With distinctive, well-implemented new system administration features, widened platform support and an aggressive licensing model, Sun Microsystems Inc.s Solaris 10 is a bold bid to reassert the relevance of the Unix stalwart.
Click here to read the full review of Solaris 10.
2
With distinctive, well-implemented new system administration features, widened platform support and an aggressive licensing model, Sun Microsystems Inc.s Solaris 10 is a bold bid to reassert the relevance of the Unix stalwart.
eWEEK Labs tested the general-availability release of Solaris 10, as well as several of the beta releases that preceded it, and were convinced that the new Sun operating system has what it takes not only to prove a solid upgrade for current Solaris installations but also to merit consideration at sites where Solaris wasnt previously an option.
Solaris wider suitability is due, in large part, to Suns broader platform support: Solaris 10 runs on Advanced Micro Devices Inc.s AMD64 and Intel Corp.s EM64T (Extended Memory 64 Technology) x86 platforms, as well as on Suns UltraSPARC 64-bit and Fujitsu Computer Systems Corp.s SPARC64 platforms.
However, Solaris 10s x86 hardware support is not as broad as that of Linux and Windows, so the chances of running into problems installing Solaris 10 on hardware thats not on Suns hardware compatibility lists (www.sun.com/bigadmin/hcl) are greater. While installing Solaris 10 on one of our test systems, for example, we were delayed by an unsupported DVD drive, which we had to swap out for another before proceeding.
After nearly ditching the x86 version of Solaris in 2002, Sun must address the perception in the market that its not serious about x86. However, all Suns software—from JES (Java Enterprise System) to JDS (Java Desktop System)—currently runs on x86 and x86-64 versions of Solaris. Whats more, most high-profile applications that run on Linux are also available in Solaris-native versions for x86.
Sun includes many prominent open-source applications with its Solaris 10 disks, but for other open-source applications—or newer versions of the applications Sun includes—we turned to a volunteer project, blastwave.org, that packages mostly open-source applications for Solaris systems. We fetched precompiled Solaris binaries from Blastwave using the tool pkg-get, which we downloaded from Blastwave and which works much like Debians APT (Advanced Package Tool).
Sun also offers Janus, a tool that lets administrators install and run Linux binaries on Solaris 10. Janus, however, is not part of the initial Solaris 10 release. According to Sun officials, Janus will appear in Solaris 10s first quarterly update, which will be downloadable from www.sun.com/software/solaris/get.jsp. Sun guarantees that Solaris 10 is binary-compatible with previous Solaris releases, which will smooth the migration path at current Solaris shops.
Another big part of Suns push for greater Solaris relevance is the companys aggressive pricing plan: Solaris 10 is free to download and use, and access to security fixes is also free.
So how will Sun make money off Solaris? Its selling annual Solaris support contracts, priced at $360, $240 and $120 per CPU socket per year for premium, standard and basic service, respectively. In addition to direct support, Solaris service-plan subscribers receive access to updates and patches beyond security fixes.
This pricing scheme is compelling—we like the way it forces Sun to provide real value for its support contracts by making these contracts optional, the way Red Hat Inc. used to price its Red Hat Linux distribution before instituting mandatory, per-machine licensing for its enterprise releases.
In addition, Sun has announced plans to distribute a version of Solaris 10 under an open-source license next quarter—meaning that Solaris 10 will continue to be freely available.
Solaris 10 ships with a security framework inherited, in part, from Suns Trusted Solaris product. This enables tighter control of system resources through a permissions system thats more fine-grained than the user-based, discretionary access control scheme traditionally used by Unix and Linux systems.
Traditional Unix permissions remain the default in Solaris 10—the superuser hasnt gone away. However, we could use Solaris 10s User and Process Rights Management features to replace the all-powerful root account with less powerful roles tailored to specific tasks.
Solaris 10 doesnt ship with precreated roles, but it does come with a comprehensive list of rights profiles, such as those for software installation or printer management. All we had to do to create a role was select a name, attach one or more rights profiles to it, and select the users allowed to assume that role. Alternatively, we could assign a rights profile directly to a user.
We could carry out these tasks graphically or on the command line using Solaris Management Console.
Next page: Creating administrative roles.
Page Three
While we found it easy to get started creating administrative roles in Solaris 10, the process will require some troubleshooting and investigation to get right. For example, we created a role for software installation tasks by assigning Suns premade installation rights profile to a new role. However, our new role needed additional privileges to work with the Blastwave third-party software packaging tool. Solaris 10 ships with a tool called ppriv to help administrators sort out which permissions specific applications require to run.
Another rights management facility in Solaris 10, called Process Rights Management, enabled us to manage the rights of particular processes running on our systems.
For example, where a name-service administrator role might enable a standard user to take on elevated rights to manage that service, Process Rights Management can limit the hardware and data resources that the name-service process is allowed to access. As a result, if the name service were compromised by an attacker, the potential damages would be limited to the resources available to that process through Process Rights Management.
Another method that Solaris 10 offers for isolating applications is the systems new Solaris Zones feature, also called Containers or N1 Grid Containers. This facility, which is similar to the “jails” found in FreeBSD, enables administrators to create virtualized operating system instances, or Zones, in a Solaris 10 machine.
Zones function as if they were individual machines, with their own separate network interfaces and, if so configured, separate versions of applications and libraries.
Solaris Zones share most of their system files with the host system, or global zone; less than 100MB of files are copied to a new Zone at its creation. In contrast to fully virtualized machine environments, this saves space and reduces administration burdens because upgrades or software installations carried out on the host system can also apply to the virtualized instances.
We were able to create Zones in Solaris 10 by using a handful of terminal commands. The process was straightforward, but wed love to see a Zone toolbox element for the Solaris Management Console like the one we used to manage roles and privileges.
We could also use Solaris 10s resource management features to dole out resources to separate virtualized instances. Combined with the isolation and environment flexibility that Zones provide, this feature is a good fit for server consolidation tasks.
Another feature in Solaris 10 that should make life easier for system administrators is Predictive Self Healing, which comprises a reworked service manager framework and a new component called Solaris Fault Manager.
The service manager introduces a new way of managing services on Solaris that provides for automatic restart of processes that die or are killed improperly, including restarts of all the services on which the fallen service depends. The new manager also allows for snapshots of working service configurations and provides more verbose status information on running or failing services.
Solaris Fault Manager is a subsystem that receives error messages and other data from services and hardware, interprets that data and kicks off appropriate actions such as taking a failing CPU offline and notifying an administrator.
Another notable tool introduced in Solaris 10 is DTrace, which lets developers and system administrators peer more deeply into the workings of Solaris and the applications that run on it than they can with tools such as Suns truss.
Perhaps most important, DTrace offers these insights without requiring that examined applications be stopped or modified. In addition, the tool is designed to be run safely on production machines—making DTrace a good fit for optimizing systems in realistic surroundings.
Users interact with DTrace through commands and scripts written in a Sun-developed language called D, which is close in syntax to C. DTrace is an open-ended tool, so to get good results with DTrace, its helpful to have good familiarity with the applications being diagnosed.
Solaris 10 marks the release of Version 3 of Suns JDS, one of the graphical interface options for Solaris. (Suns venerable Common Desktop Environment is also available for installation.)
The JDS environment is based on GNOME 2.6, which provides a good desktop experience. This is despite the fact that its a version older than the GNOME 2.8 environment that Red Hat Enterprise Linux 4 includes, lacking such features as Version 2 of the Evolution groupware client. Solaris 10 includes Evolution 1.4, which lacks the integrated spam-blocking of the newer version.
However, JDS 3, which is rounded out by the StarOffice 7 productivity suite and the Mozilla Web browser, makes Solaris 10 a solid desktop system, particularly for developers who can take advantage of Solaris 10 development and testing goodies like DTrace and Zones.
Next page: Solaris 10 Web resources.
Page Four
- Sun has produced thousands of pages of excellent documentation for Solaris 10, all of which are available in PDF format at docs.sun.com/app/docs/prod/solaris.10.
- Although less broad than the volunteer software packaging resources that some Linux distributions enjoy, a good range of free, packaged applications are available for Solaris 10 at sunfreeware.com and www.blastwave.org.
- The Solaris forums are a good place to troll for troubleshooting information and administration tips. Go to forum.sun.com/category.jspa?categoryID=5.
- OpenSolaris is Suns freely licensed distribution of Solaris 10. At press time, Sun hadnt launched OpenSolaris, but the code for DTrace and licensing information on the project are available at opensolaris.org.
Source: eWEEK Labs
Senior Analyst Jason Brooks can be reached at jason_brooks@ziffdavis.com.
Check out eWEEK.coms for the latest open-source news, reviews and analysis.