Sun Microsystems Inc. is readying a series of new features for its Solaris OS, some of which will become available to participants in its early-access program in the next three to four months. Elsewhere, Scott McNealy and company are trying to change the business model for software and in the process revive Sun’s prospects, Fortune Magazine is noticing.
Is it just me or do ‘Trusted Containers’ sound a lot like chroot jails with a few bells and whistles thrown in?
and as a previous poster mentioned, this does sound suspiciously like chroot jails.
The new worstations/servers they rolled out in the related article aren’t exactly exciting, though I must admit the Sun Fire 440 sounds like a decent machine at a cost that isn’t typical Sun ‘It costs *how* frickin much??!!’
Maybe this article just managed to miss all the actually new and interesting things Sun is doing with Solaris. I hope so.
The partitioning would be significantly more powerful if it allowed you limit system resources based on partition. I wouldn’t guess that it as “simply” a chroot jail without seeing more.
No kidding on the v440! It’s cheaper, though barely, than a similar quad opteron rig from penguin computing. And that is with the low end opterons. With the high-end opterons it is *far* cheaper. I would love to see these systems tested against each other in some memory intensive apps. I want to say that the opterons would wail on the sparcs, but Sun tends to compensate for lower clock speed with awesome architecture.
Listen there are on major issue I have with Sun and Slowaris.
I am Sun Solaris 7 certified and in general like many aspects of Solaris 9.
However, UFS is just way freakin’ slow. They should partner with Veritas to make a version of vxfs standard on Solaris outside of the raid framework or use some other journaling fast filesystem. God, UFS is slow.
It makes the whole OS feel slow.
Just my opinion and all that.
Solaris 9 12/02 update and up have UFS performance improvements, enable logging and it improves performance even more.
http://docs.sun.com/db/doc/817-0493/6mg9pruag?a=view#whatsnew-updat…
I have heard that the faster UFS in Solaris 9 beat vxfs in veritas’ own benchmarks by 17 times.
Of course Sun can’t make that public because veritas is thier partner.
The partitioning would be significantly more powerful if it allowed you limit system resources based on partition. I wouldn’t guess that it as “simply” a chroot jail without seeing more.
It is basically the same sort of thing that has been available on IBM mainframes for years. One area where SUN could gain traction is the replacing mainframes market where their enterprise gear can easily compete with what ever IBM throws onto the market.
Solaris 9 12/02 update and up have UFS performance improvements, enable logging and it improves performance even more.
I’ve tried 08/03 of Solaris on x86 and SPARC, the speed improvement is worth the upgrade. As for VxFS, yes, I would love to see it being made available, however, SUN has this phobeia that they should make everything themselves instead of simply licensing the technology they need.
Is it just me or do ‘Trusted Containers’ sound a lot like chroot jails with a few bells and whistles thrown in?
Those “bells and whistles” encompass multiple virtual instances of Solaris running on a single system with negligable performance penalties. Sun has further removed a previous limitation, which was that the number of virtual instances of Solaris was limited to the number of physical processors in the system. Now keep in mind that server resources may be partitioned not only between virtual instances but within the instances themselves using Solaris’s incredibly advanced modular scheduling system.
I believe N1 also allows you to configure these virtual instances to move between systems dynamically based on load, but unfortunately I have no direct experience with N1.
How come Sun deems necessary to sell both Solaris and Trusted Solaris, instead of just the latter ? Do they think that some of their customers don’t need a high level security at all, in this internet era ?
Trusted Solaris (TS) is meant for military grade security with Mandatory Access Control (MAC) and heavy auditing. Simple things like opening a terminal require a login which is logged for an audit trail. Using trusted Solaris for normal every day use is no fun. everything is logged and requires authentication. Root is not a fully prvileged account on Trusted Solaris.
Solaris already supports many of the features from TS like PAM and RBAC (role based access control).
Trust me you wouldn’t want to use Trusted Solaris everyday:)
Yeah, I thought you would find it familiar.
http://www.osnews.com/moderation.php?news_id=4512#142469
Check out the new http://www.sun.com/desktop/sunblade1500/“>Sun . You can now get a 1GHz one with a reasonable graphics card for less than $6,000 (AU) = $3,000 (US). Aww… I want one!
Check out the new http://www.sun.com/desktop/sunblade1500/ Sun Blade 1500 Workstation. You can now get a 1GHz one with a reasonable graphics card for less than $6,000 (AU) = $3,000 (US). Aww… I want one!
AWESOME! when did they bring that out? it would be nice if SUN actually promoted their gear instead of the “let people find out themselves” marketing scheme they currently run.
You would think that companies running infrastructure crticial software, for instance the OS for a nuke plant control system, would be required to run trusted OS software. Not necessarily Solaris, but any vendors certified and trusted software.
Seems like it would be prudent for the US Gov to force this on critical industries.
Better than a nuke plant melting down because some hacker got into the control loop. Or worse yet, a virus attack disabled the controls.
Inquiring minds want to know.
According to the “Price & Buy” section, the release date is specified as “Call Sun” so I assume that the workstation will be released in a few weeks in the U.S. It’ll probably be a few months for us Australians 🙁
Sorry to be negative but this doesn’t seem to be that exciting. These are not major OS changes. Faster networking is good but how about some better tools to help the SA’s out.
> Sorry to be negative but this doesn’t seem to be that exciting. These
> are not major OS changes. Faster networking is good but how about
> some better tools to help the SA’s out.
I assume that you’re talking about config tools but I fail to see your point. SMC is fine for quick network/service configuration and is quite capable as an ACL config editor as well. Everything else is designed to be accessed via the command line. Which particular tools were you suggesting?
Maybe (over the years) I’ve just grown used to Solaris’ sometimes “less than perfect but good enough” ways of doing things.
What exactly do yo mean by “trusted” software? You say “vendor certified” does that mean that OSS is not to be trusted?
Solaris is all tuned to be easily remotely manageable. That means, your Nokia Communicator is more than enough to manage all details of a large Solaris server and storage network.
In addition, the Sun hardware has LOM and other features that make it possible to completely manage the system, even when it’s shut down or kernel-panic. Or any other state. Remotely, via a modem, if you want. Here Linux is really lacking – not necessarily because of it’s own fault, but because of the weaknesses of the Intel hardware platform.
Sure, there is Linux for a trillion other CPUs, but Intel is still the most often considered platform for Linux.
walterbyrd … trusted OS means just that. It is certified by the vendor to meet the governments test for a secure OS. Usually the OS has considerable access controls(ACLs) imbedded and a logging/tracing system to verify all actions. Typically these OSes are used by the military to prevent a secure system from being compromised.
My point was … compromizing the power grid or a power plant control system or a trains track controls would equally require a OS with secure strict access controls. Plenty of examples abound today. Now that we know terrorist want to do real damage and kil people, I would think this aspect of running our society moves to the top of the list.
Using a windows system connected to the interenet seems kind of dumb for critical infrastructure controls. UNIX/Linux is inherently more secure than windows, but lacks the secure OS ACLs to prevent someone from compromising the system, even from the console, not just the net. The logging and tracing system of a secure OS allows you to find out who did what if the system is compromised.
Read about Sun’s Trusted Solaris to read more.
The new ‘trusted containers’ or zones that Sun is putting into future Solaris releases is an example of Solaris future directions.
You wrote: “Faster networking is good but how about some better tools to help the SA’s out.”
What kind of tools do you mean? As the eWeek article briefly mentions, there is going to be a new tracing facility in Solaris. The article doesn’t really go into details, but this tracing facility is something of an uebertool — it allows you to dynamically create your own tools on the fly. And there is such enormous coverage of the system (over 30,000 probe points on a typical system) and such a rich language for enabling them, you will find that you can answer just about any question you can possibly have about the system. And most of all: it’s designed to be run _in production_ — so no more trying to reproduce strange performance problems on development or lab systems…
Sorry to be negative but this doesn’t seem to be that exciting. These are not major OS changes. Faster networking is good but how about some better tools to help the SA’s out.
What?
You’re kidding, right?
The only administration tool in Solaris that I’m really at odds with is PatchPro. It sucks. I’ve written my own scripts to accomplish the same task…
mario mentions how wonderful Solaris is to administrate via CLI, but I think I also need to mention SMC, which is the most powerful GUI management tool I’ve seen (with the possible exception of MMC)
I would say Solaris has better, more powerful CLI and GUI management tools than any other *IX operating system.
The only administration tool in Solaris that I’m really at odds with is PatchPro. It sucks. I’ve written my own scripts to accomplish the same task…
mario mentions how wonderful Solaris is to administrate via CLI, but I think I also need to mention SMC, which is the most powerful GUI management tool I’ve seen (with the possible exception of MMC)
I would say Solaris has better, more powerful CLI and GUI management tools than any other *IX operating system.
Apparently SUN is going to give patchpro an overhaul in time for patchpro being made available for Solaris x86.
As for SMC, it is nice but a real dog. IMHO, they should really move it over from Swing (If that is what they’re using) to SWT for the sake of speed, also, they need to integrate more “operating system” into SMC. Ever tried setting up a printer, what a bitch. It is like trying to bring peace to the middle east. Don’t get me started on PPP, jeepers, could they posssibly make it any more a chore to close a connection?
What they need to do is realise that there is going to more medium size businesses looking at deploying Solaris x86 instead of Windows, why not make it easier and more popular by making the operating system easier to configure for someone who may know what they need to do from a technical stand point but doesn’t want to learn for hours on end how to put that information into the operating system to get it up and running.