Professional Documents
Culture Documents
Glenn Barney
gb2174@columbia.edu
COMS E6998.002 : Advanced Computer Design
Metrics
- Availability
- Utilization
- Platform Choice
- Hardware Compatibility list
- 716 x86/x64 systems, 75 SPARC systems
History of Solaris
Its a Unix OS that is an amalgam of earlier Unix based OSs, but mainly SUNs first
OS, SunOS based on BSD and AT&Ts Unix, System .
SunOS 4.x
NFS
OpenWindows 2.0 GUI
OpenBoot monitor
DeskSet Utilities
Multiprocessing Support
Solaris Overview
Linux System Call Handler is in-kernel, it catches Linux ssytem calls and dispatches the
equivalent Solaris kernel functions
Dtrace debugging system new for Solaris 10, clean and modular pre-deployed global
debugging solution at minimum runtime cost.
Solaris Kernel
System V IPC
Shared Memory process create segment of shared memory shared among each other
Message Queue each message contains a 32 bit type value and a data payload
Semaphores process can sleep on them, used for synchronization but any process can
increment
Solaris doors Door server contains a thread that sleeps waiting for client, client
calls server through a door and scheduling control is passed to the door to the
requesting thread through the door server. Very low latency turnaround.
Signals can interrupt a process after an event occurs. Signals can be ignored,
caught and handled, or treated with a default action.
Memory
64-bit kernel and process address space
optimizes memory use by sharing program binaries and application data among
processes
VM system manages most objects related to I/O and memory, kernel and user
applications, shared libraries and file systems
Virtual Memory
Processs virtual address space skeleton created by kernel when the fork()
system call creates the process
Memory is allocated on the heap, malloc() doesnt create physical memoy
Heap can be allocated in 32 or 64 bit mode, much larger with 64 bit mode.
Picture on the right show how memory mapping can share data among processes
Several options govern how a file is shared when it is mapped between process
MAP_SHARED can be set to PROT_, READ|PROT_, WRITE
MAP_PRIVATE can be set to PROT_, READ|PROT_, WRITE
There can also be anonymous memory, pages that are not associated with a vnode.
They are used for new heap space, and are allocated by a zero-fill-on-demand
operation, or a ZFOD.
Physical Memory
In addition to this page-out process, the dispatcher can swap out entire processes to
conserve memory, it does this rarely but in extreme circumstances.
Solaris has a general purpose memory allocator known as the slab allocator.
Used for memory requests that are :
Smaller then a page size
Not even a multiple of a page size
Frequently going to allocated and freed memory that causes fragmentation
The HAT layer programss the TLB with entries identifiying the relationship
of the virutal and physical addresses.
If the TLB lookup fails, as backup the UltraSPARC uses a translation storage
buffer (TSB), while most other architectures use a hardware page table.
Big difference cause the TSB is a software lookup, but Solaris provides both.
Take a look at the slide titled Virtual Memory to see a picture of the HAT
layer, it is on the right
I/O
So the Solaris kernel has several semaphores and mutex locks to help address concurrent
thread memory access. SMP (like Intel and AMD chips) and CMT (the UltraSPARC T1)
is lot more complicated then just NUMA system, and much research goes on in this field.
Suns attitude is to try to make things as simple as possible while still providing
necessary synchronization.
Security
For user permissions
UFS and file system permissions
Role Based Access Control since Solaris 8
New in Solaris 10: least privilege model
Access Control Lists let you make arbitrary security permissions
Kernel level permissions, the privileged kernel thread and modules
run the whole system and control Solaris containers.
Automated Patch Tool
Solaris Cryptographic framework
Full network traffic control, for example TCP packet monitoring,
disable redirecting of packets and answering system pings.
Solaris Containers/Zones
Containers provide the complete
virtualized environment, zones are
the component that provides the
isolation between zones.
Up to 8192 virtualized
environments per Solaris OS
instance.
Provides a secure sandbox that has
unique root, user and file systems.
Also network interfaces, devices,
hardware, I/O all virtualized.
The kernel makes sure that the
zones are isolated.
If a zone fails, it can reboot in a
few seconds.
Cryptography
Two Basic Types
User level Framework
Exists Outside the Kernel
Uses the PKCS 11 interface
Applications use it
Kernel Level Framework
Operating System modules
use it
Can interface with hardware
and software plug-ins
Niether provide actual encryption
algorithms, plug-ins do all the
work!
Both are verified by the Module
Verification Deamon
Cryptography Continued
Solaris is more secure - it hasACLs, RBAC, PRM, and containers vs. ACLs and Xen
in Linux
Solaris is more Sable Linux has rapid change and multiple centers of
control. While sun has a predictable lifecycle, and Solaris Application
Guarantee.
But Sun has put out a lot of technology to fight criticisms, like ZFS to address big
endian/little endian compatibility between SPARC and x86, and the linux binary API
to increase software options on Solaris.
Since once the most popular UNIX based OS in the world, SUN has
lost a lot of market share.
Microsoft Windows took the low-end market away from most
Unix systems
Linux came in to pull away remainder
Solaris left with the high-end space - based sales on its
stability, performance, and support
Now with Solaris 10 and OpenSolaris, sun is trying to regain the
low end market
Trying to work with AMD/Linux, not against it:
Linux Application Environment
Specific designs for AMD multiprocessor systems
Free OS with competitive support options
References