The most significant change to Solaris 11 is the new packaging system. And before I go any further, I want to briefly address why a new packaging system was created.
As discussed earlier, a goal of Solaris 11 was to increase system availability. To this extent, the System 5 packaging used in Solaris 10 wasn’t meeting this objective as well as we’d like. In Solaris 10, it was easy to patch the system into a state where it was difficult to determine exactly what the customers were running. For example, if a customer installed a patch, then installed a new piece of software, that piece of software is now unpatched, making the system very difficult to support.
We wanted create a packaging system that eliminated patches – so in Solaris 11 the system is updated in its entirety. The new packaging system is also tightly integrated with the ZFS file system. So when updates become available, they are applied to a ZFS clone of the boot environment while the system is safely running in production. A simple reboot is all it takes to bring the system back up again. And if for some reason the update harms the system, it can be just as easily rebooted back into its prior boot environment.
So IPS is a network based packaging system, retrieving packages from one or more configured software repositories. Those repositories can be public or hosted privatively. One of the elements included with the release of Solaris 11 is a copy of the software repository if you desire to host it locally. IPS hosted software is also aware of it’s dependencies, so there’s no more manually hunting down and installing other required software before installing a package.
The new packaging system is also tightly integrated with the Service Management Facility, which is now the recommended way for configuring software post install, as IPS doesn’t allow for installation scripts to be run. The reason for this decision was that it allows IPS to fully control the installation, and more importantly the un-installation process. Once scripting is introduced into the installation process, the steps required to cleanly uninstall a piece of software are no longer under the control of the packaging system.
OK, I already touched on this in the previous slide and Boot Environments are one of the key components to our availability story. You may be familiar with the Live Upgrade processes in Solaris 10, which allows you to upgrade your system while running live in production. Boot Environments build on that concept, while becoming quicker and simpler than Live Upgrade in Solaris 10. Boot Environments are a ZFS clone of the root file system responsible for system boot, and if you’re familiar with ZFS you know that clones are very efficient and light-weight – consuming very little space. We therefore recommend that you make a new boot environment before making any configuration changes that may potentially harm your system.
So on this slide we are comparing Solaris 10 Live Upgrade (what you see above the line) to Solaris 11 Boot Environments (what you see below the line). They’re both similar in regards to their availability story – changes are made to a copy of the boot environment. However, in Solaris 11, the “copy” operation only takes a matter of seconds instead of minutes as in Solaris 10. And it also requires quite a bit more space. So you’re probably not going to use Live Upgrade as a general safety net – you’re not going to wait 30 minutes just so you can have the option to back things out. Also, in production, the system changes quickly, and Live Upgrade leaves a large window of opportunity to potentially miss those changes from the moment the process starts until it completes. With Boot Environments, the snapshot and clone is an atomic transaction, creating an exact copy.
Another huge change coming to Solaris 11 Express is the introduction of the Automatic Installer or AI. Like the new Image Packing System, one of the goals of AI was to take advantage of other Solaris technologies like SMF and create a comprehensive auto-installation solution. For those of you familiar with Jumpstart, the Solaris 10 auto-installer, you know how much additional scripting was required to complete the installation process. With AI, much of the post-installation tasks achieved via scripting are now accomplished via SMF when a service is first booted.
I briefly want to introduce the distribution constructor, which as the name implies is a tool for creating your own custom distributions of Solaris. The Standard Solaris image is quite small – as a matter of fact it fits on a CD. It is therefore almost guaranteed that you will want a more custom distribution for your organization. That distribution could very likely include your own software packages as well.
The output from the distribution constructor can be another ISO, an image for creating a Live USB and/or a VirtualBox virtual machine.
This distribution constructor’s an important part of the automated installer, which I want to continue talking about next…
So, expanding on this graphic, now let’s look at the AI Server in the middle of the picture. The AI server contains a boot image and one or more manifests that describe how Solaris should be installed to the clients. The boot image can come from several sources, including an image produced by the distribution constructor.
The clients to which we want to install Solaris 11 are shown in the lower right. When they power up, the make a DHCP request for the address of the AI server. The client then goes to the AI server, and gets the manifest and boot image. The manifest can specify additional packages to be installed that are not part of the boot image, which will be retrieved from an IPS repository. The IPS repository used by auto-installer is also specified in the manifest and can therefore be local.
Let’s now move on to virtualization, which is a big part of our efficiency story.
As mentioned previously, it is possible to move either a physical Solaris 10 instance or an existing Solaris 10 zone into Solaris 11. We call this physical-to-virtual and virtual-to-virtual respectively. The ability to move Solaris 10 zones around between systems is quite easy and allows your data center to be nimble.
Solaris 10 also introduces a new monitoring tool, zonestat, which clearly shows the resources consumed by the zone. This is especially useful when zones are combined with resource management, which we’ll be discussing shortly.
We’ve also added the ability to delegate administration of a zone to a particular user, freeing the system administrator from many of the zone administration tasks.
Another component of our efficiency story surrounds virtualization of the network. With Solaris 11 you can now easily share limited network resources such a network interface cards. So physical links can be split into multiple virtual links. Also, links can be aggregated, brining high-availability to the networking layer. A single failing link no longer means a failing network.
As zones allow for server consolidation, network virtualization allows for network topology consolidation. In addition to network interface cards, network switches can also be virtualized. Combined with zones it is possible to consolidate servers and network switches into a single box, as we can see more clearly on the next slide…
So on the top half of this picture we have a traditional set of physical components – servers, switches, firewalls and clients. Pretty standard stuff.
After consolation, we’ve moved all of those components into a single box, which you’ll hear us refer to as “network-in-box”. So the physical servers are moved into zones. The physical switches become virtual switches. The router and firewall are a multi-homed zone. Even the client has been given its own zone.
Another key fact you will notice in this figure are the quality of service controls that can be placed on the virtual NICs. Notice the application and database servers can be assigned greater network bandwidth than other, maybe less critical components of the system. I’ll talk more about this subject of resource management in a moment…
So I’ve already talked about Virtual NICs and Switches. VLAN is an industry standard for being able to tag traffic so that it’s all treated as if it’s all part of a private LAN, even though it may not be. So Solaris now plays nicely with other networking vendors that are also VLAN aware.
The router we use based on the open source Quagga router. Solaris 11 also now includes a load balancer. And finally, Solaris 11 brings forward the IP Filter firewall that you may be familiar with in Solaris 10.
Now we’re going to talk about network resource management. We’ve added a significant element to the resource management story in Solaris 11 by adding the networking component to the mix. The whole point of resource management is the ability to give just the resources that are needed to those utilizing them, typically a zone.
Solaris 10 already allows for the management of the CPU and memory resources. Solaris 11 adds the ability to cap and prioritize the network – so a very compelling addition to the resource management story. We are also working with some of our vendors show that they will recognize and work with the configured settings, providing true end-to-end quality of service goals.
Here’s a use case of network resource management taken directly from one of our customers. In the top figure we have 2 servers pulling data from Server 2. All is well until the Network Tape Backup Server starts as shown in the middle figure, which drains needed bandwidth from Servers 1 and 3 and creating a quality of service issue. By using network resource management, the bandwidth to the lower priority Network Tape Server can be restricted, enabling Servers 1 and 3 to operate at acceptable speeds.
The restriction to the Network Tape Backup Server can be handled by assigning the server its own virtual NIC and limiting the bandwidth. However, Network Resource Management offers more fine grained control using a process known as flows, which allows bandwidth to the filtered based on IP address, MAC address, port or protocol and then prioritized accordingly. In this example, we’re filtering based on source and destination IP address and lowing the bandwidth. It’s very easy to administer, with zero impact on the client applications, and the settings can be adjusted dynamically as needed.
Moving onto Data Management, ZFS is now the default (and only) boot environment in Solaris 11. UFS is still a supported file system, just not for system boot as ZFS plays a critical role in our new update strategy just discussed.
New ZFS features not found in Solaris 10 include deduplication and encryption, both of which I’ll talk about more in a moment.
You’ll also find the Common Multi-protocol SCSI TARget framework or COMSTAR, which essentially allows you to convert any Solaris 11 box into a storage server. COMSTAR supporting the popular transport protocols iSCSI, Fibre Channel, and InfiBand.
The Common Internet File System, or CIFS, also known as SMB, has been moved into the kernel and integrates well with Microsoft’s Active Directory server.
Even the performance of the venerable NFS has been enhanced.
Overall, ZFS is a file system with experience. First introduced in Solaris 10 and over the last 2 years has been the backbone of our storage appliances. This should give you ample confidence in the ZFS file system.
Looking more at Deduplication, it’s a feature that essentially eliminates duplicate blocks of data on the disk, greatly conserving disk space. The feature is enabled at the dataset level and the amount of space conserved is displayed in the ZFS statistics.
Deduplication occurs in real time at a data block level. Note that deduplication occurs as new data is written, so turning on deduplication does not evaluate existing data for duplication.
This feature is also included with Oracle Solaris 11 and is not a for-fee addition as is the case with many other vendors.
ZFS encryption is the other big feature added to ZFS.
Those of you familiar with ZFS know that it allows you to easily create reliable storage systems from inherently unreliable components. With the addition of ZFS encryption, you are now additionally able to secure the ZFS data.
Like deduplication, encryption is enabled at the data set level. Encryption is enabled when the dataset is first created and it’s possible to use different encryption schemes for each dataset. So the process of encrypting existing data would involve creating the new data set and coping the data into it.
Finally, from a security perspective, there are several new additions in Solaris 11.
First of all, by default, it is no longer possible to log into Solaris as root. Root is now defined as a role, which must be switched to from an actual user account. If you think about it, this change greatly reduces the risk associated with the root password, as knowing that in itself will get you nowhere. In addition to the root password, to access the system as root you also need the password of an actual user that has been assigned the root role. So accountability is also increased as the system keeps a log of which users have assumed the root role. Contrast this with the accountability of a system where several folks know the root password and can log in directly as root. Of course, if that’s the approach you prefer, it is possible to easily revert root back to a standard user account.
We’ve also got something known as the Trusted Platform Module, which essentially ensures the nobody’s been messing with the hardware crypto unit. So basically, you can rest assured that alternative crypto hardware hasn’t been installed which could allow someone access to the system and its data.
As previously discussed under ZFS and Data Management, ZFS Encryption is obviously a critical component of our security story. And if you were wondering, yes, it does take advantage of the cryptographic accelerators available on the chips.
© 2010, www.oracledatabase12g.com. 版权所有.文章允许转载,但必须以链接方式注明源地址,否则追究法律责任.
相关文章 | Related posts:
- Oracle Solaris 11 Express发布了
- How to Setup and Run Oracle10g ODBC Driver on Solaris
- FAQ – 11gR2 requires Solaris 10 update 6 or greater
- Dream features in Oracle Database 12g?
- Solaris[TM] Operating System: DISM double allocation of memory
- Oracle Database 11g: New Features Overview eStudy Student Guide
- Oracle Data Integrator 11g Product Overview and New Features
- Undocumented or Lesser Known SQL*Net/Net8/Net8i Features & Parameters
- Step By Step guide for installing Oracle RAC 10gR2 on Solaris
- Step By Step guide for installing Oracle RAC 11gR2 on Solaris
最新评论