Solaris 10 Features.
Overview of changes.
Overview of new features implemented on
Solaris 10.
Gaston Benetrix, January 2008.

What’s New in Solaris 10.
§ Each new release of Solaris brings about changes at the client, server, and system levels.
These changes affect users, administrators, and developers in different ways. The
following features have been released for the first time with Solaris 10:
§ N1 containers, allowing systems to be logically partitioned into zones with
specific functions. Containers can be “booted” within a few seconds, ensuring
high availability.
§ Resource management changes, ensuring that specific limits can be set on
resource usage by applications, preventing “runaway” applications from
bringing a system to its knees.
§ Integrated firewall technology, not requiring a separate install.
§ Support for smart card authentication.
§ Kernel instrumentation through dynamic tracing, allowing system fine-tuning
and problem identification (DTRACE).
§ Binary compatibility between different Solaris versions and Linux, and source
compatibility between different Solaris platforms.
§ Failure prediction of hardware components, ensuring that they can be replaced
before impacting on system performance.
§ Also, Solaris 10 brought to light “Solaris Management Facility” and “Solaris Zones”.

Service Management Facility.
§ SMF Architecture:
– Unified repository for configuration of service startup
behavior
• URI string for Fault Managed Resource Identifier
• Managed states (Uninitialized, Offline, Online, Disabled,
Degraded, Maintenance)
• Dependency management for services
– Definitions stored as XML documents
• Profiles
• Manifests

Service Management Facility.
§ Services
– Milestone, device, system, system/security, network,
application, application/management,
application/security, site, platform
§ Milestones
– Milestones replace the “runlevel” methodology
• Name-services:default, devices:default, single-user:default
(runlevel 1), multi-user:default (runlevel 2), multi-user-
server:default (runlevel 3)

Service Management Facility.
§ Service Components:
– Start/Stop mechanism
– Monitor/Restart mechanism
– Configuration properties
– Error management
§ /etc/init.d/* and /etc/rc*.d/* are legacy
components but will continue to be supported.

Service Management Facility.
§ Profiles
– /var/svc/profile
– A profile is an XML document containing the service
profile, including general settings and configuration
information
§ Manifests
– /var/svc/manifest
– A manifest is a list of pertinent data including the service
name, start/stop methods, and dependencies

Service Management Facility.
§ svc.startd – start/stop daemon
§ svc.configd – configuration daemon
§ inetd – delegated restarter
– The inetd daemon performs the same functions as
before, but is implemented differently. It is now part of
SMF and runs only within that facility.

Service Management Facility.
§ Commands:
– svcs – displays current state of system services
– svcprop – shows properties associated with a service
instance
– svcadm – used to manipulate the state of services and to
specify the milestone to which the machine would be
brought (legacy: runlevel)

Solaris Containers: Zones.
§ Current virtualization technologies.
– Domains and Partitions
• SunFire domains
• IBM LPARS
– Virtual Machines
• IBM VM
• VMware
– Operating System Partitions
• FreeBSD Jails
• Linux Vservers
§ Solaris Zones are Operating System Partitions

Solaris Containers: Zones.
§ Zones provide separate virtualized operating system
environments that are derived from a Global Zone
§ Multiple zones can share file systems, processors, and
network interfaces
§ Scaling and sharing can be configured on an as-
needed basis
§ Individual zones gain files and configurations from the
Global Zone

olaris Containers: Zones. (in detail)
§ Solaris Containers consist of a set of technologies that help system administrators
increase
resource utilization by consolidating multiple applications onto a single system.
With Solaris Containers technology, administrators can specify the percentage of
physical system resources each application receives, as well as isolate each
application in its own virtual environment with its own hostname, IP address(es),
users, file system, and more.
By providing isolation between software applications or services using flexible,
software-defined boundaries, Solaris Containers create an execution environment
within a single instance of the Solaris OS and provide:
§ Full resource containment and control for more predictable service levels.
§ Software fault isolation to minimize fault propagation and unplanned downtime.
§ Security isolation to prevent unauthorized access as well as unintentional
intrusions.

Solaris Containers: Zones.
§ Zone Types:
– Global Zone
• All Solaris 10 installations contain a Global Zone
• Only the Global Zone is bootable from the system hardware
• The Global Zone contains the complete installation of Solaris, and can
contain additional software not installed via packages
– Local Zones
• Local Zones contain a subset of the complete operating system, and can
contain non-shared packages
• Local Zones have no awareness of other zones
• A Local Zone cannot install, manage, or uninstall itself or any other zone
For more information about zones, go to:
http://www.blastwave.org/docs/Solaris-10-b51/DMC-0002/dmc-0002.html

Solaris Containers: Types of Zones.

Solaris Containers: Zones.
§ Zone Daemons
– zoneadmd
• Manages zone booting and shutting down
• Allocates zone ID and starts the zsched process
• Sets zone-wide resource controls
• Allocates devices, including plumbing the virtual interfaces
for the zones
• Manages filesystems incuding sharing
– zsched
• zsched manages thread management per-zone
• Kernel threads doing work on behalf of the zone are owned
by zsched

Solaris Containers: Zones.
§ Zone File Systems
– Sparse Root Model
• Minimal number of files from the global zone
• Shared files mounted via read-only loopback file systems
– Whole Root Model
• No dependency on shared filesystems
• Allows superior customization
• Local zones cannot be NFS servers!

Solaris Containers: Zones.
§ Zone Networking
– Zones have visibility to each other via network interfaces
– Only the Global Zone Administrator can modify the
interface configuration and routes
– IPMP is configurable in the Global Zone, and IPMP can be
extended to Local zones, allowing failover in the event of
an interface failure

Solaris Containers: Zones.
§ Dynamic Resource Pools
– Allows pooling of resources for access by zones
– Controlled by poold
• pooladm –e enables pool facility
• poolcfg configures pool resources

Solaris Containers: Zones.
The physical memory used by a group of processes can be constrained through the
resource capping features of the Solaris OS. The resource capping daemon
occasionally calculates the amount of physical memory used by these processes. If
the value exceeds a specified limit, the kernel pages out some of the pages owned
by the processes. These actions occur independently of the kernel and other
resource management controls.
Resource capping can be combined with zones to constrain the amount of physical
memory used by processes in zones, or by entire zones. To configure physical
memory constraints:
§ Create a project for each set of processes of the zone to manage.
§ Specify a maximum physical memory amount for the project, as it is currently
controllable.
§ Enable resource capping: Resources are capped by project

Solaris Containers: Zones.
§ Package management
– Packages can be installed for all zones, or one zone (pkgparam)
– Kernel patches cannot be installed for single zones
§ Global Zone
– Packages can be installed only in the Global Zone, or in the Global
Zone and all Local zones
§ Local Zones
– Packages can only be installed to the current zone if
SUNW_PKG_ALLZONES=false
§ To upgrade the OS, it is necessary to rebuild all
zones after the OS upgrade is complete!

Dynamic Tracing Facility: DTrace.
§ Features
– Enables dynamic modification of the system to record
arbitrary data
– Promotes tracing on live systems
– Cannot induce fatal failure!
– Allows tracing of kernel and user-level programs
– Functions with low overhead during trace, and zero
overhead if tracing is not being performed

Dynamic Tracing Facility: Dtrace.
§ The Solaris DTrace facility is a comprehensive dynamic tracking facility
that gives you a new level of observerability into the Solaris kernel and
user processes.
§ DTrace helps you understand your system by permitting you to
dynamically instrument the OS kernel and user processes to record data
that you specify at locations of interest, called, probes. Each probe can be
associated with custom programs that are written in the new D
programming language.
All of DTrace’s instrumentation is entirely dynamic and available for use
on your production system.
§ For more information, see:
the dtrace(1M) man page and the Solaris Dynamic Tracing Guide.

Dynamic Tracing Facility: Dtrace.
§ Probes
– A probe is a program location or activity – for example, every
system clock tick – to which DTrace can bind a request to perform a
set of actions, such as recording a stack trace, a timestamp, or the
argument to a function
– Probes are defined using the D programming language
– Probes are passed to a DTrace consumer – the primary DTrace
consumer is the dtrace command
– Probes are made available by a provider, identifying the module and
function, and have names

Dynamic Tracing Facility: Dtrace.
§ Providers
– Function Boundary Tracing (fbt) traces entry and return of every kernel
function
– syscall traces Solaris system calls
– lockstat traces kernel primitives for lock contention and hold times
– plockstat traces user-level primitives for lock contention and hold times
– sched traces scheduling events
– profile enables a configurable-rate timer interrupt
– dtrace provides pre- and post-processing capabilities
– pid enables fbt within processes and instruction tracing in the virtual
address space
– Other providers include sdt, vminfo, sysinfo, proc, mib, io, and fpuinfo

Dynamic Tracing Facility: Dtrace.
§ Consumers
– dtrace is the primary consumer
• Other consumers are rewrites of previously existing utilities
such as lockstat
– No limit on concurrent consumers – DTrace handles
multiplexing

Dynamic Tracing Facility: Dtrace.
§ Advantages
– DTrace allows system administrators to gather far more
information than was previously possible in a running
system
– Boundary traces allow system administrators to
conclusively indicate lock states, memory leaks, and
other conditions that degrade the system, and identify
the sources of the calls that cause the problems
– DTrace allows fine-grained data gathering by
programmers to identify tuning opportunities

Additional Information.
§ Sun Cluster.
§ Sun N1 Service Provisioning System.
§ Sun Management Console. (Sun MC / Symon).
§ Java Application Server.

Sun Cluster.
§ Sun Cluster’s highly-available environment ensures that critical applications are
available to end users. The system administrator’s job is to make sure that Sun Cluster is stable and
operational.
§ Administration Tools:
You can perform administrative tasks on Sun Cluster by using a Graphical User Interface (GUI) or by
using the command-line. The following section provides an overview of the GUI and command-line tools.
§ Graphical User Interface:
Sun Cluster supports Graphical User Interface (GUI) tools that you can use to perform various
administrative tasks on your cluster. These GUI tools are SunPlex™ Manager and, if you are using Sun
Cluster on a SPARC based system, Sun Management Center.
§ Command-line Interface:
You can perform most Sun Cluster administration tasks interactively through the scsetup(1M) utility.
Whenever possible, administration procedures in this guide are described using scsetup.

Sun N1 Service Provisioning System.
The Sun N1 Service Provisioning System software is an enterprise-class software platform that
automates the deployment, configuration, and analysis of applications in data centers.
The provisioning software applies an object-oriented approach to:
§ Application components.
§ Tasks that IT operators perform on application components: configuration, deployment, and
analysis.
This object-oriented approach ensures that all the intelligence about an application is
automatically taken into account every time that application is acted upon. This consistency
makes data center operations more accurate and less prone to error. Through knowledge of
what an application requires as a whole, IT operators gain unprecedented control over
applications and data center operations.
§ The provisioning system can help you perform the following tasks:
§ Automate and manage software rollouts, patches, and upgrades.
§ Develop models of your existing deployment processes.
§ Determine what software is installed on your hosts.
§ Compare the configurations of hosts.
§ Monitor and maintain documented and consistent configurations.

Sun Management Center.
Sun Management Center software is an open, extensible system
monitoring and management solution.
Sun Management Center has the following features:
§ System Management: Monitors and manages the system at the hardware and
operating system levels.
§ Monitored hardware: includes boards, tapes, power supplies, and disks.
§ Operating System Management: Monitors and manages operating system
parameters that include load, resource usage,disk space, and network statistics.
§ Application and Business System Management: Provides enabling
technology to monitor business applications such as trading systems, accounting
systems, inventory systems, and control systems.
§ Scalability: Provides an open, scalable, and flexible solution to configure and
manage multiple management administrative domains. These domains consist of
many systems and span across an enterprise.
Administrators can configure the software in a centralized or distributed fashion so
that theproduct supports multiple users.

Sun Management Center.
§ This solution uses Simple Network Management
Protocol (SNMP), the JavaTM Remote Method
Invocation (RMI), and the Hypertext Transfer Protocol
(HTTP).
§ These tools enable Sun Management Center to
provide integrated, comprehensive enterprise-wide
management of Sun products and their subsystems,
components, and peripheral devices.

Sun Java Application System.
The Sun Java System Application Server is a J2EE-compliant platform for deploying
enterprise Java applications, in conjunction with existing CGI and Netscape Server
API (NSAPI) applications. By integrating all server-side application support under a
single service regime, it is possible to minimize administration overhead, achieve
better scaling through tight integration, and provide combined monitoring and
event notification support. Historically, server-side applications providing back-end
and middleware services have used front-end presentation layers, in the form of
HTML pages, JSP pages, applets, and applications to give users combined access to
numerous data sources. By implementing business logic using the J2EE model, you
can avoid the pitfalls associated with multiprocess applications, such as those
written for use withWeb servers that support CGI, by using Java’s multithreading
capabilities.
Enterprise JavaBeans (EJBs) are one of the key technologies supported by J2EE.
These distributed components are of three varieties:
• Stateless session beans Store data and perform operations that are not stateful
• Stateful session beans Store data and perform operations that are stateful.
• Entity beans Allow object operations to be easily mapped onto relational database
tables.

Sun Java Application System. (Cont.)
By using stateful session beans to support user sessions, entity beans to
persist data, and stateless session beans to provide a low-overhead
interface to entity beans, you can build entire applications on the EJB
infrastructure. While the myriad layers and parameters associated with
an EJB deployment can be mind-boggling, fortunately the Sun Java
System Application Server provides advanced deployment tools to ease
and automate many aspects of this process. By implementing a
distributed object platform, server-side applications can be expanded to
span across multiple servers and clusters, improving scalability and
reducing bottlenecks.
Although most Java application servers support the J2EE specification,
given the wide variety in licensing costs, it’s important to understand
what features set the Sun Java System Application Server apart from
the competition.

Sun Java Application System. (Cont.)
Performance is the number one goal of the Sun Java System Application Server: in
addition to featuring multithreading within Java applications that it’s hosting, the
Sun Java System Application Server uses multithreading internally.
In addition, some tasks can be executed in parallel by using multiple threads.
Alternatively, multiprocessing is supported by virtue of data and process sharing
across multiple systems: as an application grows, various tasks can be assigned to
specific servers.
For example, one server might handle authentication, while another might process
all JDBC requests to a database server. One reason for implementing applications in
this way is that not all servers required to run an application may be located in the
same subnet: indeed, it is likely that an authentication server would sit outside a
firewall, while a database server would be the most difficult system to access
externally.
Since Java, CGI, NSAPI, and other server-side technologies can be handled by the
same application server, rather than by several independent servers, it follows that
performance improvements can be obtained by integration, since only one server
needs to be running.

Sun Java Application System. (Cont.)
The Sun Java System Application Server provides high availability by
supporting failover of stateful session beans.
This means that if a system that is storing data for an interactive user
session crashes for some reason, another server can recover the beans
and continue.
This is particularly useful when running applications that persist data in
stateful session beans for long periods - since entity beans and
stateless session beans do not store user state in the same way as
stateful session beans, this reduces a key risk in supporting EJB
technology.
Asimilar facility is provided for Common Object Request Broker
Architecture (CORBA) clients that connect through to EJBs.

Sun Java Application System. (Cont.)
Object caching is performed by the Sun Java System Application Server at several
levels, to ensure efficient resource usage.
This includes caching of JDBC connections to all databases, caching of JSP and
HTML output, and various other tasks.
While this approach has the inherent risks of object mismatching and incorrect
retrieval, the caching features of the Sun Java System Application Server are
generally robust, and can be switched on or off if desired.
In addition, the Sun Java System Application Server features some preemptive
strategies for streamlining data processing operations, including being able to view
result sets before they have been completely retrieved from a database table.
The Sun Java System Application Server is a highly scalable system: it works on
single- CPU systems runningWindows, as well as on high-end E10000 systems
running Solaris, with 64 CPUs.
In addition to making optimal use of a single system’s resources, the Sun Java
System Application Server is able to scale across multiple systems, making the
potential pool of CPU resources virtually unlimited.
Since the Sun Java System Application Server uses its own Distributed Data
Synchronization (DSync) system to share data among its configured servers, any
overhead involved in swapping tasks across different systems is minimized.

Sun Java Application System. (Cont.)
No additional installation or reconfiguration is required—new servers are added using the Sun Java
System Application Server Administration Tool as required.
Once you have added new servers to the pool of available systems, load balancing across all systems is
performed automatically, without your intervention, by using round-robin and other algorithms for
computing load sharing.
This does not require external load balancing, as the load-balancing function is integrated within the
application server. Security is a key concern for application services, and the Sun Java System
Application Server provides the best set of security offered in the J2EE market, since it is integrated
with the Sun Java System Directory Server.
By using LDAP for authentication and authorization, and single sign-on across all supported
applications, you can reduce security risks significantly.
The Sun Java System Application Server supports JDBC and database access by using the standard
Java SQL API, as well as a Unified Integration Framework API, that further abstracts vendor-specific
operations from individual JDBC drivers.
The Sun Java System Application Server supports DB2, Informix, Oracle, Sybase, and SQL Server, by
supplying highly optimized, multithreaded drivers that work with a single transaction manager, which
coordinates many low-level activities required to process transactions.
In addition, the Sun Java System Application Server now features an integrated version of the
PointBase database, which has support for relational and object storage. PointBase has its own JDBC
driver, and can be used during development and testing without a thirdparty database being present.

Bookmarks.
§ Sun Cluster.
§ Sun N1Service Provisioning System.
§ Sun Management Console.
§ Sun Java Enterprise System.
§ SMF.
– http://www.oreillynet.com/pub/a/sysadmin/2006/04/13/using-solaris-smf.html
– http://www.sun.com/blueprints/0206/819-5150.pdf
§ Zones.
– http://www.sun.com/bigadmin/content/zones/
– http://www.blastwave.org/docs/Solaris-10-b51/DMC-0002/dmc-0002.html
§ Dtrace.
– http://www.sun.com/bigadmin/content/dtrace/
– http://users.tpg.com.au/adsln4yb/dtrace.html