Wednesday, December 7, 2011

what's new in solaris 11

this link list the what's new
  •  installation
    • Automated Installer 
      • installation framework for automated system provisioning
      • network installation
      • manifest
        • system configuration
        • SW pkg
        • zone
      • bootable image
    • Jumpstart migration utility js2ai
    • interactive Text installations
      • server configuration
      • automatic or manual network configuration
      • no GUI desktop
      • audio or wireless drivers
    • Live Media Installation (x86)
      • automatic network configuration
      • full GUI desktop
      • GNU partition Edition
    • Distribution Constructor
      • CML tool for building pre-configured bootable customized s11 installation image
      • use manifest description
        • target disk
        • SW pkg
        • basic system configuration
        • gold image
  • packaging
    • Image Packing System (IPS0
      • framework for complete SW lifecycle mgmt
        • installation
        • upgrade
        • remove
      • integrated with ZFS
        • safe upgrade with ZFS clone FS
      • network based package repositores
        • with full automatic dependency checking
          • any SW that is required is sutomatically installed or update
      • boot to different boot env
      • can lock down individua pkg
      • fast boot feature
        • on by default in x86
        • off by default in SPARC
    • support SVR4 pkg
      • no legacy patching tool
  • System configuration
    • SMF
    • Name service
      • nscfg
      • /etc/nsswitch.conf   svc:/system/name-service/switch
      • /etc/resolv.conf      svc:/network/dns/client
      • /etc/nodename         svc:/idenitty:node
      • /etc/defaultdomain svc:/system/identity:domain
      • /etc/default/init      svc:/system/environment:init
      • /etc/driver/drv/driver.conf
    • sysconfig
      • replace sys-unconfig, sysidtool
      • unconfiguring
      • reconfiuring
    • SMF, FMA
      • SNMP trap
      • SMTP notification
      • ASR
  • v12
    • zones are easier to create and manage
    • solaris10 zone
      • p2v
      • v2v
      • zonep2vchk
      • NFS server in zone
      • exclusive-IP zones by default
        • anet for exclusive-IP zone
      • administer network flow within NGZ
        • bandwidth
        • priority control based on IP address, subnet tramsport protocols and port
        • flowadm
        • flowstat
      • Delegated Administration
        • admin zone based on RBAC
      • zone boot env
        • ZFS boot env: ZBE
        • beadm inside zone
      • improved zones dataset layout
        • NGZ mimic GZ
        • NGZ support different ZFS dataset
      • immutable zones
        • read-only root for zones
        • Mandatory Write Access Control (MWAC
      • cleanly shutdown zones
        • zoneadm -z <z> shutdown
      • zonestat 
        • observation of system resources
        • memory, CPU, resource control limit
        • exclusive-IP: network device utilization on data-links, vlink and zones
        • libzonestat
          • svc:/system/zones-monitoring.default
      • tecla CLi editing library for zonecfg
        • emacs mode :default
        • vi mode
        • tecla(5)
  • Security
    • Role Authentication
      • root is a role by default
      • 1st user account is assigned root role
      • user assume root role
        • user  or role passwd
    • Trusted Platform Module (TPM)
      • TPM chip is a HW device on MB
      • protected storage
      • protected capabilities on an inexpensive components with restricted resource
      • s11 provide drivers 
        • TCG 12 spec
        • TSS SW to provide cryptographic openationd on secre device and adm toll for manageing the YPM and PKCS11 provider
    • labeled Ipsec
      • trusted extension
    • IPsec support AES FMAC Cryptographic Algorithm
      • data integrity of AES Galoris/Counter Mode (AES GCM) but without acturally encrypting the data
    • Kerberos Dtrace Providers
      • RFC4120
    • Trusted Extensions Enhancements
      • enables per-label and pe-user credentials to request a unique passwd for each label
      • tncfg :
        • create, modify and display networking properties
        • label network packets received from remote hosts
      • set security lables on ZFS dataset
    • Support ssh X.509 Certificate Extension
    • Solaris Cryptographic Framework
      • NSA Suite B algorithms
      • T4 support AES CFG mode used by table space encryption of oracle DB advanced Securiy option
      • support Intel Advanced Encrytion Stnadards (AES-NI0
      • Oracle key managemeny system now be used for AES key storage using the new pkcs11 kms plugin
    • In-kernel pfexec ZForced and Basic Privileges
  • Nwtrorking
    • re-architecture to unify, simplify and enhance observation and interoperability of NIC
      • GLDv3 driver framework
        • VLAN
        • link aggregation
        • MAC layer for Ethernet, Wi-Fi and IB
        • dladm
    • Network v12n and resource mgmt
      • V12N
        • VNIC
        • vswitch
        • VLANs
        • routing
        • firewall
        • tight integration with zone exclusive-ip
      • Resource Mgmt
        • QoS
          • bandwidth limits
          • CPU limit
          • interrupt-driven to polling
    • Manual and Automatic Networking
      • network profile svc:/network/physical:default
        • switch between automatic and manual networking by enabling Automatic or DefaultFixed profile through netadm and netcfg
      • Live Media install (LiveCD) use Automatic networking, useful for laptop
    • Default Names for Datalinks
      • net0, net1 etc
      • can be reverted
    • Changing MAC Address with dladm
      • persistent across reboots
    • IB Enabled and Optimized
      • improved support for Sockets Direct Protocol (SDP)
        • support RDMA; zero-copy data transfer
        • netstat, truss, pfiles mdb kmdb
        • NGZ for exclusive-IP and Shared-IP)
      • RDSv3 for Oracle RAC
    • Registration of VLANs
      • ability for broadcasting VLAN ID
      • VNIC support
    • Link Layer Discovery Protocol Support (LLDP)
      • one-way link layer protocol that allow an IEEE802 LAN station to advertise the capabilities and current status of the system 
      • lldpadm: enable/disable LLDP agent on physical datalink
    • New Sockets Architecture
      • no longer use STREAMS
      • significant performance improvements
      • simplified developer interface for new socket types
    • Load Balancing
      • Integrated L3/L4 LB
      • stateless DSR and NAT modes
      • CLI
      • configuration API
    • Link Protection
      • prevent guest VM sending harmful packets to network
      • basic threats: IP, DHCP, MAC, L2 fram spoofing
      • use ipf for inbound filtering and customizable  filter rules
    • Bridging and Tunneling
      • Bridging
        • Spanning Tree Protocol (STP, IEEE 802.ID-1998)
        • TRILL protocol
      • Tunneling
        • iptun
        • wireshark
        • snoop
    • IP observability
      • wireshark: packet sniffing tool and snoop
      • dlstat: runtme statistics for data link
    • IP Multipathing(IPMP)
      • re-architecture
      • ipadm
      • Transitive probe: new failure detection mode
        • without aditioning test IP address
        • svccfg -a svc:/network/ipmp setprop config/transitive-probing=true
        • svcadm refresh svc:/network/ipmp:default
      • in.mpathd
        • managed by SMF service svc:/network/ipmp
    • I/O Enhancements to netcat
    • new FTP server
      •  proftpd replace  WU-ftpd
    • Dtrace Networking Provider
      • tcp
      • udp
      • ipv4/IPv6
  • Storage
    • ZFS  is root FS
    • easy upgrade with IPS
    • ZFS data Encrytion
    • ZFS deduplication :(need  RAM, L2ARC with SSD)
    • ZFS Shadow Migration (local or NFS FS0
    • ZFS backup with NDMP with ZFS send/receive
    • Temporary ZFS mountpoint
    • ZFS snapshot Alias with zfs snap (snapshot)
    • Recursive ZFS send (dataset and descendents)
    • ZFS snapshot Diff
    • NFSv4 Client and Server Migration Support
    • SMB for Micosoft interoperability
    • Dtrace Storage Provider
      • SMB
      • iscsi
    • COMSTART SCSI target Frameworks
      • SCSI device type: disk, tape with FC
      • iSCSI Extensions for RDMA (iSER)
      • SCSI RDMA Protocol (SRP) for IB HCA
      • iSCSI
      • Fibre Channel over Ethernet (FCoE)
      • Dtrace Provider:
        • SCSI Target Mode Framework (STMF)
        • SCSI Block Device (SBD)
  • Kernel/Platform Support
    • SPARC T4
      • 2GB page size
      • ISA cryptographic HW optimization
      • CPU and DRAM performance counter support
      • L3 cache support
      • 20%-40% gain for various ciper and hash instruction
      • gain for SSL and direct cryptographic acceleration for DB 11.2.0.2
      • Critical Threads
        • dynamic allocation of HW resource to provide boots in performance
        • matching a thread's HW requirements with the amount of exclusive access to specific HW resources
    • Single-root I/O v12n (SR-IOV)
      •  extension to PCIe to allow efficient sharing of PCIe devices among VMs both in HW and SW
    • NUMA I/O
      • allow kernel threads, interrupts and memory to be placed on physical resources according to the physical topology pf the machines
      • specific high-level affinity requirements of I/O frameworks, actual load, resource control and power mgmt policies
    • Intel Advanced Vector Extensions(AVX)
      • new instructions vector floating point operations
        • image, video, audio processing, 3D modeling, scientific simulation and financial analytics
      • Sandy Bridge and beyond
    • Dynamic Intimate Shared Memory (DISM) performance Improvements
      • for large memory system 8x oracle DB start up improvement for ISM and DISM creation, locking, destruction
    • Suspend and resume to RAM
    • Improved HW supported
      • FMA
      • generic topology enumeration 
      • generic hotplug framework
      • latest Intel microprocessor
      • Intel's Latency TOP and Dtrace to measured latency
    • Dtrace cpc Provider
      • cycles executed
      • instructions executed
      • cache missed
      • TLB misses
  • user Environment
    • 850 open source pkg in IPS
      • Java SE 6, 7
      • GCC 4.5.2
      • Python 2.7
      • Perl 5.1.2
      • Ruby 1.8.7
      • PHP 5.2.17
      • complete web stack
    • Desktop env
      • GNOME 2.30.3
      • Firefox 6
      • Thunderbird 6
    • GNU
      • in /usr/bin
      • in /usr/gnu/bin
    • Default shell:
      • user:  bash
      • system: ksh93
    • Removable Media
      • HAL
      • D-Bus messaging passing system
    • new sound system
    • search for content in MAN pages
      • man -K searchstring
    • Virtual Console Terminals
      • svc:/system/vtdaemon:defaul
      • svc:/system/console-login:vt*
      • Alt-Ctrl-F#
    • Time Slider Snapshot Mgmt
      • use home
      • Gui
    • Common UNIX Printing System (CUPS) printing
      • Lp wrap CUPS functionality
    • libc  Familiarity
      • improve familiarity with linux and BSD
    • paths.h Path Name Definitions
      • /usr/include/paths.h
      • /usr/include/sys/paths.h
    • locale and languages (200+)
    • TrueType Fonts
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)