Download I What is Solaris

Introduction to Solaris System
Paper for COSC513
By Jun Lai
Student ID: 103547
CONTENTS
Introduction
 What is Solaris
 History
Features of Solaris
 Multiprocessing and Multithreading
 Multiplatform
Features of Solaris Networking
 Enterprise Networking
 Web Networking
 Network Protocols(TCP/IP)
 Network File System(NFS)
 Network Information Service Plus(NIS+)
 Distributed Computing Environment(DCE)
 Solaris Federated Services
 Optional Networking Protocols
 Solaris Protection
 Productivity of Individuals and Groups
 Application Data
2
 Support Language
 Network Management
 Managing Developing and Deploying Network
Features of Solaris Security
 Foundation Technology for Secure Services
 ONC+ Federated Security
 Firewall-1 and SunScreen SPF-100
 Security Standards
 Solaris - The Solution of Choice for the Secure Distributed
Environment
3
I What is Solaris?
Sun delivers the perfect platform for network computing: Solaris software. It
starts with a robust 64-bit operating environment and extends to server
products
that
provide
mainframe-class
reliability,
complete
PC
interoperability, and comprehensive Internet services. Highly scalable,
Solaris software gives you the ability to support multiple-terabyte data
warehouses and thousands of users. What's more, Sun provides
comprehensive enterprise management tools, industrial-strength security
solutions, and e-mail that works on a global scale. Put it all together and you
have the solid foundation needed for continuous connectivity. That's vital in
the .com world, where downtime can cost a company thousands, or even
millions, of dollars.
II History of Solaris:
The early Sun systems ran on operating system called SunOS(Sun
Operating System).In the 1980s Sun introduced a Reduced Instruction Set
Computer(RISC)chip called the Scalable Processor Architecture (SPARC)
processor. The SPARC processor chip allowed Sun to produce very
powerful, inexpensive desktop workstations. The SPARC system also ran
the SUNOS operating system , so customer’s software development
investment could be preserved. In the late 1980’s Sun announced plans to
4
develop a new operating system based on the AT&T system V release 4
UNIX. The new operating system is called “Solaris”.
Solaris is SUN’s name for their UNIX-based user environment , including
the UNIX operating system, window system(x11-based). It is not the
operating system, but is the operating environment.
III. Features of Solaris:
The Solaris operating environment is based on industry standard UNIX
System V Release 4, built to enable high performance client-server
applications in a distributed networking environment, provide
The appropriate resources for smaller workgroups, and provide the
WebTone that is required for electronic commerce. The Solaris operating
environment also conforms to SPEC 1170 and UNIX95 branding. Only the
Solaris operating environment provides unlimited , transparent access to
systems , servers, printers, remote databases and other resources, with the
scalability to support virtually any application and configuration.
Performance enhancements are focused on improving database and web
performance while maintaining the already high levels of file server and
time-share performance in the Solaris operating environment. Significant
improvements were made to virtual memory(VM) and I/O throughput that
increase performance of database engines.
Solaris[tm] 8 software is the industry's first dot-com grade operating
environment. Satisfying the convergent requirements of enterprise adapting
to the Internet age and dot-com businesses adopting the disciplines of the
5
data center, the Solaris[tm] 8 Operating Environment is uniquely equipped
to serve as the foundation for a dot-com strategy.
Solaris 8 features:
 over 200 new features
 free end-user licenses for runtime software
 no-charge access to source code
 world-class service programs
 world-class support programs
 a 64-bit environment
 binary compatibility with previous releases
 continued availability for both SPARC[tm] and Intel Architecture
platforms
 an innovative and comprehensive software co-package
The Solaris 8 Operating Environment also supports a number of software
components that increase overall availability:
 Sun™ Cluster 2.2 offers high availability for mission-critical applications
through redundant hardware. Future versions of Sun Cluster will further
enhance application availability through a clustered file system, scalable
data services, and built-in load balancing.
 Solaris Resource Manager™ software provides fine-grained control of
system resources, helping to ensure a consistent level of service to users,
groups and applications.
6
 Solaris™ Bandwidth Manager enhances your ability to control and
provision IP traffic priorities andbandwidth, ensuring network resource
availability.
It's no surprise that the Solaris Operating Environment is the leading
UNIX® environment today. Solaris™ software was originally designed with
the Internet in mind. TCP/IP, the central Internet protocol, has been at the
core of Solaris networking for more than 15 years. Through its time-tested
design -- a small, stable kernel, modular and extensible components, and
well-defined interfaces -- Solaris software delivers rock-solid stability and
predictability for business-critical applications. And the Solaris 8 Operating
Environment provides complete compatibility with prior versions, so you
can be confident that your current applications will continue to run.
Multiprocessing(MP) and Multithreading(MT);
Corporations use information technology to improve group and personal
productivity over a wide range applications and hardware platforms. An
operating system must be able to handle multiple users, each running several
applications concurrently. Multiprocessing(MP) systems running Solaris
deliver flexibility by allowing enterprises to quickly put their computing
resources wherever they are needed.
Multiprocessing(MP) means the execution of a program, or multiple
programs simultaneously on multiple processors. MP functionality must be
built into hardware , and supported by the operating system.
Multithreading(MT) is a software technique that breaks program code into
segments that can be executed in parallel on multiple processors, for overall
faster application performance.
7
Multiprocessing increase productivity and speeds database queries, provides
remote file service, and accelerates computation intensive applications.
Solaris’s support for symmetric multiprocessing environments provides:
 Flexibility to add or upgrade processors as needed--- simply and easily.
 Binary compatibility across all systems.
 Tools and related technologies to enhance the performance and
effectiveness of multiprocessing systems.
Servers and workstations can be expanded and enhanced by adding
processors, providing very cost-effective growth in computing and
throughput capability. Often, the upgrade costs are low enough to be an
expense rather than a capital cost, allowing MIS departments to make
tactical decisions without affecting longer range, strategic direction.
Solaris supports SPARC and X86 symmetric multiprocessing hardware. The
operating system kernel is fully multithreaded so that operating system
functions can take advantage of Multithreading/Multiprocessing (MT/MP)
gains, improving overall system performance. Even uniprocessor systems
benefit from Solaris’ multithreaded implementation, due to more efficient
switching between task.
APPLICATION
APPLICATION
APPLICATION
SOLARIS
CPU
CPU
Multi-threaded Kernel
8
CPU
APPLICATION
THREADS LIBRARY
SOLARIS
CPU
CPU
CPU
Multi-threaded Application
Solaris provides a multithreading edge to missions –critical application
environment.
Multiprocessing allows enterprises to reap tangible benefits by increasing
performance in several ways. Users can improve productivity when tasks run
in parallel, helping to reduce the costs of business processes. For servers,
MP means better throughput in a multiuser, multitask environment. Many
benefits can be realized immediately, often without rewriting a single line of
code.
 The multithreaded kernel of the Solaris operating system enhances the
inherent multitasking capability of UNIX. Multiple tasks can be spawned
to run simultaneously on multiple processors . I/O functions, backups,
windows management, and database searches can all run in parallel,
improving the overall system performance and throughput.
 In most UNIX environments, users run more than one application
simultaneously. Programs or processes such as database access, file
access, or compute-intensive programs can be assigned to one of many
9
processors for parallel execution. Multiprocessing enhances performance
and throughput because each application can run on a separate processor.
 Solaris can split application system calls into separate processes, each
running in parallel. Graphics, networking, compute, and I/O requests can
all run on different processors at the same time.
 Solstice WorkshopTM
developer tools suites include compilers that
automatically detect parellelism and spread the execution of programs
over many processors at run time.
 Multithreaded applications enhance productivity by decreasing the time it
takes to perform one job. Developers can assign multiple tasks in an
application
to
independent
threads of execution,
with
Solaris
automatically assigning each thread to an available processor.
User productivity can also be improved by developing strategic applications
employing new technologies such as multimedia or distributed objects. The
processing power of MT/MP lets these types of applications maximize
performance. Multithreading capability is a requirement for many new
distributed client-server applications, and provides significant benefits to
objects.
Multiplatform
The Solaris software environment is scalable across a wide variety of system
configuration , from single stand-alone workstations to enterprise computing
environments. The Solaris operating environment runs on SPARC and X86
platforms. The same Solaris functionality is available across all these
platforms, including SMO support for multiprocessor platforms. This allows
the customer to select the right configuration for the job while ensuring the
ability to upgrade, with a minimum of effort, to more powerful systems.
10
Solaris is based on a single, merged source code base, ensuring that future
Solaris releases will share the same features, functionality, and APIs.
Customers can choose a lower-cost platform and yet still have the benefit of
a seasoned, secure, highly functional, commercial-grade operating system
with outstanding connectivity options. They can use their existing PC
hardware as a full-fledged participants in the enterprise-wide computing
environment. Multiplatform supports the right hardware for today’s needs ,
with confidence that they can preserve their investment as their needs grow
and change. No other operating system spans the most popular RISC and
CISC architectures so effectively, making Solaris the best long-term choice
for enterprise network integration of multiple hardware platform.
The Solaris operating environment now offers support for the PCMCIA PC
Card. The PC card standard defines a 68-pin interface between a credit-card
sized peripheral and the PC card socket in the computer. It also defines a
software architecture to enable the computer’s operating system to configure
and control the PC card peripheral dynamically, upon insertion.
IV Features of Solaris Networking
Networking is fundamental to workgroup , enterprises, and Internet
computing .Local area networks(LANs) and wide-area networks(WANs)
enable distributed information resources---the integration of existing
resources
in
a
heterogeneous
computing
environment,
distributed
applications based on a true client-server computing model and support for
electronic commerce using the Internet.
11
Networking for Enterprises
Solaris represents more than a decade of engineering by a leader in open
distributed computing software. It is the most powerful and flexible
operating environment available for SPARC, X86 and Java platforms.
Designed to support enterprise computing , Solaris combines a powerful
desktop or a network computer with high performance server capabilities
and the world’s most powerful networked computing environment that gives
users access to any resource---without having to know where it is, or what
type of machine it runs on—no matter how large or dispersed the network.
Solaris Networking is based on Open Network Computing (ONC TM)
technology. ONC+TM is a TCP/IP-based set of services, facilities and APIs
that includes NFS. ONC+ includes file and printer sharing , data exchange,
remote procedure call (RPC), and distributed naming services.
The ONC+ family of protocols and distributed services is independent of
transports, operating systems, and computer architectures, making it the
ideal solution for heterogeneous networks. ONC+ provides:
 Wide-area file sharing via NFS
 Automatically remote file location and transparent network data access
 Wide-area printer sharing
 Centralized administrative repository
 Secure, high performance , extensible networking naming/directory
service
 Remote window graphics and character access through Internet protocols
 Remote system access with heterogeneous data exchange
Networking for Web
12
The Solaris operating environment is the intranet and Internet leader, and a
powerful and a reliable platform for providing the WebTone and enabling
electronic commerce. The Solaris software is the premier operating
environment for building a robust web-based network infrastructure. As
companies move toward using the Web both internally and externally,
powerful Solaris features such as WebNFSTM, that provide speedy access to
web file, become crucial. WebNFS software makes file systems accessible
through the web using the NFS protocol. This protocol is very reliable and
provides greater throughput under a heavy load. Also, files can be made
publicly accessible without the overhead associated with an anonymous ftp
site.
The Solaris operating environment offers web server performance
enhancements that improve the speed of response to user requests, increase
the number of users able to connect to a single server, and thereby reduce
client administration costs.
Network Protocols (TCP/IP)
Transmission Control Protocol/Internet Protocol (TCP/IP) is the industry’s
most widely used network transport protocol. Solaris networking is based on
TCP/IP (the protocol used for the Internet , and the most proven “transport
stack” in existence), providing the widest connectivity, the greatest
scalability, and the lowest costs of any networking solution in the world.
Network File System (NFS)
The Network File System (NFS) is an industry standard distributed file
system that provides transparent access to remote files and directories across
the network. Because NFS protocols have been widely adopted in the
13
industry, users can access files on PCs, workstations, minicomputers and
mainframes, independent of the underlying operations systems being run.
Applications running on client systems may periodically write data to a file,
changing its contents. The amount of time an application waits for its data to
be written to stable storage on the server is a measurement of the write
throughput of a distributed file system. Write throughput is therefore an
important aspect of performance. All distributed file systems including NFS
must ensure that data is safely written to the destination file while at the
same time minimizing the impact of server latency on write throughput.
The Solaris environment supports NFS version 3 which adds protocol
enhancements to improve performance and reduce server load. In
conjunction with NIS+(Network Information Service) , Auto FS, CacheFS
and several other services, NFS provides the user with automatic data
location, navigation, and data access over wide area networks.
Auto FS makes remote file systems accessible automatically and
transparently to the user. Cache FS helps speed file system performance
These features all contribute to make the distribution and remote access of
data fast and efficient, helping users productive.
There are many types of threats to NFS security. For example, someone may
compromise a system by impersonating another user in order to look at
sensitive information or worse, destroy data. In another scenario, someone
might send forged requests to an NFS server to access or damage file
information. It is also possible to utilize a network "snoop" to watch parts of
files being transferred and illegally gain access to data. NFS can be
implemented to utilize a variety of security services The following three
14
services are the security services provided by Solaris and utilized by NFS
help protect against unwanted intrusions.:
 Authentication Services
 Authorization Services
 Secure File Data Exchange
Network Information Service Plus(NIS+)
Network Information Service Plus(NIS+) is a secure, high-performance,
distributed data repository for network and system management information.
It is a secure and robust repository of information about networks resources,
such as users, servers, and printers, that enables efficient administration of
multivendor enterprise client-server networks. Administrative tasks, such as
addition, removal, or reassignment of systems and users, are facilitated
through efficient modification of information in NIS+. NIS+ simplifies
administration of small networks and can seamlessly scale to manage
enterprise-wide networks containing tens of thousands of systems and users.
As organizations grow and decentralize NIS+ continues to provide
administrative efficiency.
Distributed Computing Environment(DCE)
Comparable to ONC+, OSF’s Distributed Computing Environment (DCE) is
a specification for an advanced set of TCP/IP-based heterogeneous
networking
and
middleware
services.
DCE
provides
alternative
“middleware” for interoperability and distributed computing , however DCE
services have yet to be deployed in large volume. ONC+, by comparison, is
widely deployed (more than 4 million nodes) and provides unrivalled
heterogeneous data access, coming very close to fulfilling the promise of
15
DCE, here and now. For users with DCE requirements, Solaris supports an
optional DCE product family in addition to ONC+.
Solaris Federal Services
Solaris Federal Services is a set of interface and infrastructure that hide
many of the low-level networking interfaces from users and applications
developers. This having to learn the details of various network services—
lowering the cost and simplifying the deployment of applications that need
to function in a heterogeneous environment. Solaris includes X/Open
Federal Naming (XFN)—an enterprise directory name service that provides
access to and federation among multiple naming services such as Distributed
Computing Environment (DCE), ONC+, and Internet Domain Names
Service (DNS).
Optional Networking Protocols
The Solaris software environment supports a number of optional networking
protocols. Among these are the Point to Point Protocol(PPP) that allows
Internet access and ONC+ services over modems and serial lines through the
public telephone network or ISDN. This allows easy, inexpensive integration
into an enterprise backbone net. It also enables mobile computing from
laptops or portable systems. This is particularly useful for remote sites, such
as small branch offices, field sites, or other remote locations without access
to dedicated network connection capabilities. Solaris also supports optional
X.25 , which allows the use of high-performance public network to support
“private” company networks.
Solaris Protection
16
Solaris protects a corporation’s investment in hardware, software, and
human resources by providing interoperability with legacy systems, a firm
commitment to binary compatibility for application migration, and support
for standard for future compatibility.
Open systems and standards have always been important to Sun. Standards
remain the foundation of Solaris software ,and Sun participates in standards
organizations including POSIX, X/Open, OSF, and OMG, driving the
development of many of the standards prevalent today.
Adherence to standards means that customers can avoid being locked into
proprietary systems with their inherently limited choices and higher costs.
Standards also mean greater application choices, ensuring compatibility
between
Solaris
releases,
interoperability
with
other
computing
environments, and enabling access to environments where adherence to
standards , such as federal security guidelines, are required Consistency with
other SVR4 implementations, compatibility between releases of Solaris 2.x,
and interoperability across SPARC platforms are assured through
compliance with System V Interface Definition(SVID3), the System V
Release4 Applications Binary Interface(SVR4 ABI), and the SPARC
Compliance Definition(SCD2.0).
Among the standards the Solaris operating environment supports are:
 Interface Standards
X/Open, X/Open’s UNIX 95(Spec1170), X/Open XFN CAE, XPG3, XPG4,
and XPG4.2, Federated Naming(XFN), and IEEE POSIX.1, .1B, .1C, AND
POSIX.2(Portable OS Interface), POSIX1003.1b
 EPA Energy Star Compliance
17
The SunLinkTM product families provides optional connectivity support for
mainframes,
minicomputers,
and
other
computing
environments.
Connectivity solutions are available for TCP/IP, SNA, NetWare, DECnet,
NFS, FDDI, HIPPI, ISDN, and X.400, and many others.
This capabilities help extend the life of legacy systems by allowing data to
be off-loaded to Solaris systems. It also permits the migration of data from
centralized, expensive mainframe systems to more cost-effective Solarisbased platforms.
Productivity of individuals and groups :
The productivity of individuals and groups within the enterprise has a
significant impact on the bottom line. By reengineering their business
processes through the use of new technology and applications, corporation
can take time and cost out of the business cycle.
By writing programs to standardized interfaces, developers decrease porting
time and their cost in supporting multiple platforms. This approach allows
software to work seamlessly across platform, thus broadening availability. If
developed to APIs, products will provide the same features set and graphical
interface on a variety of systems, preserving the investment in training while
increasing application interoperability and productivity. CDE is one
technology that unifies and provides a standard interface set.
The Solaris Common Desktop Environment(CDE) is Sun’s implementation
of the Motif-based industry standard desktop environment.
With Solaris CDE , mission-critical client-server applications and
information are easily accessible across the enterprise .
Solaris CDE provides interoperability and consistency across popular
enterprise hardware platforms and operating systems. It is compatible with
18
industry standards such as Motif, X11R6, MIME and IMAP4. The Solaris
CDE Desktop includes productivity tools such as MIME-compatible email ,
workgroup calendaring , an image viewer, and file and print managers for
individual users. Solaris CDE also provides a front panel for managing and
launching applications , a style manager for personalizing the look of the
desktop , a workspace manager that lets the users create multiple virtual
desktops, and desktops tools such as Calendar Manager, File Manager,
Mailtool, and Print Tool, which enable users to access people, information
and applications distributed across the environment .
Application developers can create custom distributed applications under
CDE by using a set of development tools such as CDE Application Builder,
a visual programming environment for building CDE applications.
Solaris also includes OpenWindows , to give users a smooth transition to the
power of the Solaris CDE applications.
OpenWindows users will now find moving to CDE as simple as bring up a
new desktop, as all OpenWindows appications run unmodified on Solaris
CDE.
CDE and OpenWindows support interoperability between them, and across
CDE , OpenWindows , Motif, and OpenStepTM applications. Sun’s ToolTalk
messaging system supports this capability.
Applications Data:
Sun has traditionally led the competition in the number of applications
available on their platforms. Solaris has a choice of more than 10,000
applications for SPARC-based systems , and over 1,100 applications
available for the X86 platform. According to IDC, Solaris is number one in
worldwide market share for relational database management servers. As
19
such, Solaris is the most popular system software for running Oracle TM ,
Sybase, and Informix applications. The Solaris operating environment is an
obvious choice as the platform for large database applications like data
warehousing. Its support for very large, distributed data sets, its strong
foundation for client-server application over heterogeneous networks, and its
multiprocessing capability make it a natural in this area.
Sun’s strong commitment to binary compatibility across versions of the
Solaris operating environment and source compatibility across hardware
platform means that application development efforts will retain their value
over time.
Support language
As the world economy becomes more integrated, users require software
compatibility across multicultural and multilingual barriers. They want to be
able to run applications using their own language and local conventions for
time and monetary display, menu selections , and error messages. Users in
Tokyo want a Japanese language software interface, while users in Paris
want one in French. A large corporation with headquarters offices in Tokyo
and branch operations in New and Paris may require a mixture of English ,
Japanese and French software environment with, perhaps , multiple
languages supported at a single site.
The Solaris software environment is ideally suited for these needs and
provides full support for five European languages(French, German, Italian,
Swedish, and Spanish), and four
Asian languages(Japanese, Simplified
Chinese, Traditional Chinese, and Korean). Localization content includes all
installation and configuration interfaces, the end user desktop environment ,
and documentation.
20
At installation, users select the language and locale they wish to run in.
Locale control such features as how dates and time are displayed on the
desktop and which monetary formats to use. In the Solaris environment ,
new locale support has been added for Austria, Estonia, Czech, Hungary,
Poland, Latvia, Lithuania, , Russia, Greece, and Turkey, in addition to all the
locales that have been supported in previous releases of the Solaris operating
environment.
These new locales are packaged with all localized versions of the Solaris
operating environment, including English. Support for character sets, fonts,
and data encoding has been provided in each locale, making it easy for
developers to write localized applications. More importantly, applications
written in the new locales can be developed and deployed using the English
version of Solaris. No localized software is required. Greek and Russian
locales are based on non-Latin scripts and will require an optional keyboard
for next input .
Two additional locales have been added that are Unicode2.0 compliant
(en_US.utf-8 and ko.utf-8) and conform to the ISO 10646 standard, which
defines Unicode. These locales enable multiscript input and output and are
the first such locales provided in the Solaris environment with this
capability. The Unicode locales support the CDE environment only,
including the Mot if and CDE libraries. Solaris has been restructured to
remove the historical dependency on the Extended UNIX Codeset (EUC)
allowing for aditional codeset support for popular Asian PC encoding
standards –PCKanji(ShiftJIS) in Japan and Big5 in PRC, and the Unicode
locales.
Enterprise with global computing requirements need a unified system
architecture that can support global networks without incompatibilities
21
created by localized versions of software. Not only do they require unified
system administration models and policies, but they also need to be able to
develop internal applications that operate without modification across all of
their operations.
Solaris operating environment delivers on this requirement . Developers can
create applications that are easily localized and deployed globally. The
internationalization framework in the Solaris environment allows developers
to create a single application binary that will run correctly in English or
localized environments
Network Management
Today’s enterprise computing environment consists of a myriad of hardware
and software products, architectures , and applications. Evolving over time
to address the tactical needs of an organization more than the strategic ones,
enterprise computing environment become part of the overall fabric of how
business gets done. Heterogeneous , i.e. , multivendor and multiplatform ,
environments are a reality in today’s world, and the fundamental key to
making them work successfully lies with system and network management .
Managing multivendor , networked environments with mission-critical
applications and access-control constraints is a requirement in most
corporations. System performance must be monitored to ensure adequate
response time, and faults must be detected and corrected with as little
disruption as possible. Storage management is needed to ensure the
reliability and recoverability of corporate data. Software must be installed on
end-user systems, and its distribution must be controlled and accounted for
Job
scheduling
and
load
balancing
for
servers,
security
policy
implementaton, asset management , usage accounting , Help Desk, and other
22
support services are all functions a large enterprise computing operation
must incorporate into their systems and network management functions.
Solaris and Solstice provide an overall framework for managing all these
elements in a coherent , unified way. Sun has developed the industry’s first
set of integrated system and network management products to scale and
manage large heterogeneous networks.
This product family is based on a framework of comprehensive , core
functionality and products from Sun, supplemented with best-of –class
solutions from industry partners, integrated in the SolsticeTM framework.
Sun tests and certifies key partner applications that are part of this
framework.
The product families delivered by Sun to scale and manage large
heterogeneous networks includes the following as well as others which is not
mentioned here(such as ,Bandwidth Management for IP Networks with Sun
Bandwidth Allocator 1.0, Solstice Site Manager and Solstice Domain
Manager 2.3,etc.):
Solaris™
Bandwidth
Manager
1.5
is
responsible
for
Bandwidth
Management for IP Networks. Solaris Bandwidth Manager is a software
product that controls the bandwidth allocated to particular applications,
users, and organizations sharing the same intranet or Internet link.
Solstice AutoClient is a software provided by Sun due to the System
administrators in today's enterprise that are challenged to optimize both
desktop and network resources in a distributed computing environment.
Ideally, each desktop would perform as if it had instant access to the
resources of the network and no service would ever be impacted by
bottlenecks in the shared servers or network.
23
Solstice Backup 5.1 product family, Solstice Enterprise Manager (SEM),
Solstice Network Client product set are also those product family from Sun,
due to the length limitation of this paper, they won’t be talked about in
detail.
Developing , Deploying and Managing a Network
Sun has solutions for all aspects of the client-server and Internet models of
computing.
 Providing seamless access to files on the local disk or on a remote server
is made possible with AutoFS. It improves performance and eliminates
the need for symbolic links that were required in earlier versions, and
facilitates efficient storage strategies that enhance sharing of data on the
network.
 The ability to cache one file system on another is handled by CacheFS, a
layered file system. It is a general purpose
file system caching
mechanism built into Solaris that improves NFS server performance and
scalability. In an NFS environment , CacheFS increases the client-server
ratio, reduces server and network loads, and improves performance for
clients.
 Using JumpStart, system administrators can perform quick, customized,
network-based installation of Solaris software and other Sun products.
JumpStart
automatically
installs
system
software
from
stored
configuration parameters, and supports the creation of customized sites
profiles that can be used for standardized hardware configurations. After
unpacking and setting up the hardware , the user simply powers up the
24
system and JumpStart automatically installs and configures Solaris after
asking a few questions.
 System Administration can use Solstice AdminSuite to perform user,
group, host, port and printer administration tasks, and NIS+, database,
policy, classing, and topology management . AdminSuite also includes
software management functions such as automatic OS installation,
software distribution and license management , version control, and
application
management
.
SolarNetTMPC-Admin
handles
similar
functions for PC networks.
 Improved data availability , storage system performance , and ease of
administration is available with Soltice DiskSuiteTM. It utilizes a logging
file system for faster reboots and increased NFS/database performance,
disk mirroring for transparent handling of disk failures, disk striping to
enhance I/O performance , and logical volume management to allow
easy, flexible file system growth.
 Automated , online, verified, heterogeneous network backup capability
and simplified system administration is available through Solstice
BackupTM. It allows administrators to safely back up data across multiple
cartridges and drives while users continue to work without interruption.
 Users can be back online within minutes of a hardware failures using
Solstice AutoClientTM, a unique, layered, management product. The
desktop’s disk is used as a cache for the operating system and
applications that resides on a server, eliminating the need for local
desktop installation, backup, and software management without the
performance
drawbacks
of
diskless
configurations.
This
cuts
administrative costs by centralizing the management of disks and data.
25
 Sun’s Full Moon Clusters is key to delivering the reliability of the
WebTon. A cluster is a number of systems(nodes) connected together as
if they were one. Clusters provide a continuous WebTone by permitting
applications and services to transparently move from one system to in the
cluster to another if failures occur-with no interruption of service. Full
Moon clusters ensure that there is no single point of failure anywhere in
the cluster. Each component , whether hardware or software , is
redundant in a way that ensures a smooth transition of service. Today
Full Moon Cluster supports the following Highly Available(HA)
applications in well integrated , tested, off-the -shelf package: Oracle,
Informix, Sybase, NFS, DNS, and Internet services. Other strategic
Highly Available services will appear in future releases.
Network fault and performance management is handled by a series of Sun
products that use the Simple Network Management Protocol (SNMP)
services to monitor the state of network devices and traffic, notifying the
network administrator when network faults occur. Network management
products can be set up to watch for a variety of types of events, and to gather
statistics on network performance so that potential problems with network
performance can be detected and corrected proactively.
 SunNet ManagerTM is the industry’s leading network management
platform, and is the basis for Sun’s network management offerings.
 Solstice Enterprise ManagerTM is a complementary product that provides
the cooperative management among multiple operators needed for larger,
more complex networks.
 Cooperative ConsolesTMties together department management consoles ,
enabling enterprise-wide management of a large network.
26
V. Features of Security.
Security is a major concern for distributed computing environments. As the
spread of hardware and software system components increase, individual
system vulnerability also grows. Security breaches can be intentional or
accidental. Intentional violations can occur through eavesdropping,
impersonation, or data manipulation.
The Solaris operating environment provides a sophisticated security system
that controls the way user access the files, protect system databases, and use
system resources. Solaris security system is network-wide security ,
providing security over several different systems, not just one. The Solaris
security system is designed to accommodate different security models,
giving users the flexibility to choose the model that best fits their needs now
and in the future. Here are a number of new features that add to the Solaris
security system in the areas of access control, encryption, and authentication.
Solaris security features includes four types of protection:
 Login access control is used to validate the identify of users trying to log
in to the system, this type of protection guards against impersonation.
 System resource access control and user accountability restricts access
within the system to resources and data. This is an area where accidental
breaches commonly occur.
 Secure client –server services, applications and utilities help protect
against eavesdropping –type violations. This type of protection includes
27
the basic ability to control access to services such as rlogin, telnet, ftp,
and other remotely-accessible services.
 Network access control protects against incursions from outside the
system, such as over the Internet. This type of security is implemented in
optional security product such as Solstice Firewall-1TM and SunScreen TM
SPF-100.
Solaris security gives users transparent access to enterprise-wide resources
and provides administrator with the tools they need to protect their network
from security breaches. SVID (System V Interface Definition) compliant
access control enhancements make Solaris systems more resistant to
penetration by unauthorized users and enable customers to implement
advanced password management policies, like encryption, aging, and
automatic expiration, for files and system resources.
There are four Solaris security “Parimeters”, they are:
 Login Access Control
 System Resource Access Control User Accountability(auditing)
 Secure client-server Services, Applications, and Utilities
 Network Access Control
Foundation Technology for Secure Services
Before a user on a client system is given access to a server's resources, the
server must be sure that the user is acknowledged to have "rightful" access
to the server and it's resources. Therefore, in this scenario the server must be
able to:
1.Check a user's identity over the network. This function is provided by an
authentication service and also usually includes services listed in #3 below.
28
2.Make sure the user is authorized to access the resources (s)he is attempting
to access once (s)he has been properly authenticated. This is provided by an
authorization service.
3.Maintain the privacy and integrity of the information being exchanged
over the network. These are referred to as privacy and integrity services
respectively.
ONC+ Federated Security
Through ONC+ Federated Security, Solaris supports a suite of popular
authentication technologies, including UNIX , Diffie-Hellman, and
Kerberos4.0 for Secure RPC and Secure NFS. The NIS+ name service also
has powerful authentication and authorization capabilities, including secure
password updates and ageing.
Higher levels of security may be heeded for networks that are involved in
transactions across public IP networks, such as World Wide Web publishing
or commercial transactions over the Internet. For these networks,
sophisticated security solutions are available through several optional
products.
Firewall-1 and SunScreen SPF-100
Solstice Firewall-1 provides a TCP/IP firewall that protects the network
from outside access using an advanced packet-screening technology.
Firewall –1 flags suspicious communications and access attempts based on
security policy defined by the system administrator. Firewall-1 provides
adequate security for the basic security needs of many corporations.
29
SunScreen SPF-100 is a highly sophisticated hardware/software network
security solution targeted at customers with complex, commercial networks.
Such
customers
include
telecommunications
companies,
financial
institutions, health care organizations, and the government . SunScreen is an
appropriate security solution for users who need to transact business
between a trusted IP network and other trusted users or networks that are
accessible only by crossing public IP networks, such as the Internet.
SunScreen includes firewall features supplemented by authentication and
message encryption/decryption using public key cryptography. In addition,
SunScreen is transparent to the network, rendering it more difficult to detect
and compromise—SunScreen
SPF-100 interfaces only to qualified
administration Station using an encrypted link, making it very difficult to
probe or modify the operating environment .
Security Standards
Solaris supports important security standards set forth by the Department of
Defense, POSIX, and the Internet community.
For example:
 Solaris meets the criteria set forth by the Department of Defense Orange
Book for level C2 computer security systems. Solaris 2.4SE has E2/F-C2
Certification from ITSEC. Solaris 2.6 E3/F-C2 ITSEC and C2 TCSEC
certifications are in progress.
 Solaris UFS and NFS Version 2 and Version 3 all support the POSIX
1003.6 specification for Access Control Lists (ACLs).
 Internet RFC 1508, GSSAPI, is currently under development
 Compartmented Mode Workstation (CMW-B1) support also known as
"Trusted Solaris" is currently under development for Solaris 2.X
30
In the future Solaris will continue to encompass new and emerging security
standards in response to customer requirements.
Solaris - The Solution of Choice for the Secure Distributed Environment
There is no doubt that sophisticated security solutions are necessary in
today's distributed network environment. Solaris arms corporations with
tools for securing sensitive corporate data from intruders with its four levels
of security: System Access Control, Resource Access Control, Secure
Distributed Services, and Physical Network Protection. It adheres to the
highest security standards set forth by organizations such as the Department
of Defense and POSIX as well as providing the latest technology for secure
public network access with unbundled products like Solstice FireWall-1 and
Solstice SunScreen. A plethora of third party products complement what is
available from Sun. Finally, Solaris provides flexibility with an array of
choices to fulfill a wide variety of corporate needs with the ability to grow to
meet tomorrow's security challenges.
VI Summary
The Solaris operating environment is the industry’s most powerful and
versatile UNIX operating environment. Together , the functionally identical
Solaris implementations for SPARC and x86 platforms deliver transparent
interoperability across CISC and RISC platforms—something no other
operating environment can do.
31
The Solaris operating environment provides a true multithreaded ,
multiprocessing –capable kernel, together with open systems-based
standards for connectivity and interoperability, distributed computing
services, world-class administration and software development tools, a large
number of third-party applications, and Microsoft Windows application
support. Since Solaris is scalable from desktops to supercomputers,
customers can configure heterogeneous enterprise networks and expand
them easily as their computing needs evolve.
By making Solaris the basis of enterprise , Internet, and intranet computing ,
organizations achieve tremendous competitive and efficiency benefits. As
companies position themselves to make effective use of their strategic
computer-based information assets, Solaris further enables them to link their
enterprise with both their suppliers and their customers and at the same time
as they allow information to flow between all three, to retain control of what
information is available to whom and to maintain the integrity of company
confidential information. Solaris operating environment represents the
gateway to the future of networked enterprise computing. Only Solaris
supplies the full range of services needed to meet the needs of Internet,
intranet, and enterprise computing.
32
References
1. The Ultra 1 Architecture Whitepaper, Sun Microsystems Computer
Company, 1995.
2. The Ultra 2 Architecture Whitepaper, Sun Microsystems Computer
Company, 1995.
3. Solaris Open Windows: Open Windows V3 Collection:Release Reports
and Whitepapers, Part Number 91021-0, Sun Soft, Inc.
4. Solaris XGL 3.1 Programmer’s Manual, Sun Soft, 1994.
5. Solaris XIL 1.1 Imaging Library Programmers Guide, Sun Soft, Inc.
6. Open Windows 3.1 User’s Guide, Sun Soft, 1995.
7. SPARC station 20SX Whitepaper , Sun Microsystems Computer
Company, 1994.
8. SPARCstation 5ZX and SPARC station 20 TurboZX Graphics.
Technology Whitepaper, Sun Microsystems Computer Company, 1994.
33