Review of Solaris 10

The vast majority of operating system reviews are the result of a user spending a few days or weeks using a particular operating system and writing about their observations. This review is the result of my continued use of Solaris 10 (previously Solaris Express) from August 2003 to February 2005.
System Administrator


Part of this was my work as an External Beta Tester for Sun Microsystems. This provided the opportunity for a number of people to test Solaris 10 on a large amount of hardware and software. A number of Sun engineers monitored news groups to gather information about issues with Solaris 10, this helped in fixing bugs that might not have been seen by other testers. Solaris 10 is probably the most tested operating system in recent history.


One advantage of such a relationship is that you can see the how the OS evolves from its early builds to the FCS release. I was also fortunate to be able to test Solaris 10 on both SPARC and Intel machines. An abbreviated list of the equipment I used to evaluate Solaris 10 is as follows:


2 Sun Blade 100’s with a 500 Mhz UltraSPARC II CPU, 1024 and 1152 MB of memory respectively and 20 GB disks


Sun Ultra 10 Creator with a 333 MHz UltraSPARC II CPU, 640 MB of memory and a 120 GB disk


Sun Ultra 30 with a 250 MHz UltraSPARC CPU, 1 GB of memory and an 18 GB disk


Sun Ultra 2 with 2 300 Mhz CPU’s, 1536 MB of memory and 8 9 GB disks in 2 Sun MultiPacks


Dual CPU Pentium III system with 768 MB of memory and 2 160 GB disks


Pentium IV system with 512 MB of memory and 2 40 GB disks


There have been a number of features that Sun has been touting such as DTrace, Solaris Containers (Solaris Zones), Process Rights Management, and Predictive Self-Healing. While these features are important, there are many other features that don’t get as much of the spotlight and are just as important and useful. In a discussion I had with Chris Ratcliffe, Marketing Director at Sun, he pointed out that since there are 600 new features added to Solaris 10 and that there are customers who have no idea that some things can be done with Solaris because the features are unknown to them. I have experienced this myself several times where in discussion with other administrators about a specific problem I would mention a tool and get “huh” as a response. This article will mention some of the “gold” in Solaris 10 that might be passed over for the more highly mentioned features. Understanding that many places might not be able to upgrade to Solaris 10, I will specify features that have been put into Solaris 9 by using (9 12/03), in this case a particular feature can be found in Solaris 9 12/03 release.


Installation Improvements


In the past you used the Software 1 of 2 CD and booted off of the CD to stat the installation, and you never touched Installation CD. With Solaris 10 you receive 4 CD’s (or 1 DVD) and all four have to be used to install the product (unless you choose a custom installation that does not require all of the CD’s. One of the things you might love (or hate) is the WebStart installer that is used for the Software 1 CD. For people not familiar with the WebStart Installer, if you use the Installation CD for Solaris 8 or 9 you would use the Installer. I never cared for it but you do have other installation choices (including text based), so pick the method that you are most comfortable with.


One of the biggest improvements in Solaris 10 (9 4/04) is the ability to create disk mirrors during the installation! Of course this requires a JumpStart server and a custom profile for the machines in question. This feature alone is worth “the price of admission”. For example I built robert2 (an Ultra 2 I use with Oracle) and mirrored the root disk and the four disks needed for Oracle during the installation, as opposed to creating the mirrors separately. Your mileage may vary, in my case it worked because I was using MultiPacks, this might or might not work with D1000’s or T3 arrays. An example profile is below showing the use of the filesys and metadb keywords to set up mirrored disks:


filesys mirror:d10 c1t2d0s0 c2t2d0s0 1024 /
filesys mirror:d20 c1t2d0s1 c2t2d0s1 2048 swap
filesys mirror:d30 c1t2d0s3 c2t2d0s3 2048 /var
filesys mirror:d40 c1t2d0s4 c2t2d0s4 2048 /usr
filesys mirror:d50 c1t2d0s5 c2t2d0s5 1024 /export/home
filesys mirror:d60 c1t3d0s0 c2t3d0s0 8192 /u01
filesys mirror:d70 c1t4d0s0 c2t4d0s0 8192 /u02
metadb c1t2d0s7 size 8192 count 3
metadb c2t2d0s7 size 8192 count 3
metadb c1t3d0s7 size 8192 count 3
metadb c2t3d0s7 size 8192 count 3
metadb c1t4d0s7 size 8192 count 3
metadb c2t4d0s7 size 8192 count 3

Another JumpStart installation improvement is the ability to add non-Solaris packages during the installation of Solaris. In many cases additional software is installed on a system and this takes time, especially if you have to build multiple machines. Using the package keyword in a profile and specifying a path to the package (must be in a SVR4 package format) allows the administrator to install additional software without having to handle CD’s or tapes and controlling what gets installed on each machine.


An installation method new to Solaris is WAN Boot (9 4/04), where a Solaris machine can be booted and have Solaris installed over a remote network without having Boot Servers installed on every subnet like what is required for JumpStart. WAN Boot requires a client machine that supports WAN Booting or by booting off the Software 1 of 4 CD and loading the wanboot program then proceeding with the installation. A WAN Boot server uses a web server to deliver the OS to clients, this can be done via http or https using certificates.


Most people end up turning on UFS logging to improve performance and help prevent disk related issues when machines are shut down dirty. Now UFS logging is turned on by default, and can be turned off by editing /etc/vfstab, making the appropriate changes, and rebooting.


The Desktop Experience


A lot of noise has been made about Sun’s choice of Gnome as the alternative Graphical User Interface, replacing OpenWindows. Then with Build 69, Sun introduces the Java Desktop System (JDS) to Solaris 10 bringing a new look and functionality. As I tested the OS, I started to really like JDS, it is clean, simple and easy to navigate. Many would say that it has a “Windows” look and feel, which is not necessarily a bad thing. Sun is trying to capture the Enterprise desktop with JDS, as opposed to the typical Unix user. Most Windows users would easily be able to use JDS without much training, and Sun has provided the tools necessary to further customize JDS to meet specific requirements.


For integration with Windows I was able to map a shared directory from my Windows XP laptop to my Ultra 10 in Network Places and create a shortcut to that location without any configuration! The inclusion of Evolution as an e-mail client along with StarOffice makes JDS really sweet. Another thing I liked was the being able to set up a non-PostScript printer without “pulling teeth” to get it done. Using Print Manager I was able to set up my LaserJet 6L connected to a Netgear PS-110 Print Server in under a minute! Anyone familiar with trying to configure a printer on a SVR4 Unix machine will appreciate this.


Service Management Facility


One of the biggest changes to Solaris 10 is the Service Management Facility (SMF), introduced in Build 69 SMF controls the starting and stopping of system and other services. For example previous to Solaris 10 to start the NFS server you would type:


/etc/init.d/nfs.server start


Under SMF you would type:


svcadm enable /network/nfs/server/default


The real benefit of SMF is the ability to automatically restart services based on the configuration of the system. This allows the system administrator to control what can or cannot be restarted by SMF, while you might want syslog to automatically restart, you might not want your Oracle database to be restarted after a dirty shutdown. SMF gives the administrator fine grained control over the starting, stopping, and restarting of services, and can make a system administrator’s life a little easier.

Security Enhancements


Solaris 10 brings a number of significant changes to improve overall security of the system, Solaris Containers and Security Rights Management have received much of the press. There are other features that contribute greatly to improved security of a Solaris system. Password security has been improved considerably by the inclusion of the following features:


1.A choice of encryption methods for passwords from the default crypt function, to an MD5 encryption that is compatible with BSD and Linux systems, Blowfish, Sun MD5, or a custom written module (9 4/04).


2.A password history can be enabled and hold up to 26 previously used passwords.


3.Solaris 10 allows you to create or use an existing password dictionary to check your passwords against for complexity requirements.


4.Passwords are now checked for complexity requirements that you specify.


About a year ago there was a link to a password dictionary that had 227,000,000 passwords being sent around the BugTrak mailing list. I downloaded the file, extracted it and had a 1 GB dictionary file. Modifying /etc/default/passwd to specify the path to the dictionary, I attempted to use the dictionary on my Ultra 30 and promptly locked the box up for 10 minutes while the password being used was being checked. This is not a fault of Solaris, but a dictionary of that size I would not recommended.


Another cool feature is TCP Wrapped rpcbind, any RPC request can be logged and RPC traffic can be limited to specifc hosts.


To check the integrity of a Solaris system, most administrators use Automated Security Enhancement Tool (ASET) which works, but is not protected from tampering in any way. Sun has addressed that issue with the Basic Audit Reporting Tool (BART) which can be used instead of ASET. BART allows any user to create a manifest of files on a particular machine (only root can create a manifest of the system). ASET requires root or Primary Administrator role level access to work which limits the functionality. BART also uses MD5 checksums for each entry in the manifest, and ASET does not meaning that malicious users would also have to generate an MD5 checksum that matches the manifest for each file they intended to modify, not an easy task.
The firewall software bundled with previous releases of Solaris, Sun Screen has been replaced with IPFilter. It is started by default but is in an unconfigured state, which means remote connections with telnet and SSH will work with no problems.


Bundled Software


Unlike previous releases of Solaris where Sun provided a Companion CD with various tools, Solaris 10 (if a Full Distribution installation is done) comes with 185 packages, 30 of them directly supported by Sun:


Apache http server versions 1.3.33 and 2.0.52
BIND version 9.2

flex version 2.5.4

GNU GCC version 3.4.3

GNU make version 3.80

Internet Printing Protocol (IPP) support and modules for Apache

MySQL database version 4.0.15

Samba version 3.0.4

Webmin


In the past to get some of this software, you either had to download it from www.sunfreeware.com, www.blastwave.org, use the Software Companion CD, or build it yourself. Of course if you don’t care for Sun’s choices you can always download and install the software of your choice. I see it as a welcome addition to Solaris to include these tools. All you have to do is add /usr/sfw/bin and /usr/sfw/sbin to your PATH and “off you go”. What is interesting about the inclusion of Open Source software with Solaris 10 is what Sun will support. SSH and Samba are fully supported, they might not be the latest version, but this means patches will be provided. Will Sun provide updates for software included in Solaris 10 that is not supported, I don’t know. But I do like the inclusion of the tools, if nothing else it saves the time in trying to find, download, and installing them.


Performance


Solaris 10 GA has not been on the streets for a month and people are already clamoring for benchmarks. I did some testing with iozone (www.iozone.org) on both my SPARC and x86 machines, but chose not to include them, the reasons why are simple:


1.Insufficient time to properly test both platforms correctly before publication using th GA Release.


2.Since there have been issues raised as to whether there would be a difference in how a benchmark would respond based on which compiler was used. Again I did not have sufficient time to test that theory to see if there was a significant difference between GCC and Sun Studio.


3.The performance of 7+ year old SPARC hardware is hardly a fair test for Solaris 10 considering that Solaris 10 is optimized for the UltraSPARC III or better CPU. Many of the SCSI systems ship with internal Fibre Channel disks that in my experience (SunFire V480) are really fast, especially after tuning maxphys.


Conclusion


I think that Sun has put some really nice touches on Solaris 10 that make it a better operating system for both administrators and users. The security enhancements are a long time coming, but are worth the wait. Is Solaris 10 perfect, in a word no it is not. But for most uses, including a a desktop OS I think Solaris 10 is a huge improvement over previous releases.


If you would like to see your thoughts or experiences with technology published, please consider writing an article for OSNews.

56 Comments

  1. 2005-03-02 10:47 pm
  2. 2005-03-02 10:56 pm
  3. 2005-03-02 11:12 pm
  4. 2005-03-02 11:12 pm
  5. 2005-03-02 11:14 pm
  6. 2005-03-02 11:15 pm
  7. 2005-03-02 11:15 pm
  8. 2005-03-02 11:17 pm
  9. 2005-03-02 11:20 pm
  10. 2005-03-02 11:21 pm
  11. 2005-03-02 11:25 pm
  12. 2005-03-02 11:26 pm
  13. 2005-03-02 11:28 pm
  14. 2005-03-02 11:29 pm
  15. 2005-03-02 11:30 pm
  16. 2005-03-02 11:31 pm
  17. 2005-03-02 11:40 pm
  18. 2005-03-02 11:41 pm
  19. 2005-03-02 11:46 pm
  20. 2005-03-02 11:51 pm
  21. 2005-03-02 11:58 pm
  22. 2005-03-03 12:13 am
  23. 2005-03-03 12:38 am
  24. 2005-03-03 12:59 am
  25. 2005-03-03 1:08 am
  26. 2005-03-03 1:52 am
  27. 2005-03-03 2:01 am
  28. 2005-03-03 2:09 am
  29. 2005-03-03 2:47 am
  30. 2005-03-03 3:36 am
  31. 2005-03-03 4:15 am
  32. 2005-03-03 5:17 am
  33. 2005-03-03 5:47 am
  34. 2005-03-03 6:46 am
  35. 2005-03-03 8:15 am
  36. 2005-03-03 9:48 am
  37. 2005-03-03 10:23 am
  38. 2005-03-03 1:26 pm
  39. 2005-03-03 4:19 pm
  40. 2005-03-03 4:19 pm
  41. 2005-03-03 4:20 pm
  42. 2005-03-03 4:36 pm
  43. 2005-03-03 4:46 pm
  44. 2005-03-03 4:51 pm
  45. 2005-03-03 5:54 pm
  46. 2005-03-03 6:40 pm
  47. 2005-03-03 7:14 pm
  48. 2005-03-03 7:40 pm
  49. 2005-03-03 8:07 pm
  50. 2005-03-03 8:11 pm
  51. 2005-03-03 8:29 pm
  52. 2005-03-03 8:52 pm
  53. 2005-03-03 9:18 pm
  54. 2005-03-03 9:27 pm
  55. 2005-03-03 10:02 pm
  56. 2005-03-11 6:57 am