oracle solaris 11.1 new features
TRANSCRIPT
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 1
Oracle Solaris 11.1 new features
Orgad Kimchi
Oracle ISV engineering
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 2
The following is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated into
any contract.
It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described for Oracle‟s products remains at the sole discretion of Oracle.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 3
Oracle Solaris 11 Mission Critical Meets Cloud
Solaris 11
Highly Available, Secure
Platform for Enterprise Apps
Predictive self healing
ZFS data integrity
Low overhead snapshots
End to end encryption
Application Clustering
Compliance reporting
DTrace observability
Large-scale Cloud
Management
Zero overhead Server,
Storage, Network
virtualization
Immutable zones
Fast, fail safe
life cycle management
Comprehensive cloud
management solution
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 4
Key enhancements delivered in Oracle Solaris 11.1
• Installation
• System configuration
• Virtualization
• Security and Compliance
• Networking
• Data management
• Kernel/platform support
The new Oracle Solaris 11.1 features over 300 new performance and
feature enhancements
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 5
Installation Enhancement
The interactive installer now supports installing the OS to iSCSI
targets.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 6
ASR & OCM
ASR (Auto Service Request) and OCM (Oracle Configuration
Manager) have been enabled by default
ASR - create service requests to speed up support processes.
OCM - Proactively provide support information and
This is optional and can be disabled but helps a lot in support
cases.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 7
Service Management in Solaris (SMF) SMF provides an infrastructure that augments the traditional UNIX
startup scripts
provides a mechanism to define the relationships between applications
or services
Automated restart of services in correct order:
> administrative error
> software bug
> uncorrectable hardware error
Parallel startup improves system boot time
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 8
Management Enhancement
• svccfg:
– New options extract and delcust (diffs management)
– Improved „editprop‟
• svcbundle: generates SMD manifests and profiles
• pfedit: for editing administrative files
• rsyslog: daemon for message logging
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 9
Svcbundle - Simple SMF Manifest Creation Tool
The new command svcbundle helps you to create
SMF manifests without having to struggle with XML
editing.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 10
Svcbundle - Example
Solaris 11.1
# svcbundle -o isv-service2.xml -s service-name=application/isv-service2 -s
model=wait -s start-method="/var/tmp/smf/isv-service2-start"
# cp isv-service2.xml /lib/svc/manifest/application
# svcadm restart manifest-import
# svcs isv-service2
Solaris 10 & Solaris 11
# svccfg validate ./isv-service2.xml
# svccfg import ./isv-service2.xml
# svcs /application/isv-service2
STATE STIME FMRI
online 11:52:09 svc:/application/isv-service2:default
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 11
Svccfg - Improved SMF Service Configuration
New options extract and delcust for svccfg(1M) to help
diff and apply customizations to other systems.
# svccfg listcust -M | grep mysvc
svc:/system/mysvc manifest MASKED
manifestfiles/lib_svc_manifest_test_mysvc_xml astring admin \
MASKED /lib/svc/manifest/test/mysvc.xml
svc:/system/mysvc:default manifest MASKED
# svccfg -s svc:/system/mysvc delcust
Deleting customizations for service: system/mysvc
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 12
Svccfg - Improved SMF Service Configuration
Improvements to svccfg editprop to ease making
changes via text editor.
# svccfg -s svc:/application/pkg/system-repository:default editprop
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 13
RBAC - Role-based access control
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 14
RBAC Background
Role-based access control allows system administrators to delegate the
administrative control of parts of the system to users.
Users can be given the ability to run command with additional privileges
in two ways:
Assigning a profile directly to the user, in which case no additional
authentication is required
Creating a role and assigning the profiles to the role.
It can also be used to build restrictive environments for users by
removing their ability to run commands they would normally be allowed
to run.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 15
pfedit - Administrative Edit
Ever wondered how to delegate editing permissions to certain
files? It is well known "sudo /usr/bin/vi /etc/hosts" is not the right
way, for sudo elevates the complete vi process to admin levels,
The user can "break" out of the session as root with simply
starting a shell from that vi.
Now, the new pfedit command provides a solution exactly to this
challenge - an auditable, secure, per-user configurable editing
possibility.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 16
pfedit - Example
Creating a Profile
To create a profile with solaris.admin.edit authorization that can be assigned to users to modify
/etc/syslog.conf, use the profiles(1) command.
# profiles -p "syslog Configure"
profiles: syslog Configure> set auths=solaris.admin.edit /etc/syslog.conf
profiles: syslog Configure> set desc="Edit syslog configuration"
profiles: syslog Configure> exit
Modifying /etc/syslog.conf
If a user has the “syslog Configure” profile as configured in the previous example then
invoking:
~ pfedit /etc/syslog.conf
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 17
rsyslog - New Logging Daemon
Native support for writing to MySQL databases
Native support for writing to Postgres databases direct support for
SQLLite, Ingres, Oracle,
Support for sending mail messages
Support for (plain) tcp based syslog - much better reliability
Sending and receiving compressed syslog messages.
Log files larger than 2gb support for file size limitation and command
execution
Support for running multiple rsyslogd instances on a single machine
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 18
/etc/rsyslog.conf – Example # Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName uniqName # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 19
Improved Viewing of Per-CPU Statistics
The performance analysis commands mpstat(1m),
cpustat(1m), and trapstat(1m)
Provide a line of statistics output for each CPU. If there
is a large number of CPUs, there is far too much data
for a person to interpret, which makes it difficult to spot
the interesting and relevant data.
New options have been added to sort, aggregate, and
display the data in a more condensed format.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 20
mpstat - Example Improved viewing of per-CPU statistics
21 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Network Virtualization
• Fully simulate your production
environment
– Reduce expense with software network
equipment
– More testing means better quality
– Easier to test different scenarios or even
different production environments
• Rapidly roll out to your production
– Better define your production environment
network requirements
Test the Un-Testable
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 22
Edge Virtual Bridging
– Making the network “virtualization
aware”
– Offload bandwidth control on switches
Data Center Bridging
– Convergence of storage and networking
– Enabler for low latency RDMA over
Ethernet
– Multiple lanes of traffic on the same link
New with Solaris 11.1
Software Defined Networking
Save cost by leveraging
Ethernet for storage Prioritize bandwidth
for key applications
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 23
Edge Virtual Bridging (EVB)
EVB extends network virtualization features into the physical network
infrastructure
Allowing users to manage bandwidth and to increase utilization of
network resources. EVB is an IEEE standard 802.1Qbg that defines
new protocols and mechanisms for exchanging information about
virtual links between hosts/stations and a switch/bridge. Using EVB,
properties (such as the bandwidth limit) of the Oracle Solaris Virtual
NIC
(VNIC) can be exchanged with the switch so that the switch can be
configured accordingly for the VNIC.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 24
Edge Virtual Bridging - Example # lldpadm show-agent -lv net0 Agent: net0
Chassis ID Subtype: Local(7)
Port ID Subtype: MacAddress(3)
Port ID: 00:14:4f:01:77:5d
Port Description: net0
Time to Live: 81 (seconds)
System Name: hosta.example.com
System Description: SunOS 5.11 dcb-clone-x-01-19-11 i86pc
Supported Capabilities: bridge,router
Enabled Capabilities: router
Management Address: 192.168.1.2
Maximum Frame Size: 3000
Port VLAN ID: --
VLAN Name/ID: vlan25/25
VNIC PortID/VLAN ID: 02:08:20:72:71:31
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 25
Data Center Bridging (DCB)
DCB allows the same network fabric to be used for both Ethernet and
storage traffic reducing overall infrastructure costs in a datacenter.
Based on IEEE 802.1Qaz has been added to the DCB functionality
introduced in Oracle Solaris 11 11/11.
This will provide guaranteed bandwidth and lossless Ethernet transport
for converged network environments where storage protocols share
the same fabric as regular network traffic.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 26
Data Center Bridging (DCB) -Example
# dladm show-phys -D pfc net0
LINK COS PFC PFC_EFFECT CLIENTS
ixgbe0 0 YES NO net0,vnic1
1 YES YES vnic2
2 YES NO vnic3
3 YES NO vnic4
4 YES NO vnic5
5 YES NO vnic6
6 YES NO vnic7
7 YES NO vnic8
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 27
VNIC Migration
VNIC live migration is now supported from one physical NIC to another
on-the-fly
For example, if a PNIC becomes saturated, a VNIC associated with
one key application can be migrated across to another PNIC (one with
available bandwidth) without taking an outage.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 28
VNIC Migration - Example
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic1 net0 1000 2:8:20:c2:39:38 random 0
vnic2 net0 1000 2:8:20:5f:84:ff random 0
# dladm modify-vnic -l net1 -L net0
# dladm show-vnic vnic0
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic1 net1 1000 2:8:20:c2:39:38 random 0
vnic2 net1 1000 2:8:20:5f:84:ff random 0
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 29
Zone updates now execute
in parallel
Time savings exponential across
datacenter
New with Solaris 11.1
Fast Zone Updates
4x less downtime
during maintenance windows
0 10 20 30 40
Solaris 11.1
Solaris 11
Minutes
Updating a T4 System with 20 Zones
Increase consolidation ratios without
increasing maintenance windows
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 30
Zones on shared storage
Zones framework automatically manages
• Configuration/un-configuration of storage services
• Attach/detach of storage devices
• zpool creation, import, export
• For SAN and iSCSI
New with Solaris 11.1
Easy Mobility for Zones
Move zones around between systems
quickly and easily
Z
o
n
e
B
Z
o
n
e
A
Z
o
n
e
C
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 31
Zones On Shared Storage (ZOSS) - Example
zonecfg -z zone1
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
create: Using system default template 'SYSdefault'
zonecfg:zone1> set zonename=zone1
zonecfg:zone1> set zonepath=/zones/zone1
zonecfg:zone1> add rootzpool
zonecfg:zone1:rootzpool> add storage dev:dsk/c7t2d0
zonecfg:zone1:rootzpool> end
zonecfg:zone1> exit
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 32
File System Statistics for Oracle Solaris Zones
Until now, global zone administrators had no way of monitoring activity
in a particular zone
Nor could non-global zone administrators monitor fstype activity in their
own zones.
This update provides a per-fstype kstat (kernel statistic) for each zone.
The global zone also has a kstat exclusively reporting its activity.
Now, over kstat you can find out which zone's I/O has an impact on the
other ones, see the examples in the
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 33
Reporting Per-Zone fstype Statistics for all Zones
$ fsstat -z s10 -z s10u9 zfs tmpfs
new name name attr attr lookup rddir read read write write
file remov chng get set ops ops ops bytes ops bytes
93 82 6 163K 110 507K 148 69.7K 67.9M 4.62K 13.7M zfs:s10
248 237 158 188K 101 612K 283 70.6K 68.6M 4.71K 15.2M zfs:s10u9
12.0K 1.90K 10.1K 35.4K 12 60.3K 4 25.7K 29.8M 36.6K 31.0M tmpfs:s10
12.0K 1.90K 10.1K 35.6K 14 60.2K 2 28.4K 32.1M 36.5K 30.9M
tmpfs:S10u9
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 34
Performance Improvements for Install and Attach Operations
Enhancements to install and attach operations on Oracle Solaris Zones
have made zone system management operations much faster
27 percent decrease in the time it takes to install a zone
91 percent decrease in the time it takes to attach a zone have been
observed
Along with the ability to update zones in parallel, this means that
planned service implementations or planned outages can be much
shorter.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 35
Driving Cloud Infrastructure Innovation
Security Immutable Zones
Deployment Linked Images, Parallel Zone Updates, AI Integration, IPS integration,
Package minimization
Network
Virtual NICS (VNICS), Automatic VNICs, Bandwidth Control, Exclusive IP by
Default, Network Observability, Infiniband Enhancements, Data Center
Bridging, Edge Virtual Bridging
Storage Zone Boot Environments, ZFS Datasets, Recursive ZFS send, NFS Server in
a Zone, Zones on Shared Storage, Lofi improvements
Migration Pre-flight Checker, Solaris 10 Zones on Solaris 11, Zones install update for
V2V archives
Management System Configuration, Clean Shutdown, Hung Zones, Zones “unavailable”
state, Zonestat, Per Zone fsstat, Zones RAD Module
Web Tier
Application Tier
Database Tier
Finance
Dataset
Financ
e Zone
HR
Dataset
HR
Zone
Sales
Dataset
Sales
Zone
Solaris 11, Solaris 11.1
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 36
New Optimized Shared Memory
interface (OSM)
Works with Oracle DB
Automatic Memory
Management (AMM)
Dynamic, NUMA- aware
granule based shared memory
New with Solaris 11.1
Oracle Optimized Shared Memory
Dynamically resize your
Database SGA online
without a reboot
Bring Oracle Database
instances up 2x faster
Oracle DB
SGA
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 37
Faster Memory Allocation Using vmtasks The following tables show the time to create + lock + destroy a large segment,
normalized as milliseconds per gigabyte, before and after the introduction of vmtasks:
ISM DISM
system ncpu before after speedup
x4600 32 1386 245 6X
X7560 64 1016 153 7x
M9000 512 1196 206 6X
T5240 128 2506 234 11X
T4-2 128 1197 107 11x
system ncpu before after speedup
x4600 32 1582 265 6x
X7560
64 1116 158 7x
M9000 512 1165 152 8x
T5240 128 2796 198 14x
From: https://blogs.oracle.com/sistare/entry/faster_memory_allocation_using_vmtasks
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 38
Oracle Optimized Shared Memory – Cont’d
To put this in perspective, consider creating a 512 GB ISM segment on
T4-2. Creating the segment would take 6 minutes with the old code,
and only 33 seconds with the new.
If this is your Oracle SGA, you save over 5 minutes when starting the
database, and you also save when shutting it down prior to a restart.
Those minutes go directly to your bottom line for service availability.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 39
For More Information / Try Out Today
Product overview and download
– oracle.com/solaris
Oracle Technology Network
– oracle.com/technetwork/server-storage/solaris11
System administrators community
– oracle.com/technetwork/systems
@ORCL_Solaris
facebook.com/oraclesolaris
Oracle Solaris Insider
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 40
Questions
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 41