Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Introduction to Solaris System Paper for COSC513 By Jun Lai Student ID: 103547 CONTENTS Introduction What is Solaris History Features of Solaris Multiprocessing and Multithreading Multiplatform Features of Solaris Networking Enterprise Networking Web Networking Network Protocols(TCP/IP) Network File System(NFS) Network Information Service Plus(NIS+) Distributed Computing Environment(DCE) Solaris Federated Services Optional Networking Protocols Solaris Protection Productivity of Individuals and Groups Application Data 2 Support Language Network Management Managing Developing and Deploying Network Features of Solaris Security Foundation Technology for Secure Services ONC+ Federated Security Firewall-1 and SunScreen SPF-100 Security Standards Solaris - The Solution of Choice for the Secure Distributed Environment 3 I What is Solaris? Sun delivers the perfect platform for network computing: Solaris software. It starts with a robust 64-bit operating environment and extends to server products that provide mainframe-class reliability, complete PC interoperability, and comprehensive Internet services. Highly scalable, Solaris software gives you the ability to support multiple-terabyte data warehouses and thousands of users. What's more, Sun provides comprehensive enterprise management tools, industrial-strength security solutions, and e-mail that works on a global scale. Put it all together and you have the solid foundation needed for continuous connectivity. That's vital in the .com world, where downtime can cost a company thousands, or even millions, of dollars. II History of Solaris: The early Sun systems ran on operating system called SunOS(Sun Operating System).In the 1980s Sun introduced a Reduced Instruction Set Computer(RISC)chip called the Scalable Processor Architecture (SPARC) processor. The SPARC processor chip allowed Sun to produce very powerful, inexpensive desktop workstations. The SPARC system also ran the SUNOS operating system , so customer’s software development investment could be preserved. In the late 1980’s Sun announced plans to 4 develop a new operating system based on the AT&T system V release 4 UNIX. The new operating system is called “Solaris”. Solaris is SUN’s name for their UNIX-based user environment , including the UNIX operating system, window system(x11-based). It is not the operating system, but is the operating environment. III. Features of Solaris: The Solaris operating environment is based on industry standard UNIX System V Release 4, built to enable high performance client-server applications in a distributed networking environment, provide The appropriate resources for smaller workgroups, and provide the WebTone that is required for electronic commerce. The Solaris operating environment also conforms to SPEC 1170 and UNIX95 branding. Only the Solaris operating environment provides unlimited , transparent access to systems , servers, printers, remote databases and other resources, with the scalability to support virtually any application and configuration. Performance enhancements are focused on improving database and web performance while maintaining the already high levels of file server and time-share performance in the Solaris operating environment. Significant improvements were made to virtual memory(VM) and I/O throughput that increase performance of database engines. Solaris[tm] 8 software is the industry's first dot-com grade operating environment. Satisfying the convergent requirements of enterprise adapting to the Internet age and dot-com businesses adopting the disciplines of the 5 data center, the Solaris[tm] 8 Operating Environment is uniquely equipped to serve as the foundation for a dot-com strategy. Solaris 8 features: over 200 new features free end-user licenses for runtime software no-charge access to source code world-class service programs world-class support programs a 64-bit environment binary compatibility with previous releases continued availability for both SPARC[tm] and Intel Architecture platforms an innovative and comprehensive software co-package The Solaris 8 Operating Environment also supports a number of software components that increase overall availability: Sun™ Cluster 2.2 offers high availability for mission-critical applications through redundant hardware. Future versions of Sun Cluster will further enhance application availability through a clustered file system, scalable data services, and built-in load balancing. Solaris Resource Manager™ software provides fine-grained control of system resources, helping to ensure a consistent level of service to users, groups and applications. 6 Solaris™ Bandwidth Manager enhances your ability to control and provision IP traffic priorities andbandwidth, ensuring network resource availability. It's no surprise that the Solaris Operating Environment is the leading UNIX® environment today. Solaris™ software was originally designed with the Internet in mind. TCP/IP, the central Internet protocol, has been at the core of Solaris networking for more than 15 years. Through its time-tested design -- a small, stable kernel, modular and extensible components, and well-defined interfaces -- Solaris software delivers rock-solid stability and predictability for business-critical applications. And the Solaris 8 Operating Environment provides complete compatibility with prior versions, so you can be confident that your current applications will continue to run. Multiprocessing(MP) and Multithreading(MT); Corporations use information technology to improve group and personal productivity over a wide range applications and hardware platforms. An operating system must be able to handle multiple users, each running several applications concurrently. Multiprocessing(MP) systems running Solaris deliver flexibility by allowing enterprises to quickly put their computing resources wherever they are needed. Multiprocessing(MP) means the execution of a program, or multiple programs simultaneously on multiple processors. MP functionality must be built into hardware , and supported by the operating system. Multithreading(MT) is a software technique that breaks program code into segments that can be executed in parallel on multiple processors, for overall faster application performance. 7 Multiprocessing increase productivity and speeds database queries, provides remote file service, and accelerates computation intensive applications. Solaris’s support for symmetric multiprocessing environments provides: Flexibility to add or upgrade processors as needed--- simply and easily. Binary compatibility across all systems. Tools and related technologies to enhance the performance and effectiveness of multiprocessing systems. Servers and workstations can be expanded and enhanced by adding processors, providing very cost-effective growth in computing and throughput capability. Often, the upgrade costs are low enough to be an expense rather than a capital cost, allowing MIS departments to make tactical decisions without affecting longer range, strategic direction. Solaris supports SPARC and X86 symmetric multiprocessing hardware. The operating system kernel is fully multithreaded so that operating system functions can take advantage of Multithreading/Multiprocessing (MT/MP) gains, improving overall system performance. Even uniprocessor systems benefit from Solaris’ multithreaded implementation, due to more efficient switching between task. APPLICATION APPLICATION APPLICATION SOLARIS CPU CPU Multi-threaded Kernel 8 CPU APPLICATION THREADS LIBRARY SOLARIS CPU CPU CPU Multi-threaded Application Solaris provides a multithreading edge to missions –critical application environment. Multiprocessing allows enterprises to reap tangible benefits by increasing performance in several ways. Users can improve productivity when tasks run in parallel, helping to reduce the costs of business processes. For servers, MP means better throughput in a multiuser, multitask environment. Many benefits can be realized immediately, often without rewriting a single line of code. The multithreaded kernel of the Solaris operating system enhances the inherent multitasking capability of UNIX. Multiple tasks can be spawned to run simultaneously on multiple processors . I/O functions, backups, windows management, and database searches can all run in parallel, improving the overall system performance and throughput. In most UNIX environments, users run more than one application simultaneously. Programs or processes such as database access, file access, or compute-intensive programs can be assigned to one of many 9 processors for parallel execution. Multiprocessing enhances performance and throughput because each application can run on a separate processor. Solaris can split application system calls into separate processes, each running in parallel. Graphics, networking, compute, and I/O requests can all run on different processors at the same time. Solstice WorkshopTM developer tools suites include compilers that automatically detect parellelism and spread the execution of programs over many processors at run time. Multithreaded applications enhance productivity by decreasing the time it takes to perform one job. Developers can assign multiple tasks in an application to independent threads of execution, with Solaris automatically assigning each thread to an available processor. User productivity can also be improved by developing strategic applications employing new technologies such as multimedia or distributed objects. The processing power of MT/MP lets these types of applications maximize performance. Multithreading capability is a requirement for many new distributed client-server applications, and provides significant benefits to objects. Multiplatform The Solaris software environment is scalable across a wide variety of system configuration , from single stand-alone workstations to enterprise computing environments. The Solaris operating environment runs on SPARC and X86 platforms. The same Solaris functionality is available across all these platforms, including SMO support for multiprocessor platforms. This allows the customer to select the right configuration for the job while ensuring the ability to upgrade, with a minimum of effort, to more powerful systems. 10 Solaris is based on a single, merged source code base, ensuring that future Solaris releases will share the same features, functionality, and APIs. Customers can choose a lower-cost platform and yet still have the benefit of a seasoned, secure, highly functional, commercial-grade operating system with outstanding connectivity options. They can use their existing PC hardware as a full-fledged participants in the enterprise-wide computing environment. Multiplatform supports the right hardware for today’s needs , with confidence that they can preserve their investment as their needs grow and change. No other operating system spans the most popular RISC and CISC architectures so effectively, making Solaris the best long-term choice for enterprise network integration of multiple hardware platform. The Solaris operating environment now offers support for the PCMCIA PC Card. The PC card standard defines a 68-pin interface between a credit-card sized peripheral and the PC card socket in the computer. It also defines a software architecture to enable the computer’s operating system to configure and control the PC card peripheral dynamically, upon insertion. IV Features of Solaris Networking Networking is fundamental to workgroup , enterprises, and Internet computing .Local area networks(LANs) and wide-area networks(WANs) enable distributed information resources---the integration of existing resources in a heterogeneous computing environment, distributed applications based on a true client-server computing model and support for electronic commerce using the Internet. 11 Networking for Enterprises Solaris represents more than a decade of engineering by a leader in open distributed computing software. It is the most powerful and flexible operating environment available for SPARC, X86 and Java platforms. Designed to support enterprise computing , Solaris combines a powerful desktop or a network computer with high performance server capabilities and the world’s most powerful networked computing environment that gives users access to any resource---without having to know where it is, or what type of machine it runs on—no matter how large or dispersed the network. Solaris Networking is based on Open Network Computing (ONC TM) technology. ONC+TM is a TCP/IP-based set of services, facilities and APIs that includes NFS. ONC+ includes file and printer sharing , data exchange, remote procedure call (RPC), and distributed naming services. The ONC+ family of protocols and distributed services is independent of transports, operating systems, and computer architectures, making it the ideal solution for heterogeneous networks. ONC+ provides: Wide-area file sharing via NFS Automatically remote file location and transparent network data access Wide-area printer sharing Centralized administrative repository Secure, high performance , extensible networking naming/directory service Remote window graphics and character access through Internet protocols Remote system access with heterogeneous data exchange Networking for Web 12 The Solaris operating environment is the intranet and Internet leader, and a powerful and a reliable platform for providing the WebTone and enabling electronic commerce. The Solaris software is the premier operating environment for building a robust web-based network infrastructure. As companies move toward using the Web both internally and externally, powerful Solaris features such as WebNFSTM, that provide speedy access to web file, become crucial. WebNFS software makes file systems accessible through the web using the NFS protocol. This protocol is very reliable and provides greater throughput under a heavy load. Also, files can be made publicly accessible without the overhead associated with an anonymous ftp site. The Solaris operating environment offers web server performance enhancements that improve the speed of response to user requests, increase the number of users able to connect to a single server, and thereby reduce client administration costs. Network Protocols (TCP/IP) Transmission Control Protocol/Internet Protocol (TCP/IP) is the industry’s most widely used network transport protocol. Solaris networking is based on TCP/IP (the protocol used for the Internet , and the most proven “transport stack” in existence), providing the widest connectivity, the greatest scalability, and the lowest costs of any networking solution in the world. Network File System (NFS) The Network File System (NFS) is an industry standard distributed file system that provides transparent access to remote files and directories across the network. Because NFS protocols have been widely adopted in the 13 industry, users can access files on PCs, workstations, minicomputers and mainframes, independent of the underlying operations systems being run. Applications running on client systems may periodically write data to a file, changing its contents. The amount of time an application waits for its data to be written to stable storage on the server is a measurement of the write throughput of a distributed file system. Write throughput is therefore an important aspect of performance. All distributed file systems including NFS must ensure that data is safely written to the destination file while at the same time minimizing the impact of server latency on write throughput. The Solaris environment supports NFS version 3 which adds protocol enhancements to improve performance and reduce server load. In conjunction with NIS+(Network Information Service) , Auto FS, CacheFS and several other services, NFS provides the user with automatic data location, navigation, and data access over wide area networks. Auto FS makes remote file systems accessible automatically and transparently to the user. Cache FS helps speed file system performance These features all contribute to make the distribution and remote access of data fast and efficient, helping users productive. There are many types of threats to NFS security. For example, someone may compromise a system by impersonating another user in order to look at sensitive information or worse, destroy data. In another scenario, someone might send forged requests to an NFS server to access or damage file information. It is also possible to utilize a network "snoop" to watch parts of files being transferred and illegally gain access to data. NFS can be implemented to utilize a variety of security services The following three 14 services are the security services provided by Solaris and utilized by NFS help protect against unwanted intrusions.: Authentication Services Authorization Services Secure File Data Exchange Network Information Service Plus(NIS+) Network Information Service Plus(NIS+) is a secure, high-performance, distributed data repository for network and system management information. It is a secure and robust repository of information about networks resources, such as users, servers, and printers, that enables efficient administration of multivendor enterprise client-server networks. Administrative tasks, such as addition, removal, or reassignment of systems and users, are facilitated through efficient modification of information in NIS+. NIS+ simplifies administration of small networks and can seamlessly scale to manage enterprise-wide networks containing tens of thousands of systems and users. As organizations grow and decentralize NIS+ continues to provide administrative efficiency. Distributed Computing Environment(DCE) Comparable to ONC+, OSF’s Distributed Computing Environment (DCE) is a specification for an advanced set of TCP/IP-based heterogeneous networking and middleware services. DCE provides alternative “middleware” for interoperability and distributed computing , however DCE services have yet to be deployed in large volume. ONC+, by comparison, is widely deployed (more than 4 million nodes) and provides unrivalled heterogeneous data access, coming very close to fulfilling the promise of 15 DCE, here and now. For users with DCE requirements, Solaris supports an optional DCE product family in addition to ONC+. Solaris Federal Services Solaris Federal Services is a set of interface and infrastructure that hide many of the low-level networking interfaces from users and applications developers. This having to learn the details of various network services— lowering the cost and simplifying the deployment of applications that need to function in a heterogeneous environment. Solaris includes X/Open Federal Naming (XFN)—an enterprise directory name service that provides access to and federation among multiple naming services such as Distributed Computing Environment (DCE), ONC+, and Internet Domain Names Service (DNS). Optional Networking Protocols The Solaris software environment supports a number of optional networking protocols. Among these are the Point to Point Protocol(PPP) that allows Internet access and ONC+ services over modems and serial lines through the public telephone network or ISDN. This allows easy, inexpensive integration into an enterprise backbone net. It also enables mobile computing from laptops or portable systems. This is particularly useful for remote sites, such as small branch offices, field sites, or other remote locations without access to dedicated network connection capabilities. Solaris also supports optional X.25 , which allows the use of high-performance public network to support “private” company networks. Solaris Protection 16 Solaris protects a corporation’s investment in hardware, software, and human resources by providing interoperability with legacy systems, a firm commitment to binary compatibility for application migration, and support for standard for future compatibility. Open systems and standards have always been important to Sun. Standards remain the foundation of Solaris software ,and Sun participates in standards organizations including POSIX, X/Open, OSF, and OMG, driving the development of many of the standards prevalent today. Adherence to standards means that customers can avoid being locked into proprietary systems with their inherently limited choices and higher costs. Standards also mean greater application choices, ensuring compatibility between Solaris releases, interoperability with other computing environments, and enabling access to environments where adherence to standards , such as federal security guidelines, are required Consistency with other SVR4 implementations, compatibility between releases of Solaris 2.x, and interoperability across SPARC platforms are assured through compliance with System V Interface Definition(SVID3), the System V Release4 Applications Binary Interface(SVR4 ABI), and the SPARC Compliance Definition(SCD2.0). Among the standards the Solaris operating environment supports are: Interface Standards X/Open, X/Open’s UNIX 95(Spec1170), X/Open XFN CAE, XPG3, XPG4, and XPG4.2, Federated Naming(XFN), and IEEE POSIX.1, .1B, .1C, AND POSIX.2(Portable OS Interface), POSIX1003.1b EPA Energy Star Compliance 17 The SunLinkTM product families provides optional connectivity support for mainframes, minicomputers, and other computing environments. Connectivity solutions are available for TCP/IP, SNA, NetWare, DECnet, NFS, FDDI, HIPPI, ISDN, and X.400, and many others. This capabilities help extend the life of legacy systems by allowing data to be off-loaded to Solaris systems. It also permits the migration of data from centralized, expensive mainframe systems to more cost-effective Solarisbased platforms. Productivity of individuals and groups : The productivity of individuals and groups within the enterprise has a significant impact on the bottom line. By reengineering their business processes through the use of new technology and applications, corporation can take time and cost out of the business cycle. By writing programs to standardized interfaces, developers decrease porting time and their cost in supporting multiple platforms. This approach allows software to work seamlessly across platform, thus broadening availability. If developed to APIs, products will provide the same features set and graphical interface on a variety of systems, preserving the investment in training while increasing application interoperability and productivity. CDE is one technology that unifies and provides a standard interface set. The Solaris Common Desktop Environment(CDE) is Sun’s implementation of the Motif-based industry standard desktop environment. With Solaris CDE , mission-critical client-server applications and information are easily accessible across the enterprise . Solaris CDE provides interoperability and consistency across popular enterprise hardware platforms and operating systems. It is compatible with 18 industry standards such as Motif, X11R6, MIME and IMAP4. The Solaris CDE Desktop includes productivity tools such as MIME-compatible email , workgroup calendaring , an image viewer, and file and print managers for individual users. Solaris CDE also provides a front panel for managing and launching applications , a style manager for personalizing the look of the desktop , a workspace manager that lets the users create multiple virtual desktops, and desktops tools such as Calendar Manager, File Manager, Mailtool, and Print Tool, which enable users to access people, information and applications distributed across the environment . Application developers can create custom distributed applications under CDE by using a set of development tools such as CDE Application Builder, a visual programming environment for building CDE applications. Solaris also includes OpenWindows , to give users a smooth transition to the power of the Solaris CDE applications. OpenWindows users will now find moving to CDE as simple as bring up a new desktop, as all OpenWindows appications run unmodified on Solaris CDE. CDE and OpenWindows support interoperability between them, and across CDE , OpenWindows , Motif, and OpenStepTM applications. Sun’s ToolTalk messaging system supports this capability. Applications Data: Sun has traditionally led the competition in the number of applications available on their platforms. Solaris has a choice of more than 10,000 applications for SPARC-based systems , and over 1,100 applications available for the X86 platform. According to IDC, Solaris is number one in worldwide market share for relational database management servers. As 19 such, Solaris is the most popular system software for running Oracle TM , Sybase, and Informix applications. The Solaris operating environment is an obvious choice as the platform for large database applications like data warehousing. Its support for very large, distributed data sets, its strong foundation for client-server application over heterogeneous networks, and its multiprocessing capability make it a natural in this area. Sun’s strong commitment to binary compatibility across versions of the Solaris operating environment and source compatibility across hardware platform means that application development efforts will retain their value over time. Support language As the world economy becomes more integrated, users require software compatibility across multicultural and multilingual barriers. They want to be able to run applications using their own language and local conventions for time and monetary display, menu selections , and error messages. Users in Tokyo want a Japanese language software interface, while users in Paris want one in French. A large corporation with headquarters offices in Tokyo and branch operations in New and Paris may require a mixture of English , Japanese and French software environment with, perhaps , multiple languages supported at a single site. The Solaris software environment is ideally suited for these needs and provides full support for five European languages(French, German, Italian, Swedish, and Spanish), and four Asian languages(Japanese, Simplified Chinese, Traditional Chinese, and Korean). Localization content includes all installation and configuration interfaces, the end user desktop environment , and documentation. 20 At installation, users select the language and locale they wish to run in. Locale control such features as how dates and time are displayed on the desktop and which monetary formats to use. In the Solaris environment , new locale support has been added for Austria, Estonia, Czech, Hungary, Poland, Latvia, Lithuania, , Russia, Greece, and Turkey, in addition to all the locales that have been supported in previous releases of the Solaris operating environment. These new locales are packaged with all localized versions of the Solaris operating environment, including English. Support for character sets, fonts, and data encoding has been provided in each locale, making it easy for developers to write localized applications. More importantly, applications written in the new locales can be developed and deployed using the English version of Solaris. No localized software is required. Greek and Russian locales are based on non-Latin scripts and will require an optional keyboard for next input . Two additional locales have been added that are Unicode2.0 compliant (en_US.utf-8 and ko.utf-8) and conform to the ISO 10646 standard, which defines Unicode. These locales enable multiscript input and output and are the first such locales provided in the Solaris environment with this capability. The Unicode locales support the CDE environment only, including the Mot if and CDE libraries. Solaris has been restructured to remove the historical dependency on the Extended UNIX Codeset (EUC) allowing for aditional codeset support for popular Asian PC encoding standards –PCKanji(ShiftJIS) in Japan and Big5 in PRC, and the Unicode locales. Enterprise with global computing requirements need a unified system architecture that can support global networks without incompatibilities 21 created by localized versions of software. Not only do they require unified system administration models and policies, but they also need to be able to develop internal applications that operate without modification across all of their operations. Solaris operating environment delivers on this requirement . Developers can create applications that are easily localized and deployed globally. The internationalization framework in the Solaris environment allows developers to create a single application binary that will run correctly in English or localized environments Network Management Today’s enterprise computing environment consists of a myriad of hardware and software products, architectures , and applications. Evolving over time to address the tactical needs of an organization more than the strategic ones, enterprise computing environment become part of the overall fabric of how business gets done. Heterogeneous , i.e. , multivendor and multiplatform , environments are a reality in today’s world, and the fundamental key to making them work successfully lies with system and network management . Managing multivendor , networked environments with mission-critical applications and access-control constraints is a requirement in most corporations. System performance must be monitored to ensure adequate response time, and faults must be detected and corrected with as little disruption as possible. Storage management is needed to ensure the reliability and recoverability of corporate data. Software must be installed on end-user systems, and its distribution must be controlled and accounted for Job scheduling and load balancing for servers, security policy implementaton, asset management , usage accounting , Help Desk, and other 22 support services are all functions a large enterprise computing operation must incorporate into their systems and network management functions. Solaris and Solstice provide an overall framework for managing all these elements in a coherent , unified way. Sun has developed the industry’s first set of integrated system and network management products to scale and manage large heterogeneous networks. This product family is based on a framework of comprehensive , core functionality and products from Sun, supplemented with best-of –class solutions from industry partners, integrated in the SolsticeTM framework. Sun tests and certifies key partner applications that are part of this framework. The product families delivered by Sun to scale and manage large heterogeneous networks includes the following as well as others which is not mentioned here(such as ,Bandwidth Management for IP Networks with Sun Bandwidth Allocator 1.0, Solstice Site Manager and Solstice Domain Manager 2.3,etc.): Solaris™ Bandwidth Manager 1.5 is responsible for Bandwidth Management for IP Networks. Solaris Bandwidth Manager is a software product that controls the bandwidth allocated to particular applications, users, and organizations sharing the same intranet or Internet link. Solstice AutoClient is a software provided by Sun due to the System administrators in today's enterprise that are challenged to optimize both desktop and network resources in a distributed computing environment. Ideally, each desktop would perform as if it had instant access to the resources of the network and no service would ever be impacted by bottlenecks in the shared servers or network. 23 Solstice Backup 5.1 product family, Solstice Enterprise Manager (SEM), Solstice Network Client product set are also those product family from Sun, due to the length limitation of this paper, they won’t be talked about in detail. Developing , Deploying and Managing a Network Sun has solutions for all aspects of the client-server and Internet models of computing. Providing seamless access to files on the local disk or on a remote server is made possible with AutoFS. It improves performance and eliminates the need for symbolic links that were required in earlier versions, and facilitates efficient storage strategies that enhance sharing of data on the network. The ability to cache one file system on another is handled by CacheFS, a layered file system. It is a general purpose file system caching mechanism built into Solaris that improves NFS server performance and scalability. In an NFS environment , CacheFS increases the client-server ratio, reduces server and network loads, and improves performance for clients. Using JumpStart, system administrators can perform quick, customized, network-based installation of Solaris software and other Sun products. JumpStart automatically installs system software from stored configuration parameters, and supports the creation of customized sites profiles that can be used for standardized hardware configurations. After unpacking and setting up the hardware , the user simply powers up the 24 system and JumpStart automatically installs and configures Solaris after asking a few questions. System Administration can use Solstice AdminSuite to perform user, group, host, port and printer administration tasks, and NIS+, database, policy, classing, and topology management . AdminSuite also includes software management functions such as automatic OS installation, software distribution and license management , version control, and application management . SolarNetTMPC-Admin handles similar functions for PC networks. Improved data availability , storage system performance , and ease of administration is available with Soltice DiskSuiteTM. It utilizes a logging file system for faster reboots and increased NFS/database performance, disk mirroring for transparent handling of disk failures, disk striping to enhance I/O performance , and logical volume management to allow easy, flexible file system growth. Automated , online, verified, heterogeneous network backup capability and simplified system administration is available through Solstice BackupTM. It allows administrators to safely back up data across multiple cartridges and drives while users continue to work without interruption. Users can be back online within minutes of a hardware failures using Solstice AutoClientTM, a unique, layered, management product. The desktop’s disk is used as a cache for the operating system and applications that resides on a server, eliminating the need for local desktop installation, backup, and software management without the performance drawbacks of diskless configurations. This cuts administrative costs by centralizing the management of disks and data. 25 Sun’s Full Moon Clusters is key to delivering the reliability of the WebTon. A cluster is a number of systems(nodes) connected together as if they were one. Clusters provide a continuous WebTone by permitting applications and services to transparently move from one system to in the cluster to another if failures occur-with no interruption of service. Full Moon clusters ensure that there is no single point of failure anywhere in the cluster. Each component , whether hardware or software , is redundant in a way that ensures a smooth transition of service. Today Full Moon Cluster supports the following Highly Available(HA) applications in well integrated , tested, off-the -shelf package: Oracle, Informix, Sybase, NFS, DNS, and Internet services. Other strategic Highly Available services will appear in future releases. Network fault and performance management is handled by a series of Sun products that use the Simple Network Management Protocol (SNMP) services to monitor the state of network devices and traffic, notifying the network administrator when network faults occur. Network management products can be set up to watch for a variety of types of events, and to gather statistics on network performance so that potential problems with network performance can be detected and corrected proactively. SunNet ManagerTM is the industry’s leading network management platform, and is the basis for Sun’s network management offerings. Solstice Enterprise ManagerTM is a complementary product that provides the cooperative management among multiple operators needed for larger, more complex networks. Cooperative ConsolesTMties together department management consoles , enabling enterprise-wide management of a large network. 26 V. Features of Security. Security is a major concern for distributed computing environments. As the spread of hardware and software system components increase, individual system vulnerability also grows. Security breaches can be intentional or accidental. Intentional violations can occur through eavesdropping, impersonation, or data manipulation. The Solaris operating environment provides a sophisticated security system that controls the way user access the files, protect system databases, and use system resources. Solaris security system is network-wide security , providing security over several different systems, not just one. The Solaris security system is designed to accommodate different security models, giving users the flexibility to choose the model that best fits their needs now and in the future. Here are a number of new features that add to the Solaris security system in the areas of access control, encryption, and authentication. Solaris security features includes four types of protection: Login access control is used to validate the identify of users trying to log in to the system, this type of protection guards against impersonation. System resource access control and user accountability restricts access within the system to resources and data. This is an area where accidental breaches commonly occur. Secure client –server services, applications and utilities help protect against eavesdropping –type violations. This type of protection includes 27 the basic ability to control access to services such as rlogin, telnet, ftp, and other remotely-accessible services. Network access control protects against incursions from outside the system, such as over the Internet. This type of security is implemented in optional security product such as Solstice Firewall-1TM and SunScreen TM SPF-100. Solaris security gives users transparent access to enterprise-wide resources and provides administrator with the tools they need to protect their network from security breaches. SVID (System V Interface Definition) compliant access control enhancements make Solaris systems more resistant to penetration by unauthorized users and enable customers to implement advanced password management policies, like encryption, aging, and automatic expiration, for files and system resources. There are four Solaris security “Parimeters”, they are: Login Access Control System Resource Access Control User Accountability(auditing) Secure client-server Services, Applications, and Utilities Network Access Control Foundation Technology for Secure Services Before a user on a client system is given access to a server's resources, the server must be sure that the user is acknowledged to have "rightful" access to the server and it's resources. Therefore, in this scenario the server must be able to: 1.Check a user's identity over the network. This function is provided by an authentication service and also usually includes services listed in #3 below. 28 2.Make sure the user is authorized to access the resources (s)he is attempting to access once (s)he has been properly authenticated. This is provided by an authorization service. 3.Maintain the privacy and integrity of the information being exchanged over the network. These are referred to as privacy and integrity services respectively. ONC+ Federated Security Through ONC+ Federated Security, Solaris supports a suite of popular authentication technologies, including UNIX , Diffie-Hellman, and Kerberos4.0 for Secure RPC and Secure NFS. The NIS+ name service also has powerful authentication and authorization capabilities, including secure password updates and ageing. Higher levels of security may be heeded for networks that are involved in transactions across public IP networks, such as World Wide Web publishing or commercial transactions over the Internet. For these networks, sophisticated security solutions are available through several optional products. Firewall-1 and SunScreen SPF-100 Solstice Firewall-1 provides a TCP/IP firewall that protects the network from outside access using an advanced packet-screening technology. Firewall –1 flags suspicious communications and access attempts based on security policy defined by the system administrator. Firewall-1 provides adequate security for the basic security needs of many corporations. 29 SunScreen SPF-100 is a highly sophisticated hardware/software network security solution targeted at customers with complex, commercial networks. Such customers include telecommunications companies, financial institutions, health care organizations, and the government . SunScreen is an appropriate security solution for users who need to transact business between a trusted IP network and other trusted users or networks that are accessible only by crossing public IP networks, such as the Internet. SunScreen includes firewall features supplemented by authentication and message encryption/decryption using public key cryptography. In addition, SunScreen is transparent to the network, rendering it more difficult to detect and compromise—SunScreen SPF-100 interfaces only to qualified administration Station using an encrypted link, making it very difficult to probe or modify the operating environment . Security Standards Solaris supports important security standards set forth by the Department of Defense, POSIX, and the Internet community. For example: Solaris meets the criteria set forth by the Department of Defense Orange Book for level C2 computer security systems. Solaris 2.4SE has E2/F-C2 Certification from ITSEC. Solaris 2.6 E3/F-C2 ITSEC and C2 TCSEC certifications are in progress. Solaris UFS and NFS Version 2 and Version 3 all support the POSIX 1003.6 specification for Access Control Lists (ACLs). Internet RFC 1508, GSSAPI, is currently under development Compartmented Mode Workstation (CMW-B1) support also known as "Trusted Solaris" is currently under development for Solaris 2.X 30 In the future Solaris will continue to encompass new and emerging security standards in response to customer requirements. Solaris - The Solution of Choice for the Secure Distributed Environment There is no doubt that sophisticated security solutions are necessary in today's distributed network environment. Solaris arms corporations with tools for securing sensitive corporate data from intruders with its four levels of security: System Access Control, Resource Access Control, Secure Distributed Services, and Physical Network Protection. It adheres to the highest security standards set forth by organizations such as the Department of Defense and POSIX as well as providing the latest technology for secure public network access with unbundled products like Solstice FireWall-1 and Solstice SunScreen. A plethora of third party products complement what is available from Sun. Finally, Solaris provides flexibility with an array of choices to fulfill a wide variety of corporate needs with the ability to grow to meet tomorrow's security challenges. VI Summary The Solaris operating environment is the industry’s most powerful and versatile UNIX operating environment. Together , the functionally identical Solaris implementations for SPARC and x86 platforms deliver transparent interoperability across CISC and RISC platforms—something no other operating environment can do. 31 The Solaris operating environment provides a true multithreaded , multiprocessing –capable kernel, together with open systems-based standards for connectivity and interoperability, distributed computing services, world-class administration and software development tools, a large number of third-party applications, and Microsoft Windows application support. Since Solaris is scalable from desktops to supercomputers, customers can configure heterogeneous enterprise networks and expand them easily as their computing needs evolve. By making Solaris the basis of enterprise , Internet, and intranet computing , organizations achieve tremendous competitive and efficiency benefits. As companies position themselves to make effective use of their strategic computer-based information assets, Solaris further enables them to link their enterprise with both their suppliers and their customers and at the same time as they allow information to flow between all three, to retain control of what information is available to whom and to maintain the integrity of company confidential information. Solaris operating environment represents the gateway to the future of networked enterprise computing. Only Solaris supplies the full range of services needed to meet the needs of Internet, intranet, and enterprise computing. 32 References 1. The Ultra 1 Architecture Whitepaper, Sun Microsystems Computer Company, 1995. 2. The Ultra 2 Architecture Whitepaper, Sun Microsystems Computer Company, 1995. 3. Solaris Open Windows: Open Windows V3 Collection:Release Reports and Whitepapers, Part Number 91021-0, Sun Soft, Inc. 4. Solaris XGL 3.1 Programmer’s Manual, Sun Soft, 1994. 5. Solaris XIL 1.1 Imaging Library Programmers Guide, Sun Soft, Inc. 6. Open Windows 3.1 User’s Guide, Sun Soft, 1995. 7. SPARC station 20SX Whitepaper , Sun Microsystems Computer Company, 1994. 8. SPARCstation 5ZX and SPARC station 20 TurboZX Graphics. Technology Whitepaper, Sun Microsystems Computer Company, 1994. 33