Guest Blogger:
Torrey Martin
Fujitsu M10 Product Specialist
Fujitsu-Oracle Center of Excellence
The Oracle Solaris operating system has been powering servers around the
world for decades and continues to set the bar in performance, reliability and
security. The Fujitsu M10 SPARC server family runs Oracle Solaris exclusively,
and the qualities of OS and server combine to provide applications running
around the world with mission-critical and high performance piece of mind.
Recently the Fujitsu Center of Excellence for Oracle team jumped at the
opportunity to interview one of Oracle Solaris’ key evangelists.
How long has Oracle Solaris been
around and what changes have been the most important or had the largest impact on
customers?
Solaris was
first launched in 1992, and in 2005 we released Oracle Solaris 10, which had a
major impact for our customers; it featured Solaris ZFS, Zones or Solaris
Containers, as well as DTrace, which brought big, new capabilities to our customers.
In fact, a large number of our customers are still running Oracle Solaris 10
today.
Oracle Solaris
11 is even more impressive. For example, our patching mechanism in Oracle Solaris
11 is revolutionary and has provided our customers with a 16X reduction in patching
time over Red Hat Enterprise Linux. Updates are easy, we’ve dramatically shrunk
the time and effort needed to patch. You don’t have to build a custom patch
set, which is one of the things that used to take so long. Oracle Solaris updates
come as one complete, pre-tested patch set. Plus, with Solaris Boot
Environments you can patch systems while they’re running so the only downtime
you experience is a fast reboot. With Oracle Solaris, it now takes just minutes
to patch a server; even a very large system with 10,000 disk drives and 20
different network interfaces. On a simple Windows PC, patching can take the
system offline for 30 minutes or more! Think of the security and time savings
that Oracle Solaris 11 provides. When a vulnerability is discovered we release
the patch, you type “pkg update,” you reboot, and you are back up and running
in minutes.
And that’s
just the initial release of Oracle Solaris 11. Since then, we’ve created a
technology called Unified Archives, making it easier to manage cloud
environments. It’s a flexible way of taking a snapshot of a system, and
redeploying on any other system using Oracle Solaris virtualization technologies
– regardless of which virtualization technology they were created in, or the
size.
In terms of
security and from my experience, rather than a full install that requires an
iterative process of disabling functions, Oracle Solaris can be installed with
a minimal package and then only the required functions added while maintaining
PCI-DSS compliance. The audit process is much easier. This is especially
important for customers in the e-commerce and financial fields, and it makes Oracle
Solaris less costly to secure than Linux.
How is Oracle Solaris evolving to
meet the needs of cloud, mobile, scale-out, IoT, etc?
We integrated
OpenStack, the fastest growing open source project in history into Oracle
Solaris 11.2, giving customers a full cloud management infrastructure and a set
of APIs. I want to point out that we didn’t just add OpenStack to Oracle Solaris; we actually integrated the two together. For example, OpenStack works with our system management software,
so if a VM service running in an OpenStack cloud cluster of 1,000 machines goes
down, we automatically re-start services, so it never “goes down.”
For
scale-out environments, we have integrated Puppet into Oracle Solaris 11 and
continue to work with other open source technologies.
In terms of
mobile and the Internet of Things, with everything being browser-based these
days, you can use Solaris technologies to make your back-end server infrastructure
secure, giving you the assurance that when you connect a device to your
network, your database servers are secure, and those machines can’t be used by
cyber criminals to infiltrate your datacenter.
Is Solaris still relevant in the
datacenter space?
As much as
some people like to say we’re not, we absolutely are. Security is a top
priority and Oracle Solaris gives you so many built in security capabilities, which
when used together, can protect you from attacks. Another big technology in Oracle
Solaris 11.3 is the virtual memory system. We are able to demonstrate one of
the advantages of Oracle Solaris over Linux in terms of database start-up time.
We took two identical x86 boxes with two disk drives side-by-side: one with Solaris
installed, one with Red Hat Enterprise Linux installed. When we started the Oracle
Database (6TB memory, 5TB SGA) running on Red Hat Linux, it took 51 minutes for database start-up. With
the identical Oracle Database running on Oracle Solaris, it took only 166 seconds (~2.8 minutes) to start the
same configuration. The Solaris team has and continues to work with the Oracle Database
team to provide additional benefits for using Oracle Solaris.
We’re also
building out a program to make Oracle Solaris and SPARC readily available to
the open source community so anyone can develop and test on top of Solaris,
making it easy for SPARC and Oracle Solaris to be the default platform.
Is Oracle Solaris still relevant in
the independent software vendor space (ISV)?
For the ISV
community, take a look at our software investments. We doubled the size of our Solaris
development team since the Sun acquisition (2010), and we’re investing heavily to
make Solaris even more secure and easier to use. We give you a set of developer
tools called Oracle Solaris Studio that ISVs, and even customers, are
using. It supports multiple platforms (SPARC/Solaris, x86/Solaris, other OSes),
so you can find cross-platform performance bugs.
Customers
have told us that our tools are easier to use and so much better for diagnosis.
The Solaris tools give them a 50 percent increase in developer productivity. By
the way, only the Solaris tools can go from stack trace to Java down to C.
We’re
working hard with ISVs to give them everything they need. ISVs see the value from deploying on Oracle Solaris
and their customers are asking for it.
Security is increasingly important in
a world with billions of end-point devices and cloud-based apps – how secure is
Oracle Solaris?
In my
opinion, Oracle Solaris is the most
secure operating system out there. In addition to Solaris packaging, the
inherent way it works, and PCI-DSS compliance testing, and we offer Immutable Zones.
Immutable Zones
let you set the hypervisor, guest, and host OS to read-only - not even writeable by root. Also, by default, Oracle Solaris
doesn’t have a root user; it’s all role-based access control (RBAC) to carefully
regulate who sees what. This is increasingly important, because almost every
major attack today involves someone getting escalated root privileges, allowing
them to run malicious code. And these aren’t “smash and grab” attacks. They
want to be in there for months; scanning systems, looking for vulnerabilities
like LDAP/Active Directories to attack, to gain access to user names, passwords,
and other data.
Because
Oracle Solaris provides read-only systems, cyber criminals simply cannot land. Even if they somehow get into your network, they
can’t gain a foothold. So you can use Immutable Zones and Kernel Zones to
isolate or “DMZ off” your web-tier.
Why use Oracle Solaris over Linux?
This is
really simple. In my opinion, Solaris is more secure than Linux. Oracle Solaris
is simpler to manage than Linux. Paired with today’s high-performing hardware, Oracle
Solaris is more efficient and much easier to manage and maintain than Linux.
Earlier, we talked
about the 16X advantage over Red Hat, allowing Oracle Solaris administrators to
spend less time on patching and updating. Add to that our unified archive
capability, which allows you to take a snapshot of a machine running multiple
VMs, encrypt it, and then deploy all or part of it – and that’s with any VM, any virtualization technology, any
size.
We have one
customer who runs our compliance tool over his entire datacenter to get a weekly
report to know everything is fine. In this case, we’re taking 30 to 60 percent of
compliance spend and reducing it by as much as 10X, which frees up all that
extra money for the customer to innovate in the datacenter.
What advantages do features like ZFS,
Zones, and DTrace offer customers?
Let’s start
with DTrace. DTrace allows customers to analyze how their systems and software
are running; giving them an in-depth view of the system and what the software
running on that system is doing at any time and in real-time. The only other
way to do this is to build this capability into the application software
itself, but the nice thing about DTrace is that it’s built into the operating
system, and it’s safe to run in production.
Various
versions of Linux have tried to implement something like DTrace unsuccessfully.
A blogger friend of mine, who uses both Linux and Oracle Solaris, was trying to
diagnose a problem in Red Hat Linux using a tool with similar functionality and
it crashed the production server!
Oracle Solaris
Zones are basically zero-overhead
virtualization. Truly, there’s no additional overhead, plus it’s built into
the operating system so you not only get better performance when you’re
virtualized, but you also need to buy fewer machines. As a comparison, a
traditional type 2 hypervisor can use up to 40 percent of the processor just to
manage the environment. You don’t incur that overhead with Oracle Solaris -
even when the number of virtual environments on the system gets large. With Solaris
Kernel Zones, you get all the flexibility of a hypervisor, without the
performance penalty normally associated with virtualized environments or the
dollar penalty required to license that virtualized environment. Bare-metal
performance without spending money!
Next, we
have our advanced file system, Solaris ZFS. Besides being ultra-reliable and having
the ability to detect and fix corruption at the disk block level before it
happens, ZFS builds in compression, de-duplication and encryption. Why is this important?
Compression and de-dupe result in big savings for our customers. Customers use
ZFS to compress data in their datacenters and get from 3X to 22X improved
compression rates, depending on the data sets. Compressing data sets for your
database or your application at this rate is phenomenal – it means one-third
fewer disks needed, one-third cost on disks, not to mention the floor space
saved, much lower power and cooling needs, and lower administrative costs.
In terms of
security, cryptographic engines are built into the processors today and Solaris
automatically uses these cryptographic engines to achieve lightning-fast cryptography.
It’s so fast that you don’t even question what to encrypt, you just encrypt
everything.
Are there advantages to running
Oracle software products on Solaris?
Yes! Our
Solaris kernel engineers work side-by-side with Oracle Database developers in
order to make the database run better on Oracle Solaris. This shows up in many
ways, one being the dynamic resizing of database shared memory. We can resize
memory up and down, which means you can actually resize VMs running the
database. For example, say there are certain peak times of year when your
database needs maximum resources. Oracle Solaris allows you to easily allocate
more memory or CPU power, or shrink them back down so resources can be used by
another VM without having to take them offline.
If you could dispel one rumor or
misunderstanding about Oracle Solaris, what would it be?
The biggest misunderstanding
about Oracle Solaris is that we’re not innovating...but, I hear this from
customers who are running Solaris 8, 9 and 10! These customers need to move to Oracle
Solaris 11, and they will see an amazing amount of innovation going on. As I
mentioned, we’ve doubled the size of
the Oracle Solaris development team, and there are a large number of people,
all over the world, working on Oracle Solaris today.
Another thing
I hear is that Oracle Solaris is not open. While the kernel is not open, 90% of the software shipped with Oracle Solaris
is open source. With Oracle Solaris 11.3, we announced that all of our open
source software is freely available to anyone to update. With an entire
community available to detect and fix bugs, the overwhelming majority of bug
fixes in Oracle Solaris happen in free and open source software and are
available as soon as the fix hits our release repository.
What do you think of the Fujitsu M10
servers and the Fujitsu SPARC64 X/X+ processors?
The Fujitsu
SPARC64 X and X+ processors have a unique feature that has always intrigued me:
they provide hardware acceleration for Oracle NUMBER, so sequences are faster.
You can accelerate calculations since the work is offloaded from the software
and done in hardware in a nanosecond or two. So anytime there is math involved
in the database, the database is going to run much, much faster. I was an Oracle Database engineer for 8 1/2
years, responsible for sequences and Oracle NUMBER, and always thought, “why
don’t we have that in our servers?”
We have a
very strong relationship with Fujitsu and expect that to continue. Fujitsu is
one of the few companies that has access to Oracle Solaris source code, and
that has to do with the strong relationship. Our customers win because they get
to pick the best hardware that meets the specific needs of their deployments.
Normal
0
false
false
false
EN-US
X-NONE
X-NONE