Solis

Copyright 2011 Oracle ,d/or it affiliates. All rights reserved.
Authors
Disclaimer
Michael Ernest
Gary Riseborough
This document contains proprietary information and is protected by copyright
and
other intellectual property laws. You may copy and print this document sole
ly for your
Marcus Flieri
own use in an Oracle training course. The document may not be modified or a
ltered
in any way. Except where your use constitutes \"fair use\" under copyright
law, you
Bart Smaalders
may not use, share, download, upload, copy, print, display, perform, reprod
uce,
Dave Miner
publish, license, post, transmit, or distribute this document in whole or i
n part without
Nicolas Droux
the express authorization of Oracle.
Dan Price
The information contained in this document is subject to change without not
ice. If you
find any problems in the document, please report them in writing to: Oracle
University,
Cindy Swearingen
500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is
not
Glenn Fadden
warranted to be error-free.
Liane Praza
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyon

e using
Technical Contributors
the documentation on behalf of the United States Government, the following n
otice is
and Reviewers
applicable:
Mike Tracey
U.S. GOVERNMENT RIGHTS
Mike Carew
The U.S. Government s rights to use, modify, reproduce, release, perform, dis
play, or
disclose these training materials are restricted by the terms of the applic
able Oracle
license agreement and/or the applicable U.S. Government contract.
Editor
Trademark Notice
Malavika Jinka
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Other names
may be trademarks of their respective owners.
Publishers
Nita Brozowski
Sumesh Koshy
Oracle Universi
ty and ORACLE CORPORATION use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. CO
PYING eKIT
Contents
Preface
1 Introduction
Oracle Solaris: The Mission Critical OS
Raising the Bar Set by Solaris 10
1-3
1-2
SPARC Enterprise Servers 1-4

SPARC T3 Servers: Scaling to New Heights
1-5
Oracle Solaris: Platform Choice and Flexibility

1-6
Serious About Oracle Solaris
1-7
Oracle Addresses Range of Customer Needs

Topic Outline 1-10
Module Structure
1-8
1-11
2 Image Packaging System (IPS) and Automated Installer

(AI)
IPS Design Goals
2-2
IPS Implementation
IPS Package
2-4
Package Naming
IPS Repository
2-3
2-5
2-6
Starting the packagemanager GUI 2-7

Starting the packagemanager GUI - 2
2-8
pkg Subcommands
2-9
pkg Subcommands 2
2-10
Example: Search, List, and Install
2-11
Installing a Package with Dependencies
2-12
Verifying a Package
2-13
Fixing a Package
2-14
O
racle University and ORACLE CORPORATION use only
Listing Package Contents
2-15
Removing a Package
2-16
Updating a Package
Creating a Package
2-17
2-18
Group Packages
2-19
Other Commands and Utilities

2-20
AI: Why Replace JumpStart?
2-21
Rosetta Stone for Solaris 10 Users
AI Components and Features
2-23
AI Terminology
2-22
2-24
iii
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYIN
G eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Flow of Automated Installation
2-25
Creating an AI Service
2-26
Creating an IPS Repository
2-28
Creating AI Clients
2-29
JumpStart to AI Mapping
2-30
IPS References
AI References
2-31
2-32
3 Network Virtualization 1
Feature: Overview
3-2
Virtual NICs (VNICs)
3-3
Virtual NICs (VNICs) 2
Virtual Switches
3-5
3-4
Physical Wire, Physical Machines

Virtual Network: Example
3-7
Creating VNICs and Etherstubs
Unified Data Link Properties
3-6
3-8
3-9
Virtual Bridges
ipadm 3-11
3-10
Managing Interfaces and IP Addresses

Managing Interface Properties
Creating Flows 3-14
Data Link Vanity Naming
Resource Pools
3-16
3-12
3-13
3-15
dlstat(1M) 3-17
Other Network Observability Enhancements
Rethinking Zones
3-19
Other Solaris 11 Enhancements
3-18
3-20
4 ZFS Features in Solaris 11

O
Enhancements
4-2
Boot Environments
4-3
Boot Environments (BE)
4-4
Creating a Boot Environment
4-5
Activating a Boot Environment
Destroying a Boot Environment
4-6
4-7
Mounting and Unmounting a Boot Environment

Creating New Boot Environments
4-9
Creating New Boot Environments - 2

BE Upgrade with pkg-update
4-11
Deduplication
4-8
4-10
4-12
iv
Deduplication Example - 1
4-13
4-14
Root Pool Mirroring
4-15
Snapshot Differences
4-16
zfs diff Output
4-17
Send Stream Enhancements
4-18
Send Stream: Override Example
4-19
Send Stream: Enforce Example
Send Stream: Ignore Example
4-20
4-21
Pool Import: Log Device Recovery

4-22
Pool Import Recovery: Example
4-23
Pool Import: Read-Only Mode
4-24
Synchronous Write Behavior Property
4-25
Values for sync Property

4-26
ZFS Synchronous Behavior: Tuning Caveats
RAIDZ/Mirror Performance
4-28
Integrating ZFS into Deployment
Performance Notes
Other ZFS Features
ZFS References
4-27
4-29
4-30
4-31
4-32
5 Zones
Changes Since Solaris 10 FCS
Design and Features 5-7
5-2
Storage 5-8
Networking: Exclusive IP Zones
Networking: Shared IP Zones
Zones Observability 5-12
5-9
zonestat Command 5-13

zonestat Interval: Example
IPMP
5-11
5-14
O

zonestat by Resource: Example
Resource Management 5-16
Zones Security 5-17
Solaris 10 Containers
5-15
5-18
Solaris 10 Container: Expected Migration Path

-19
References
5-20
6 Network Virtualization 2
Advanced Network Features
6-2
ilbadm: L3/L4 Integrated Load Balancing

Load Balancing Components
6-3
6-4
v
ilbadm: Example
6-5
IP Filter, Forwarding in a Zone

6-6
Hardware Lanes and Dynamic Polling
6-7
Hardware Lanes
6-8
ipmpstat: Observability for IPMP Groups
ipmpstat: Example
6-10
Fiber Channel over Ethernet (FCoE)
6-11
Virtual Router Redundancy Protocol (VRRP)

IP over Infiniband (IPoIB)
Non-Uniform Memory Architecture (NUMA) I/O

NUMA I/O Architecture: Overview
6-15
GLDv3 Public Driver APIs

6-16
Network Performance Highlights
6-17
7 Security
7-3
File system encryption: zfs(1M) 7-4

Configuring ZFS Encryption
7-5
File system encryption: lofiadm
7-6
Network Spoofing Protection 7-7

Zones: Delegated Administration
7-8
SMF: Delegated Administration
SMF: Method Context 7-10
6-12
6-13
Features
7-2
Root Implemented as a Role
6-9
7-9
6-1
SMF: Firewall Integration

7-11
Least Privilege Changes
7-12
In kernel pfexec
7
-13
Basic Privileges: More is Less
7-14
Role-Based Access Control
7-15
Sandboxing Enhancements
7-16
O
Kerberos Improvements
7-17
Key Management: pkcs11_kms Provider
Other Enhancements
7-19
Oracle Solaris 11 Trusted Extensions
7-18
7-20
Trusted Extensions Changes

7-21
Trusted Platform Modules (TPM) 7-22
8 Services Management Facility (SMF)
SMF Design Goals
8-2
SMF Is the Glue in Solaris 11
Service Templates
8-3
8-4
vi
Early Manifest Imports
8-5
SMF Enhanced Profiles

8-6
Fault Notification
8-7
IPS Actuators
8-8
FMRI Stored in proc_t Structure
8-9
O
vii
O
Preface
O
O
Profile
Before You Begin This Course
You should be able to configure and manage a system
running the Oracle Solaris
Operating system.
How This Course Is Organized
An understanding of Oracle Solaris features and wor
king knowledge of the Oracle
Solaris 10 Operating System is beneficial, but not
required
How This Course Is Organized
S What's New in Oracle Solaris 11
ctor-led seminar featuring lecture and
is an instru
demonstrations. Online demonstrations and written p

ractice sessions reinforce the
concepts and skills introduced.
Oracle Universi
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING
eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Related Publications
System release bulletins
Installation and user s guides
read.me
files
International Oracle User s Group (IOUG) articles

Oracle Magazine
Oracle Universi
Introduction
Copyright 2011, Oracle and/or its affiliates.

All rights reserved.
Oracle University and ORACLE CORPORATION use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eK
IT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Oracle Solaris: The Mission Critical OS

If It Must Work, It Runs on Solaris
The #1 deployment platform for the
#1 mission critical Oracle Database
Extreme data integrity : ZFS
Hardened
security: Secure by Default, Cryptographic
Framework, Least Privilege model
Predictive Self Healing
Complete Virtualization
FMA, SMF
with application isolation and res
ource
management: Containers
Production Safe Observability: DTrace
Scalable to thousands of threads, terabytes of memory

What's New in Oracle Solaris 11
1 - 2
Raising the Bar Set by Solaris 10
Oracle Solaris 11
The Only Completely Virtualized OS
Availabilit : Greatly improved with new packaging tools, saf
e
online upgrades, faster reboots
Scalability and Performance
: Thousands of threads, teraby
tes of
RAM, hundreds of Gbps network bandwidth
Efficienc : Virtualized network, storage and server resource
s;
binary compatibility; advanced power management
Securit : On-disk data encryption, secure process execution,
HW
certification of the OS at boot time

What's New in Oracle Solaris 11 1 - 3

SPARC E
nterprise Servers
The Leade
r in System Scalability
5 Year Trajectory
Cores
4x
Threads
32
x
Memory Capacity
16
SP
x
ARC
Database TPM
40
1
Java Ops Per Second
10
+
x
-64 Sockets
x
2x Throughput
+
1.5x Single
M-Series
trand
8-64 Sockets
+2x
T-Series
Throughput
1-8 Sockets
M-Series
+3x
Throughput
8-64 Sockets
+6x Throughput
T-S
eries
+1.5x Single
1-4
Sockets
Strand
M-Series
+3x
Single Strand
T-Series
1-64 Socket
1-4 Socket
+ 20%
+ 2x
Throughput
Solaris 11
So
laris 11
Solaris 11
Solaris 11
Solaris 11
Update
Express
Update
Update
2012
2010
2013
2011
2014
2015
Copyrig
ht 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Universi
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COP
YING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
SPARC T3 Servers: Scaling to New He

ights
Integrated, High Throughput SPARC Syste
ms for Massive Scale
SPA
RC T3-4
World s First 16
HIGH
Core Processor
64
cores
SPARC T3-2
51
2 threads
Best
scale
SPARC T3-1
32 cores
Mo
st security
16 cores
256 threads
SPARC T3-1B Blade
Medium scale
Enterpri
sefor Blade 6000

re
ady
128 threads
Middleware
consolidation
16 cores
Entry-level
Price/performa
Enterprise-
128 threads
ready
SYSTEM THROUGHPUT
nce
Best density
Best RAS
CONSOLIDATION
HIGH
VIRTUALIZATION
HIGH
Copyrig
Oracle Universi
Oracle Solaris:
Platform Choice and Fl
exibility
Solaris
Solaris
laris
Solaris 10
ne
Zone*
Zone
So
8 or 9
Zo
Zone*
Oracle SPARC
x86
Oracle x86
Built-in scalable, platformolidation path for older Solaris
independent virtualization
Cons
versions
Native, bare metal performance
verages server virtualization
technology
Binary Compatibility Guaranteed
Le
Copyright 2011, Oracle and/or its

affiliates. All rights reserved.
Oracle Universi
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING e
KIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Serious About Oracle Solaris

Investments in Oracle Solaris 11
SPARC, x86 support
Exadata and Exalogic
Compute, Storage, Network
Over 2,700 projects, over 400 inventions
Over 20 million hours of development

Over 60 million hours of testing
Over 56 million tests
Over 11,000 applications
Solaris 11: Coming in 2011


Oracle Addresses Range of Customer Needs

High Performing Application-to-Disk Solutions from
a Single Vendor
Engineered Systems
Oracl
e s Optimized
HIGH
Solut
ions
App
lications
Fusio
n Middleware
Efficiency
Datab
ase
VM So
laris/OEL
Compute,
Storage, Network,
Server
Software
Stora
ge
Manageability and Simplicity
HIGH
Copyright 2011, Oracle

and/or its affiliates. All rights reserved.
The preceding is intended to outline our general product

direction. It is intended for information purposes only, and ma
y
not be incorporated into any contract. It is not a commitment t
o
deliver any material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any features or

functionality described for Oracle s products remain at the sole
discretion of Oracle.


Topic Outline
Morning
Image Packaging System
Automated Installer
Networking (Crossbow)
Afternoon
Solaris Containers
ZFS
Security
SMF (Application Deployment)


Module Structure
Focus on enhancements since Oracle Solaris 10 9/10 release

Command-line examples included with slides
Feature demonstrations at instructor's discretion
Use cases blogged daily
Demo environment is generic
VirtualBox instance
Unless special arrangements are made
Text install, slim_profile
added
Demo scripts available to those interested


O
Image Packaging System (IPS) and

Automated Installer (AI)
Copyright 2011, Oracle and/or its affiliates. All rig

hts reserved.
IPS Design Goals
Use one process for installing, patching, and upgrading

Minimize system downtime
Reverse install operations easily


IPS Implementation
Relies on ZFS for safety

Makes fast, safe copies with snapshots and clones
Can apply changes to cloned BEs when desired
Avoids conditions imposed by patches that overwrite files
Single-user mode to prevent untimely access
Deferred activation to prevent uncoordinated access
Problem: A file that has been patched is available i
mmediately
for use. A program that depends on it, however, w
ill not work
until the system is rebooted.
http://blogs.oracle.com/patch/entry/deferred_activat
ion_patching


IPS Package
New model incorporates all software change types

Includes dependencies automatically
Installs only what is required to complete a package

Each package is associated with a
publisher
Replaces metacluster model with profiles that can overlap

Supports signed packages
Uses a
f package model
All variations in one: SPARC/x86/debug/nondebug

Available from a repository


Package Naming
Packages use a Fault Management Resource Identifier

(FMRI)
pkg://solaris/library/libc@5.11,5.110.75:20071001T163427Z
Package categories establish a namespace
Similar to SMF service names
Each version has its own tuple
libc@5.11,5.11-0.75:20071001T163427Z
< component
>,< bui >-< branch >:< time stamp >


IPS Repository
Networked software catalog service

Incremental or monolithic downloads
Built-in software release versioning
Avoids media size as a delivery constraint
Publishes catalog of available software
Automates retrieval of new dependencies, updates
Download/unzip/install steps unnecessary
Default publisher
http://pkg.oracle.com/solaris/release/


Starting the
ackagemanager
GUI
or
pkg
Subcommands
/usr/bin/pkg
pkg list
List packages installed on the system
pkg search <
pkg_name|pattern
>
Identify the package that a file (or pattern) belongs to

Install packages and configure repositories
Limit search to local packages with
-l option
pkg info <
pkg_name
>
Lists package details


pkg
Subcommands 2
pkg install <pkg_name>

pkg uninstall <pkg_name>
pkg verify <pkg_name>
Validate a package s installation
pkg fix <pkg_name>
Fix errors reported by
pkg verify
pkg contents <pkg_name>

Display the objects making up a package


Example: Search, List, and Inst

all
# pkg search /usr/bin/ncftp

INDEX
ACTION VALUE
PACKAGE
path
file usr/bin/ncftp pkg:/network/ftp/
ncftp@3.2.3-0.151.0.1
# pkg list pkg:/network/ftp/ncftp
pkg list: no packages matching 'pkg:/network/ftp/
ncftp' installed
# pkg install ncftp
Packages to install:
1
Create boot environment:
o
FILES
XFER (MB)
13/13
0.5/0.5
DOWNLOAD
PKGS
Completed
1/1
PHASE
ACTI
ONS
Install Phase
39
PHASE
IT
/39
EMS
Package State Update Phase
1/1
Image State Update Phase
2/2

Installing a Package with Dependencies

# pkg install gimp
Refreshing catalog 1/1 solaris
Caching catalogs ...
Creating Plan
24
o
Services to restart:
6
FILES
XFER (MB)
0/8732
0.0/68.0
DOWNLOAD
PKGS
library/desktop/libgweather
0/24
8714/8732
68.0/68.0
8732/8732
68.0/68.0
...
image/library/gegl
23/24
Completed
24/24
PHASE
ACTI
Install Phase
1/10
...
Install Phase
10557/10
ONS
557
557
PHASE
IT
EMS
/24
...

Verifying a Package
# pkg verify ncftp

ls -l /usr/bin/ncftp
-r-xr-xr-x 1 root
bin
276012 Dec 7 20:39 /usr/
bin/ncftp
# chmod 775 /usr/bin/ncftp
# pkg verify ncftp
Verifying: PACKAGE
STATUS
pkg://solaris/network/ftp/ncftp
ERROR
file: usr/bin/ncftp
Mode: 0775 should be 05
55
Copyright 2011, Oracle and/or

its affiliates. All rights reserved.
O
Fixing a
Package
# pkg fix ncftp

Verifying: pkg://solaris/network/ftp/ncftp
ERROR
file: usr/bin/ncftp
Mode: 0775 should be 05
55
Created ZFS snapshot: 2010-12-07-23:29:09
Repairing: pkg://solaris/network/ftp/ncftp
FILES
XFER (MB)
2/2
0.1/0.1
DOWNLOAD
PKGS
Completed
1/1
PHASE
Update Phase
ACTIONS
2/2
PHASE
ITEMS

Package Cache Update Phase
#
1/1
1/1
2/2
pkg verify ncftp

Listing Package Contents
# pkg contents ncftp

PATH
usr
usr/bin
usr/bin/ncftp
usr/bin/ncftpbatch
usr/bin/ncftpbookmarks
usr/bin/ncftpget
usr/bin/ncftpls
usr/bin/ncftpput
usr/bin/ncftpspooler
usr/sfw
usr/sfw/bin
usr/sfw/bin/ncftp
...

O
Removing a Packa
ge
# pkg uninstall ncftp

Creating Plan
Packages to remove:
1
o
PHASE
ACTI
ONS
Removal Phase
Removal Phase
33
PHASE
IT
/33
/33
EMS
1/1
1/1
Package Cache Update Phase
1/1
1/2
2/2
2/2
PHASE
IT
EMS
Reading Existing Index
1/8
5/8
8/8
Indexing Packages
1/1

Updating a Pa
ckage
Updating all installed packages to the latest version
# pkg update
Packages to update:
1
795
DOWNLOAD
FILES
Yes
PKGS
XFER (MB)
Completed
796/796
4754
/4754 205.2/205.2
PHASE
Removal Phase
ACTIONS
2561/2561
Install Phase
3967/3967
Update Phase
...
6277/6277
A clone of solaris-39 exists and has been updated and

activated.
On the next boot the Boot Environment solaris-40 will
be mounted on '/'.
Reboot when ready to switch to this updated BE.

Creating a Pa
ckage
Easy to package existing software

$ pkgrepo -s file:/tmp/test-repo create
$ pkgrepo -s file:/tmp/test-repo set publisher/pre
fix=michael.oow.com
$ eval `pkgsend -s file:/tmp/test-repo open ilb_de
mo@1.0`
< exports a PKG_TRANS_ID value into shell environmen
t
>
pkgsend -s file:/tmp/test-repo import ~/ilb_dem
o
$
$ pkgsend -s file:/tmp/test-repo close
pkg://michael.oow.com/ilb_demo@1.0,5.11:20110912T01
2101Z
PUBLISHED
Or emit a manifest
$ pkgsend generate ~/fu
file gnome_terminal_fu group=bin mode=0644 owner=ro
ot
path=gnome_terminal_fu pkg.size=326
file netbeans_fu group=bin mode=0644 owner=root pat
h=netbeans_fu
pkg.size=283
file awk_fu group=bin mode=0644 owner=root path=awk
_fu pkg.size=110

Group Packages
Part of manual or automated install process

Controls other installed packages (or package groups)
babel_install
slim_install
installs lim_install
is LiveCD content
Must uninstall group packages to customize what they

control
Remove
babel_install
to manage
slim_install
Remove
slim_install
to manage individual packa
ges
The automated installer will do this for you


Other Commands and Utilities
Other
pkg(5)
utilities
pkg publisher
pkg set-publisher
pkgrepo(1)
pkgsend(1)
pkgrecv(1)
pkgdepend(1)
pkg.depotd(1M)
pkgmogrify(1M)


AI: Why Replace JumpStart?
To make updating/patching:
Faster
More reliable
Easily reversible
To leverage current technology
Integrate with ZFS
Leverage the IPS repository
Apply SMF naming scheme
To separate client and server dependencies
Make the installer platform-neutral
Let clients select their software repository


Rosetta Stone for Solaris 10 Users
Solaris 10
Solaris 11
SVR4 Packages
IPS (SVR4 still supported)
Install media
arter image + IPS repository
St
beadm(1M)
Live Upgrade
Upgrade option
update
pkg
, Update Manager
JumpStart
Automated Installer(AI)
JumpStart Profiles
AI Manifests
Flash Install replication
No equivalent yet
Blueprints for custom DVDs
Distribution Constructor

Oracle Universi
AI Components and Features
Three service components

DHCP server (requires mDNS)
SMF-based installer
IPS repository
Tools for managing
and observing process

installadm(1M)
Configure with
Observe clients using
Manage image with
livessh
install parameter
beadm(1M)
AI is WAN Boot-ready


AI Terminology
Client (installation target)

Can be physical or virtual (not zones, yet)
SMF Services
svc:/network/dhcp-server:default
svc:/system/install/server:default
svc:/application/pkg/server
Manifest
SMF-named install configuration
Criteria
Properties that match client details to an
appropriate manifest


Flow of Automated Installation


Use Oracle Solaris DHCP or ISC DHCP

installadm(1M)
will manage DHCP if:
svc:/network/physical:default
(Not nwam
)
svc:/network/dns/multicast:default
/etc/netmasks
entry exists
Default route is set

Use AI-specific image
sol-11-exp-201011-ai-{x86|sparc}.iso
Server and client platforms do not have to match
Cannot super-size the AI image from Text or LiveCD


# pkg verify installadm
# installadm create-service -a sparc -n solaris_11 \
> -i 192.168.1.10 -c 3 -s ai_sparc_image.iso \
> /export/ai/sparc/solaris_11
# installadm list
-n name
-i IP>
> Install service name

DHCP start address
-c count > DHCP range

-s fil .iso> AI source image
target_directory
>


Creating an IPS Repository
Download Repository Image (two files)
http://www.oracle.com/technetwork/serverstorage/solaris11/downloads/index.html
Combine the files and:
Burn it to media
Or, mount it by using
lofiadm(1M)
Or, copy it to a ZFS file system with
rsync(1)
Enable repository service

svc:/application/pkg/server:default
For more details, see
How to Copy An Oracle Solaris 11
Software Package Repository.


Creating AI Clients
The client will get AI service location from DHCP.

The client will get boot image, configuration, and repositor
y
location from AI service.
AI service identifies clients by MAC address.
x86 clients can add other boot parameters.
AI service binds clients to a named install service.
# installadm create-client -b \"console=ttya,livessh=enable\"
\
> -e 0:e0:81:5d:bf:e0 -n s11-x86
# installadm create-client -e 00:14:4f:a7:65:70 -n s11-sparc


JumpStart to AI Mapping
JumpStart
AI
setup_install_server installadm create-service
add_install_client
installadm cre
ate-client
Manifests, dr
iver updates, custom image
begin script
from Distribu
tion Constructor
Client profiles, rules
Manifests with
client criteria
pkg actuators
(before reboot)
finish script
First-boot SMF s
ervices
sysidcfg file
SMF profile

Oracle Universi
IPS References
Adding and Updating Oracle Solaris 11 Software Packages

http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=AUOSS


AI References
Creating a Custom Oracle Solaris Installation Image

http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=CCOS
I
Transitioning From Oracle Solaris 10 JumpStart to Oracle
Solaris 11 Automated Installer
http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=MFJA
I
Creating and Administering Oracle Solaris 11 Boot
Environments
http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=CMBE
A
Installing Oracle Solaris 11 Systems
http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=IOSU
I


Network Virtualization 1

Feature: Overview
Virtualized NICs, switches, and bridges

Dynamic IP address management
Quality of Service (QoS)
Control bandwidth by transport, service, protocol, or
connection
Vanity naming for devices
Fencing compute resources
Assign NICs/VNICs to processor sets or pools
Real time usage and history

Virtual NICs (VNICs)
Same control as a physical NIC

Private TCP/IP stack
ifconfig dladm
Managed with
,
Dedicated MAC address
, and so on
May be random, chosen, or device-assigned

Can be bound to hardware and kernel resources


Virtual NICs (VNICs) 2
Private TCP/IP stack

Data path is separate, does not rely on modules added to
a
global stack
A complete, standards-based virtualization solution
VLAN tags supported
Priority Flow Control (PFC)
With supporting hardware, can be fully encapsulated to t
he
switch


Virtual Switches
VNICs sharing a VLAN id on one data link need a switch

MAC layer provides built-in switching semantics
Data path among VNICs sits on top of the data link
Connects VNIC to physical network
Isolates broadcast domains
Want an explicit virtual switch? Use an
etherstub :
Makes any virtual network topology possible

Can reduce or eliminate trips to physical NIC
Can also manage resource controls


Physical Wire, Physical Machine

s
Client
Router
Host 1
Host 2
Port 6
Port 9
Port 2
20.0.01
10.0.02
Port 1
20.0.03
10.0.01
1 Gbps
Gbps
100 Mbps
Port 3
10.0.03
1 Gbps
1 Gbps
Switch 3
Switch 1
Virtual Wire, V
irtual Machines
Virtual
Router
Client
Host 1
Host 2
VNIC6
VNIC9
VNIC2
20.0.01
10.0.02
VNIC1
20.0.03
10.0.01
1 Gbps
Gbps
100 Mbps
VNIC3
1 Gbps
1 Gbps
10.0.03
1
Etherstub 3
Etherstub 1

Virtual Network: Example


Creating VNICs and Etherstubs
dladm create-vnic -l bge1 vnic1

# dladm create-vnic -l bge1 -m random
p maxbw=100M
-p cpus=4,5,6 vnic2
dladm create-etherstub vswitch1
# dladm show-etherstub
LINK
vnic2
=100M
bge1
random
2:5:6:7:8:9
max
4,5,6
vnic3
max=1000M
0M -p cpus=1,2 vnic9
vswitch1 random
4:3:4:7:0:1
# dladm create-vnic -l ixgbe0 -v 1055 -p maxbw=50

Unified Data Link Propert

ies
dladm [set,reset,show]-linkprop
Alternative to
ndd(1M)
utility
Single, stable interface for network property
consumers
Changes can be made temporary or persistent
$
dladm show-linkprop e1000g0

PROPERTY
PERM VALUE
LINK
DEFAULT
OSSIBLE
1000
1000
full
full
up
up
no
bi
--
e1000g0
speed
r-
e1000g0
duplex
half,full
r-
e1000g0
state
up,down
r-
e1000g0
no,tx,rx,bi
e1000g0
flowctrl
rw
maxbw
--
rw
--
-e1000g0
high
high
e1000g0
--
--
priority
rw
low,medium,high
protection
rw
mac-nospoof,
restricted,
ip-nospoof,
dhcp-nospoof
e1000g0
--
--
rxrings
--
rw

Virtual Bridges
Data Link (Layer 2), 802.1D

Detects MAC addresses
NIC
VNIC
VNIC
Connects NICs, etherstubs,

link aggregations
Lets you move a VNIC
Bridge
without changing IP address

Supports RBridges
(TRILL
Transparent
etherstub
Interconnect of Lots of
Links)
NIC
NIC
Manages with
dladm


ipadm
Consolidates management of
Network interface state
IP address assignment
TCP/IP protocol properties
Uses action-object subcommands like
create-if show-if disable-addr
,
,
dladm
, and so o
n
Supercedes various commands and files
ifconfig
/etc/hostname.<
interface
>
ndd

3 - 11
Managing Interfaces and IP

Addresses
# dladm create-vnic l bge0 play1

# ipadm create-addr T static d a 10.2.3.5/2
4 play1/v4static2
# ipadm show-if
IFNAME
STATE
CURRENT
lo0
bge0
-m-v------46 --bm--------46 ---
PERSISTE
NT
ok
ok
play1
down
bm--------46 -46
# ipadm show-addr
ADDROBJ
TYPE
STATE
play1/v4static2
static
down
DDR
0.2.3.5/24
#
# ipadm up-addr play1/v4static2
# ipadm show-addr play1/v4static2
ADDROBJ
TYPE
STATE
play1/v4static2
static
ok
DDR
0.2.3.5/24
Copyrig
Oracle Universi
Managing Inte
rface Properties
# ipadm show-ifprop play1

IFNAME
PROPERTY
PROTO PERM CUR
RENT
PERSISTENT DEFAULT
POSSIBLE
on
play1
-play1
--
forwarding
off
ipv4
off
play1
--
metric
ipv4
0
play1
--
mtu
1500
on
play1
--
exchange_routes ipv4
on
play1
--
usesrc
none
play1
--
forwarding
off
play1
--
metric
1500
play1
--
mtu
ipv6 rw
1280-1500
on
play1
--
nud
ipv6 rw
on,off
on
play1
--
exchange_routes ipv6
on
play1
--
usesrc
none
ipv4 rw
on,off
rw
arp
on
on,off
rw
-ipv4 rw
68-1500
rw
1500
on,off
ipv4 rw
none
-ipv6 rw
off
on,off
ipv6 rw
0
--
rw
1500
on
on,off
ipv6 rw
--
none
Copyrig
Oracle Universi
Creating Flows
Define a flow by:

Service (protocol + port address)
Transport type (TCP, UDP, SCTP, iSCSI, and so on)
IP address/subnet
Differentiated Service Code Point (DSCP) label
maxbw
Flows can assign bandwidth caps (
)
Flows maintain their own kstat counters
Use
flowstat(1M)
Use extended accounting for historical reference

flowadm create-flow -l bge0 protocol=tcp,local_port=443 -p m
axbw=50M http-1
flowadm set-flowprop -l bge0 -p maxbw=100M http-1


Data Link Vanity Naming
Vanity naming
Set desired name via
dladm(1M)
/dev/net
List device interfaces in
Supports alternative to so-called PPA hack
PPA: Physical Point of Attachment
Name calculated with (VID*1000 + instance)
Example: bge + (487 * 1000 + 1) = bge487001
knickknack@os11e:/dev/net$ ls -l
total 0
crw-rw-rw- 1 root sys 58, 1001 2010-12-19 17:37 beatnic0
crw-rw-rw- 1 root sys 20,
1 2010-12-19 14:22 e1000g0


Resource Pools
Assigned CPUs process network traffic for a data link

Both kernel threads and network interrupts
Configured through
pools
data link property
# dladm show-linkprop p pool <
datalink
>
Alternative to manual setting (
cpus property)
Pool configuration determines the CPUs selected

svc:/system/pools:default
Automatically updated if CPUs migrate to other pools
Some zones use dynamic pools
svc:/system/pools/dynamic:default
Assigns CPUs on zone bootup, releases on shutdown


dlstat(1M)
Observability for data link and flow statistics

Measured per hardware/software ring
For VirtualBox instance:
# kstat -n mac_rx_ring0
Includes network traffic spread to other CPUs (aka
fanout)
Hardware lane counters (if NIC supports them)
dlstat -i 30
LINK
IPKTS
RBYTES
OPKTS
bge0
25.89K
16.90M
18.23K
play0
5.64K
1.51M
226
15
play1
5.55K
1.49M
131
BYTES
4.42M
.61K
.63K
bge0
81
13.29K
19
7.13K
play0
62
9.37K
play1
62
9.37K
0
0

O
Other Network Observability Enhancements
IP-layer observability
Snoop loopback traffic between zones using shared-IP
# snoop -I lo0
Network DTrace providers
udp: send , ceive
probes
ip: send , ceive dro, in drop-ou ,
tcp: send , ceive sta, -change,connect[request|refused|established| accept[refused|established]
tcpdump
and wireshark
Observe flows with
Observe IPMP groups with
probes
,
are IPS packages
flowstat
ipmpstat


Rethinking Zones
Consider using the global zone (GZ) as a system service

processor
NGZs isolate processes, software stacks
Resource controls cap NGZ consumption
CPU binding, psets, or pools
Virtual, resident set size (RSS), or paging memory
Shared memory, semaphores
An exclusive TCP/IP stack completes the picture.
L2/L3 boundary: Data links (
exclusive-IP
prop
erty)
Per-NIC in Solaris 10, per-VNIC in Solaris 11
One example: the Immutable Service Container
http://blogs.sun.com/video/entry/immutable_service_conta
iners


Other Solaris 11 Enhancements
Still more stuff in
dladm(1M)
VLAN, WiFi, IP tunnel management

Network Auto-Magic (NWAM) service
svc:/network/physical:nwam
Automagic setup
User can modify security, name services
Manual control (CLI or GUI)
Location-specific configurations


ZFS Features in Solaris 11

Enhancements
Key enhancements discussed in this module:

Root pool boot environments (BE)
Deduplication
Root pool mirroring
Snapshot diff capability
Synchronous write behavior property

Send stream enhancements
Improved pool recovery


Boot Environments
Makes updates safe, reliable, and recoverable

Similar to Solaris 10 Live Upgrade
ZFS only
Managed by
beadm (1M)
Subcommands provide means to:
List

Boot Environments (BE)
ZFS is required.
A BE is a special-purpose ZFS snapshot.
beadm(1M)
replaces lu*
commands.
All BEs reside in the root pool.

No need to maintain partitions
Integrated with IPS
New BEs with package actuators
Make new BE with
pkg image-update
or kg up
date


Creating a Boot Environme

nt
Initial boot environment after installation

# beadm list
BE
--
Active Mountpoint Space Policy Created

------ ---------- ----- ------ -------
solaris NR
2.81G static 2010-12-06 03:
48
Create a new boot environment by using
beadm create
# beadm create S11-BE-1 && beadm list
BE
--

------ ---------- -----
------ ------S11-BE-1 -
110.0K
static 2010-12-09 04:23

solaris
NR
2.81G static 2010-1
2-06 03:48
Active flags
N = Active ow
R = Active next eboot

Activating a Boot Environment
Activating a boot environment

# beadm activate S11-BE-1
# beadm list
BE
--
------ ---------- -----
------ ------S11-BE-1 R
2.81G s
tatic 2010-12-09 04:23

solaris
120.5K static 2010-12-
06 03:48
After reboot
# beadm list
BE
-S11-BE-1 NR
------ ---------- ----- ------ ------/

2.82G static 2010-12-09 04:2
solaris
3
-
7.37M st
atic 2010-12-06 03:48

O
Destroying a Boot Environment
Destroying a boot environment

# beadm destroy solaris
Are you sure you want to destroy solaris? This action c
annot be
undone(y/[n]):
# beadm list
BE
-S11-BE-1 NR
------ ---------- ----- ------ ------/

2.83G static 2010-12-09 04:2

O
Mounting and Unmounting a Boot Environment
Mounting and unmounting a boot environment

# beadm create S11-BE-2 && beadm list
BE
-S11-BE-1 NR
------ ---------- ----- ------ ------/
2.83G static 2010-12-09 04
:23
S11-BE-2 static 2010-12-09 04:53
45.0K
# beadm mount S11-BE-2 /mnt && beadm list

BE
--
------ ---------- -----
------ ------S11-BE-1 NR
2.83G static 2010-12-09 0
4:23
S11-BE-2 -
/mnt
11.67M
static 2010-12-09 04:53

# beadm unmount S11-BE-2 && beadm list
BE
--
------ ---------- -----
------ ------S11-BE-1 NR
2.83G static 2010-12-09 0
4:23
S11-BE-2 -
12.08M
static 2010-12-09 04:53

Creating New Boot Environments
Create a new BE with an IPS package change

# beadm list
BE
--
------ ---------- -----
------ ------S11-BE-1 NR
2.84G static 2010-12-09 0
4:23
S11-BE-2 -
12.08M
static 2010-12-09 04:53

# pkg install --require-new-be --be-name=S11-BE-3 ncf
tp
1
Create boot environment: Yes
FILES
XFER (MB)
13/13
0.5/0.5
DOWNLOAD
PKGS
Completed
1/1
PHASE
Install Phase
ACTIONS
39/39
PHASE
ITEMS

1/1
2/2

Creating New Boot Environments - 2
PHASE
ITEMS
8/8
Indexing Packages
1/1
A clone of S11-BE-1 exists and has been updated and act

ivated.
On the next boot the Boot Environment S11-BE-3 will be
mounted
on '/'.
beadm list
BE
--
------ ---------- -----
------ ------S11-BE-1 N
352.0K static 2010-12-09 04:
23
S11-BE-2 -
12.08M s
tatic 2010-12-09 04:53

S11-BE-3 R
2.85G s
tatic 2010-12-09 05:19

O
pkg-update
BE Upgrade with
New BE names are incremented by default

# pkg update
A clone of zfsBE exists and has been updated and
activated.
On the next boot the Boot Environment zfsBE-1 will be
mounted on '/'.
# init 6
# beadm list
BE
--
------ ---------- -----
------ ------zfsBE
9.38M s
tatic 2010-10-15 09:18

zfsBE-1 NR
10.76G static 2010-11-05 09:57

Oracle Universi
Deduplication
Drops redundant data blocks

Enabled per-file system:
dedup
property
To determine benefit on the existing ZFS storage:

# zdb -S <pool>
http://hub.opensolaris.org/bin/view/Community
+Group+zfs/dedup
Benefit is expressed similarly to
Observable via
Dedup
compressratio
zpool status
operations have pool scope.


bayle@os11e:~$
ls -l /usr/java/src.zip
-rw-r--r-- 1 root bin 19160179 2010-12-06 04:44

/usr/java/src.zip
bayle@os11e:~$
zfs set dedup=on rpool1/home/d
eirdre
bayle@os11e:~$
cp /usr/java/src.zip /home/dei
rdre/src1.zip
<copy in src[23456].zip>
bayle@os11e:~$
zfs list rpool1/home/deirdre
NAME
USED
rpool1/home/deirdre
110M /home/deirdre
AVAIL REFER MOUNTPOINT

110M
8.10

O
bayle@os11e:~$
zpool list
DEDUP
6.00x
NAME
SIZE ALLOC FREE
HEALTH ALTROOT
rpool1 15.9G 6.61G 9.27G
ONLINE bayle@os11e:~$
bayle@os11e:~$
DEDUP
1.00x
NAME
rpool1/home/deirdre
1K /home/deirdre
41%
rm /home/deirdre/*zip
zpool list
NAME
SIZE ALLOC FREE
HEALTH ALTROOT
rpool1 15.9G 6.61G 9.27G
ONLINE bayle@os11e:~$
CAP
CAP
41%
zfs list rpool1/home/deirdre

USED AVAIL REFER MOUNTPOINT
31K 8.12G
3

O
Root Pool Mirroring
Root pools can be mirrored after installation

#
zpool attach rpool <root_disk> <new_disk>

Allow resilvering to complete
zpool status rpool

Boot blocks are installed automatically
Verify bootability


Snapshot Differences
The
zfs diff
command lists differences betwee
n two
snapshots.
ls /home/timh
fileA
zfs snapshot
<Create fileB>
tank/home/timh@old
ls /home/timh
fileA fileB
zfs snapshot
zfs diff
M
+
tank/home/timh@new
tank/home/timh@old tank/home/timh@new
/tank/home/timh/
/tank/home/timh/fileB

Oracle Universi
zfs diff
Output
Differences listed for files and directories:

M : Modification or link count change
: Object is present in the first snapshot only
: Object is present in the second snapshot only
R : Object has been renamed


Send Stream Enhancements
Modify property values in a received dataset

Enforce property value(s) in a sent dataset
Disable property settings in a received dataset


Send Stream: Override Example
File compression is off for the

file system. You
ta
bpool/data
tank/da
want to enable compression for the

file system.
# zfs get compression tank/data
NAME
PROPERTY
VALUE
SOURCE
tank/data compression off

default
# zfs send -p tank/data@snap1 | zfs recv -o
compression=on -d bpool
# zfs get -o all compression bpool/data
NAME
PROPERTY
VALUE RECEIVED SOURCE
bpool/data compression on
off
local

Oracle Universi
Send Stream: Enforce Example
The
-b
option declares the file system as a prope
rty source.
# zfs send -b bpool/data@snap1 | zfs recv -d restorepoo
l
# zfs get -o all compression restorepool/data
NAME
PROPERTY
VALUE
RECEIVED SOUR
CE
restorepool/data compression off
received
off

O
Send Stream: Ignore Example
The
receive -x
option ignores propert
y settings.
Applies recursively to contained file systems
For example: Ignore
quota
proper
ty setting:
# zfs send -R tank/home@1020 | zfs recv -x quota
bpool/home
# zfs get -r quota bpool/home
NAME
PROPERTY VALUE SOURCE
bpool/home
quota
none
bpool/home@1020
quota
default
bpool/home/cindys
quota
local
bpool/home/cindys@1020 quota
-
none
bpool/home/tom
bpool/home/tom@1020
quota
quota
none
-
local

Oracle Universi
Pool Import: Log Device Recovery
Importing a pool with a missing log causes an error.
# zpool import dozer

The devices below are missing, use '-m' to import the
pool anyway:
c3t3d0 [log]
cannot import 'dozer': one or more devices is currently
unavailable
Now, you can import the pool as-is (
-m ).
Attach the missing log device.

Use
zpool clear
to resolve errors.
Works for mirrored log devices


Pool Import Recovery: Example
Example: Import Pool With Missing Log Device

# zpool import -m dozer
# zpool status dozer
pool: dozer
state: DEGRADED
status: One or more devices could not be opened. Suf
ficient replicas
exist for the pool to continue functioning in a d
egraded state.
action: Attach the missing device and online it using
'zpool online'. see:
http://www.sun.com/msg/ZFS-8000-2Q
config:
NAME
STATE
READ WRIT
dozer
DEGRADED
E CKSUM
0
0
mirror-0
0
ONLINE
c3t1d0
ONLINE
c3t2d0
ONLINE
logs
14685044587769991702 UNAVAIL
0
0 was c3t3d0

Pool Import: Read-Only Mode
May help in recovering a damaged pool

All datasets are mounted in the read-only mode.
Disables pool transaction processing
No pending synchronous writes in the intent log are play
ed.
Ignored attempts to set a pool property

zpool import -o readonly=on tank
zpool scrub tank
cannot scrub tank: pool is read-only
To revert to read-write, export, and import the pool


Synchronous Write Behavior Property
The
sync property defines per-file system write behavior
Replaces the
zil_disable
The default setting is
tunable parameter
standard
Write synchronous transactions to the intent log, flush

devices
zfs set sync=always tank/home/perrin
#


Values for
Possible
sync
Property
sync property values include:
standard
Synchronous-write transactions: all
fsync(3C)
calls, pen(2)
calls flagged with
O_DSYNC,
O_SYNC
always
Write and flush all transactions to stable
storage. The system call returns upon completion.
disabled
Commit transactions to stable storage with
the next flush, regardless of delay. Fast performance, no

risk of pool corruption.
Data corruption is another ma
tter.


ZFS Synchronous Behavior: Tuning Caveats
A sync
property value of
disabled
on the active
BE or
/var may produce undefined behavior.
Increases vulnerability to replay attacks
Understand all the risks before using this value
Processes that rely on synchronous behavior can lose
data with the
disabled
value.


RAIDZ/Mirror Performance
Latest-and-greatest RAIDZ pools automatically mirror

latency-sensitive metadata.
Pools created with b148 or later
Pool version 29 or later
Boosts I/O throughput
Applies to all newly-written
Trades off space for time
data
Does not improve resilience to failure


Integrating ZFS into Deployment
Consider a separate file system per significant application.

Monitor with
fsstat(1M)
Use snapshots for easy rollbacks.

Use
zfs diff
to monitor changes.
Apply encryption if appropriate.

Use
zfs send/receive
for replication or backup.


Performance Notes
On-disk encryption costs ~7% on random I/O and ~3% on

sequential I/O.
RAID-Z mirror allocation Some workloads show 2-4x
speedup on directory searches.
Scrub/resilver ops now prefetch their metadata.

System duty cycle (SDC) scheduler balances thread
priorities for CPU time.
Slim ZIL reduces metadata I/O if data blocks are not full.
Explicit ZIL behavior is controlled via
sync
proper
ty.


Other ZFS Features
Dynamic LUN expansion

autoexpand
property
Splittable mirrored pools (

zpool split)
Triple-parity RAID-Z (
raidz3 )
Improved ACL compatibility with CIFS
Automatic snapshots/Time Slider
SMF service
User/group quotas
Via userspace
auto-snapshot
and
groupspace
subcommands


ZFS References
Oracle Solaris Administration: ZFS File Systems

http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=ZFSADMIN


Zones

Core
Configurable privileges (
limitpriv
Supports DTrace inside a zone
Zone rename and move operations

Zone migration (attach, detach)
Software update on attach
Default update is conservative
Option U will update all
Boot arguments (
bootargs )
Packaging
Parallel patching, turbo SVR4 packaging
Live Upgrade support


Resource management
Overhauled and simplified (
zone.*
CPU Caps added

zone.cpu-cap zo , cpu-shares
See resource_controls(5)
Enhanced observability
getvmusage(2)
Supported by
Integration with ZFS
Assign datasets to zones
Faster provisioning with clones and snapshots


Networking
ip-type
defrouter
Brands
Oracle Solaris 8 Containers
Oracle Solaris 9 Containers
Trusted extensions
Sun Cluster integration

Oracle Enterprise Manager Ops Center 2.5 Integration


Physical to virtual (p2v) migration
Consolidate legacy instances as zones onto new hardware

Available for Oracle Solaris 8, 9, and (other) 10 instan
ces
Process
Create a system image
Transfer to zonepath
Install the zone
location
Image automatically updated during installation

User-land/kernel need to be in sync
Need to emulate Host ID


Changes in Oracle
Solaris 11
Copyright 2011, Oracle and/or its affiliates. All rights

reserved.
Oracle Un
iversity and ORACLE CORPORATION use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT
MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Design and Features
lofiadm
support
v2v and p2v migration

Branded Oracle Solaris 10 containers
Exclusive-IP network stack enhancements

zonestat
IPMP support for
ip-type


Storage
lofiadm(1M) lofi(7D)
supported
New resource control to limit
lofi
devices
zone.max-lofi
zonecfg:zone1>
zonecfg:zone1:rctl>
add rctl
set name=zone.max-
lofi
zonecfg:zone1:rctl>
ivileged, limit=10, action=none)
zonecfg:zone1:rctl>
zonecfg:zone1>
add value (priv=pr

end

Networking: Exclusive IP Zone

s
Exclusive-IP options
allowed-address
erty defines usable
address/range.
prop
defrouter
property supports
.
ip-type=exclusive
# zonecfg -z zone1
zonecfg:zone1>
set ip-type=exclusive
zonecfg:zone1>
add net
zonecfg:zone1:net>
set allowed-address=
192.168.1.10/32
zonecfg:zone1:net>
set physical=vnic1
zonecfg:zone1:net>
set defrouter=192.16
zonecfg:zone1:net>
end
8.1.1

Networking: Exclusive IP Zones
Administration/tools available inside a zone

dladm, flowadm, ipadm
IP Tunnels
IPMP
Zones are ideal for virtual networking
Configurable with multiple vnics
Internal namespace for flows
Layers 2 and 3 network protection
Prohibit mischievous traffic from exclusive-IP zones
(Try dladm show-linkprop protection
)


Networking: Shared IP Zones
IPMP
Solaris 10 IPMP, interface name changes on failover,

creating issues for some users
For example: Using interface
ce0:2 one moment,
ce1:1
the next
Zone admin has no control
Solaris 11 IPMP
Zone retains same interface
ipmp0:2 remains ipmp0:2
for the zone session
Zone admin can test interface for

IPMP flag
If set, the address is highly available.


Zones Observability
Improved utilization monitoring

CLI and Oracle Enterprise Manager integration
acctadm
Uses extended accounting (see
)
Also vcs extended-accounting
Reports on both shared and dedicated resources
Measures utilization against configured limits
zonestat(1M)


zonestat
zonestatd
Command
daemon performs monitoring
Nonroot users and nonglobal zone users can see (some of)
the information
zonestat
can monitor:
Virtual, physical, and locked memory

Pools, psets, LWPs, and processes
Shared-memory, semaphore, and message resources
Can report specific zones, resource types
Supports sorting by column
Machine-parseable output is also available


zonestat
Interval: Example
End-of-run reporting for average, high, and total usa

ge
$ zonestat 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY
Cpus/Online: 32/32
Physical: 32.0G
Virtual: 47.9G
----------CPU---------- ----PHY
SICAL----- -----VIRTUAL----ZONE USED %PART %CAP %SHRU USED
%CAP USED
PCT
PCT %CAP
- 5660M 17.2%
- 5086M 15.5%
[total] 1.57 4.92%

9.9G 20.6%
[system] 0.09 0.28%
- 9275M 18.8%
-
kodiak-dp
100% 46.0M 0.14% 4.49% 36.2M 0.07% 1.17%
2%
- 62.4M 0.12%
1.00 100%
global 0.48 1.56%

- 1.56% 419M 1.27%
673M 1.37%
kodiak-ab
0.00 0.00%
- 0.01% 67.0M 0.2
115M 0.23%
-
0%
kodiak-rie
0.00 0.00%
- 0.02% 41.6M 0.1

zonestat
by
Resource: Example
Example: Monitor lwps and processes

$ zonestat -r processes,lwps 5
PROCESSES
system-limit
SYSTEM LIMIT
292K
ZONE USED
PCT
CAP %CAP
[total]
-
191 0.63%
[system]
0 0.00%
global
-
167 0.55%
foo
24 0.08%
300 8.00%
LWPS
system-limit
SYSTEM LIMIT
2047M
ZONE USED
PCT
CAP %CAP
[total]
-
713 0.00%
[system]
0 0.00%
global
-
618 0.00%
foo
95 0.00%
1000 9.50%

Resource Manageme
nt
New
max-processes
resource control
# zonecfg -z zone1
zonecfg:zone1>
prctl
set max-processes=300
now reports resource utilization
# prctl -i zone foo

zone: 4: foo
NAME
PRIVILEGE
VALUE
FLAG
ACTION
zone.max-lofi
usage
system
18.4E
max
usage
privileged
28.3MB
3.00GB
system
16.0EB
max
deny
zone.max-swap
deny
deny

Zones Security
Delegated administration
Authorizations can be configured directly in
zonecfg
login, manage, clonefrom
zonecfg -z zone1
zonecfg:zone1>
add admin
zonecfg:zone1:admin>
set user=jack
set auths=login,ma
end
nage
zonecfg:zone1>
commit
Authorizations are added to user/role entry in

/etc/user_attr
g
by
zonecf

O
Solaris 10 Containers
Solaris 10 branded zone

Similar to the existing solaris8 and
solaris brand se
ttings on
Solaris 10
Promote adoption and compatibility of Oracle Solaris 11
Leverage existing investment in Solaris 10
Infrastructure, training, support
Allow new technology to support Oracle Solaris 10 contex
t
Virtualized networking among Solaris 10 instances
Application recertification for Solaris 11 unnecessary
Use p2v installation process

Or v2v for moving the existing Solaris 10 zones
Support instances on Solaris 10 10/09 or later


Solaris 10 Container: Expected Migration Path
zone: db27-prod
redeploy
Solaris 10
Solaris10
Brand
zone: db27-prod
zone: db27-prod
p2v
Solaris 11
Solaris 11
Solaris 10
db27-prod

References
Oracle Solaris Administration: Oracle Solaris Zones, Oracle

Solaris 10 Zones, and Resource Management
http://www.oracle.com/pls/topic/lookup?ctx=E23824&id=SYSADRM


Network Virtualization 2

Advanced Network Features
ilbadm
IP Filtering, forwarding in a zone
Hardware Lanes and dynamic polling
ipmpstat

VRPP support
NUMA I/O
Public GLDv3 APIs


ilbadm
: L3/L4 Integrated Load Balancing
Operational modes
Stateless Direct Server Return (DSR)
Half or Full NAT
Algorithms supported
Round robin
IP hashing: Source address or source address + port
Health-checking built-ins
TCP, UDP, ICMP probes
Apply as parameters to user-scripted tests
Performance comparable to IP forwarding


Load Balancing Components
pkg://solaris/service/network/loadbalancer/ilb@0.5.11,5.11-0.148:
To configure:
Server group: list of host+port addresses
Virtual IP (aka logical host )
Algorithm, operational type
Healthcheck program and parameters (optional)
The configured elements form a
ilbadm
subcommands follow
rul.
dladm
model.


ilbadm
: Example
ilbadm create-servergroup
\
> -s servers=apache-zone1:80,apache-zone2:80 \
apache_group
#
ilbadm create-rule
e p I vip=10.1.2.3,port=80
>
-m lbalg=rr,type=HALF-NAT
-h hc-name=/var/hc/apache_check
\
-o servergroup=apache_group
\
apacheload_rrobin
\
\
\

IP Filter, Forwarding in a Zone
Same operational semantics as the GZ

For IP Filter in a zone
# pkg install ipfilter; pkg contents ipfilter
Filter/NAT configuration files in the
/etc/ipf
directory
See
/usr/share/ipfilter/examples
# svcadm enable ipfilter

Or just forwarding
# svcadm enable ipv4-forwarding

Oracle Universi
Hardware Lanes and Dynamic Polling
A Hardware Lane is defined by

NIC-supported partitions (Receive/Transmit R
ings, DMA)
Kernel queues/threads bound to CPU, pset, or
pool
Same CPUs assigned to a VNIC or a flow
Dynamic polling
Switches from interrupt handling to polling
rate in low traffic
Reduces context switching and lock contention
mtx
srw
mpstat output with NIC and legacy driver:

intr
ithr
csw
icsw
migr s
syscl
usr sys wt idl
10818 8607 4558 1547 161 1797 289 19112 17
srw
mpstat with NIC and GLDv3-based driver:

intr
ithr
csw
icsw
migr s
syscl
usr sys wt idl
2823 1489 875 151 93 261 1
19825 15
69 0 12
mtx
57 0 27

O
Hardware Lanes
Intended for multicore platforms with multi-10

g
igE NICs
Hardware Lanes + dedicated resources

= linear scaling
Integrated with virtualization and Q
oS controls
Dynamic polling, packet chaining boo
st efficiency
Physical Machine
Physical NIC
C
Hardware
Virtual
VNIC
L
Rings/DMA
Machine/Zone
Kernel Threads
and Queues
A
S
Hardware Lane
Virtual
Rings/DMA
Machine/Zone
NIC
Kernel Threads
and Queues
Switch
S
I
VLAN
F
Separated
I
E
Hardware
Kernel Threads
Rings/DMA
Application
Flow
R
and Queues
Copyrig
Oracle Universi
ipmpstat
: Observability for IPMP Groups
Reads sockets opened by
in.mpathd
Five output modes

Address ( -a)
Group ( -g )
Interface ( )
-p
Probe (
)
Target ( -t )
VNICs are valid IPMP group members.
Useful for testing


ipmpstat
: Example
ifconfig blut0 ipmp

# ifconfig play0 group blut0
ifconfig play1 group blut0
ipmpstat -a
ADDRESS
UND
STATE GROUP
INBO
OUTBOUND
play1 play0
play1 play0
fe80::897f:b644:ae41:e0b up
-10.2.3.5
up
blut0
--
blut0
play
10.9.8.7
blut0
play
STATE GROUP
INBO
up
ifconfig play0 group \"\"

# ipmpstat -a
ADDRESS
UND
OUTBOUND
play1
play1
fe80::897f:b644:ae41:e0b up
--
blut0
--
10.2.3.5
up
blut0
play
10.9.8.7
up
blut0
play

MAC Layer APIs To Create VNICs,

Leadville
App
Dedicate Resources, Bandwidth

Fiber
Network
Channel
for both Network Stack and FCoE
Stack
Stack
Virtual
FCoE
NIC
Glue
Virtualized Data Link Layer

MAC
MAC
Client
Client
MAC Layer
Rx/Tx Ring
DMA
Rx/Tx Ring
DMA
Channel
Channel
H/W Flow Classifier

Pseudo FC instance presented to storage
10g thernet Port
10 g Port
FCoE Port

Virtual Router Redundancy Protocol (VRRP)
HA support for routers and load balancers

Treats active server as a primary
Other servers are passive
Solaris framework monitors control messages
Upon primary failure, framework elects a new primary
Moves the Virtual IP address (VIP)
Each VRRP router associates a VNIC with the VRRP id

VNIC attributes are set via
dladm(1M) .


IP over Infiniband (IPoIB)
Used in Exalogic systems (BOND0 interface)
Runs on top of IB's verb layer

Control over IB partitions in
*-part subcommands
dladm(1M)
IB data links show up as Host Channel Adapter (HCA) port

s
Create partition data links over IB data links
Plumb them with IP addresses, assign them to zones
All dladm(1M)
link properties apply


Non-Uniform Memory Architecture (NUMA) I/O
On NUMA platforms, I/O performance factors include:

Kernel resource location (memory placement)
Hardware topology
Device location (backplane attachment)
NUMA I/O Framework
Defines affinity for all I/O subsystems
I/O subsystems register affinity to needed resources
Framework uses affinity to determine memory placement
Consumer-transparent process

6 - 14
NUMA I/O Architecture: Overview
I/O
I/O topology
ernel Affinity APIs
I/O
topology
Subsystem
onstructor
Admin
Interface
Core NUMA I/O
Framework
constraints
NUMA
I/O
Bind
topology
interrupt
Subsystem
NUMA lgrp
sub-system
nterrupt
Device
Driver
PCI/DDI
andles
Framework

GLDv3 Public Driver APIs
Dynamic polling
Packet chaining
Hardware checksumming offload
Large Send Offload (LSO)
Revamped driver property interface
Simplify driver development
Extensibility for future releases
First supported in Solaris 10 U9 (09/10 release)
See Chapter 19, Document #816-4854


Network Performance Highlights
Dynamic polling on receive rings boosts efficiency

Aggregation, flow control on transmit rings
Binding available to psets or pools
Supports Message Signaled Interrupts (MSI)
Used in PCI Express (PCIe) hardware
Alternative to traditional Pin-Based Interrupt
Hardware Lanes
Improve cache locality, isolates traffic


O
Security

Features
Root as a role
On-disk file encryption
Network spoofing protection
Delegated administration
Zones, SMF services
In-kernel
pfexec
Forced Privilege and Stop Profile


Root Implemented as a Role
User defined during installation receives the root r

ole
sudo
is enabled with 5-minute grace
installer@os11e:~$
roles
root
installer@os11e:~$
Console User
profiles
Suspend To RAM
Suspend To Disk
Brightness
CPU Power Management
Network Autoconf User
Network Wifi Info
Desktop Removable Media User
Basic Solaris User
All

Oracle Universi
File system encryption:

zfs(1M)
Applicable to datasets or volumes

Need a wrapper key to mount file system
Passphrase or file-based, delegatable key co
ntrol
See man page examples 22-27 for
zfs(1M)
$ zfs create -o encryption=on rpool1/home/fng
Enter passphrase for 'rpool1/home/fng':
Enter again:
$ zfs list rpool1/home/fng
NAME
rpool1/home/fng
USED AVAIL REFER MOUNTPOINT

31K 8.29G
31K /
export/home/fng
fir@os11e:/$
zfs get all rpool1/home/fng |
grep key
ssphrase,prompt
ailable
rpool1/home/fng
local
rpool1/home/fng
keysource
pa
keystatus
av
rpool1/home/fng
rekeydate
Fr
i Dec 10 10:35 2010 local

O
Configuring ZFS Encryption
You can also write a key to a file

keysource
ile path
attribute specifies format and f
Encryption policy is inherited and read-only

# pktool genkey keystore=file outkey=/dmkey.file
keytype=aes keylen=256
# zfs create -o encryption=aes-256-ccm -o
keysource=raw,file:///dmkey.file rpool1/home/fng
# zfs clone rpool1/home/fng@final rpool1/home/delivered
Enter passphrase for 'rpool1/home/delivered':
Enter again:
# zfs set encryption=off rpool1/home/delivered
cannot set property for 'rpool1/home/delivered:
'encryption' is readonly

Oracle Universi
File system encryption:

lofiadm
(1M)
Full scenario: Example 6,

man page
marty@os11e:/$
marty@os11e:/$
lofiadm
mkfile 64m /var/tmp/setec

lofiadm -c aes-256-cbc -a
/var/tmp/setec
Enter passphrase:
Re-enter passphrase:
/dev/lofi/1
marty@os11e:/$
newfs /dev/rlofi/1
newfs: construct a new file system /dev/rlofi/1: (y/n

)? y
...
marty@os11e:/$
Block Device
Options
/dev/lofi/1
Encrypted
lofiadm
File
/var/tmp/setec

O
Network Spoofing Protection
mac-nospoof
: Cannot change MAC address
restricted
: Outbound ipv4, ipv6, and ARP packets only
ip-nospoof
ips property
: Checks outbound packets against allowed-
dhcp-nospoof
dladm(1M)
: Multiple conditions apply. See

.
dladm show-linkprop -p protection play0

LINK
PROPERTY
PERM VALUE
DEFAULT
POSS
IBLE
play0
protection
rw
--
--
ma
c-nospoof,
r
estricted,
i
p-nospoof,
d
hcp-nospoof
dladm set-linkprop -p protection=mac-nospoof play0


Zones: Delegated Administration
Per-user, per-zone authorizations

Limits NGZ access from the GZ
/user_attr
zonecfg(1)
file.
syncs with GZ
zonecfg:webber>
/etc
info
zonename: webber
zonepath: /home/webber/zone
...
admin:
user: hen3ry
auths: login,manage
zonecfg:webber>
verify; exit
UX: /usr/sbin/usermod: hen3ry is currently logged in,

some changes may not take effect until next login.

Oracle Universi
SMF: Delegated Administration
Set authorizations in manifest

Enable/disable (
value_authorization
action_authorization
Restart/refresh (
)
Modify values in all or select property groups
Assign auths to profiles/users
Complete list in
via rbac(5)
smf_security(5)
<property_group name='general' type='framework'>


<propval name='action_authorization' type='astring'
value='solaris.smf.manage.myservice' />

<propval name='value_authorization' type='astring'
value='solaris.smf.manage.myservice' />
</property_group>


SMF: Method Context
Execution attributes include:

Security
User, group, privileges
Also resource management and environ
ment
<exec_method type='method' name='st
art'
exec='/lib/svc/method/foobar
start'
timeout_seconds='60' >
<method_context>
<method_credential
user='foo'
group='bar'
privileges='basic,sys_n
et_config,net_rawaccess' />
</method_context>
</exec_method>
Copyrig
Oracle Universi
SMF: Firewall Integration
Application-specific attributes
$ svcadm enable ipfilter
$ svccfg -s ipfilter:default setprop
firewall_config_default/policy = allow
$
svcadm refresh network/ipfilter

$ svcadm enable ftp
svccfg -s ftp setprop firewall_config/policy = al
low
$ svccfg -s ftp setprop firewall_config/apply_to =
network:192.168.1.0/24
Applications can participate in automatic firewall

policy
firewall_context/name
Define
for RPC services.
firewall_context/ipf_
method
Implement
for other
services.
See
svc.ipfd(1M)
for more
information.

O
Least Privilege Changes
net_priv_addr
proc_fork
proc_exec
Copyright 2011, Oracle and/or its affiliates. All rig

hts reserved.
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKI
T MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
In-kernel
New
PRIV_PFEXEC
pfexec
process flag
Set by any profile shell, inherited across
exec(2)
Applies RBAC attributes transparently

No need for
pfexec
Other profile shells now available:
pfbash(1)
pftcsh(1)
pfzsh(1)


Basic Privileges: More is Less
basic
privilege set expanded

file_read, file_write, file_link_any
proc_exec, proc_fork
proc_info, proc_session
net_access
Easier to disable certain privileges:

Read-only process:
Host-only process:
!file_write
!net_access

Oracle Universi
Role-Based Access Control
Software Installa
tion
DTrace Analysis
Developer
Audit Review
File Integrity Verifi
cation
Internal
Auditor
Dataset Management
Backup Operator
Sys
Admin

O
Sandboxing Enhancements
User profiles are cumulative, processed in list order

/etc/user_attr, /etc/security/policy.conf
Ignored any profiles assigned after
Stop is read
Either by file ( policy.conf
) or by command
Provides an explicit limit to a user's authorizations


Kerberos Improvements
Zero-configuration client via DNS

Authentication via Active Directory available
Enhancements to PAM configurations
Better interoperability for Windows clients
Initial authentication possible with public keys
New
RFC 4556 (PKINIT) implemented

kdcmgr
(1M) tool
Sets up Kerberos Key Distribution Center


Key Management:
pkcs11_kms
Provid
er
Consumer for Key Management Server (KMS)

Configured with
kmscfg(1M)
pkg:/system/library/security/crypto/pkcs11_kms@...
KMS configuration required for each consumer
See
KMS 2.2 Administration Guide for details
http://docs.sun.com/app/docs/doc/316195103AA


Other Enhancements
NSA Suite B algorithms support

Internet Key Exchange
Accepts Elliptic Curve Cryptography (ECC)
Also RSA and DSA
AES Cipher Feedback (CFB) mode
Available on SPARC T3 processor
Used by Oracle Database Advanced Security Option
Supports acceleration of table-level encryption


Oracle Solaris 11 Trusted Extensions
Mandatory Access Control
Need-to-
Internal
know
Use
Public
(MAC)
Zones are classified ( lab
eled )
Multilevel Desktop Services
Processes need proper

clearance to access la
belled
(Global Zone)
assets
Networks, printers also
Solaris Kernel
labeled
net
net
net
net
Runs all Solaris applica
tions
Designed for defense and
intelligence industry
requirements
Meets Common Criteria
Certifications at EAL
4+ levels


Trusted Extensions Changes
GNOME replaces CDE as Desktop

GNOME login manager asserts labeling
X server uses same X Access Control Extension (XACE)
policy hooks as SELinux
New ZFS attribute:
mlslabel
Prevents remounting on the wrong label
Labeled IPsec
Multilevel IKE daemon negotiates Security Associations

Maintains the label s confidentiality and integrity
CIPSO data does not need to be sent in the clear
Allows the use of single physical network


Trusted Platform Modules (TPM)
Support for Trusted Platform Modules (TPM)
TSS 1.2 API

tpmadm(1M)
CLI
pkcs11_tpm(5)
Crypto module


Services Management Facility (SMF)

SMF Design Goals
Increase application availability

Monitor services in run time
Restart failed processes
Graph-dependent services
Start independent service paths concurrently
Common naming for all services
Not just daemon processes
It is either disabled
or some variation of
enabled


SMF Is the Glue in Solaris 11
Services are first-class objects

Health monitoring
FMRI-based naming
Universal lifecycle
Tools to observe services, not just processes
Automated restarts after errors and faults
Integrated refresh upon reconfiguration
Control for many service attributes
Privileges
User/group delegation
Resource controls


Service Templates
Service properties include:

Decorations
Descriptions
Simple constraints
Online help
Store property descriptions with the service
Catch errors during configuration:
Validate constraints in APIs and commands
smf
_template(5)

Early Manifest Imports
Two import services

svc:/system/early-manifest-import:default
svc:/system/manifest-import:default
Solves potential race condition with manifest upgrad
es
Reads new manifest location
/lib/svc/manifest
/var/svc/manifest
remains fo
r compatibility
/lib/svc/manifest
manifest-import
, and
then /var/svc/manifest
service reads
.

Oracle Universi
SMF Enhanced Profiles
Customize configuration for mutliple services

Example: enabling/disabling services in one action
# netservices limited | open
Easy deployment of services configurations
Drop-in during system deployment
Installer support for SMF profiles in the works
/etc/svc/profile
Use
site/ subdirectory for local customization


Fault Notif
ication
Set and list notification types for SMF/FMA fa

ults.
Default parameters kept as a service
svc:/system/svc/global:default
# svccfg setnotify -g to-maintenance

mailto:admin@domain.com
svccfg listnotify -g
Event: to-maintenance (source: svc:/system/
svc/global:default)
Notification Type: smtp
Active: true
to: admin@domain.com

IPS A
ctuators
Signals additional behavior, usually on a live

system
restart_fmri
prompts a se
rvice restart.
Per-file attribute
Remember that IPS only updates obj
ects as needed.
reboot-needed
indicate
s that a reboot is required.
dir group=bin mode=0755 owner=root path=opt timestamp=2

0101109T051058Z
dir group=bin mode=0755 owner=root path=opt/app timesta
mp=20101109T051110Z
file opt/app/app-bin group=bin mode=0555 owner=root pat
h=opt/app/app-bin
pkg.size=48088
reboot-needed=true
file opt/app/app.conf group=bin mode=0644 owner=root pa
th=opt/app/app.conf
pkg.size=267
file lib/svc/manifest/application/lianep-app.xml mode=0
444 owner=root
path=lib/svc/manifest/application/lianep-app.xml
restart_fmri=svc:/system/manifest-import:default

proc_t
FMRI Stored in
Structure
#!/usr/sbin/dtrace
inline string fmri =

stringof(curthread->t_procp->p_ct_proce
ss->conp_svc_fmri->rs_string);
syscall:::entry
{
@[fmri] = count();
}
dtrace: script '/var/tmp/foo' matched 228 p

robes
^C
svc:/system/sysevent:default
10
svc:/network/smtp:sendmail
21
svc:/network/physical:nwam
40
svc:/network/ntp:default
50
svc:/system/hal:default
65
svc:/network/datalink-management:defaul
t
428
svc:/application/graphical-login/gdm:de
fault
274792
Copyrig
Oracle Universi
O

Solis

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Solis

Uploaded by

Copyright:

Available Formats

Copyright 2011 Oracle ,d/or it affiliates. All rights reserved.

If this documentation is delivered to the United States Government or anyon

SPARC Enterprise Servers 1-4

Oracle Solaris: Platform Choice and Flexibility

Oracle Addresses Range of Customer Needs

2 Image Packaging System (IPS) and Automated Installer

Starting the packagemanager GUI 2-7

Other Commands and Utilities

Flow of Automated Installation

Physical Wire, Physical Machines

Managing Interfaces and IP Addresses

4 ZFS Features in Solaris 11

Mounting and Unmounting a Boot Environment

Creating New Boot Environments - 2

Pool Import: Log Device Recovery

Values for sync Property

zonestat Command 5-13

racle University and ORACLE CORPORATION use only

Solaris 10 Container: Expected Migration Path

ilbadm: L3/L4 Integrated Load Balancing

IP Filter, Forwarding in a Zone

Virtual Router Redundancy Protocol (VRRP)

Non-Uniform Memory Architecture (NUMA) I/O

GLDv3 Public Driver APIs

File system encryption: zfs(1M) 7-4

Network Spoofing Protection 7-7

SMF: Firewall Integration

Trusted Extensions Changes

Early Manifest Imports

SMF Enhanced Profiles

demonstrations. Online demonstrations and written p

International Oracle User s Group (IOUG) articles

Copyright 2011, Oracle and/or its affiliates.

Oracle University and ORACLE CORPORATION use only

Oracle Solaris: The Mission Critical OS

Copyright 2011, Oracle and/or its affiliates.

Oracle University and ORACLE CORPORATION use only

What's New in Oracle Solaris 11

Raising the Bar Set by Solaris 10

: Thousands of threads, teraby

Copyright 2011, Oracle and/or its affiliates.

Oracle University and ORACLE CORPORATION use only

What's New in Oracle Solaris 11 1 - 3

Java Ops Per Second

SPARC T3 Servers: Scaling to New He

sefor Blade 6000

Platform Choice and Fl

Copyright 2011, Oracle and/or its

Serious About Oracle Solaris

Over 20 million hours of development

Copyright 2011, Oracle and/or its affiliates.

Oracle University and ORACLE CORPORATION use only

What's New in Oracle Solaris 11 1 - 7

Oracle Addresses Range of Customer Needs

Manageability and Simplicity

Copyright 2011, Oracle

Oracle University and ORACLE CORPORATION use only

The preceding is intended to outline our general product

The development, release, and timing of any features or

Copyright 2011, Oracle and/or its affiliates.

Oracle University and ORACLE CORPORATION use only

What's New in Oracle Solaris 11 1 - 9

Copyright 2011, Oracle and/or its affiliates.

Oracle University and ORACLE CORPORATION use only