Embed Size (px)
Citation preview
<Insert Picture Here>
Why You Will Benefit From Thinking About, And Planning For Oracle Solaris 11
Isaac RozenfeldOracle Solaris Product Management | Customer Installation [email protected]/11/2011
2
Oracle Solaris 11 Express
AGENDA
• Strategy• Oracle Solaris 11 Express Major Features• Support Offerings• Wrap Up – Resources, Q&A
3
What is Oracle Solaris 11 Express?
From a release perspective:
OpenSolaris Solaris 11 Express Solaris 11
4
What is Oracle Solaris 11 Express?
From a release perspective:
OpenSolaris Solaris 11 Express Solaris 11
From a “completion” perspective:
Feature Complete Solaris 11
Almost There
5
What is Oracle Solaris 11 Express?
From a release perspective:
OpenSolaris Solaris 11 Express Solaris 11
From a “completion” perspective:
Feature Complete Solaris 11
Almost There
From an audience perspective:• ISVs• Customers interested in leading edge IT• Customers that need Solaris 11 features
From the quality perspective• Embedded in Sun ZFS 7000 Appliances (for 2 years)• OS choice for Exalogic; coming to Exadata
6
Solaris 11 Raises the BarNext Generation of the #1 UNIX Operating System
• Dramatic reduction in planned downtime
• Telemetry for proactive and pre-emptive service
• Designed for network served environments• Binary compatibility guaranteed• Thousands of New Features:
• Clustering
• Virtualization
• Flash
• Infiniband
• Fast boot and fewer restarts
• And Lots More...
6
7
Oracle Solaris 11 ExpressKey Focus Areas
• Already in Oracle Solaris 10 New in Oracle Solaris 11
8
• Oracle Solaris Binary Application Guarantee ProgramFrom 1997 forward
• Oracle Solaris Source Code Guarantee ProgramBetween SPARC and x86
• Oracle Solaris 10 ContainersPreserve existing
environments
Preserving Business InvestmentsGuaranteed Compatibility
Oracle SPARC x86 Oracle x86
SolarisZone
Solaris 10Container
SolarisZone
SolarisZone
Oracle Solaris 11
Application Compatibility Guarantee covers applications that run on Solaris 2.6 or laterSource Code Compatibility Guarantee covers applications developed on any Solaris platformSee oracle.com/solaris – Technical Information for terms and conditions
9
Risk-Averse Updating
• New file system & volume manager, new installer & booter, new packaging system• Result: totally enhanced experience
• pkg update into a new boot environment, while staying “up”, then fast-reboot
• Result: when updating from 153 → 154: 99 second turn-around (SMTP)
• Something goes wrong? Fall back to previous boot environment
• “Ooops!” Deleted a directory and back-ups take hours or days to retrieve?
• # zfs rollback
10
Oracle Solaris 11 Key Focus Areas
• Availability: Greatly reducing planned and unplanned downtime– Self checking software packaging tools, network-based software repositories, safe updates with ZFS boot environments and fast reboot
• Scalability and Performance: Scaling to 1000s of threads, terabytes of main memory, 100s of Gbps– Next generation memory management, advanced power management, low latency/high speed interconnect
• Efficiency: Increasing deployment flexibility for applications– Completely virtualized network, storage and server environments, run your existing applications unchanged
• Security: Guarding your datacenter with advanced security– Secure by default startup,hardware verification of OS, data encryption services, enforced root role
11
<Insert Picture Here>
Oracle Solaris 11 Express Features
12
Feature Categories To Be Covered
• Packaging & Install– IPS, Boot Environments, Installation
• Virtualization– Zones, Network Virtualization
• Resource Management– Network Resource Management
• Data Management– ZFS, COMSTAR, SMB, NFS
• Security
Packaging &Install
Virtualization
Resource Management
Data Management
Security
13
PackagingPackaging
• New Image Packaging System (IPS) • No Patches.
– All system updates through 1 mechanism, package updates.
• Automatic package dependency computation and resolution
• No pre or post install package scripting– A source of problems with Solaris 10 patching
• Package versions define the system– Where configuration management is important
this dramatically simplifies the problem
Packaging &Install
Virtualization
Resource Management
Data Management
Security
14
Image Packaging System (IPS)Image Packaging System (IPS)
• Wonderful new sub-system: see pkg(1), pkg(5)• Completely integrated & networked
packaging/patching• Most important sub-commands:
– pkg install– pkg update– pkg search
Packaging &Install
Virtualization
Resource Management
Data Management
Security
15
Boot Environments
• Make updates safe, reliable, recoverable– Reduce risk– Increase availability
• Different from, and simpler than, Solaris 10 Live Upgrade– BE's are “free” with ZFS
• Use liberally as an administrative safety net
An important element of how Oracle Solaris 11 helps
reduce planned and unplanned downtime
Packaging &Install
Virtualization
Resource Management
Data Management
Security
16
ZFS pool
Boot Environments
rootpartition
/(root)
/(root)
swap swapswap
Unused
Unused Unused Unused
copy of root
partition
Updated
Other data
Other data
Other data
ZFS pool ZFS pool
Active BootEnvironment
Active BootEnvironment
Active BootEnv.
Disk 1 Disk 1 Disk 1
Disk 2Disk 2Disk 2
Before BE Creation After BE Creation
20 minutesto 1+ hour
later
~10seconds
later
After Updating New BE
Active BootEnv.
1 2 3
New BootEnvironment
New BootEnv.
New Updated BootEnv.
Unused Disk Partition
Active BootEnv.
So
lari
s 10
So
lari
s 11
17
Requirements for New Installer
• Updates (patches) & upgrades must be fast, reliable, reversible
• Low initial investment, great scalability for deployment− Ease-of-use is a priority for all features
• Deployment must be well-integrated with best practices, overall user experience− Limit install-specific features, knowledge
• Integrated deployment of Zones is required
Packaging &Install
Virtualization
Resource Management
Data Management
Security
18
New Automated Installer (AI)
• Lower up-front and ongoing costs of deploying Solaris-based software stack
• Leverages ZFS, SMF, IPS features to provide enhanced features vs. JumpStart– Reduces need for third-party or customer-developed
extensions– Most scripting moved to first-boot SMF services
• WAN-capable design provides operational flexibility• Designed to be manageable and observable
– installadm(1M) provides one-stop management interface
Packaging &Install
Virtualization
Resource Management
Data Management
Security
19
Automated Installer
Manifests
Boot Image
Oracle Solaris 11Express Environment
CreateCustomizedImages
UseStandardImages
VM VM
VM VM VM
AI Server
DistributionConstructorManifests
DistributionConstructor
Virtual MachinesUSB Images
Packages
IPSRepository
Packaging &Install
Virtualization
Resource Management
Data Management
Security
1
2
ISO Images
Net configAI address
DHCPServer
3
20
InstallPackaging &Install
Virtualization
Resource Management
Data Management
Security
Solaris 10 Solaris 11 Express
SVR4 Packages IPS Packages
Install DVD Install CD + pkg repository
Live Upgrade Boot Environments
Upgrade from installer pkg(1), Update Manager
JumpStart Automated Installer(AI)
JumpStart Profiles AI manifests
Flash Install No equivalent yet
Blueprints for custom DVD's Distribution Constructor
21
SMF New FeaturesPackaging &Install
Virtualization
Resource Management
Data Management
Security• Property value ordering (95)• Template extensions (102)• Early manifest import (137)• Networking type extensions (141)• FMA integration (146)• + more ...
22
Zones New FeaturesPackaging &Install
Virtualization
Resource Management
Data Management
Security• rename (24)• upgrade (27, 53)• move & clone (33)• migration (36)• configurable privileges (37)• ZFS (39)• System V resource controls (48)• update on attach (82)• + more ...
23
Zones ObservabilityPackaging &Install
Virtualization
Resource Management
Data Management
Security• Improved Utilization Monitoring
– CLI and Ops Center integration– Use extended accounting for accuracy– Report shared and dedicated resources– Utilization against configured limits
24
Introducing zonestat(1m)
$ zonestat 5...SUMMARY Cpus/Online: 32/32 Physical: 32.0G Virtual: 47.9G ----------CPU---------- ----PHYSICAL----- -----VIRTUAL----- ZONE USED %PART %CAP %SHRU USED PCT %CAP USED PCT %CAP [total] 1.57 4.92% - - 5660M 17.2% - 9.9G 20.6% - [system] 0.09 0.28% - - 5086M 15.5% - 9275M 18.8% - kodiak-dp 1.00 100% - 100% 46.0M 0.14% 4.49% 36.2M 0.07% 1.17% global 0.48 1.56% - 1.56% 419M 1.27% - 673M 1.37% - kodiak-ab 0.00 0.00% - 0.01% 67.0M 0.20% - 115M 0.23% - kodiak-rie 0.00 0.00% - 0.02% 41.6M 0.12% - 62.4M 0.12% -
25
Introducing zonestat(1m)Packaging &Install
Virtualization
Resource Management
Data Management
Security• zonestatd daemon performs monitoring
– Allows non-root users and non-global zones to see (some of) the information
• zonestat can monitor:– Virtual-memory, physical-memory, locked-memory, pool-
psets, lwps, processes, shm-memory, shm-ids, sem-ids, msg-ids
– Limit output to specific zones– Sort by various columns– Machine parseable output mode– End-of-run reporting for average, high, total usage– Drill down by resource type
26
Oracle Solaris 11 Zones
• “Zones” not “Containers” for Solaris 11• Oracle Solaris 10 Containers are the key to compatibility of Solaris 10 apps in Solaris 11
• Zones monitoring tool for better visibility into system • Delegated zones administration allows giving admin
access to zone but not system.
Packaging &Install
Virtualization
Resource Management
Data Management
Security
Solaris 10Solaris 10 Zone
Solaris 10 Zone
Oracle Solaris 11Express
Solaris
11 Zone
Solaris
11 ZoneSolaris 10 Zone
Solaris 10 Zone
Oracle Solaris 10
27
Networking Major New FeaturesPackaging &Install
Virtualization
Resource Management
Data Management
Security• GLDv3 a.k.a. Nemo (12)• IP Instances (57)• NetWork Auto-Magic a.k.a. NWAM (62/100/134)• Nemo unification and vanity naming (83)• Enhanced network driver configuration via dladm (83)• Virtualization & Resource Management a.k.a.
Crossbow (105/136/154)• ipadm (137)• + more ...
28
Networking Minor New FeaturesPackaging &Install
Virtualization
Resource Management
Data Management
Security• Lots of wireless drivers (29 & later)• IP Duplicate Address Detection (47)• IPsec Tunnel Reform (53)• Multicast DNS and Service Discovery (72)• Automated building of sendmail configuration files (90)• IP Observability Devices (103)• Low Latency Socket Framework (106)• IPMP Rearchitecture (107)• IP Tunneling (125)• Single-root I/O Virtualization (155)
29
Network Virtualization
Provide a fully virtualizable network environment • More effective sharing of networking resources
– Divide physical link into multiple virtual ones– Aggregate multiple links into larger virtual one
• Increase the scope for server consolidation projects.– Don't just consolidate servers, consolidate network
topologies (network-in-a-box)
Packaging &Install
Virtualization
Resource Management
Data Management
Security
30
Network Virtualization
100 Mb100 Mb 100 Mb 100 Mb 100 Mb100 Mb
100Mb100Mb 100 Mb 400 Mb 400 Mb100Mb
31
Network Virtualization
The Plumbing provides the virtualization interconnects
• Virtual NIC • Virtual Switch• VLAN support
Solaris Networking Components provide the flexibility to build complex network topologies within a system
• Router (Quagga)• Load Balancer (new)• Firewall (IP Filter)
Packaging &Install
Virtualization
Resource Management
Data Management
Security
32
Network Resource Management
• Compelling addition to Solaris 10 Resource Management capabilities
• Allow organizations to meet service level goals
Memory cap Swap cap
CPU cap PrioritiesBandwidth cap
CPU capShares
Networking
CPU
Memory
Packaging &Install
Virtualization
Resource Management
Data Management
Security
33
Network Resource Management
Prior to starting networkbackup
Network backup soaking up so much net band-width it impacts other communication
After limiting bandwidthused by backup, other traffic no longer suffers
Packaging &Install
Virtualization
Resource Management
Data Management
Security
34
Network Resource Management
Enable enforcing organizational service delivery policies
• Bandwidth• CPU resources
Traffic Filtering for types of traffic allow fine tuning the resource controls
• IP addr• Port• Protocol
Packaging &Install
Virtualization
Resource Management
Data Management
Security
35
Data Management
Mission hardened for over 2 years as OS for Sun ZFS Storage Appliances. • ZFS
– Only boot environment– Dedup, Encryption both new
• Common Multiprotocol SCSITarget (COMSTAR)
– Converts Solaris hosts into SCSI targets with a number of supported
transport protocols (iSCSI, FC, InfiniBand)
• Fully integrated CIFS– Complete Windows file sharing interoperability
(pairs with Active Directory integration)
• NFS
Storage Pool
ZFS ZFS ZvolZFS
NFS CIFS COMSTAR
Packaging &Install
Virtualization
Resource Management
Data Management
Security
36
ZFS Packaging &Install
Virtualization
Resource Management
Data Management
Security• Initial integration (27)• FMA (36)• Zones (39)• Hot Spares & Clone Promotion (42)• Bootable datasets (62)• Hotplug (68)• L2ARC (78)• Boot support (88)• Deduplication (128)• Crypto (149)• + more ...
37
ZFS Deduplication
Deduplication• Fully integrated into ZFS, not a for-fee addition• Manage more data while using less resources• Enable on dataset level
Characterization:• Realtime• In line• Block based
Packaging &Install
Virtualization
Resource Management
Data Management
Security
38
ZFS Encryption
ZFS:Create a reliable, scalable, easy to manage storage system from inherently unreliable components
ZFS with Encryption:Create a secured, reliable, scalable, easy to manage storage system from...
• Dataset encryption property set at create time• Different encryption possible within each data set of pool• What is encrypted: All data, directory structure, ZVOL
data, and all of those in a snapshot or clone
Packaging &Install
Virtualization
Resource Management
Data Management
Security
39
Security
• Root is a role– Better accountability– User assumes ‘root’ role so can disable direct
root login
• Trusted Platform Module (TPM)– Provides hardware verification of OS at boot-time
• ZFS Cryptography– Cryptographic protection of data on
a per-pool basis– Uses Solaris Cryptographic Framework
to provide acceleration throughon-board crypto, of bothSPARC and x86 processors
Packaging &Install
Virtualization
Resource Management
Data Management
Security
40
Security New FeaturesPackaging &Install
Virtualization
Resource Management
Data Management
Security• Trusted Extensions (37)• Secure-by-default (42)• IPsec Tunnel Reform (53)• Packet capture (125)• ZFS Crypto (149)• + more ...
41
Hardware Platforms & PerformancePackaging &Install
Virtualization
Resource Management
Data Management
Security• SPARC
– sun4v (13)– T3 processors (131)
• Intel– Nehalem & Westmere processors (97)
• Fast reboot (x86: 100, by default: 112, SPARC: 136)• Fast crash dump (127)• + more ...
42
Miscellaneous New FeaturesPackaging &Install
Virtualization
Resource Management
Data Management
Security• MACHINE_THAT_GOES_PING (33)• Alternate home directory for root user (87)• Next Generation Audio (115)• modernization updates (136)
– bash now default root shell– ksh (and /bin/sh) now ksh93– patch now GNU– vi now vim
43
<Insert Picture Here>
Oracle Solaris 11 Express Support
44
Oracle Solaris 11 Express Support
Oracle Solaris 11 Express is included in:• Oracle Premier Support for Oracle Systems• Oracle Premier Support for Operating Systems • Oracle Solaris Premier Support Subscription for
non-Oracle x86 systems
45
Key Takeaways
• First look at what will be the next major Solaris release- Oracle Solaris 11
• Feature Highlights include • Network Virtualization and Network Resource Management• Enterprise storage-class storage implementations in a
general purpose OS• New ZFS features, Dedup and Encryption• New Packaging System addresses pain of patching
• Oracle Solaris support programs include supporting Oracle Solaris 11 Express
