solaris 11.2 what's new

Oracle Solaris 11.2 what’s new

Orgad Kimchi

Principal Software Engineer

ISV Engineering Oracle

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 2

THE FOLLOWING IS INTENDED TO OUTLINE OUR GENERAL PRODUCT

DIRECTION. IT IS INTENDED FOR INFORMATION PURPOSES ONLY,

AND MAY NOT BE INCORPORATED INTO ANY CONTRACT. IT IS NOT A

COMMITMENT TO DELIVER ANY MATERIAL, CODE, OR

FUNCTIONALITY, AND SHOULD NOT BE RELIED UPON IN MAKING

PURCHASING DECISION. THE DEVELOPMENT, RELEASE, AND TIMING

OF ANY FEATURES OR FUNCTIONALITY DESCRIBED FOR ORACLE'S

PRODUCTS REMAINS AT THE SOLE DISCRETION OF ORACLE.


Agenda

OpenStack Overview

Software Defined Networking (SDN)

Unified Archives

Kernel Zones

Observability & Monitoring

Installation and Software Management

Data Management

Security


Oracle Solaris – Engineered for Cloud Oracle Solaris brings enterprise to OpenStack

#1 enterprise platform – designed

for mission critical apps

Immense workload scalability

Assured data integrity

Secure by design

Production safe observability

Enterprise Ready Cloud Agility

Zero-overhead virtualization

Agile, self-service environments

Full VM lockdown

Application driven SDN

Scalable data management

Automated compliance monitoring

and reporting


COMPLETE.

SDN Virtualization OpenStack OS

Solaris 11.2


Drivers for Enterprise Cloud Computing

Business responsiveness and agility

– Rapid resource & application provisioning

– Seamless scale up and scale out

Simplified administration

– Better capacity planning and asset utilization

– Centralized monitoring and reporting

Business protection

– Integrated workload and data redundancy

What factors are causing a shift towards the cloud?


Cloud Implementation Challenges

Months to deploy

Complex updates

Incompatible with compliance rules

Insufficient High Availability

Prohibitive virtualization overhead


OpenStack Overview

Open Source Cloud Software

– Foundation for IaaS, PaaS and SaaS

Combines compute, network

and storage resources

– Web portal for cloud admins and

self-service users

– Cloud services exposed through

APIs

What is OpenStack?

Data Center Resources

Single Management Pane


Integration with Oracle Solaris

Compute Virtualization Cloud Networking Cloud Storage Image Deployment

Cloud Management

Cloud APIs

Zones & Kernel Zones Elastic Virtual Switch ZFS File System Unified Archives

Nova Neutron Cinder

&

Swift

Glance

Horizon


Core Oracle Solaris Technology Solaris Features a Foundation for OpenStack


Oracle Solaris Enterprise OpenStack

Cloud Management

x86

x86

x86

Shared

Storage

Horizon


Networking & Application Engineered Together

Application-driven network SLAs

– Application flows across SaaS, PaaS, IaaS layers

– Oracle 12c

Pluggable Databases

RAC Heartbeats

– Java 8, WebLogic

Builtin – Applications get SLAs without change

Application-Driven SDN – No Compromise

Solaris

SDN


Virtual Switching

Use etherstubs instead of physical NICs

Build virtual switches that are independent

from any hardware

As many as you want on a single host

A virtual switch is created automatically

when VNICs are configured

Virtual switches allow VNICs to

communicate with each other and with

hosts on the network


Multi-tenant Virtual Networks Elastic Virtual Switches (EVS)


Elastic Virtual Switch in the Cloud

Elastic Virtual Switch (EVS) allow you to manage multiple virtual

switches that are spread across several physical machines most

typical in a cloud environment. Building on the network virtualization

and SDN capabilities included in Oracle Solaris 11,

EVS helps simplify administration by managing these virtual switches

as a single virtual switch, including the management of network traffic

between VMs, MAC and IP addresses, VLANs and VXLANs, and

enforcing service level agreements across the network through

resource control management


Network Resource Control

Set bandwidth limit on a VNIC

(virtual link speed)

QoS integrated in the core

stack, no separate component to

configure

Constrain the CPUs used by

VNICs or data links by CPU ids

or pool names

Integrated with Solaris resource

management and zones # dladm create-vnic -l net0 \ -p maxbw=100M vnic0


Controlling and Observing Flows Control the Un-Controllable

Bandwidth limits can be applied to

traffic flows specified by the

administrator; this includes datalinks

in non-global zones

Managed by flowadm(1M) and

specified by source and destination

IP addresses, protocol, port number,

etc.

Flows can be observed in real time

with flowstat(1M), or a history

can be obtained using extended accounting


Datalink Multipathing


VXLAN

Create Layer-2 segments on top of an IP network– Layer-2 packets are

encapsulated within IP packets

Allows greater number of VXLANs vs traditional VLANs

Fabric independence, relies on IP only

EVS can use VXLANs to implement virtual switches– Hides details of

VXLAN management

# dladm create-vxlan -p address=1.1.1.1,vni=101 vxlan1

# dladm create-vnic –l vxlan1 vnic0


Application-Driven SDN Example - Oracle RAC without Expensive Switches

Ap

plic

ation D

rive

n

Network Fabric


Flows Enhancements in Solaris 11.2


ApplicationDriven Software Defined Networking

A new socket level flow API allows applications to directly prioritize its

own traffic through a series of network flows,leading to optimized

application performance and r educe any adverse impact of resource

contention

This application -driven software defined networking, from application

through to storage, along with administrative driven flows help to

ensure service level agreements are maintained within a data center or

cloud environment


Reflective Relay


Rapid Application Deployment Agile application provisioning in the cloud with Unified Archives

Fast archive creation,

instant deployment

Unified Archives

Create Clone Archive

2X FASTER

PROVISIONING

Agile Apps


Secure, Compliant Application Deployment Agile application provisioning in the cloud with Unified Archives

Unified Archive

2X FASTER

PROVISIONING

Securely

Deploy

Develop and

Test Create Unified

Archive

Securely Deploy

into Production

Lock Down Host

and Global File

System

Generate

Reports for

Compliance

Optimized for Compliance from Dev through Production


Fast and Reliable Disaster Recovery Integrated disaster recovery with Unified Archives

Fast system archive

creation, full recovery

in minutes

2X FASTER

RECOVERY

System Back

System A

System A’

Disaster

Recovery Unified Archives

System

Backup


Total Archive Portability Seamless image transforms

Archive and deploy

across systems and

virtualization boundaries

100% UNPRECEDENTED

FLEXIBILITY

Archive

portability


Unified Archive

Simplified Administation

– archiveadm(1m) utility

Oracle Virtual Archive (OVA) with multi-system definition

– OVF : Descriptor and Manifest

– ZFS send/receive streams

Disconnected system support

– Bootable ISOs or USB images

Simple to Administer


Creating Unified Archive is Simple One line to create an Archive


Deploying Unified Archive is Simple Two line to deploy in a Zone


Unified Archive Integration with OpenStack

Compute Virtualization Cloud Networking Cloud Storage Image Deployment

Cloud Management

Cloud APIs

Zones & Kernel Zones Elastic Virtual Switch ZFS File System Unified Archives

Nova Neutron Cinder

&

Swift

Glance

Horizon


Solaris Kernel Zones

Near zero Virtualization Overhead

Independent patching and updating

Instant switch between zones, kernel

zones, bare-metal and OVM

Optimized booting off of shared storage

via NFS, FC or iSCSI

SDN, Distributed Virtual Switch

Zone images encrypted on

shared storage

Immutable root file system

Live reconfiguration

A New Type of Zone with its own Kernel

iSCSI 1

InfiniBand Fabric

10GbE Network

iSCSI N

S11.2

Virtual Router

S11.2 S11.x S12


Kernel Zones can be configured, installed and booted with the

existing zonecfg(1M) and zoneadm(1M) commands

For example, to create an install a Kernel Zone:

# zonecfg -z newzone create –t SYSsolaris-kz

# zoneadm –z newzone install

Kernel Zones


Live Zone Re-configuration Support for the dynamic re-configuration of local zones.

Now the following configuration changes do not require a zone reboot.

Resource controls and pools

Network configuration

Adding or removing file systems

Adding or removing virtual and physical devices


Read-Only Global Zones

Recent releases of Solaris have support for Immutable Non-Global

Zones already. Solaris 11.2 extends the immutable zone support to

Global Zones. Immutable zones will have a read-only zone root.

Make a Global Zone Read-Only/Immutable by:

# zonecfg -z global set file-mac-profile=fixed-configuration


Installing Packages across multiple Non-Global Zones from the Global Zone

-r option of pkg can be used to install/update/uninstall software

packages into/in/from all non-global zones from the global zone.

Use -Z option along with -r to exclude a zone in applying the package

operation. Similarly use -z along with -r to apply the intended package

operation only in a specific zone


Multiple Boot Environments for Solaris 10 Zones

Multiple BE support has been extended to Solaris 10 Zones in this

release. This feature is useful when performing operations such as

patching within an Solaris 10 environment running on a Solaris 11

system


Automated Zone Renaming

Support for more convenient Oracle Solaris Zone renaming is

introduced with a new sub command rename to zoneadm(1M)

This new sub-command allows for easier zone renaming for zones in a

‘con figured’ and ‘installed’ state.



Users/customers who wish to have their OS installed with minimal set

of required system packages for running most of the applications in

general, can just install solaris-minimal-server package and not worry

about anything else such as removing unwanted packages.

# pkg install pkg:/group/system/solaris-minimal-server



Oracle Database Pre-requisite Package

Solaris 11.2 frees up the users from the burden of checking and

installing individual [required] packages by providing a brand new

package called oracle-rdbms-server-12cR1-preinstall.

Users just need to install this package for a smoother database

software installation later.

# pkg install pkg:/group/prerequisite/oracle/oracle-rdbms-server-12cR1-

preinstall



Mirroring a Package Repository

11.2 provides the ability to create local IPS package repositories and

keeps them in synch with the IPS package repositories hosted publicly

by Oracle Corporation. The key in achieving this is the SMF service

svc:/application/pkg/mirror.

The following webpage has the essential steps listed on a high-level.

How to Automatically Copy a Repository From the Internet

Another enhancement is the cloning of a package repository using --

clone option of pkgrecv command.

http://docs.oracle.com/cd/E36784_01/html/E36805/pkgmirror.html


Baseline Installations with IPS

A new subcommand exact-install has been added to pkg(1) to allow

administrators to easily revert to a baseline installation. This is useful

when needing to get a system into a baseline state without having to

manually uninstall a large number of packages.

The result of the pkg exact-install command is an image with only the

specified packages and their dependencies installed. Any currently

installed packages that are not specified on the pkg exact-install

command line and are not a dependency of the specified packages are

removed


Synchronous svcadm When you use the -s the svcadm enable command just returns when

the state transition has completed.

In our example we would use svcadm enable -s apache22. As we

artificially delayed the startup of the Apache, the svcadm command

should run at least 10 seconds. Let's check this:

# ptime svcadm enable -s apache22

real 11.137908105

user 0.012195633

sys 0.018084807


SMF stencils The Service Management Facility (SMF) has been enhanced through

the addition of SMF Stencils.

These allow service developers and administrators to easily map

configuration properties stored in the SMF repository to application

specific configuration (stored in /etc for example).

A stencil file, created using a new tool called svcio(1), provides

information for how to create the application configuration file and is

associated with the service. From there, SMF takes control and

regenerates configuration for all stencil aware services before running

the start or refresh SMF methods


SMF Easy Log Viewing

Administrators can now easily view SMF logs directly from svcs(1) .

Using the –L option, administrators can view the latest 10 lines of

service logs directly from the command line.

# more `svcs –L smtp`



Secure End To End Provisioning

This release supports secure end To end provisioning using the

Automated Installer, from system boot using SPARC WAN boot

through to secure installation from IPS package repositories. By

protecting the communication and configuration between installation

server and client systems, administrators can now ensure complete

security across their provisioning/updating environment


Interactive Automated Installer Manifest Creation and Management A new interactive browser interface is introduced that allows you to

easily create Automated Installer (AI) manifests that can be used on an

AI server.

By stepping through a series of screens, you can quickly create a new

manifest that describes the disk layout, ZFS datasets,


Advanced Configuration in Automated Installer

Support for the configuration of multiple network interfaces using the

Automated Installer has

Another enhancement for Automated Installer allows passing pre-

generated SSH public keys through an SMF profile using the

user_account/ssh_public_keys property group/property for population

within the admin user’s $HOME/.ssh/authorized_keys

Support for provisioning Kerberos clients using the Automated Installer.


Observability

Network traffic diagnostics:

A brand new command, ipstat(1M), reports IP traffic statistics.


Monitoring

Another new command, tcpstat(1M), reports TCP and UDP traffic

statistics.

Up until 11.1, it is not so straight-forward to figure out what process

created a network endpoint -- one has to rely on a combination of

commands such as netstat, pfiles or lsof and proc filesystem (/proc) to

extract that information. Solaris 11.2 attempts to make it easy by

enhancing the existing tool netstat(1M).

Enhanced netstat(1M) shows what user, pid created and control a

network endpoint. -u is the magic flag.


ptime ptime -mp shows the full set of microstate accounting statistics for the

lifetime of a given process. prstat -m also reports the microstate

process accounting information, but the displayed statistics are

accumulated since last display every interval seconds.

# ptime -mp 39235 real 428:31:25.902644700

user 2:06:32.283801209

sys 16:37.056999418

trap 2.250539737

tflt 0.000000000

dflt 2.018347218

kflt 0.000000000

lock 96013:52:37.184929717

slp 14349:50:02.286168683

lat 3:11.510473038


Memory Access Locality Characterization and Analysis

Solaris 11.2 introduced another brand new tool, numatop(1M), that

helps in characterizing the NUMA behavior of processes and threads

on systems with Intel Westmere, Sandy Bridge and Ivy Bridge

processors.

If not installed by default, install the numatop package as shown below.

# pkg install pkg:/diagnostic/numatop


Performance related

Starting with 11.2, ZFS synchronous write transactions are committed

in parallel, which should help improve the I/O throughput.

Database startup time has been greatly improved in Solaris 11

releases -- it's been further improved in 11.2. Customers with

databases that use hundreds of Gigabytes or Terabyte(s) of memory

will notice the improvement to the database startup times. Other

changes to asynchronous I/O, inter-process communication using

event ports etc., help improve the performance of the recent releases

of Oracle database such as 12c.


Bootable USB Media

Solaris 11.2 introduces the support for booting SPARC systems from

USB media. Use Solaris Distribution Constructor (requires distribution-

constructor package) to create the USB bootable media, or copy a

bootable/installation image to the USB media using usbcopy(1M) and

dd(1M) commands.

Oracle Hardware Management Pack

Oracle Hardware Management Pack is a set of tools that are integrated

into the Solaris OS distribution, that show the existing hardware

configuration, help configure hardware RAID volumes, update server

firmware, configure ILOM service processor, enable monitoring the

hardware using existing tools etc., Look for

pkg:/system/management/hmp/hmp-* packages.


Few other interesting packages:

Parallel implementation of bzip2 : compress/pbzip2

NVM Express (nvme) utility : system/storage/nvme-utilities

Utility to administer cluster of servers : terminal/cssh

http://www.nvmexpress.org/


Miscellaneous

Java 8

Java 7 is still the default in Solaris 11.2 release, but Java 8 can be

installed from the IPS package repository.

eg.,

# pkg install pkg:/developer/java/jdk-8 <-- Java Development Kit # pkg

install pkg:/runtime/java/jre-8 <-- Java Runtime


IT Automation with Puppet

The popular IT automation software, Puppet, has been included in

Oracle Solaris 11.2 Beta .

Puppet helps you manage IT infrastructure by automating repetitive

tasks, deploying critical applications rapidly, and proactively managing

changes required in a system. Puppet automates tasks such as

provisioning, configuration, compliance, and software management.

Puppet can scale from simple deployments to complex infrastructure,

from on-premise to loud deployments. With enhanced support for

Oracle Solaris technologies


Engineered to Manage Big Data

– 3x Less VM storage overhead

– Guaranteed data integrity

– Instant VM snapshot and cloning

Simplified Administration

– Integrated file system and volume

management

– Integrated data services

Reliable Data in the Cloud Integrated and scalable data management with ZFS


Data Management

Progress Reporting with ZFS Send Streams

You can include a progress report and estimated size of your ZFS send

stream during the transfer process.

Estimate the ZFS send stream size:

# zfs send –rnv pool/opt@snap1

sending from @ to pool/opt@snap1

sending from @ to pool/opt/vol1@snap1

estimated stream size: 10.1G

Monitor the stream size during transfer process:

# zfs send pool/opt@snap1 | pv | zfs recv tank/opt

8.58GB 0:02:37 [95.7MB/s]


Secure multi-tenant environments

– Guaranteed VM integrity

– Read-only VM lockdown

– Complete network isolation

– Secure key management

– Fine grained authentication

Optimized for end-to-end lifecycle

– 2x faster end-to-end encryption

Secure VM Lifecycle Secure end-to-end cloud deployment for tenants


Simple risk mitigation

– 10x simpler to administer

– Fully compliant out of the box

Comprehensive cloud monitoring

and reporting

– Compliance checking automation

– Always on auditing

Designed for Compliance Easy navigation of regulatory policies and procedures


Solaris Compliance Reporting

compliance(1M) command

– Assess: compare system state against a policy

– Report: Generate human readable HTML report with remediation

instructions

Currently single node, plan for multi node via RAD & Oracle EM

Included Policies:

– Solaris Baseline (153), Solaris Recommended (185), PCI- DSS (191)

Authoring tool for SCAP (XCCDF/OVAL) in future release.

Install Maintain Comply


Compliance Report Example PCI-DSS Fragment


https://blogs.oracle.com/solaris/

https://blogs.oracle.com/zoneszone

https://blogs.oracle.com/c0t0d0s0/

https://blogs.oracle.com/mandalika/

https://blogs.oracle.com/droux/

https://blogs.oracle.com/gman/

https://blogs.oracle.com/vreality/

https://blogs.oracle.com/darren/

https://blogs.oracle.com/yenduri/

Acknowledgement

64

https://blogs.oracle.com/solaris/



https://blogs.oracle.com/c0t0d0s0/

https://blogs.oracle.com/mandalika/

https://blogs.oracle.com/droux/

https://blogs.oracle.com/gman/

https://blogs.oracle.com/vreality/




solaris 11.2 what's new

Technology

usb media

automated

global zone

end provisioning

driven sdn

global zones

rights reserved

network endpoint