oracle solaris 11.1 new features

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 1

Oracle Solaris 11.1 new features

Orgad Kimchi

Oracle ISV engineering


The following is intended to outline our general product direction. It is

intended for information purposes only, and may not be incorporated into

any contract.

It is not a commitment to deliver any material, code, or functionality, and

should not be relied upon in making purchasing decisions. The

development, release, and timing of any features or functionality

described for Oracle‟s products remains at the sole discretion of Oracle.


Oracle Solaris 11 Mission Critical Meets Cloud

Solaris 11

Highly Available, Secure

Platform for Enterprise Apps

Predictive self healing

ZFS data integrity

Low overhead snapshots

End to end encryption

Application Clustering

Compliance reporting

DTrace observability

Large-scale Cloud

Management

Zero overhead Server,

Storage, Network

virtualization

Immutable zones

Fast, fail safe

life cycle management

Comprehensive cloud

management solution


Key enhancements delivered in Oracle Solaris 11.1

• Installation

• System configuration

• Virtualization

• Security and Compliance

• Networking

• Data management

• Kernel/platform support

The new Oracle Solaris 11.1 features over 300 new performance and

feature enhancements


Installation Enhancement

The interactive installer now supports installing the OS to iSCSI

targets.


ASR & OCM

ASR (Auto Service Request) and OCM (Oracle Configuration

Manager) have been enabled by default

ASR - create service requests to speed up support processes.

OCM - Proactively provide support information and

This is optional and can be disabled but helps a lot in support

cases.


Service Management in Solaris (SMF) SMF provides an infrastructure that augments the traditional UNIX

startup scripts

provides a mechanism to define the relationships between applications

or services

Automated restart of services in correct order:

> administrative error

> software bug

> uncorrectable hardware error

Parallel startup improves system boot time


Management Enhancement

• svccfg:

– New options extract and delcust (diffs management)

– Improved „editprop‟

• svcbundle: generates SMD manifests and profiles

• pfedit: for editing administrative files

• rsyslog: daemon for message logging


Svcbundle - Simple SMF Manifest Creation Tool

The new command svcbundle helps you to create

SMF manifests without having to struggle with XML

editing.


Svcbundle - Example

Solaris 11.1

# svcbundle -o isv-service2.xml -s service-name=application/isv-service2 -s

model=wait -s start-method="/var/tmp/smf/isv-service2-start"

# cp isv-service2.xml /lib/svc/manifest/application

# svcadm restart manifest-import

# svcs isv-service2

Solaris 10 & Solaris 11

# svccfg validate ./isv-service2.xml

# svccfg import ./isv-service2.xml

# svcs /application/isv-service2

STATE STIME FMRI

online 11:52:09 svc:/application/isv-service2:default


Svccfg - Improved SMF Service Configuration

New options extract and delcust for svccfg(1M) to help

diff and apply customizations to other systems.

# svccfg listcust -M | grep mysvc

svc:/system/mysvc manifest MASKED

manifestfiles/lib_svc_manifest_test_mysvc_xml astring admin \

MASKED /lib/svc/manifest/test/mysvc.xml

svc:/system/mysvc:default manifest MASKED

# svccfg -s svc:/system/mysvc delcust

Deleting customizations for service: system/mysvc


Svccfg - Improved SMF Service Configuration

Improvements to svccfg editprop to ease making

changes via text editor.

# svccfg -s svc:/application/pkg/system-repository:default editprop


RBAC - Role-based access control


RBAC Background

Role-based access control allows system administrators to delegate the

administrative control of parts of the system to users.

Users can be given the ability to run command with additional privileges

in two ways:

Assigning a profile directly to the user, in which case no additional

authentication is required

Creating a role and assigning the profiles to the role.

It can also be used to build restrictive environments for users by

removing their ability to run commands they would normally be allowed

to run.


pfedit - Administrative Edit

Ever wondered how to delegate editing permissions to certain

files? It is well known "sudo /usr/bin/vi /etc/hosts" is not the right

way, for sudo elevates the complete vi process to admin levels,

The user can "break" out of the session as root with simply

starting a shell from that vi.

Now, the new pfedit command provides a solution exactly to this

challenge - an auditable, secure, per-user configurable editing

possibility.


pfedit - Example

Creating a Profile

To create a profile with solaris.admin.edit authorization that can be assigned to users to modify

/etc/syslog.conf, use the profiles(1) command.

# profiles -p "syslog Configure"

profiles: syslog Configure> set auths=solaris.admin.edit /etc/syslog.conf

profiles: syslog Configure> set desc="Edit syslog configuration"

profiles: syslog Configure> exit

Modifying /etc/syslog.conf

If a user has the “syslog Configure” profile as configured in the previous example then

invoking:

~ pfedit /etc/syslog.conf

http://docs.oracle.com/cd/E26502_01/html/E29030/profiles-1.html


rsyslog - New Logging Daemon

Native support for writing to MySQL databases

Native support for writing to Postgres databases direct support for

SQLLite, Ingres, Oracle,

Support for sending mail messages

Support for (plain) tcp based syslog - much better reliability

Sending and receiving compressed syslog messages.

Log files larger than 2gb support for file size limitation and command

execution

Support for running multiple rsyslogd instances on a single machine


/etc/rsyslog.conf – Example # Remote Logging (we use TCP for reliable delivery)

# An on-disk queue is created for this action. If the remote host is

# down, messages are spooled to disk and sent when it is up again.

$WorkDirectory /var/spool/rsyslog # where to place spool files

$ActionQueueFileName uniqName # unique name prefix for spool files

$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)

$ActionQueueSaveOnShutdown on # save messages to disk on shutdown

$ActionQueueType LinkedList # run asynchronously

$ActionResumeRetryCount -1 # infinite retries if host is down

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

#*.* @@remote-host:514


Improved Viewing of Per-CPU Statistics

The performance analysis commands mpstat(1m),

cpustat(1m), and trapstat(1m)

Provide a line of statistics output for each CPU. If there

is a large number of CPUs, there is far too much data

for a person to interpret, which makes it difficult to spot

the interesting and relevant data.

New options have been added to sort, aggregate, and

display the data in a more condensed format.


mpstat - Example Improved viewing of per-CPU statistics

21 Copyright © 2011, Oracle and/or its affiliates. All rights

reserved.

Network Virtualization

• Fully simulate your production

environment

– Reduce expense with software network

equipment

– More testing means better quality

– Easier to test different scenarios or even

different production environments

• Rapidly roll out to your production

– Better define your production environment

network requirements

Test the Un-Testable


Edge Virtual Bridging

– Making the network “virtualization

aware”

– Offload bandwidth control on switches

Data Center Bridging

– Convergence of storage and networking

– Enabler for low latency RDMA over

Ethernet

– Multiple lanes of traffic on the same link

New with Solaris 11.1

Software Defined Networking

Save cost by leveraging

Ethernet for storage Prioritize bandwidth

for key applications


Edge Virtual Bridging (EVB)

EVB extends network virtualization features into the physical network

infrastructure

Allowing users to manage bandwidth and to increase utilization of

network resources. EVB is an IEEE standard 802.1Qbg that defines

new protocols and mechanisms for exchanging information about

virtual links between hosts/stations and a switch/bridge. Using EVB,

properties (such as the bandwidth limit) of the Oracle Solaris Virtual

NIC

(VNIC) can be exchanged with the switch so that the switch can be

configured accordingly for the VNIC.


Edge Virtual Bridging - Example # lldpadm show-agent -lv net0 Agent: net0

Chassis ID Subtype: Local(7)

Port ID Subtype: MacAddress(3)

Port ID: 00:14:4f:01:77:5d

Port Description: net0

Time to Live: 81 (seconds)

System Name: hosta.example.com

System Description: SunOS 5.11 dcb-clone-x-01-19-11 i86pc

Supported Capabilities: bridge,router

Enabled Capabilities: router

Management Address: 192.168.1.2

Maximum Frame Size: 3000

Port VLAN ID: --

VLAN Name/ID: vlan25/25

VNIC PortID/VLAN ID: 02:08:20:72:71:31


Data Center Bridging (DCB)

DCB allows the same network fabric to be used for both Ethernet and

storage traffic reducing overall infrastructure costs in a datacenter.

Based on IEEE 802.1Qaz has been added to the DCB functionality

introduced in Oracle Solaris 11 11/11.

This will provide guaranteed bandwidth and lossless Ethernet transport

for converged network environments where storage protocols share

the same fabric as regular network traffic.


Data Center Bridging (DCB) -Example

# dladm show-phys -D pfc net0

LINK COS PFC PFC_EFFECT CLIENTS

ixgbe0 0 YES NO net0,vnic1

1 YES YES vnic2

2 YES NO vnic3

3 YES NO vnic4

4 YES NO vnic5

5 YES NO vnic6

6 YES NO vnic7

7 YES NO vnic8


VNIC Migration

VNIC live migration is now supported from one physical NIC to another

on-the-fly

For example, if a PNIC becomes saturated, a VNIC associated with

one key application can be migrated across to another PNIC (one with

available bandwidth) without taking an outage.


VNIC Migration - Example

# dladm show-vnic

LINK OVER SPEED MACADDRESS MACADDRTYPE VID

vnic1 net0 1000 2:8:20:c2:39:38 random 0

vnic2 net0 1000 2:8:20:5f:84:ff random 0

# dladm modify-vnic -l net1 -L net0

# dladm show-vnic vnic0

LINK OVER SPEED MACADDRESS MACADDRTYPE VID

vnic1 net1 1000 2:8:20:c2:39:38 random 0

vnic2 net1 1000 2:8:20:5f:84:ff random 0


Zone updates now execute

in parallel

Time savings exponential across

datacenter


Fast Zone Updates

4x less downtime

during maintenance windows

0 10 20 30 40

Solaris 11.1

Solaris 11

Minutes

Updating a T4 System with 20 Zones

Increase consolidation ratios without

increasing maintenance windows


Zones on shared storage

Zones framework automatically manages

• Configuration/un-configuration of storage services

• Attach/detach of storage devices

• zpool creation, import, export

• For SAN and iSCSI


Easy Mobility for Zones

Move zones around between systems

quickly and easily

Z

o

n

e

B

Z

o

n

e

A

Z

o

n

e

C


Zones On Shared Storage (ZOSS) - Example

zonecfg -z zone1

Use 'create' to begin configuring a new zone.

zonecfg:zone1> create

create: Using system default template 'SYSdefault'

zonecfg:zone1> set zonename=zone1

zonecfg:zone1> set zonepath=/zones/zone1

zonecfg:zone1> add rootzpool

zonecfg:zone1:rootzpool> add storage dev:dsk/c7t2d0

zonecfg:zone1:rootzpool> end

zonecfg:zone1> exit


File System Statistics for Oracle Solaris Zones

Until now, global zone administrators had no way of monitoring activity

in a particular zone

Nor could non-global zone administrators monitor fstype activity in their

own zones.

This update provides a per-fstype kstat (kernel statistic) for each zone.

The global zone also has a kstat exclusively reporting its activity.

Now, over kstat you can find out which zone's I/O has an impact on the

other ones, see the examples in the


Reporting Per-Zone fstype Statistics for all Zones

$ fsstat -z s10 -z s10u9 zfs tmpfs

new name name attr attr lookup rddir read read write write

file remov chng get set ops ops ops bytes ops bytes

93 82 6 163K 110 507K 148 69.7K 67.9M 4.62K 13.7M zfs:s10

248 237 158 188K 101 612K 283 70.6K 68.6M 4.71K 15.2M zfs:s10u9

12.0K 1.90K 10.1K 35.4K 12 60.3K 4 25.7K 29.8M 36.6K 31.0M tmpfs:s10

12.0K 1.90K 10.1K 35.6K 14 60.2K 2 28.4K 32.1M 36.5K 30.9M

tmpfs:S10u9


Performance Improvements for Install and Attach Operations

Enhancements to install and attach operations on Oracle Solaris Zones

have made zone system management operations much faster

27 percent decrease in the time it takes to install a zone

91 percent decrease in the time it takes to attach a zone have been

observed

Along with the ability to update zones in parallel, this means that

planned service implementations or planned outages can be much

shorter.


Driving Cloud Infrastructure Innovation

Security Immutable Zones

Deployment Linked Images, Parallel Zone Updates, AI Integration, IPS integration,

Package minimization

Network

Virtual NICS (VNICS), Automatic VNICs, Bandwidth Control, Exclusive IP by

Default, Network Observability, Infiniband Enhancements, Data Center

Bridging, Edge Virtual Bridging

Storage Zone Boot Environments, ZFS Datasets, Recursive ZFS send, NFS Server in

a Zone, Zones on Shared Storage, Lofi improvements

Migration Pre-flight Checker, Solaris 10 Zones on Solaris 11, Zones install update for

V2V archives

Management System Configuration, Clean Shutdown, Hung Zones, Zones “unavailable”

state, Zonestat, Per Zone fsstat, Zones RAD Module

Web Tier

Application Tier

Database Tier

Finance

Dataset

Financ

e Zone

HR

Dataset

HR

Zone

Sales

Dataset

Sales

Zone

Solaris 11, Solaris 11.1


New Optimized Shared Memory

interface (OSM)

Works with Oracle DB

Automatic Memory

Management (AMM)

Dynamic, NUMA- aware

granule based shared memory


Oracle Optimized Shared Memory

Dynamically resize your

Database SGA online

without a reboot

Bring Oracle Database

instances up 2x faster

Oracle DB

SGA


Faster Memory Allocation Using vmtasks The following tables show the time to create + lock + destroy a large segment,

normalized as milliseconds per gigabyte, before and after the introduction of vmtasks:

ISM DISM

system ncpu before after speedup

x4600 32 1386 245 6X

X7560 64 1016 153 7x

M9000 512 1196 206 6X

T5240 128 2506 234 11X

T4-2 128 1197 107 11x

system ncpu before after speedup

x4600 32 1582 265 6x

X7560

64 1116 158 7x

M9000 512 1165 152 8x

T5240 128 2796 198 14x

From: https://blogs.oracle.com/sistare/entry/faster_memory_allocation_using_vmtasks


Oracle Optimized Shared Memory – Cont’d

To put this in perspective, consider creating a 512 GB ISM segment on

T4-2. Creating the segment would take 6 minutes with the old code,

and only 33 seconds with the new.

If this is your Oracle SGA, you save over 5 minutes when starting the

database, and you also save when shutting it down prior to a restart.

Those minutes go directly to your bottom line for service availability.


For More Information / Try Out Today

Product overview and download

– oracle.com/solaris

Oracle Technology Network

– oracle.com/technetwork/server-storage/solaris11

System administrators community

– oracle.com/technetwork/systems

@ORCL_Solaris

facebook.com/oraclesolaris

Oracle Solaris Insider


Questions

oracle solaris 11.1 new features

Technology

oracle andor

new oracle solaris

confidential oracle

sole discretion of oracle

solaris smf smf

svccfg s svc

s service

svccfg editprop