Print-friendly Version

Previewing the Solaris 10 OS with Sun's Software Express Program

By Amy Rich

If you've ever wanted to get a jump on new Sun software technology, the Software Express program is for you. Sun introduced the Software Express program to provide customers with prerelease software on a regularly scheduled basis. One of the products currently available for download under the Software Express program is the next version of the Solaris Operating System, hereafter referred to as Solaris Express, for both SPARC and x86 platforms. This is especially useful for software developers who must port their applications to Solaris Express and for system administrators who support such environments. The Software Express program is also beneficial to early adopters who wish to examine and test system functionality and new features.

How the Program Works

The Solaris program provides free (for non-commercial use) ISO images of the latest work-in-progress code from the Sun development team each month. To obtain the ISO images, you must have an existing Solaris license and register for a Software Express for Solaris account. If you don't also have an existing Sun Download Center account, you will be asked to create one before you can retrieve the software. Once you acquire the ISO images, you can burn them to CD-ROM by following the instructions on the download page just like any release version of Solaris. Use the CD-ROM to install on machines locally or install a JumpStart image on a JumpStart server and install on machines using the network.

Sun provides the opportunity to purchase Software Express for Solaris Commercial Use for production use; a subscription costs $99.00 per year. This subscription adds several important features to the free program, the most obvious being the ability to use the prerelease versions of the Solaris OS for commercial purposes. In addition, you receive 90 days of online support for each software release and access to the community web site for one year. The web site includes additional documentation and features in upcoming releases, and it also allows you to submit bug reports and feedback.

Using the Community Web Site

If you opt to purchase the one-year subscription, you can register for an account on the Software Express Community Web Site. The main web page is split into three basic categories, Info & Updates, Provide Feedback, and the Issue Tracker. The product information section lists all items regarding the project including new releases of the software, access to OS documentation, white papers, invitations to meet and dine with the architects, and lists of bugs reported by customers. The program information section allows you to track your own bugs and suggestions and lists any outstanding to-do items or evaluations.

The feedback section allows you to submit bug reports or suggestions to the development team. If you opt to submit a bug report, you can set the category, severity, and priority, and you can provide a summary of the bug and any possible workarounds. If a bug report is accepted, it's assigned a Bug Id and is reported to the community during the next scheduled software release. The issue tracking section allows you to search through your own feedback by issue type, number, and matching text. There is no way to search the live database for other people's feedback, however, if you're trying to research a specific bug or feature. Instead, a summary of open and closed bugs is posted under the product information section of the web site with each new release as already mentioned.

What's New in Solaris Express

Installation

• The Solaris Web Start command-line interface has been replaced with suninstall to improve usability.
• Installation can now be performed securely, using an encrypted flash image and/or digital certificates, over a WAN via HTTP. Additional information about this topic is available in the Installation Guide.
• Instead of splitting software into separate 64- and 32-bit packages, packages now contain binaries for both. This simplified packaging structure allows the administrator to pick the correct software by name and not worry about whether 64- or 32-bit package(s) require installation. Also, since fewer packages are required, installation time is reduced. The new package-naming convention removes the trailing x from the name of 64-bit-only packages and, where both 32- and 64-bit versions of a package existed, consolidates them under the 32-bit package name.
• A new Reduced Networking Software Group base cluster, SUNWCrnet, creates a more secure system at install time by disabling many network services. SUNWCrnet provides system administration tools and a text-based console by default, but can be customized during installation to include other software packages and activate network services on an as-needed basis.
• Installation now supports LDAPv2 profiles, enabling the configuration of a system to use a proxy credential level. You can preconfigure LDAP before installation by using the proxy_dn and proxy_password keywords in the sysidcfg file.
• A custom JumpStart installation enables the creation of RAID-1 volumes (mirrors) with the filesys keyword mirror. You can then assign a slice to attach to the newly created mirror. The filesys keyword also accepts the new value of metadb to specify where state databases should reside.
• Multiple network interfaces can now be configured interactively at installation time or preconfigured with sysidcfg.

Upgrades

• Solaris Express introduces Live Upgrade 2.1 which contains two important new features. Live Upgrade uses Solaris Volume Manager to create a duplicate boot environment that contains file systems with mirrors. With the enhanced lucreate command, file systems may contain up to three submirrors. The enhanced lucreate command also allows for the exclusion of files and directories that would normally be copied from the original environment. When excluding a directory, specified files and subdirectories under that directory may be explicitly added back in.
• When performing a custom JumpStart, you can create an empty boot environment in preparation for later installation of a Flash archive.
• Solaris Flash can now update a clone with minor changes using a differential archive. This installation is restricted to clones that contain software consistent with the master. Create a differential archive that contains only the differences between two images, the original master image and an updated master image. Then use a custom JumpStart install or use Live Upgrade to install a differential archive on a duplicate boot environment. Updating a clone system with a differential archive changes only the files that are specified in the differential archive.
• Solaris Flash archives now allow for special scripts to be run for configuration of the master or clone or validation of the archive.
• Like the lucreate command from the new Live Upgrade, the flarcreate command for creating Flash archives can now exclude multiple files and directories and explicitly add files and subdirectories of a deleted directory back into the archive.
• A command-line interface to the Solaris Product Registry has been added to the prodreg command. The command-line portion accepts the commands browse, info, unregister, and uninstall.
• The pkgadd and patchadd commands now directly support signed packages and patches without the PatchPro software. The pkgtrans command also allows package creators to add their own signatures.

System and Network Performance

• Solaris Express has a redesigned network stack to improve scalability and performance.
• Solaris Express includes increased IPv6 support. /etc/nsswitch.conf file policies for the hosts and ipnodes databases are included when IPv6 is enabled during installation. To avoid connection timeouts, IPv4 addresses for remote IPv6 capable hosts will be used if no IPv6 routes serve that host. IPv6 networks can also transfer packets over Internet Protocol Version 4 (IPv4) networks now by configuring a router to support a 6to4 tunnel.
• The new IPQoS feature allows administrators to set up SLAs that provide different levels of network service to customers and to critical applications. The IPQoS user selector supplements the uid selector, enabling the administrator to supply a user name or UID as criteria in a filter rule in the ipqosconf file. For more information about IPQoS, see the IPQoS Administration Guide and the ipqosconf(1M) man page.
• Solaris Express now supports RIPv2, which includes the CIDR and VLSM extensions to RIPv1. RIPv2 supports multicast, unicast, and broadcast, and in.routed includes ICMP router discovery.
• New project and process-based resource controls (rctls) have been added to control how applications use system resources. Since IPC facilities are now controlled by rctls, the configuration can be modified while running instead of having to edit /etc/system and reboot. Increased defaults and automatic tuning of many IPC facilities also mean that many resource-intensive applications that previously required specific kernel tuning will no longer require it. More information about resource controls and obsolete kernel parameters can be found in the System V IPC Resource Controls document.

File System and Device Support

• Solaris Express supports NFSv4 as defined in RFC 3530, integrating file access, file locking, and mount protocols into a unified protocol to ease traversal through a firewall and improve security. The Solaris implementation of NFSv4 is also integrated with Kerberos V5 and includes delegation, a technique by which the server can delegate the management of a file to a client. For more information on NFSv4, refer to "Accessing Network File Systems (Reference)" in the docs.sun.com book System Administration Guide: Network Services.
• Improvements to the NFS client occurred as well. The new client allows concurrent reads and writes to a single file. It also bases the wire transfer sizes on the underlying transport so that TCP transfers are now 1 Mbyte instead of using the UDP 32 Kbyte limitation. If configured to do so, it also uses one reserved UDP port instead of a separate port for each transaction, increasing security.
• Multi-terabyte file systems, up to 16 Tbyte, are now supported under UFS, Solaris Volume Manager, and VERITAS's VxVM on machines running a 64-bit kernel. Solaris cannot boot from a file system greater than 1 Tbyte, and the fssnap command is not currently able to create a snapshot of a multi-terabyte file system. Individual files are limited to 1 Tbyte, and the maximum number of files per terabyte on a UFS file system is 1 million.
• The Extensible Firmware Interface (EFI) disk label, compatible with the UFS file system, allows for physical disks exceeding 1 Tbyte in size. For more information on the EFI disk label, see System Administration Guide: Basic Administration on docs.sun.com.
• Solaris has improved UFS logging, making logged file systems faster than non-logged file systems. UFS logging is enabled by default on UFS file systems over 1 Tbyte.
• The new metassist command allows for the top-down creation of functional Solaris Volume Manager logical volumes without the need to partition disks and create stripes and mirrors by hand. The volumes can be created from the command line or by reading information from a configuration file.
• Solaris Express has moved to using the devfs file system for device management. Devices are still accessed via the symbolic links in /dev, but operations in the /devices directory result in attaching or detaching devices as needed. This increases system boot performance since only device entries required to boot the system are attached.
• USB 2.0 support enables 480-Mbit/sec bus speed for a variety of USB 2.0-capable devices. USB 2.0 PCI cards still support the older USB 1.1 devices, but they continue to run at lower speeds. Solaris provides a new generic USB driver that allows manipulation through standard UNIX system calls.
• The SCSI disk driver now supports SCSI logical unit resets so that one logical unit may be reset without affecting other logical units on that SCSI device.

Security

• Solaris Express now supports the Simple Authentication and Security Layer (SASL), providing developers with a common interface for adding authentication, data integrity checking, and encryption to connection-based protocols.
• The LDAP commands ldapdelete, ldapmodify, ldapadd, ldapsearch, and ldapmodrdn now have full SSL support and extended support for SASL. Search results are also now shown in LDIF format by default, but the old format can still be viewed by supplying the -r flag.
• Password security enhancements for pam_ldap cover aging and expiration, prevent trivial or past passwords, warn users of imminent expiration, lock out users after repeated failures, and prevent users other than the sysadmin from deactivating initialized accounts.
• The Pluggable Authentication Module (PAM) framework also includes enhancements and changes for pam_unix, pam_unix_auth, and pam_krb.
• Kerberos has been updated, and support is now provided in remote applications such as ftp, rcp, rdist, rlogin, rsh, and telnet.
• The crypt() function has been enhanced to accommodate blowfish and two versions of md5.
• Local password files now support password history checking of up to 26 previous entries.
• The new cryptographic framework allows the administrator to control which encryption algorithms can be used through the cryptoadm command. This framework comes with plugins for the AES, DES/3DES, RC4, MD5, SHA-1, DSA, RSA, and Diffie-Hellman algorithms. These plugins can be added or removed as needed.
• IPsec now uses the Solaris cryptographic framework instead of its own internal encryption and authentication modules.
• The Basic Audit and Reporting Tool (BART) is a new command-line utility that allows you to check, at the file level, the software contents of a target system. BART also enables the comparison of installed systems, and the contents of one system over time.
• In addition to recording events to the binary audit log, events can now be recorded by syslog allowing the logging of events to a remote machine.
• Solaris Express is moving from always requiring superuser rights to a privilege-based model. The system now restricts processes to only those privileges that are required to perform the current task. This results in the vulnerability of fewer root processes and the reduction in the number of setuid root programs.

DTrace

The redesigned network stack and the tool DTrace are two of the biggest innovations in Solaris Express. DTrace is a comprehensive dynamic tracing facility that allows close scrutiny and debugging of kernel and user processes. DTrace enables the placement of probes, finely tuned sensors that can be deployed to observe and record data of interest. Each probe can be associated with custom programs written in the new D programming language. This enables you to access system data by using ANSI C types and expressions and easily capture stack traces, record timestamps, build histograms, and more. DTrace is a complex and flexible framework with quite a lot of documentation. For in-depth information about this tool, read the DTrace reference material available on BigAdmin.

Resources

• Register for Software Express for Solaris Program
• Download Solaris Express Software
• The Solaris Express documentation collection (requires the password provided with a Software Express for Solaris Commercial Use subscription)
• The DTrace guide on BigAdmin

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.