 6 CPU, 12 core, 192 GB memory system auto-retiring offers a projected 46% decrease in annual downtime due to avoided memory failures.
Additionally FMA also can track serial numbers simplifying re-instating a system to full health. After off-lining a component, that component can be replaced and the OS recognizes the replacement activity (say a memory DIMM) because the part serial number changed. The new DIMM would then be automatically mapped back into the set of available resources.
SMF provides reliability for system services on Oracle Solaris. All services use a similar interface mechanism for starting, stopping and monitoring services, as well as storing their configuration. SMF also tracks service dependencies to allow for faster system reboot and automatic service restart should a service fail for any reason. SMF helps to centralize system configuration information and ensure that local administration changes are preserved during system update. In Oracle Solaris 11, two new services have been added (svc:/system/fm/smtp-notify and svc:/system/fm/snmp-notify) to provide notification for fault management events and state transitions of services. Administrators can easily set email notifications according to pre-defined or customer templates and report information like host name, time, resource affected, state change and description.
DTrace is an important tool to safely find out exactly what is going on on a live system for troubleshooting. To aid with this new providers in networking (TCP/UDP/IP) and storage (iSCSI/CIFS) I/O have been added as well as CPU state events. These can help to find particularly hard to trace problems in the I/O path.
For external monitoring tools Automated Service Request (ASR) can consume a new service svc:/system/ fm/asr-notify that generates HTTPS/XML. Through this path ASR can automatically issue service requests. Additionally Oracle Enterprise Manager Ops Center consolidates multiple telemetry data points from multiple systems provided by FMA and SMF and presents them to the console.
Oracle Solaris Zone clusters are the perfect environment to consolidate multiple applications or multi-tiered workloads into different virtual clusters onto a single physical cluster configuration. Oracle Solaris Cluster enables both full service protection through fine-grained monitoring of application, policy-based restart and failover within a virtual cluster, as well as reliable operations of multi-tiered workloads through management of dependencies across zones clusters. Additional benefits include ease of use with an automated set-up of the zone cluster and administrative isolation extended to the virtual cluster.
For Disaster Recovery, Oracle Solaris Cluster uses a multi-site, multi cluster topology to protect your applications from the consequences of a site wide disaster. Automated failover of application enables less-error prone restart of operations in secondary site. Coordination with application-, host- and storage- based replication delivers rapid data availability and protects data integrity. Planned maintenance while maintaining service level is facilitated by usage of operator-led workload switchover.
Oracle Solaris Cluster gives Built-in Protection for enterprise applications as it includes off-the-shelf support for an extensive portfolio of applications and databases. Examples include, but not limited to, Oracle E-Business Suite, Oracle Databases, PeopleSoft, Weblogic, MySQL, iPlanet Web server technologies, Apache, SAP, ... For custom applications an easy-to-use tool kit enables integration into the clustering framework in just a few clicks.
Scalable Data Management
ZFS is now the default file system for Oracle Solaris and it is always used for those parts of the filesystem that hold the OS packages. This allows the package manage ZFS clone and snapshots to create Boot Environments (BEs) so that newer versions of the OS only cost a minimal amount of space. Plus the update can be done while the system is running live and without having to break any mirrors to get an alternate boot environment.
If the data stored is very repetitive, like in home directories and email folders, ZFS Deduplication can help to greatly reduce the cost of storing this data, it uses checksum based comparison of blocks with optional verification (for example with noncryptographically secure checksums). Deduplication is performed across the entire ZFS storage pool; administrators can select if individual datasets have deduplication enabled or not.
With the Hybrid Storage Pools capability ZFS can seamlessly integrate Solid State Disks (SSDs) into your systems ZFS storage pools. ZFS intelligently uses the much faster SSDs to cache often referenced data on non-volitile storage. The right combination of SSDs and regular disks will give both the capacity of the regular disk pool but the speed of access the SSDs bring. All of this with no extra configuration.
COMSTAR (Common Multiprotocol SCSI Target) is the software framework that enables the ability to turn any Oracle Solaris host into into a target device that can be accessed over a storage network. The COMSTAR framework makes it possible for all SCSI device types (tape, disk, and the like) to connect to a transport (such as Fibre Channel) with concurrent access to all logical unit numbers (LUN) and a single point of management. Support for a number of protocols has been added; iSCSI Extensions for RDMA (iSER) and SCSI RDMA Protocol (SRP) for hosts that include an InfiniBand Host Channel Adapter, iSCSI, and Fibre Channel over Ethernet (FCoE).
In Oracle Solaris 11, running an NFS server in a Zone is now supported. The zone will have to be using exclusive IP as their network stack, which the default, and then NFS shares can be added of the filesystems inside the zone. This gives the flexibility to set up multiple NFS servers on a single system each with their own administrational domain, combine this with network virtualization and many services can be consolidated on a single Oracle Solaris instance. Administrators who wish to disable shares within a zone can add PRIV_SYS_SHARE to the zone's set of prohibited privileges.
|Oracle Solaris 11 Technology Spotlights|
|Oracle Solaris Preflight Application Checker Tool|
|Oracle Solaris Developer and ISV Resources|