Solaris 10 Technology in GCCS-JSolaris 10 Technology in GCCS-J

UnclassifiedUnclassified

UnclassifiedUnclassified

Acknowledgements….GCCS-J Systems Engineering

Buccaneer Computer Systems & Service, Inc.Sun Microsystems, Inc.

R2AD, LLC

Tech Preview for AdministratorsTech Preview for Administrators

Video Production by BiblioTronix, LLC

2

Solaris 10 has many new features!Solaris 10 has many new features!

• DTrace

– Extensible traces and reports for system diagnostics

• Security Enhancements

• Much More

• Service Management Facility (SMF)

– View system wide service status

– New service approach to replace /etc/rc?.d• New model for system management

• Zones

– Containers (virtual instances of an OS)

– Main Focus of this briefing….

3

Service ManagementService Management

• “The service management facility defines aprogramming model for providing persistently runningapplications called services”

– Services are described using XML and startup based ondependencies and if enabled.

– Older RC scripts can be converted

• Commands and Directories to know…

– Service meta XML files are kept in /var/svc/manifest

– Service scripts are kept in /lib/svc/method

– Use the svccfg command to create services

– Use the svcadm command to manage services

– Use “svcs” to get current statuses services

4

Zones in GCCS-J OverviewZones in GCCS-J Overview

• Zones provide for server consolidation bycreating a virtual Solaris-10 Containers which:

– have their own IP Address

– own Hostname

– separate root and user accounts/passwords

– application and directory structures

One Server…. ….many zones:

5

Global Zone and Zone ManagementGlobal Zone and Zone Management

• Every Solaris-10 instance has one Global Zone

Global Zone

Machine/Box A:

– List zones from global zones using this command:• zoneadm list

Global Zone

Machine/Box B:

– Verbose output and include those zones not running:• zoneadm list -vic

– Create and manage additional non-global zones• zonecfg and zoneadm

6

Solaris 10 Global ZoneSolaris 10 Global Zone

Each GCCS server is deployed with a global zone containing aminimum “core” segment load. The global zone is used for systemadministration functions only.

•SSFP

•COE Kernel

•GSOLPT

•GJASS

•WEBMIN

•GCCS01

•JAVA2

•J2JRE

•SYSMAN

•UPTDSL

•SECBNR

•PRINTS

•PRINTD

•FFWEB

•others

Global zone

Global zone

-Static

-Used to manage hardware configuration

and maintenance

-Controls access to physical devices

-Can set the system time

-Can be imaged as a base load

/ file system

“global” and non-

global zone file

systems

core others

7

Zones Provide FlexibilityZones Provide Flexibility

All-in-One Option Normal Build Process Sun4V Architecture Option

I3SYB

I3SYB I3ZNS

attach Restore

I3APPI3ZNSSolaris

attach

Install

OS+ core

segments

Restore

Restore I3GLZ

or I3SYB

T2000V440V490High-end box

(ie: V880)

8

Flexible Zone and File SystemsFlexible Zone and File Systems

Solaris 10 11/06

TMSGW

Zone

NS

Zone

APPM

Zone

ORACLE

Zone

SECURITY

Zone

(SAFE)

APPL

Zone

PROXY

Zone

SECURITY zone

/ora01 file system

ORACLE zone

/ora01 file system

I3 Sybase

Zone

I3 Appserver

Zone

Sybase

SDS1 and SDS2

file system

Imagery

CLNTSRV

Zone

TMS

Zone

/h/USERS/global

file system

/h/data/global file

system

9

Assigning Hardware ComponentsAssigning Hardware Components

to Non-global zonesto Non-global zones

•SSFP

•COE Kernel

•GSOLPT

•GJASS

•WEBMIN

•GCCS01

•JAVA2

•J2JRE

•SYSMAN

•UPTDSL

•SECBNR

•PRINTS

•PRINTD

•GJAR

•GCCVer

•TCLTK

•ALTCLT

•FFWEB

•AUDIT

•SECAV

ORACLE zone

Hardware components

(disks, CDROMs, etc.)

are assigned to the non-

global zones by the

global zone

administrator.

ORACLE zone

/ora01 file system

view (read/write)

Global zone

/ORACLE_ora01

file system >zonecfg –z ORACLE

>add fs

>set dir=/ora01

>set special-/ORACLE_or01

>set options=[rw,nodevices]

>exit

Hardware components are

initially only accessible by

the global zone

administrator.

10

Upgrades:Upgrades:

Replacing Non-Global ZonesReplacing Non-Global Zones

Global

zone

GSOLPT

CNTP

DB Server:ORACLE zone

Release x.0

•SSFP

•COE Kernel

•GSOLPT

•GJASS

�preORA

�ORAS

�ORASP1

�GDBI

Release x.0 detached

and removed

ORACLE zone

Release x.1

•SSFP

•COE Kernel

•GSOLPT

•GJASS

�preORA

�ORAS

�ORASP1

�GDBIRelease x.1 copied and attached

• Backups of old zones can be simple

• Detach, tarball

• Detaching a non-global zone and attaching a new release of the zone is a valid upgrademethodology

• As always, managing patch levels is important! (use same version of GSOLPT)

• External disk devices can be used to store zones

• Choose fast access performance

• Up to 8192 zones can be created on a single physical server

11

Summary - ZonesSummary - Zones

• The Solaris Zones partitioning technology is used tocontain (“virtualize”) operating system services andprovide an isolated and secure environment forrunning applications.

• Benefits to the Program

– Security

– Stability

– Provisioning

– Migration

– Flexibility

– Non-Destructive Loads

I3 App Server Zone(s)I3 Sybase Zone

Global Zone

External router

One Physical Machine (an example)

12

Links for More InformationLinks for More Information

• Service Management Framework (SMF)

– http://opensolaris.org/os/community/smf/

– http://www.sun.com/bigadmin/content/selfheal/sdev_intro.html

• Information or Feedback on this briefing:

– E-Mail:

– VidCast Library: http://www.r2ad.com/training

– If you want more of these short briefs on important technicalsubjects, let us know!

• Zones

– http://opensolaris.org/os/community/zones

– http://www.kernelthread.com/publications/security/solaris.html