solaris 11.2 what's new
DESCRIPTION
Oracle Solaris 11.2 - Engineered for Cloud Oracle Solaris provides an efficient, secure and compliant, simple, open, and affordable solution for deploying your enterprise-grade clouds. More than just an operating system, Oracle Solaris 11.2 includes features and enhancements that deliver no-compromise virtualization, application-driven software-defined networking, and a complete OpenStack distribution for creating and managing an enterprise cloud, enabling you to meet IT demands and redefine your business. For more information: http://www.oracle.com/technetwork/server-storage/solaris11/overview/beta-2182985.htmlTRANSCRIPT
Oracle Solaris 11.2 what’s new
Orgad Kimchi
Principal Software Engineer
ISV Engineering Oracle
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 2
THE FOLLOWING IS INTENDED TO OUTLINE OUR GENERAL PRODUCT
DIRECTION. IT IS INTENDED FOR INFORMATION PURPOSES ONLY,
AND MAY NOT BE INCORPORATED INTO ANY CONTRACT. IT IS NOT A
COMMITMENT TO DELIVER ANY MATERIAL, CODE, OR
FUNCTIONALITY, AND SHOULD NOT BE RELIED UPON IN MAKING
PURCHASING DECISION. THE DEVELOPMENT, RELEASE, AND TIMING
OF ANY FEATURES OR FUNCTIONALITY DESCRIBED FOR ORACLE'S
PRODUCTS REMAINS AT THE SOLE DISCRETION OF ORACLE.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 3
Agenda
OpenStack Overview
Software Defined Networking (SDN)
Unified Archives
Kernel Zones
Observability & Monitoring
Installation and Software Management
Data Management
Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 4
Oracle Solaris – Engineered for Cloud Oracle Solaris brings enterprise to OpenStack
#1 enterprise platform – designed
for mission critical apps
Immense workload scalability
Assured data integrity
Secure by design
Production safe observability
Enterprise Ready Cloud Agility
Zero-overhead virtualization
Agile, self-service environments
Full VM lockdown
Application driven SDN
Scalable data management
Automated compliance monitoring
and reporting
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 5
COMPLETE.
SDN Virtualization OpenStack OS
Solaris 11.2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 6
Drivers for Enterprise Cloud Computing
Business responsiveness and agility
– Rapid resource & application provisioning
– Seamless scale up and scale out
Simplified administration
– Better capacity planning and asset utilization
– Centralized monitoring and reporting
Business protection
– Integrated workload and data redundancy
What factors are causing a shift towards the cloud?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 7
Cloud Implementation Challenges
Months to deploy
Complex updates
Incompatible with compliance rules
Insufficient High Availability
Prohibitive virtualization overhead
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 8
OpenStack Overview
Open Source Cloud Software
– Foundation for IaaS, PaaS and SaaS
Combines compute, network
and storage resources
– Web portal for cloud admins and
self-service users
– Cloud services exposed through
APIs
What is OpenStack?
Data Center Resources
Single Management Pane
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 9
Integration with Oracle Solaris
Compute Virtualization Cloud Networking Cloud Storage Image Deployment
Cloud Management
Cloud APIs
Zones & Kernel Zones Elastic Virtual Switch ZFS File System Unified Archives
Nova Neutron Cinder
&
Swift
Glance
Horizon
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 10
Core Oracle Solaris Technology Solaris Features a Foundation for OpenStack
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 11
Oracle Solaris Enterprise OpenStack
Cloud Management
x86
x86
x86
Shared
Storage
Horizon
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 12
Networking & Application Engineered Together
Application-driven network SLAs
– Application flows across SaaS, PaaS, IaaS layers
– Oracle 12c
Pluggable Databases
RAC Heartbeats
– Java 8, WebLogic
Builtin – Applications get SLAs without change
Application-Driven SDN – No Compromise
Solaris
SDN
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 13
Virtual Switching
Use etherstubs instead of physical NICs
Build virtual switches that are independent
from any hardware
As many as you want on a single host
A virtual switch is created automatically
when VNICs are configured
Virtual switches allow VNICs to
communicate with each other and with
hosts on the network
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 14
Multi-tenant Virtual Networks Elastic Virtual Switches (EVS)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 15
Elastic Virtual Switch in the Cloud
Elastic Virtual Switch (EVS) allow you to manage multiple virtual
switches that are spread across several physical machines most
typical in a cloud environment. Building on the network virtualization
and SDN capabilities included in Oracle Solaris 11,
EVS helps simplify administration by managing these virtual switches
as a single virtual switch, including the management of network traffic
between VMs, MAC and IP addresses, VLANs and VXLANs, and
enforcing service level agreements across the network through
resource control management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 16
Network Resource Control
Set bandwidth limit on a VNIC
(virtual link speed)
QoS integrated in the core
stack, no separate component to
configure
Constrain the CPUs used by
VNICs or data links by CPU ids
or pool names
Integrated with Solaris resource
management and zones # dladm create-vnic -l net0 \ -p maxbw=100M vnic0
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 17
Controlling and Observing Flows Control the Un-Controllable
Bandwidth limits can be applied to
traffic flows specified by the
administrator; this includes datalinks
in non-global zones
Managed by flowadm(1M) and
specified by source and destination
IP addresses, protocol, port number,
etc.
Flows can be observed in real time
with flowstat(1M), or a history
can be obtained using extended accounting
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 18
Datalink Multipathing
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 19
VXLAN
Create Layer-2 segments on top of an IP network– Layer-2 packets are
encapsulated within IP packets
Allows greater number of VXLANs vs traditional VLANs
Fabric independence, relies on IP only
EVS can use VXLANs to implement virtual switches– Hides details of
VXLAN management
# dladm create-vxlan -p address=1.1.1.1,vni=101 vxlan1
# dladm create-vnic –l vxlan1 vnic0
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 20
Application-Driven SDN Example - Oracle RAC without Expensive Switches
Ap
plic
ation D
rive
n
Network Fabric
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 21
Flows Enhancements in Solaris 11.2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 22
ApplicationDriven Software Defined Networking
A new socket level flow API allows applications to directly prioritize its
own traffic through a series of network flows,leading to optimized
application performance and r educe any adverse impact of resource
contention
This application -driven software defined networking, from application
through to storage, along with administrative driven flows help to
ensure service level agreements are maintained within a data center or
cloud environment
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 23
Reflective Relay
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 24
Rapid Application Deployment Agile application provisioning in the cloud with Unified Archives
Fast archive creation,
instant deployment
Unified Archives
Create Clone Archive
2X FASTER
PROVISIONING
Agile Apps
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 25
Secure, Compliant Application Deployment Agile application provisioning in the cloud with Unified Archives
Unified Archive
2X FASTER
PROVISIONING
Securely
Deploy
Develop and
Test Create Unified
Archive
Securely Deploy
into Production
Lock Down Host
and Global File
System
Generate
Reports for
Compliance
Optimized for Compliance from Dev through Production
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 26
Fast and Reliable Disaster Recovery Integrated disaster recovery with Unified Archives
Fast system archive
creation, full recovery
in minutes
2X FASTER
RECOVERY
System Back
System A
System A’
Disaster
Recovery Unified Archives
System
Backup
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 27
Total Archive Portability Seamless image transforms
Archive and deploy
across systems and
virtualization boundaries
100% UNPRECEDENTED
FLEXIBILITY
Archive
portability
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 28
Unified Archive
Simplified Administation
– archiveadm(1m) utility
Oracle Virtual Archive (OVA) with multi-system definition
– OVF : Descriptor and Manifest
– ZFS send/receive streams
Disconnected system support
– Bootable ISOs or USB images
Simple to Administer
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 29
Creating Unified Archive is Simple One line to create an Archive
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 30
Deploying Unified Archive is Simple Two line to deploy in a Zone
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 31
Unified Archive Integration with OpenStack
Compute Virtualization Cloud Networking Cloud Storage Image Deployment
Cloud Management
Cloud APIs
Zones & Kernel Zones Elastic Virtual Switch ZFS File System Unified Archives
Nova Neutron Cinder
&
Swift
Glance
Horizon
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 32
Solaris Kernel Zones
Near zero Virtualization Overhead
Independent patching and updating
Instant switch between zones, kernel
zones, bare-metal and OVM
Optimized booting off of shared storage
via NFS, FC or iSCSI
SDN, Distributed Virtual Switch
Zone images encrypted on
shared storage
Immutable root file system
Live reconfiguration
A New Type of Zone with its own Kernel
iSCSI 1
InfiniBand Fabric
10GbE Network
iSCSI N
S11.2
Virtual Router
S11.2 S11.x S12
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 33
Kernel Zones can be configured, installed and booted with the
existing zonecfg(1M) and zoneadm(1M) commands
For example, to create an install a Kernel Zone:
# zonecfg -z newzone create –t SYSsolaris-kz
# zoneadm –z newzone install
Kernel Zones
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 34
Live Zone Re-configuration Support for the dynamic re-configuration of local zones.
Now the following configuration changes do not require a zone reboot.
Resource controls and pools
Network configuration
Adding or removing file systems
Adding or removing virtual and physical devices
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 35
Read-Only Global Zones
Recent releases of Solaris have support for Immutable Non-Global
Zones already. Solaris 11.2 extends the immutable zone support to
Global Zones. Immutable zones will have a read-only zone root.
Make a Global Zone Read-Only/Immutable by:
# zonecfg -z global set file-mac-profile=fixed-configuration
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 36
Installing Packages across multiple Non-Global Zones from the Global Zone
-r option of pkg can be used to install/update/uninstall software
packages into/in/from all non-global zones from the global zone.
Use -Z option along with -r to exclude a zone in applying the package
operation. Similarly use -z along with -r to apply the intended package
operation only in a specific zone
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 37
Multiple Boot Environments for Solaris 10 Zones
Multiple BE support has been extended to Solaris 10 Zones in this
release. This feature is useful when performing operations such as
patching within an Solaris 10 environment running on a Solaris 11
system
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 38
Automated Zone Renaming
Support for more convenient Oracle Solaris Zone renaming is
introduced with a new sub command rename to zoneadm(1M)
This new sub-command allows for easier zone renaming for zones in a
‘con figured’ and ‘installed’ state.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 39
Installation and Software Management
Users/customers who wish to have their OS installed with minimal set
of required system packages for running most of the applications in
general, can just install solaris-minimal-server package and not worry
about anything else such as removing unwanted packages.
# pkg install pkg:/group/system/solaris-minimal-server
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 40
Installation and Software Management
Oracle Database Pre-requisite Package
Solaris 11.2 frees up the users from the burden of checking and
installing individual [required] packages by providing a brand new
package called oracle-rdbms-server-12cR1-preinstall.
Users just need to install this package for a smoother database
software installation later.
# pkg install pkg:/group/prerequisite/oracle/oracle-rdbms-server-12cR1-
preinstall
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 41
Installation and Software Management
Mirroring a Package Repository
11.2 provides the ability to create local IPS package repositories and
keeps them in synch with the IPS package repositories hosted publicly
by Oracle Corporation. The key in achieving this is the SMF service
svc:/application/pkg/mirror.
The following webpage has the essential steps listed on a high-level.
How to Automatically Copy a Repository From the Internet
Another enhancement is the cloning of a package repository using --
clone option of pkgrecv command.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 42
Baseline Installations with IPS
A new subcommand exact-install has been added to pkg(1) to allow
administrators to easily revert to a baseline installation. This is useful
when needing to get a system into a baseline state without having to
manually uninstall a large number of packages.
The result of the pkg exact-install command is an image with only the
specified packages and their dependencies installed. Any currently
installed packages that are not specified on the pkg exact-install
command line and are not a dependency of the specified packages are
removed
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 43
Synchronous svcadm When you use the -s the svcadm enable command just returns when
the state transition has completed.
In our example we would use svcadm enable -s apache22. As we
artificially delayed the startup of the Apache, the svcadm command
should run at least 10 seconds. Let's check this:
# ptime svcadm enable -s apache22
real 11.137908105
user 0.012195633
sys 0.018084807
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 44
SMF stencils The Service Management Facility (SMF) has been enhanced through
the addition of SMF Stencils.
These allow service developers and administrators to easily map
configuration properties stored in the SMF repository to application
specific configuration (stored in /etc for example).
A stencil file, created using a new tool called svcio(1), provides
information for how to create the application configuration file and is
associated with the service. From there, SMF takes control and
regenerates configuration for all stencil aware services before running
the start or refresh SMF methods
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 45
SMF Easy Log Viewing
Administrators can now easily view SMF logs directly from svcs(1) .
Using the –L option, administrators can view the latest 10 lines of
service logs directly from the command line.
# more `svcs –L smtp`
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 46
Installation and Software Management
Secure End To End Provisioning
This release supports secure end To end provisioning using the
Automated Installer, from system boot using SPARC WAN boot
through to secure installation from IPS package repositories. By
protecting the communication and configuration between installation
server and client systems, administrators can now ensure complete
security across their provisioning/updating environment
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 47
Interactive Automated Installer Manifest Creation and Management A new interactive browser interface is introduced that allows you to
easily create Automated Installer (AI) manifests that can be used on an
AI server.
By stepping through a series of screens, you can quickly create a new
manifest that describes the disk layout, ZFS datasets,
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 48
Advanced Configuration in Automated Installer
Support for the configuration of multiple network interfaces using the
Automated Installer has
Another enhancement for Automated Installer allows passing pre-
generated SSH public keys through an SMF profile using the
user_account/ssh_public_keys property group/property for population
within the admin user’s $HOME/.ssh/authorized_keys
Support for provisioning Kerberos clients using the Automated Installer.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 49
Observability
Network traffic diagnostics:
A brand new command, ipstat(1M), reports IP traffic statistics.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 50
Monitoring
Another new command, tcpstat(1M), reports TCP and UDP traffic
statistics.
Up until 11.1, it is not so straight-forward to figure out what process
created a network endpoint -- one has to rely on a combination of
commands such as netstat, pfiles or lsof and proc filesystem (/proc) to
extract that information. Solaris 11.2 attempts to make it easy by
enhancing the existing tool netstat(1M).
Enhanced netstat(1M) shows what user, pid created and control a
network endpoint. -u is the magic flag.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 51
ptime ptime -mp shows the full set of microstate accounting statistics for the
lifetime of a given process. prstat -m also reports the microstate
process accounting information, but the displayed statistics are
accumulated since last display every interval seconds.
# ptime -mp 39235 real 428:31:25.902644700
user 2:06:32.283801209
sys 16:37.056999418
trap 2.250539737
tflt 0.000000000
dflt 2.018347218
kflt 0.000000000
lock 96013:52:37.184929717
slp 14349:50:02.286168683
lat 3:11.510473038
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 52
Memory Access Locality Characterization and Analysis
Solaris 11.2 introduced another brand new tool, numatop(1M), that
helps in characterizing the NUMA behavior of processes and threads
on systems with Intel Westmere, Sandy Bridge and Ivy Bridge
processors.
If not installed by default, install the numatop package as shown below.
# pkg install pkg:/diagnostic/numatop
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 53
Performance related
Starting with 11.2, ZFS synchronous write transactions are committed
in parallel, which should help improve the I/O throughput.
Database startup time has been greatly improved in Solaris 11
releases -- it's been further improved in 11.2. Customers with
databases that use hundreds of Gigabytes or Terabyte(s) of memory
will notice the improvement to the database startup times. Other
changes to asynchronous I/O, inter-process communication using
event ports etc., help improve the performance of the recent releases
of Oracle database such as 12c.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 54
Bootable USB Media
Solaris 11.2 introduces the support for booting SPARC systems from
USB media. Use Solaris Distribution Constructor (requires distribution-
constructor package) to create the USB bootable media, or copy a
bootable/installation image to the USB media using usbcopy(1M) and
dd(1M) commands.
Oracle Hardware Management Pack
Oracle Hardware Management Pack is a set of tools that are integrated
into the Solaris OS distribution, that show the existing hardware
configuration, help configure hardware RAID volumes, update server
firmware, configure ILOM service processor, enable monitoring the
hardware using existing tools etc., Look for
pkg:/system/management/hmp/hmp-* packages.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 55
Few other interesting packages:
Parallel implementation of bzip2 : compress/pbzip2
NVM Express (nvme) utility : system/storage/nvme-utilities
Utility to administer cluster of servers : terminal/cssh
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 56
Miscellaneous
Java 8
Java 7 is still the default in Solaris 11.2 release, but Java 8 can be
installed from the IPS package repository.
eg.,
# pkg install pkg:/developer/java/jdk-8 <-- Java Development Kit # pkg
install pkg:/runtime/java/jre-8 <-- Java Runtime
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 57
IT Automation with Puppet
The popular IT automation software, Puppet, has been included in
Oracle Solaris 11.2 Beta .
Puppet helps you manage IT infrastructure by automating repetitive
tasks, deploying critical applications rapidly, and proactively managing
changes required in a system. Puppet automates tasks such as
provisioning, configuration, compliance, and software management.
Puppet can scale from simple deployments to complex infrastructure,
from on-premise to loud deployments. With enhanced support for
Oracle Solaris technologies
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 58
Engineered to Manage Big Data
– 3x Less VM storage overhead
– Guaranteed data integrity
– Instant VM snapshot and cloning
Simplified Administration
– Integrated file system and volume
management
– Integrated data services
Reliable Data in the Cloud Integrated and scalable data management with ZFS
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 59
Data Management
Progress Reporting with ZFS Send Streams
You can include a progress report and estimated size of your ZFS send
stream during the transfer process.
Estimate the ZFS send stream size:
# zfs send –rnv pool/opt@snap1
sending from @ to pool/opt@snap1
sending from @ to pool/opt/vol1@snap1
estimated stream size: 10.1G
Monitor the stream size during transfer process:
# zfs send pool/opt@snap1 | pv | zfs recv tank/opt
8.58GB 0:02:37 [95.7MB/s]
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 60
Secure multi-tenant environments
– Guaranteed VM integrity
– Read-only VM lockdown
– Complete network isolation
– Secure key management
– Fine grained authentication
Optimized for end-to-end lifecycle
– 2x faster end-to-end encryption
Secure VM Lifecycle Secure end-to-end cloud deployment for tenants
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 61
Simple risk mitigation
– 10x simpler to administer
– Fully compliant out of the box
Comprehensive cloud monitoring
and reporting
– Compliance checking automation
– Always on auditing
Designed for Compliance Easy navigation of regulatory policies and procedures
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 62
Solaris Compliance Reporting
compliance(1M) command
– Assess: compare system state against a policy
– Report: Generate human readable HTML report with remediation
instructions
Currently single node, plan for multi node via RAD & Oracle EM
Included Policies:
– Solaris Baseline (153), Solaris Recommended (185), PCI- DSS (191)
Authoring tool for SCAP (XCCDF/OVAL) in future release.
Install Maintain Comply
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 63
Compliance Report Example PCI-DSS Fragment
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 64
https://blogs.oracle.com/solaris/
https://blogs.oracle.com/zoneszone
https://blogs.oracle.com/c0t0d0s0/
https://blogs.oracle.com/mandalika/
https://blogs.oracle.com/droux/
https://blogs.oracle.com/gman/
https://blogs.oracle.com/vreality/
https://blogs.oracle.com/darren/
https://blogs.oracle.com/yenduri/
Acknowledgement
64
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 65
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 66