Archives By Date

NOTE TO OUR READERS:

This archive page is being superseded by the new Sun BluePrints Wiki page. Articles posted after February 2008 are not reflected here. Please refer to the new site: http://wikis.sun.com/display/BluePrints

NOTE TO OUR READERS:

Sun BluePrints OnLine articles are maintained in this archive for the benefit and historical reference of our readers. Details of the recommendations set forth in these articles may not reflect Sun's latest hardware and software releases. Caution, careful analysis and common sense should be exercised when applying these Sun BluePrints articles to newer products and software releases.

• Optimize MySQL Server on Sun x64 Servers and Storage
  - by Luojia Chen

  With the addition of MySQL to its software portfolio, Sun now offers an integrated LAMP (Linux, Apache, MySQL, Perl) or SAMP (Solaris Operating System, Apache, MySQL, Perl) software stack that runs on the entire range of Sun's x64 servers and storage systems. Together, these hardware and software components give enterprises the ability to deploy on open, scalable platforms with low total cost of ownership. This Sun BluePrints article provides an overview of the integrated Sun platform, outlines the steps for optimizing MySQL Server on Sun x64 servers, and describes benchmark results for solutions with Sun Fire X4100 servers.

• Cryptographic Solutions for Financial Services: Using the Sun Crypto Accelerator 6000 Card
  - by Serge Nadon and Joel Weise

  The Sun Crypto Accelerator 6000 PCI-E card (SCA 6000 card) is a combined cryptographic accelerator and Hardware Security Module (HSM) that can be used to accelerate Secure Sockets Layer (SSL) and IPSec sessions, as well as perform arious financial services related cryptographic functions. Qualified as a FIPS 140-2 level 3 device, the SCA 6000 card is designed to prevent the disclosure or corruption of cryptographic keying material, intermediate cryptographic results, or other sensitive data. A direct key loading interface is incorporated to enable the secure entry of keying material. Since sensitive keying material does not cross system, network, or application boundaries, potential avenues of interception and attack are eliminated.

  The security of a cryptographic device is dependent upon not only the anti-tamper circuitry and design of the device itself, but also the processes and procedures used to initialize the device, and perform key management and application level transactions. This Sun BluePrints article assumes a working knowledge of financial services and contemporary security issues, and discusses some control mechanisms. It describes some of the processes and procedures needed to make the SCA 6000 card available to an application performing financial services transactions such as PIN management and verification, and card verification.

• Balancing System Cost and Data Value With Sun StorageTek Tiered Storage Systems for Oracle Transaction Processing Applications
  - by Jeffrey T. Wright

  Tiered storage architectures reduce cost without affecting business operations by matching data resources with storage resources. Because Oracle databases control data placement through tablespaces and quantify data access requirements through accounting tools, storage architectures can be customized to an Oracle instance by correlating storage device configuration with the data from Oracle accounting tools. For transaction processing systems running on Fibre Channel disks, the most important design heuristic is the read response time for a given effective I/O rate. The engineering data presented in this Sun BluePrints article shows how to determine the most appropriate heuristic for Oracle transaction processing systems, and how to apply this heuristic to meet specific data access requirements.

• Tuning Symantec Brightmail AntiSpam on UltraSPARC T1 and T2 Processor-Powered Servers
  - by Alan Yoshida, Ramin Moazeni and Steve Gaede

  No email problem is more troublesome or visible than unsolicited bulk email, commonly known as spam. Spam can have a huge impact on employee productivity, and because it also can serve as a vehicle to deliver malicious content including viruses, worms, and phishing attacks, many organizations tackle the spam problem as a first step in implementing a comprehensive email security strategy. The combination of Symantec Brightmail AntiSpam (SBAS) software and the UltraSPARC T1 and T2 processors is particularly well suited to the demanding task of spam filtering: The UltraSPARC T1 and T2 processors are built to handle highly threaded, network throughput oriented applications, and Symantec Brightmail AntiSpam just such an application.

  This Sun BluePrints article provides background information on SBAS software and UltraSPARC T1 and T2 processor-powered servers, the configurations used for performance measurements, the challenges presented by benchmarking anti-spam software, and the actual steps used to tune the hardware/software combination to achieve the reported performance levels. This article was originally published in October 2006 and reflected performance on the Sun Fire / Sun SPARC Enterprise T2000 server. It has been updated to reflect more recent measurements comparing a Sun Fire / Sun SPARC Enterprise T1000 server to a Sun SPARC Enterprise T5120 server using virtually the same tuning parameters.

• Solaris Operating System Hardware Virtualization Product Architecture
  - by Chien-Hua Yen

  Although the concept of virtualization is not new, virtualization has recently become a well-accepted means to consolidate servers and reduce the costs of hardware acquisition, energy consumption, and space utilization. Server virtualization can be implemented at different levels on the computing stack, including the application level, operating system level, and hardware level. Hardware level virtualization allows a system to run multiple OS instances; with less sharing of system resources than OS level virtualization, hardware virtualization provides stronger isolation of operating environments. Hardware virtualization has become popular because of increasing CPU power and low utilization of CPU resources in the IT data center.

  This blueprint provides a comprehensive examination of hardware virtualization, particularly as it applies to Sun platforms. It explores the underlying hardware architecture and software implementation. Great emphasis has been placed on the CPU hardware architecture limitations for virtualizing CPU services and their software workarounds, with details on the software architecture for implementing three types of virtualization: CPU virtualization, Memory virtualization, and I/O virtualization. It examines three important implementations in detail: Sun xVM Server, Logical Domains, and VMware's relevant products, culminating in a comprehensive comparison of these important solution.

• Installing Microsoft Windows Server 2008 on Sun x64 Servers
  - by Todd Creamer, John Lindquist, Myka Maceraeg, William Schweickert

  Microsoft's next generation Windows Server operating system — Microsoft Windows Server 2008 – is scheduled for release in early 2008. Many organizations are currently running tests on pre-release versions of the software. This blueprint details the workarounds needed to install pre-release versions of Windows Server 2008 on Sun Fire and Sun Blade servers, including step-by-step details on where to get additional required software from Sun. This article is provided to assist in the evaluation of the pre-release version. Note that pre-release versions of software should not be deployed in production environments.

• Using the Cryptographic Accelerators in the UltraSPARC T1 and T2 Processors
  - by Ning Sun, Chi-Chang Lin

  This Sun BluePrints article demonstrates how the combination of the Solaris 10 Operating System and the UltraSPARC T1 and T2 processors can be used in a secure Web site. It provides a brief overview of SSL technology, as well as an introduction to the Solaris Cryptographic Framework. The remainder of the document describes how these cryptographic features can be configured and used by common security applications, such as Apache, the Sun Java System Web Server, and secure Java technology applications. An earlier version of this Sun BluePrints article detailed the cryptographic capabilities of the UltraSPARC T1 processor. This updated version includes discussions of the new cryptographic features of the UltraSPARC T2 processor.

• Energy Efficiency Strategies: Sun Server Virtualization Technology
  - by Jeff Savit

  Virtualization technology is a key to transforming an IT organization's server, storage, and network devices into a shared, global pool of resources. This can help reduce space, power, and cooling requirements while simultaneously helping make datacenters more flexible and agile. The two server virtualization technologies discussed in this Sun BluePrints article – Solaris Containers and Logical Domains – are of particular importance because of the low overhead they impose on the host server platform.

  Solaris Containers abstracts a single Solaris OS instance into multiple containers, giving the appearance of a dedicated OS instance to each container. Solaris Containers is an excellent virtualization technology when a number of applications can run on the same OS instance. Logical Domains are used to partition the server CPU and memory, abstracting the hardware itself to multiple guest operating systems. Logical Domains can be used to support multiple OS instances on the same server, and each Solaris OS instance can also support multiple containers. With the ability to use each of these technologies independently, or in conjunction, Sun customers have a powerful set of tools for server virtualization in their datacenters.

• Beginners Guide to LDoms: Understanding and Deploying Logical Domains for Logical Domains 1.0 Release
  -by Tony Shoumack

  This blueprint is intended to assist the reader in gaining an understanding of how to easily and effectively deploy Sun's Logical Domains, or LDoms, technology. It will help the reader determine how and where to use logical domains to the greatest effect using best practices. It discusses strategies for deploying logical domains on the Sun Fire T1000 and T2000 systems, the first systems to offer Logical Domain support, and the various best practices for these platforms. The guide works through step-by-step examples that include the commands to set up, deploy, and manage logical domains and looks at commonly asked questions and advanced techniques.

  This updates the original article, first published in February, 2007. In addition to additions and corrections, it reflects availability of the Logical Domains 1.0 release.

• Sun N1 Grid Engine Software and the Tokyo Institute of Technology Super Computer Grid
  -by Minoru Hamakawa

  One of the world's leading technical institutes, the Tokyo Institute of Technology (Tokyo Tech) created the fastest supercomputer in Asia, and one of the largest outside of the United States. Using Sun x64 servers and data servers deployed in a grid architecture, Tokyo Tech built a cost-effective, flexible supercomputer that meets the demands of compute- and data-intensive applications. Built in just 35 days, the TSUBAME grid includes hundreds of systems incorporating thousands of processor cores and terabytes of memory, and delivers 47.38 trillion1 floating-point operations per second (TeraFLOPS) of sustained LINPACK benchmark performance and 1.1 petabyte of storage to users running common off-the-shelf applications. Based on the deployment architecture, the grid is expected to reach 100 TeraFLOPS in the future. This Sun BluePrints article provides an overview of the Tokyo Tech grid, named TSUBAME. The third in a series of Sun BluePrints articles on the TSUBAME grid, this document provides an overview of the overall system architecture of the grid, as well as a detailed look at the configuration of the Sun N1 Grid Engine software that makes the grid accessible to users.

• Optimizing Oracle's Siebel Applications on Sun Fire Servers with CoolThreads Technology
  -by Khader Mohiuddin

  This Sun BluePrints article provides tuning and optimization knowledge and techniques for Oracle's Siebel 7.x eBusiness Application Suite on the Solaris platform. All the techniques discussed in this document are lessons learned from a series of performance tuning studies conducted under the auspices of the Siebel Platform Sizing and Performance Program (PSPP). The tests conducted under this program are based on real world scenarios derived from Oracle's Siebel customers, reflecting some of the most frequently used and critical components of the Oracle eBusiness Application Suite. Tips and best practices guidance based on the combined experience of Oracle and Sun is provided for field staff, benchmark engineers, system administrators, and customers interested in achieving optimal performance and scalability with Siebel on Sun installations.

• Patching Mirrored Systems with the Solaris Live Upgrade Software
  -by Jeff Smith

  Applying operating system patches is often time consuming and disruptive. In fact, most patching techniques require systems and disks to be taken offline for the patching process. The Solaris Live Upgrade software enables administrators to stage patches without impacting running systems, and minimize the actual downtime associated with patching to the time needed to reboot the system. This Sun BluePrints article discusses how the Solaris Live Upgrade software can be used to patch mirrored systems and rollback to the pre-patched environment should the need arise. While this article focuses on Sun systems incorporating SPARC processors that run the Solaris 8, 9, and 10 Operating System (OS), the procedures can be used on x86 and x64 systems as well. However, device naming conventions may be different on these systems. It is important to note that the procedures outlined in this document assume knowledge of the Solaris Volume Manager software and experience with patching the Solaris Operating System on Sun servers.

• Sun's High-Performance and Reliable Web Proxy Solution
  -by Ning Sun

  As individuals and businesses depend on the Web more than ever to conduct business, rapid and reliable content retrieval is critical. Reducing wait time improves productivity and increases user satisfaction. Web proxy technology has emerged as an effective solution to improve performance, help ensure content availability and enhance network security by caching and filtering Web content. The combination of Sun SPARC Enterprise servers with CoolThreads technology and the Sun Java System Web Proxy Server software provides a compelling foundation for a robust Web proxy solution. Sun SPARC Enterprise T1000 and T2000 servers include the UltraSPARC T1 processor with CoolThreads technology, offering six or eight cores with four threads per core. The Sun Java System Web Proxy Server software is highly threaded and takes advantage of the large number of threads supported by Sun UltraSPARC T1 processors with CoolThreads technology. Together, these products provide a highly scalable solution that accommodates a large number of requests, addresses peak loads, and provides future headroom for growth. This document explores the use of a Sun SPARC Enterprise T1000 server and the Sun Java System Web Proxy Server software as a replacement for an existing Web proxy implementation that used the SQUID Web proxy server software deployed on x86 servers.

• Slipstreaming Sun Fire x64 Servers Drivers in Windows 2003 Server Product CD
  -by Pierre Reynes, Vic Pantaleon

  This blueprint provides a clear method for performing unattended Windows 2003 Server installations from CD on Sun Fire x64 servers. While performing a CD-based installation on Sun Fire servers, the Windows Server 2003 setup utility requires pressing <F6> on the keyboard and providing a floppy disk with the LSI Mass Storage Drivers (MSDs). Once the installation process is completed, additional device drivers not included on the Windows CD must then be manually installed. This process, documented in the Sun Fire Windows installation manual, requires the usage of an external USB floppy drive or of the IP-based virtual floppy provided by the Service Processor. This can become a time consuming process if frequently repeated. The intent of this document is to provide techniques, known as "drivers slipstreaming", that eliminate human interaction during Windows installation from CD on Sun Fire x64 servers, making it fully unattended if so desired.

• Tokyo Tech Tsubame Grid Storage Implementation
  -by Syuuichi Ihara

  This blueprint describes the storage architecture of the Tokyo Institute of Technology TSUBAME grid. The Tokyo Institute of Technology is of the world's leading technical institutes, and recently created the fastest supercomputer in Asia, and one of the largest supercomputers outside of the United States. By deploying Sun Fire x64 servers and data servers in a grid architecture, Tokyo Tech built a cost-effective and flexible supercomputer consisting of hundreds of systems, thousands of processors, terabytes of memory and a petabyte of storage that supports users running common off-the-shelf applications. This is the second of a three-article series. It describes the steps to install and configuring the Lustre file system within the storage architecture.

• Introduction to Dynamic Reconfiguration and Capacity on Demand for Sun SPARC Enterprise Servers
  -by Nick Kloski

  Dynamic Domains, Dynamic Reconfiguration (DR), and Capacity on Demand (COD) provide technology that lets organizations effectively manage server resources in a highly available and cost-effective fashion. Sun SPARC Enterprise servers provide enhancements over previous-generation implementations of these technologies, building upon over 10 years of experience with Dynamic Reconfiguration. These enhancements give organizations more flexibility in the granularity of components available for Dynamic Reconfiguration, while adding new options to the process. This article discusses updates to these important technologies as they apply to Sun's newly announced SPARC Enterprise Server products, including an overview of the eXtended System Board (XSB), descriptions of the different ways that it can be configured specific new capabilities of DR, and enhancements to Capacity on Demand (COD).

• Architecting Availability and Disaster Recovery Solutions
  -by Tim Read

  IT departments typically run four broad classes of service in the data centre: mission critical, business critical, business operational and administrative services. Which service falls into which category is normally agreed between the business units and the IT department by determining the importance of various business processes and how these map on to IT systems. Each class, and possibly individual services, will have service level agreement (SLAs). In turn, these demand different levels of protection against failure, whether caused by hardware or software problems, administrative error, data loss or corruption or disasters of various sorts. Problems that make the data unavailable, through hardware or software failure, require a different solution to those that make the underlying data itself unavailable, either through corruption or deletion.

  This blueprint, first published in April, 2006, has been newly updated to reflect Sun's latest server and storage products.

• Sun Customer Ready HPC Cluster: Reference Configurations with Sun Fire X4100, X4200, and X4600 Servers
  -by Jeff Lu

  The reference configurations described in this paper are starting points for building Sun Customer Ready HPC Clusters configured with the Sun Fire X4100, X4200, and X4600 families of servers. The configurations define how Sun Systems Group products can be configured in a typical grid rack deployment. This document describes configurations using Sun Fire X4100 and X4100 M2 servers with a Gigabit Ethernet data fabric and with a high-speed InfiniBand fabric. In addition, this document describes configurations using Sun Fire X4200, X4200 M2, X4600, and X4600 M2 servers with an InfiniBand data fabric. These configurations focus on single rack solutions, with external connections through uplink ports of the switches.

  These reference configurations have been architected using Sun's expertise gained in actual, real-world installations. Within certain constraints, as described in the later sections, the system can be tailored to the customer needs. Certain system components described in this document are only available through Sun's factory integration. Although the information contained here could be used during an integration on-site, the optimal benefit is achieved through Sun Customer Ready System integration.

• Sun Virtual Desktop Access Kit for VMware
  -by Dirk Grobler, Warren Ponder

  The Sun Virtual Desktop Access Kit for VMware is an add-on component that integrates with Sun Desktop Infrastructure products and VMware Infrastructure 3 (VI3). In this context VI3 is the infrastructure to manage and execute virtual desktops. This is also known as Virtual Desktop Infrastructure (VDI). The Virtual Desktop Access Kit (VDA Kit) is the integration software between the access and virtualization tiers of the Sun Desktop Virtualization Solution. The integration between Sun's Desktop Infrastructure products and VMware's Virtual Infrastructure enables delivery of a dynamic and robust end-to-end desktop virtualization solution.

  This blueprint outlines the feature set and value of the Sun Virtual Desktop Access Kit for VMware, discussing how it integrates with the access and virtualization tiers of the Sun Desktop Virtualization Solution. A reference architecture is explained through a number of examples.

• Beginners Guide to LDoms: Understanding and Deploying Logical Domains
  -by Tony Shoumack

  This blueprint is intended to assist the reader in gaining an understanding of how to easily and effectively deploy Sun's Logical Domains, or LDoms, technology. It will help the reader determine how and where to use logical domains to the greatest effect using best practices. It discusses strategies for deploying logical domains on the Sun Fire T1000 and T2000 systems, the first systems to offer Logical Domain support, and the various best practices for these platforms. The guide works through step-by-step examples that include the commands to set up, deploy, and manage logical domains and looks at commonly asked questions and advanced techniques.

  This document has been updated July, 2007 and reflects availability of the Logical Domains 1.0 release.

• Sun Customer Ready HPC Cluster: Reference Configurations with Sun Fire X2200 M2 and X2100 M2 Servers
  -by Jeff Lu

  The reference configurations described in this blueprint are starting points for building Sun Customer Ready HPC Clusters configured with Sun Fire X2100 M2 and X2200 M2 servers. The configurations define how Sun Systems Group products can be configured in a typical grid rack deployment. This document describes configurations in detail using Sun Fire X2100 M2 and X2200 M2 servers with a Gigabit Ethernet data fabric, as well as configurations using Sun Fire X2200 M2 servers with a high-speed InfiniBand fabric. These configurations focus on single rack solutions, with external connections through uplink ports of the switches.

  These reference configurations have been architected using Sun's expertise gained in actual, real-world installations. Within certain constraints, as described in the later sections, the system can be tailored to the customer needs. Certain system components described in this document are only available through Sun's factory integration. Although the information contained here could be used during an integration on-site, the optimal benefit is achieved through Sun Customer Ready System integration.

• The Tokyo Institute of Technology Supercomputer Grid: Architecture and Performance Overview
  -by Nobu Hashizume

  One of the world's leading technical institutes, the Tokyo Institute of Technology (Tokyo Tech) created the fastest supercomputer in Asia, and one of the largest outside of the United States. Using Sun x64 servers and data servers deployed in a grid architecture, Tokyo Tech built a cost-effective, flexible supercomputer that meets the demands of compute and data-intensive applications. Built in just 35 days, the TSUBAME grid includes hundreds of systems incorporating thousands of processor cores and terabytes of memory, and delivers 47.38 trillion floating-point operations per second (TeraFLOPS) of sustained LINPACK benchmark performance and 1.1 petabyte of storage to users running common off-the-shelf applications. Based on the deployment architecture, the grid is expected to reach 100 TeraFLOPS in the future.

  This article provides an overview of the Tokyo Tech grid, named TSUBAME. The first in a series of Sun BluePrints articles on the TSUBAME grid, this document discusses the requirements and overall system architecture of the grid, as well as the tuning performed to achieve high LINPACK benchmark performance results.

• Remote Monitoring of Sun x64 Systems using ipmitool and ipmievd
  -by Eric Markwardt

  The Integrated Lights Out Manager (ILOM), included in Sun's enterprise-class x64 servers, provides an abundance of information on hardware related events, status, and error conditions. This information can be a valuable asset, enabling administrators to proactively monitor systems and quickly respond to situations that might affect system availability. However, aggregating information from multiple servers distributed throughout an organization and responding in an automated manner can be a challenge, especially as the number of managed servers increases.

  Administrators can choose from a range of tools to help expedite system maintenance. Fully-featured enterprise system management solutions, such as the Sun N1 System Manager, IBM Tivoli, and HP OpenView software, provide many capabilities. But these solutions can be more costly and complex to set up, and may require additional training to gain proficiency. More basic open-source tools, such as ipmitool and ipmievd, provide a simpler command-line interface and can be used to monitor servers and aggregate any detected errors into a centralized location for further processing.

  This document focuses on using these open source tools ipmitool and ipmievd to interface with the ILOM, query hardware-related status of local and remote servers, and automatically aggregate events into a centralized log file.

• Developing and Tuning Applications on UltraSPARC T1 Chip Multithreading Systems
  -by Denis Sheahan

  Traditional processor design has long emphasized the performance of a single hardware thread of execution, and focused on providing high levels of instruction-level parallelism. These increasingly complex processor designs have been driven to very high clock rates (frequencies), often at the cost of increased power consumption and heat production. Unfortunately, the impact of memory latency has meant that even the fastest single-threaded processors spend most of their time idle, waiting for memory. Complicating this tendency, many of today's complex commercial workloads are simply unable to take advantage of instruction-level parallelism, instead benefiting from thread-level parallelism.

  This Sun BluePrints article describes techniques that system architects, application developers, and performance analysts can use to assess the scaling characteristics of an application. It also explains how to optimize an application for chip multithreading, in particular for systems that use UltraSPARC T1 processors. This article discusses the following topics:

  • Processor physical characteristics
  • Performance characteristics
  • Classes of commercial applications
  • Assessing performance on UltraSPARC T1 processor-based systems
  • Scaling applications with chip multithreading
  • Tuning for general performance
  • Accessing the modular arithmetic unit and encryption framework
  • Minimizing floating-point operations and VIS instruction

  This article has been updated from the original December 2005 publication to include important information about Cooltools, a set of tools created to improve the ease of use of UltraSPARC T1 systems. Thee tools encompass a wide range including development, debugging, tuning and deployment of applications.

• Migrating Sun Java System Messenger Express Personal Address Book Using the pab2abs.pl Utility
  -by Sarma Vempati

  The Messenger Express Web-based email client includes a Personal Address Book (PAB) application for storing and managing user's personal information, such as email addresses and phone numbers. Sun Java System Communications Express, the unified Web client introduced in Sun Java Enterprise System 2004Q2 supersedes Messenger Express and Calendar Express. Communications Express also includes Address Book Store (ABS) that provides all of the functionality of PAB and is better integrated with mail and calendar components.

  When upgrading from Messenger Express (also known as Webmail) to Communications Express, you need to migrate users' PAB entries to ABS. (This migration does not occur automatically as part of the upgrade process.) A new tool, pab2abs.pl, has been made available that provides improved performance over the earlier migration tool, runMigrate.sh. This article describes how you can use the pab2abs.pl tool to either migrate a single or a few users, or to migrate your entire PAB database.

• Methods to Differentiate Sun Fire X4100 and X4200 from Sun Fire X4100 M2 and X4200 M2
  -by Pierre Reynes

  Sun's new M2 models of the Sun Fire X4100 and Sun Fire X4200 Servers appear almost identical to the previous models, posing a challenge for the systems manager to differentiate them. This richly illustrated article explains how to quickly and correctly identify them, either physically or remotely.

• The Sun BluePrints Guide to Solaris Containers: Virtualization in the Solaris Operating System
  -by Harry J. Foxwell, Menno Lageman, Joost Pronk van Hoogeveen, Isaac Rozenfeld, Sreekanth Setty and Jeff Victor

  With the release of the Solaris 10 Operating System (OS), Sun has taken a big step towards delivering functionality that can help address many of the challenges IT organizations face as they look to consolidate and virtualize the environment. Sun's next advancement in server virtualization is a concept called Solaris Containers technology. This Sun BluePrints Collection of previously published articles has been thoroughly updated and consolidated into a single book format. It provides an overview of the resource management concepts and technologies that comprise Solaris Containers, and explains how to create, use, and integrate Solaris Containers within a system and infrastructure. Emphasis is placed on explaining each concept and providing detailed examples that can be used to create more effective environments and effect better resource utilization.

• Application and Database Server Consolidation on the Sun Fire X4600 Server using Solaris Containers
  -by Kevin Kelly
  

  The combined capabilities of the Sun Fire X4600 server and Solaris Containers technology afford considerable promise as a consolidation platform. The Sun Fire X4600 server provides high performance, optimized energy efficiencies, and unparalleled scalability and virtualization options. Solaris Containers provide an isolated and secure runtime environment for applications, enabling multiple services to run efficiently and without conflict on the same platform.

  This paper explores the use of a Sun Fire X4600 server as a consolidation platform for multiple database and Java 2 Platform, Enterprise Edition (J2EE platform) application servers. It describes the processes and methodologies used in the consolidation, and details the steps used to configure the Solaris Containers. In addition, this paper describes the J2EE application server workload testing used to determine the effectiveness of this approach and validate the benefits of consolidating these services on a single system.

• Tuning Symantec Brightmail AntiSpam on the Sun Fire T2000 Server
  -by Alan Yoshida, Ramin Moazeni and Steve Gaede
  

  Note that this article has been updated and given a new title to reflect additional information on the newer T2 Processor: Tuning Symantec Brightmail AntiSpam on UltraSPARC T1 and T2 Processor-Powered Servers

• GRUB and the Solaris Operating System on x86 Platforms - A Guide to Creating a Customized Boot DVD
  -by John Cecere

  GRUB, the open source GRand Unified Bootloader, has been used for years in Linux and various versions of BSD as the standard file system-aware boot loader for open source operating systems. GRUB's implementation in the Solaris OS is similar to the implementation in these other operating systems. One major difference in the Solaris OS implementation of GRUB is the ability to traverse a UFS, the standard file system used in the Solaris OS. The UFS code for GRUB was written by Sun and is available as open source via the OpenSolaris initiative. This article describes GRUB and its implementation for the Solaris Operating System on x86 Platforms. It provides a sequence of procedures that can be followed to customize a DVD using this framework.

• Deploying Sun Java Enterprise System 2005-Q4 on the Sun Fire T2000 Server Using Solaris Containers
  -by Sreekanth Setty
  

  Consolidating enterprise infrastructure services that run on multiple servers to the Sun Fire T2000 platform using the Sun Java Enterprise System (Java ES) and Solaris Containers can simplify management, improve performance, and increase the efficiency of delivering enterprise infrastructure services. This article discusses how to consolidate enterprise infrastructure services onto a single Sun Fire T2000 server using Java ES software. In addition, this paper describes best practices that have resulted from performance testing different deployment scenarios of the Java ES on a Sun Fire T2000 server. Tests show that deploying the Java ES using Solaris Containers can support nearly three times the number of users supported by a deployment that does not use Solaris Containers.

• Working with Solaris Containers and the Solaris Service Manager
  -by Joost Pronk van Hoogeveen
  Solaris Containers and Predictive Self-Healing technologies work together by creating separate execution environments, each with its own namespace and assigned resources. Each environment can have its own self-healing personalities that can be changed, copied, and reloaded as needed. These technologies enable administrators to determine the current state of the environment, making it easier to use the Solaris OS for consolidation efforts. This article provides an inside look on what the Solaris 10 OS has to offer, as well as ideas on how to get started and put these new features to work, with technologies such as Solaris Containers, Solaris Predictive Self Healing and Solaris Service Management Facility. Emphasis is placed on illustrating how these functionalities can be used to create isolated environments customized for specific applications.
  
  
• Solaris Containers Technology Architecture Guide
  -by Jeff Victor
  This Sun BluePrints article is a must-read for those looking to find new ways to reduce IT infrastructure costs and better manage end user service levels. While costs from managing vast networks of servers and software components continue to escalate, existing server consolidation and virtualization techniques do not adequately provision applications and ensure shared resources are not compromised. The Solaris Containers technology addresses this void by making it possible to create a number of private execution environments within a single instance of the Solaris OS. This paper provides suggestions for designing system configurations using powerful tools associated with Solaris Containers, guidelines for selecting features most appropriate for the user's needs, advice on troubleshooting, and a comprehensive consolidation planning example.
  
  

Back to Top

• Architecting Availability and Disaster Recovery Solutions
  -by Tim Read
  IT departments typically run four broad classes of service in the data centre: mission critical, business critical, business operational and administrative services. Which service falls into which category is normally agreed between the business units and the IT department by determining the importance of various business processes and how these map on to IT systems. Each class, and possibly individual services, will have service level agreement (SLAs). In turn, these demand different levels of protection against failure, whether caused by hardware or software problems, administrative error, data loss or corruption or disasters of various sorts. Problems that make the data unavailable, through hardware or software failure, require a different solution to those that make the underlying data itself unavailable, either through corruption or deletion.
  
  Services considered mission critical require technical solutions that include both a service availability and a disaster recovery component as part of a full business continuity plan (BCP). The 'best practice' data centre infrastructure design patterns for many of the pieces needed for such solutions: local area networks, storage area networks, systems management, security, provisioning and clustering are described in detail in the 'Data Centre Reference Implementation' white paper.
  
  This document discusses the options for meeting the SLAs for mission and business critical services with particular reference to the Sun Cluster software. Where multiple solutions exist, the underlying complementary technologies: disk mirroring, data replication, transaction monitors and database replication techniques, are examined to highlight the trade-offs that must be made when using certain hardware and software combinations.
  
  The broader topic business continuity involves the consideration of more than just system availability and disaster recovery. This white paper does not cover any aspects of the disaster planning required for telecommunications, staffing or physical infrastructure, such as buildings, desks, etc.
  
  This blueprint, first published in April, 2006, has been updated in 2007 to reflect Sun's latest server and storage products.
  
  
• The Service Delivery Network: A Case Study
  -by Mikael Lofstrand, Jason Carolan
  Secure messaging has emerged as a core IT service. Most organizations today rely upon e-mail as a mission-critical application that serves key business processes and transports proprietary and confidential business information among authorized users. The case study in this article shows how to use Sun's Service Delivery Network (SDN) to guide the design of a secure, service-optimized network architecture for an example secure e-mail application. Secure e-mail was chosen for this case study because it is a familiar application that is relatively simple to describe and understand, allowing the reader to focus on the use of SDN rather than the details of an application. Note, however, that the SDN approach can be used to design network architectures that support almost any kind of application or service.
  
  
• Privilege Bracketing in the Solaris 10 Operating System
  -by Glenn Brunette
  In IT security, the well-known “least privilege” principle states that: “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” This Sun BluePrints OnLine article describes how to use the Process Rights Management feature of the Solaris 10 Operating System to implement this principle for any given software program.
  
  Process Rights Management allows software developers to write privilege-aware programs that run with only the privileges they need, dropping those that are not needed or are no longer required. Further, using a programming technique called privilege bracketing, a developer can control exactly when a privilege or set of privileges is active or in effect.
  
  Software developers can use the privilege bracketing technique to ensure that a program is running with privilege only when that privilege is required. This is accomplished by placing privileged software operations between code that effectively enables and disables specific privileges. Using the methods described in this article, software developers will be able to develop privileged programs that are more secure and resilient to flaws because the use of privilege within the code can be more tightly controlled.
  
  

Back to Top

• Using the Cryptographic Accelerator of the UltraSPARC T1 Processor
  -by Ning Sun, Pallab Bhattacharya
  Note that this article has been updated and given a new title to reflect additional information on the newer T2 Processor: Using the Cryptographic Accelerators in the UltraSPARC T1 and T2 Processors By Ning Sun, Chi-Chang Lin
  
  
• Understanding the NIS to LDAP Service (N2L) Architecture
  -by Michael Haines, Baban Kenkre
  This article discusses Network Information Service (NIS) to LDAP transition service (N2L service) support for NIS clients based on naming information stored in the Sun Java System Directory Server 5.2 software. This approach enables a complete transition from the NIS naming service to the LDAP naming service. It includes detailed installation, configuration, and operational information needed to create a supportable instance of the NIS/LDAP Transition Gateway product offering. While the NIS to LDAP transition product is designed to work with any RFC2307bis-compliant directory (LDAP) server, Sun only supports the N2L Service in conjunction with the Sun Java System Directory (LDAP) Server 5.1 and 5.2 software.
  
  
• The Solaris Fingerprint Database - A Security Validation Tool for Solaris Environment System Files
  -by Vasanthan Dasan, Alex Noordergraaf, Lou Ordorica, Glenn Brunette
  This article describes the Solaris Fingerprint Database (sfpDB), a security tool that enables users to verify the integrity of files distributed with the Solaris Operating Environment. By validating that these files have not been modified, administrators can determine whether their systems have, or have not, been hacked and had trojaned malicious replacements for system files installed.
  
  This is an updated version of the original Sun BluePrints publication, published in May 2001. This document has been updated to support the Solaris 10 Operating System and includes numerous other additions, clarifications, and references.
  
  

Back to Top

• Service Management Facility (SMF) in the Solaris 10 OS
  -by Rob Romack
  A significant challenge in today's data centers is the demand for increased service levels in environments that feature increasing complexity. The Solaris 10 Operating System (OS) introduces a new foundation that improves service levels by detecting and correcting component failures while simplifying systems management. This foundation — known as Predictive Self-Healing — includes new technologies that Sun has incorporated into its hardware and software products to maximize availability in the event of system faults. Overall, Predictive Self-Healing simplifies system administration and helps to contribute to a lower total cost of ownership (TCO) in the data center.
  
  A key component of Predictive Self-Healing is the new Service Management Facility (SMF) in the Solaris 10 OS. SMF is designed to simplify the management of system and application services. It delivers new and improved ways to control services, and tries to restart failed services automatically. In addition, SMF allows administrators to define the relationships between services. It is now possible to define a service that is dependent on other services — a dependent service will not run unless the other services that it requires are already running. Through a set of new administrative interfaces, SMF allows services to be easily and consistently configured, enabled, and controlled, at the same time providing better visibility of errors and improved debugging capabilities to resolve service-related problems quickly when they occur.
  
  This BluePrints article is intended for system administrators. It introduces the functionality provided by the Service Management Facility and demonstrates the use of new SMF administrative commands. It assumes that the reader has a reasonable level of knowledge of the Solaris OS (in particular, of OS versions prior to Solaris 10), or of other UNIX systems in general. The article makes the assumption that the reader is not already familiar with SMF or other specifics of the Solaris 10 OS.
  
  
• Privilege Debugging in the Solaris 10 Operating System
  -by Glenn Brunette, Darren Moffat
  The traditional UNIX privilege model is based on the concept of a super-user. In this model, the system associates all of its privileged operations with the root account or — more precisely — the user identifier (UID) 0. All other UIDs are considered unprivileged by the operating system. This “all or nothing” approach to privilege delegation means that any application that must perform a privileged operation, such as a binding to a reserved network port (for example, one whose port number is less than 1024), must be started as root.
  
  Starting applications in this manner, however, is inherently risky because it means that the application will have privilege to do anything on the system. Administrators are forced to trust the applications to use only the privileges that they need and only in the ways that are expected. Consequently, disaster could ensue should the application not manage its use of privilege safely, or should the application be misconfigured or exploited in some way.
  
  This Sun BluePrints article describes how to profile applications and services in order to determine which Solaris 10 privileges they attempt to use. With this information, organizations can then restrict those applications and services so that they are granted only the absolutely necessary privileges that they need to fulfill their intended purpose.
  
  
• Toward Systemically Secure IT Architectures
  -by Glenn Brunette
  The convergence and availability of greater numbers of computers, mobile phones, PDAs, and other devices are fueling new opportunities and new styles of sharing, participation, and commerce. Traditional organizational and network boundaries continue to blur and fade as organizations find new ways of engaging their customers, partners, suppliers, and employees. Furthermore, the delivery of services is becoming more streamlined, as associations among components and data become more dynamic in response to “just in time” business decisions. Unprecedented levels of access and sharing are fast becoming the norm and helping to fuel what is being called “the Participation Age.”
  
  Security risk accompanies all of the benefits that these opportunities offer — risk that cannot and must not be ignored. Attacks on IT resources can now be executed on a global basis, using the Internet or other communications networks, at speed and on a scale previously unknown. News of identity theft, industrial espionage, and the ever-present insider threat is rapidly increasing. While many of the common attack methods have largely not changed over the last ten years, their impact has been amplified as a result of a significantly increased number of potential targets, increased levels of dependence and connectivity among targets, and heightened levels of attack automation, making the attacks easier to configure and execute on a global scale.
  
  This Sun BluePrints OnLine article addresses the need for strong security guarantees in increasingly dynamic and flexible information technology (IT) environments. The Sun Systemic Security approach applies time-tested security principles, architectural patterns, and iterative refinement policies to weave security controls and assurances more systemically throughout an IT environment. Using a pattern-based approach and a focus on iterative refinement, organizations can transform their existing legacy deployments into resilient architectures that meet not only their security, privacy, and compliance needs, but also satisfy other business goals, such as increased agility, flexibility, efficiency, and availability. In fact, this approach can be used to help drive the adoption of new service and utility-based compute architectures.
  
  
• Consolidating Legacy Applications onto Sun x64 Servers
  How to move Microsoft Windows NT Applications onto Sun x64 Servers using VMware ESX Server
  -by Marshall Choy
  IT organizations wishing to continue to run applications on the Microsoft Windows NT Server operating system have faced a limited number of choices given the increasing lack of support for their aging hardware, and the lack of drivers for current hardware. The ability of VMware ESX Server to host these operating system environments and their applications on state-of-the-art, high-performance hardware platforms like the Sun Fire V40z server gives IT organizations a new class of options. Not only can they use virtualization to run their applications on current, supported hardware — they can leverage the greater processing power, memory capacity, and disk storage of today's servers to consolidate multiple PC server environments onto a single platform. Now IT organizations can upgrade their hardware platforms, and use the upgrade process also to address their power, space, and cooling issues, while exploiting the economies of scale that consolidation brings.
  
  This Sun BluePrints article describes in step-by-step fashion how one such application — an Apache Web server running on the Windows NT Server operating system — could be consolidated onto ESX Server running on a Sun Fire V40z server with no changes to the application or its configuration. The importance of this exercise is not the application itself. It is the fact that the only changes to the disk image imported by the physical-to-virtual process were to install drivers for the virtual network interface and display devices supported by the virtual machine environment. Once an application is consolidated into the virtual environment in this way, it can securely share a single platform with multiple instances of Windows operating systems and the applications that they host. Because each virtual machine provides an idealized environment to the guest operating system, the disk images created by the consolidation process are portable. So as this consolidation technique becomes proven in any given IT organization, PC workloads can be re-distributed among a growing number of servers by moving virtual disks and virtual machine configuration files.
  
  

Back to Top

• Developing and Tuning Applications on UltraSPARC T1 Chip Multithreading Systems
  -by Denis Sheahan
  

  Traditional processor design has long emphasized the performance of a single hardware thread of execution, and focused on providing high levels of instruction-level parallelism. These increasingly complex processor designs have been driven to very high clock rates (frequencies), often at the cost of increased power consumption and heat production. Unfortunately, the impact of memory latency has meant that even the fastest single-threaded processors spend most of their time idle, waiting for memory. Complicating this tendency, many of today's complex commercial workloads are simply unable to take advantage of instruction-level parallelism, instead benefiting from thread-level parallelism.

  This Sun BluePrints article describes techniques that system architects, application developers, and performance analysts can use to assess the scaling characteristics of an application. It also explains how to optimize an application for chip multithreading, in particular for systems that use UltraSPARC T1 processors. This article discusses the following topics:

  • Processor physical characteristics
  • Performance characteristics
  • Classes of commercial applications
  • Assessing performance on UltraSPARC T1 processor-based systems
  • Scaling applications with chip multithreading
  • Tuning for general performance
  • Accessing the modular arithmetic unit and encryption framework
  • Minimizing floating-point operations and VIS instruction

  This article has been updated from the original December 2005 publication to include important information about Cooltools, a set of tools created to improve the ease of use of UltraSPARC T1 systems. Thee tools encompass a wide range including development, debugging, tuning and deployment of applications.

  
  
  
• Consolidating the Sun Store onto Sun Fire T2000 Servers
  -by Casey Costley, Srinivasa Bodicharla, Brad Coates, Yunas Nadiadi and Ragu Venkatesan
  Many data centers today are at or near capacity in terms of space, power, and cooling, even as they are compelled to provide secure and available services that will scale into the future. Faced with real hard limits on real estate, power, and thermal capacity, data center managers are increasingly changing the ways they evaluate infrastructure. Performance in particular must be viewed in an envelope of space, power, and dissipated heat--with performance per watt, performance per square foot, and performance per rack unit of paramount importance.
  
  Sun faces these same demands and constraints in its own Information Technology (IT) and is actively seeking effective solutions. In particular, Sun is deploying architectures and strategies to consolidate its own mission-critical SunStore application, using commercially available technology to run Sun-on-Sun. Based on the UltraSPARC T1 processor with CoolThreads technology, the new Sun Fire T2000 server offers an effective consolidation platform for these efforts, complemented by the flexibility of Solaris Containers partitioning technology from the Solaris 10 Operating System.
  
  Providing a unique insight into Sun's own operations and adoption of new products and technologies, this article discusses the existing SunStore architecture and describes a timely real-world consolidation effort. In addition to architecture and configuration information, an analysis of anticipated savings in power, cooling, and space is also provided.
  
  
• Web Consolidation on the Sun Fire T1000 using Solaris Containers
  -by Kevin Kelly
  Reducing the costs of IT infrastructure and improving the manageability and efficiency of web services pose significant challenges for many organizations in today's economic climate. Recent studies describe the challenges IT managers face administering the proliferation of x86-based servers used to run web services applications. Those reports reveal that using large number of x86-based systems can increase space and power consumption, as well as cost and asset management overhead. In addition, many of these x86-based systems run a mixture of operating system and application software leading to increased management complexity and potential security concerns.
  
  Faced with these challenges, many organizations are attracted by the idea of consolidating web and application services from multiple x86-based servers to a smaller number of high-performance servers. This approach strives to help simplify management, improve performance, and increase the efficiency of delivering web services. The combined capabilities of the Sun Fire T1000 server and Solaris Containers technology in particular offer significant promise as a web-tier consolidation platform. The Sun Fire T1000 server offers high aggregate throughput performance in a small, power-efficient footprint. Solaris containers provide a complete, isolated, and secure runtime environment for applications, enabling multiple web servers to run safely and efficiently on the same platform.
  
  This paper explores the configuration and testing of the Sun Fire T1000 server as a web-tier consolidation platform. It discusses methodologies used to consolidate multiple web servers onto a single Sun Fire T1000 server, and explains the steps used to configure the Solaris Containers. In addition, to determine the effectiveness of this approach, testing was performed to evaluate the consolidated Sun Fire T1000 system against a baseline configuration of current Xeon servers, a popular choice as web server platform.
  
  
• Creating a Customized Boot CD/DVD for the Solaris Operating System for x86 Platforms
  -by John Cecere, Dana Fagerstrom
  This article explains the mechanics of the boot process on the Solaris Operating System for x86 platforms so that you understand what is needed to create a customized CD/DVD. It discusses both the hard disk and CD/DVD boot processes, and points out the differences between the two.
  
  There are a number of practical applications for this topic, including:
  • Jumpstart Software — The feature in Solaris that allows access to Solaris installation media and configuration rules over a network
  • Diagnostics — The ability to create a bootable CD for the purpose of diagnosing system problems without accessing or modifying the copy of the operating system that is installed on the target system
  • Restoration — The ability to create a bootable CD with tools that aid in the repair and restoration of a down system
  • Diskless clients that cannot do PXE booting—PXE is a DHCP-based network-based installation technology similar to Solaris Jumpstart. Some older x86-based system are incapable of using PXE
  • Canned Firewall—The creation of a bootable CD that starts Solaris on a system configured with multiple network interfaces. A preset ipf configuration is then used to establish a network firewall on that system.
  This article begins by examining the layout of a hard disk in the x86 architecture and the components on it that are used for booting. It then describes the pieces that are unique to a CD boot. Finally, this article puts the pieces together and creates an image file that can be burned to CD.
  
  
• Using iSCSI Multipathing in the Solaris 10 Operating System
  -by Aaron Dailey, Scott Tracy
  This article describes how to use Internet Small Computer Systems Interface (iSCSI) multipathing in the Solaris 10 Operating System. Implementing iSCSI in a storage solution provides two important benefits: it can increase storage availability via fail-over protection and also increase scalability and throughput via link aggregation.
  
  This article describes different approaches to implementing multipathing between an iSCSI initiator and an iSCSI target device. It reviews the reasons for multipathing, describes the different approaches that Solaris supports, discusses the trade-offs between those approaches, and provides recommendations for specific configurations.
  
  This article contains discussions about: the iSCSI Protocol, iSCSI Support in Solaris 10 Update 1 and Solaris 10 Multipathing Options for iSCSI Devices.
  
  

Back to Top

• Slicing and Dicing Servers: A Guide to Virtualization and Containment Technologies
  -by Harry J. Foxwell, Issac Rozenfeld
  Part of an emerging family of containment technologies, server virtualization is designed to help reduce server sprawl — the proliferation of individual hardware servers and accompanying management and resource allocation problems. Today, IT managers and executives are starting to consider a variety of virtualization and containment technologies available on Microsoft Windows, Linux, the Solaris Operating System and other environments. There is also renewed interest among industry and academic researchers in this area, as virtualization is a key technology in the deployment of both computational and business service grid architectures. However, significant confusion remains regarding the terminology and techniques involved, as well as the trade-offs among the range of current solutions.
  
  This article focuses on the motivation behind server-oriented containment and virtualization — secure, efficient, and cost-effective workload management — and discusses the concepts, vocabulary, and techniques currently available to help achieve it. Other forms of virtualization, such as those used for storage and networks, are not discussed. Directed at IT managers, CIOs, and CTOs responsible for computer resource allocation decisions, this article assumes general familiarity with IT infrastructure and management issues, and provides an overview of various solutions. Detailed technical knowledge of the techniques presented is not required. The first section reviews the requirements and challenges of workload management. Subsequent sections discuss the origins of virtualization and containment, currently available solutions and trade-offs, and a brief discussion of future technologies.
  
  
• Scheduler Policies for Job Prioritization in the N1 Grid Engine 6 System
  -by Charu Chaubal
  Grid engine technology powers collections of network-connected servers, called grids, providing efficient use of computing resources. The N1 Grid Engine 6 software, the newest version of Sun's resource management solution, includes the core services for establishing and managing a grid environment, and provides policy-based workload management and dynamic provisioning of application workloads for increased productivity. This article describes the tools and techniques for resource management that are available in the N1 Grid Engine 6 software, and explains how to use them effectively. It discusses the prioritization policies in the N1 Grid Engine 6 software, describes how they fit with the new resource aggregation methods, and makes recommendations for how to map real-life resource allocation schemes to N1 Grid configurations.
  
  The article addresses the following topics:
  • How the N1 Grid Engine 6 system implements job scheduling
  • The various scheduling policies that can be employed in an N1 Grid
  • An example scenario providing fair share use of resources with prioritization of jobs
  • Illustrates how to automatically determining priorities based on job requirements
  • Explains how to provide prioritization of jobs in combination with preemption of lower priority
  
  
  
• Protecting Investments Through Technology Advancements
  -by Brian Down
  With businesses becoming increasingly dependent on IT infrastructure, IT organizations are constantly seeking new ways to implement these vital assets in a cost-effective manner that supports business goals. At the same time, budget pressures are pushing organizations to find ways to protect technology investments and ensure they provide good value over time. Indeed, because IT assets depreciate, it is important they provide value—business flexibility, agility, and efficiency—for as long as possible, and be easy to replace when the time comes. This Sun BluePrints article explains what it means to protect IT investments, and what you need to consider when protecting them. It also illustrates how Sun's platform of UltraSPARC processor-based servers running the Solaris Operating System can be used to build an infrastructure with investment protection built-in.
  
  

Back to Top

• Configuring Multiboot Environments on Sun x64 Systems with AMD Opteron Processors
  -by Barton Fiske
  This Sun BluePrints article gives detailed procedures for configuring Sun x64 workstations with AMD Opteron processors to boot more than one operating system from the same physical hard drive. This capability is referred to throughout this article as “multiboot.” Specifically, the three major operating systems in use today — the Solaris Operating System, Linux, and Windows operating systems — can be deployed on a single system disk, and configured to allow a user to choose between the different operating systems at boot time. Multiboot capability should not be confused with available virtualization technology that allows simultaneous operation of multiple operating systems (such as VMware, Xen, or other approaches).
  
  
• Updating BIOS and Firmware on Sun Fire V20z and Sun Fire V40z Servers Using Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003
  -by Pierre Reynes
  In an era of tight IT budgets, many organizations are challenged to optimize existing computing resources. To help this effort, Sun x64 servers give enterprises the freedom to choose from a variety of operating systems, including the Solaris Operating System, SuSE Linux, Red Hat Linux and Microsoft Windows. By keeping the BIOS and firmware up-to-date on these systems, organizations are better able to experience increased performance and take advantage of the latest technology.
  
  This Sun BluePrints article provides detailed instructions on how to perform BIOS and Service Processor updates on Sun x64 servers running the Solaris OS or Linux environments. It is intended for organizations running Sun Fire V20z or Sun Fire V40z servers and Microsoft Windows 2000, Microsoft Windows Server 2003, or Microsoft Windows XP operating environments. It provides step-by-step instructions for updating the BIOS and Service Processor from a system running any of these Microsoft operating environments. In particular, it describes how to share the NSV files with the appropriate permissions, mount the Server Message Block (SMB) share from the Service Processor (SP) on the Sun Fire V20z or Sun Fire V40z server, and perform the update.
  
  
• Sun's Pattern-based Design Framework: The Service Delivery Network
  -by Jason Carolan and Mikael Lofstrand
  The Service Delivery Network (SDN) is the approach that Sun uses to design service optimized network architectures for customer and in-house implementations. This approach consists of basic network building blocks, common network design patterns, integrated network components, and industry best practices that together are carefully blended in response to a customer's business and technical goals. The SDN provides a set of network connectivity, routing, load balancing, and advanced security mechanisms that, when applied in combination, result in flexible network infrastructure designs that provide high performance, scalability, availability, security, flexibility, and manageability.
  
  The primary goal of the SDN is simple:
  
  Service delivery at any time, from anywhere, to any device.
  
  A service optimized network architecture focuses on the services provided over the network to the end user, rather than the enabling technologies or their related components. By virtualizing resources and understanding the core services offered directly to end users, as well as the other data center services that support these end user services, organizations can take advantage of a true service-driven architecture.
  
  

Back to Top

• Enforcing the Two-Person Rule Via Role-Based Access Control in the Solaris 10 Operating System
  -by Glenn Brunette
  Whether discussing physical or logical access controls, organizations have for years applied the practice of the two-person rule to help secure IT assets. Using the two-person rule is an optional approach for organizations wanting to protect access to key data sets, or to restrict who may perform sensitive or high impact operations on a system.In many circumstances, however, more traditional IT security controls are likely appropriate. Using the two-person rule is most often reserved for restricting the most sensitive IT security operations performed within an organization. Whether and where a given organization could apply the two-person rule depends on its policies, architecture, processes, and requirements.
  
  This Sun BluePrints cookbook describes how to use Solaris Role-Based Access Control (RBAC) in the Solaris 10 Operating System (Solaris OS) to enforce the two-person rule in IT security.
  
  
• Using Host Groups and Cluster Queues in the Sun N1 Grid Engine 6 System
  -by Charu Chaubal
  Grid engine technology is currently used to power thousands of grids, collections of network-connected servers, providing more efficient use of computing resources. The N1 Grid Engine 6 software, the newest version of Sun's resource management solution, includes the core services for establishing and managing a grid environment, and provides policy-based workload management and dynamic provisioning of application workloads for increased productivity. This article discusses abstracting collections of resources within the N1 Grid environment using cluster queues and host groups, and explains how these features can be used to simplify administration and implement scheduling policies.
  
  
• Auto Diagnosis and Recovery Enhancements for Sun Fire Midrange Servers Updated for Firmware Release 5.19.0
  -by Tricia Wittsack
  Beginning with firmware release 5.15.0 for the System Controller (SC), several enhancements were made to improve the availability serviceability, diagnosability, and repair characteristics of Sun Fire midrange servers. These enhancements provided in the system controller firmware, combined with enhancements to the Solaris Operating System (Solaris OS), implement auto diagnosis and recovery capabilities that can increase system uptime, decrease system outages, improve system resiliency when a hardware fault occurs and minimize service interruptions. These enhancements automate many processes and procedures which required human intervention prior to firmware version 5.15.0. Firmware version 5.19.0 and the appropriate Solaris OS with all relevant kernel updates and patches are required to fully benefit from these enhancements.
  
  This document is useful for support personnel and assumes a basic technical knowledge of the Sun Fire midrange servers.
  
  

Back to Top

• Automating Initial Setup and Management of Sun Fire V20z and V40z Servers
  -by Jacques Bessoudo
  Many compute- and network-centric applications can benefit from pools or grids of smaller, horizontally-scaled servers due to their lower initial cost, flexibility, scalability, and performance for certain tasks. However, installing and managing tens or hundreds of servers in a consistent manner can be time consuming and prone to errors that further increase the time required to manage large pools of servers. Fortunately, many administrative tasks can be easily automated using the integrated service processor in the Sun Fire V20z and V40z servers.
  
  There are three areas of setup and management of the Sun Fire V20z and V40z server's service processor that are usually performed manually--where automated scripts can save time and can eliminate errors:
  
  * Service processor setup
  * Service processor management
  * Server (BIOS) and service processor firmware updates
  
  This article describes a method for helping system administrators save time by automating these processes and running them on multiple systems simultaneously. It details the steps for creating scripts to automate these tasks and run them in parallel and includes examples of several of the more common tasks.
  
  
• Creating Self-Balancing Solutions with Solaris Containers
  -by David Collier-Brown
  Transactions of some kind are an integral part of every organization, and must be completed on time if the business is to operate effectively and efficiently. Chaos, and damage, can be caused if critical transactions are not handled correctly. Today, IT managers often try to break workloads into chunks and process them with separate program instances in the hope that they can distribute the workload across the instances and keep pace with demand. This technique has its drawbacks. What happens when one instance fails to finish in time? Worse, what if the business is growing, and every month the number of lagging instances increases? How are system administrators supposed to figure out which instance is going to be late the next time?
  
  System administrators need to find ways to balance workloads across computing resources. With Solaris 10, Solaris Containers were further enhanced to include a new facility, Solaris Zones, which can be used to create a virtual environment that enables the management of unbalanced load problems. This Sun BluePrints article presents several techniques for dealing with unexpected load changes, and provides best practices for employing Solaris Containers in this effort.
  
  
• Restricting Service Administration in the Solaris 10 Operating System
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to use the Solaris 10 Service Management Facility (SMF) to require specific authorizations for certain types of operations. Using this capability, it is possible to delegate access to core service management functions based on the concept of least privilege--if a user or service does not strictly need to have some degree of privilege, then that privilege should not be granted. SMF allows organizations to have much finer grained access control policies than was possible before the Solaris 10 Operating System.
  
  

Back to Top

• Solaris Containers--What They Are and How to Use Them
  -by Menno Lageman
  Over the years businesses have been building large-scale information systems to solve business problems, with a focus on building scalable and highly available IT infrastructures that can adapt change. Providing sufficient availability and performance for business applications was the primary driver for these efforts. Today, the need to protect technology investments and provide the same service levels at a lower price point is shifting the focus to reducing IT infrastructure cost and improving end user service level management. To help this effort, the Solaris Operating System includes Solaris Containers, a mechanism that provides isolation to safely and securely share resources between software applications or services using flexible, software-defined boundaries.
  
  This Sun BluePrint article discusses the challenges organizations face in dealing with resource and workload management. Solaris Containers, and their constituent technologies (projects, resource pools, Zones) are introduced and explained. Practical examples that show these technologies solving resource and workload management problems are demonstrated.
  
  
• Limiting Service Privileges in the Solaris 10 Operating System
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to use the Solaris 10 Service Management Facility (SMF) to start a service at boot time (or at any later time) with reduced privileges. This is accomplished by setting the user, group, and set of privileges used to start the service. This article describes how to accomplish this in a practical context using a real service as an example.
  
  
• Sun Fire Midrange Server Update Best Practices Update for Firmware 5.18.x
  -by Ken Kambic and James Hsieh
  This is an update to the several other versions of the same titled document. It will provide guidance for the reader on the implementation of the features added from 5.14.0 to 5.18.0. The document will also include the information presented in the earlier versions of the document.
  
  

Back to Top

• Using Computer Forensics When Investigating System Attacks
  -by Joel Weise and Brad Powell
  This Sun BluePrints Online article describes how to use computer forensics when investigating attacks on a computer system. Computer forensics is an approach that helps investigators identify the source of an attack on an organization's systems and helps with assessing and recovering from any damage resulting from such an attack.
  
  Computer forensic investigations must be conducted in such a way that the information collected could be introduced as evidence in a court of law during the criminal prosecution of the attacker. Failure to follow guidelines for handling evidence might preclude an organization from being able to successfully prosecute the attacker(s). Although not all computer-forensic investigations lead to prosecution, organizations should always collect evidence using a methodology that can stand up in a court of law.
  
  
• Predictive Fault Monitoring in Sun Fire Servers
  -by Dave Re and Kumar Loganathan
  This document describes several new Predictive Fault Monitoring features in Sun's enterprise class Sun Fire server platforms (V1280-E25K) and in Sun's Solaris operating system (Solaris OS), including discussion about how these features operate and what action should be taken based on their output. The intention of this Sun BluePrints document is to educate the reader on the functionality of these features so that the reader can use these new features to increase overall uptime in Sun's enterprise class systems.
  
  
• Integrating BART and the Solaris Fingerprint Database in the Solaris 10 Operating System
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to quickly and easily authenticate BART, "the Solaris 10 Operating System Basic Audit and Reporting Tool", manifests using the Solaris Fingerprint Database (sfpDB). Using this process, you can determine whether there exist any files within the BART manifest that have been modified from the way in which they were shipped by Sun. This information is crucial when deciding how much trust can be placed in the validity of the files at the time the BART manifest was generated.
  
  

Back to Top

• Migrating From Tru64 UNIX to the Solaris Operating System
  -by Ken Pepple, Brian Down and David Levy
  Using a fictional case study, this Sun BluePrint article illustrates the methodology, tools, and best practices used to migrate a Tru64 environment to the Solaris environment. This study examines the migration of a simple, custom-written application that used a Sybase database to store information about a company's inventory as well as client-specific data. This application was converted to run under the Solaris Operating System (Solaris OS) and was integrated with directory services. Additionally, the database vendor was changed from Sybase to Oracle. This article provides an overview of the Tru64 Unix operating environment; discussions of 64-bit computing and clustering architectures; descriptions of justifying, architecting, and implementing the migration; and suggestions for managing the new Solaris environment.
  
  
• Migrating from HP/UX Platform to the Solaris Operating System
  -by Ken Pepple, Brian Down and David Levy
  Using a fictional case study that draws from several actual customer migration projects, this Sun BluePrint article illustrates the methodology, tools, and best practices used to migrate an HP/UX environment to the Solaris environment. The most significant of these projects, for a large health care insurance provider based in the United Kingdom, involved migrating a commercial-off-the-shelf (COTS) integrated-accounts solution to the Solaris Operating System (Solaris OS), and enhancing it to support their risk-underwriting and claims-processing business functions. This article provides an overview of the case study; descriptions of justifying, architecting, and implementing the migration; suggestions for managing the new Solaris environment; and a summary of the successful results of the migration.
  
  
• Automating Solaris 10 File Integrity Checks
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to centralize and automate the collection of file integrity information using the following Solaris features:
  
  * Secure Shell
  * Role-based Access Control (RBAC)
  * Process Privileges
  * Basic Auditing and Reporting Tool (BART)
  
  Each of these features can be quickly and easily integrated to centralize and automate the process of collecting file fingerprints across a network of Solaris 10 systems.
  
  
• N1 Grid Architecture Realized: Measurable Requirements
  -by Jason Carolan, Scott Radeztsky, Paul Strong and Ed Turner
  This article discusses using the Sun architecture methodologies to translate customer business drivers and stated functional and operational requirements into a measurable Critical to Quality (CTQ) baseline for architectural analysis and solution testing. This article is the entire fifth chapter of the Sun BluePrints book N1 Grid Realized: Preparing, Architecting, and Implementing Service-Centric Data Centers.
  
  

Back to Top

• Operations Management Capabilities Model
  -by Edward Wustenhoff, Michael J. Moore, and Dale H. Avery
  Successful IT management cannot be purchased out-of-the-box. The implementation of a robust IT management infrastructure is as much an exercise in organizational change as it is a technology implementation. IT management must be enhanced in an evolutionary manner, over time, through the application of a continuous improvement methodology that addresses the combination of people, process, and tools components.
  
  The Sun Microsystem's Operations Management Capabilities Model (OMCM) is a comprehensive, continuous improvement methodology for IT management that provides a practical framework and measurable roadmap for enhancing IT management. The OMCM helps organizations define, measure, and thoroughly assess their current and desired IT capability.
  
  The OMCM is based on the Sun IT Management Framework (Sun ITMF), which defines the three core different aspects--people, processes, and tools--of an organization's IT management infrastructure. The OMCM encompasses IT management best practices at all levels of the IT environment, mapping IT management disciplines to the architecture used to implement them. The OMCM provides the basis of assessment for the purpose of determining where best to invest in IT resources in support of key business needs.
  
  
• Configuring JumpStart Servers to Provision Sun x86-64 Systems
  -by Pierre Reynes
  Organizations are constantly challenged to deploy systems throughout the enterprise with consistent and reliable configurations. Solaris JumpStart technology provides a mechanism for fully automating the Solaris Operating System (Solaris OS) installation process. With the ability to locate installation information over the network or from a local CD-ROM drive, and use customized profiles, JumpStart facilitates the rapid and consistent deployment of Solaris OS-based systems.
  
  Many organizations have relied on UltraSPARC/Solaris platforms for years, and use JumpStart technology for operating system deployment. With the introduction of Sun x86-64 based systems, organizations are now seeking ways to use existing JumpStart servers to deploy the Solaris OS and Linux operating environment on Sun x86-64 based systems. This article describes how to modify existing JumpStart servers to support the deployment of the Solaris OS and Linux operating environment on Sun x86-64 based systems, as well as how to use standard Linux installation tools for configuring Sun x86-64 based systems.
  
  

Back to Top

• Understanding the Benefits of Implementing Oracle RAC on Sun Cluster Software
  -by Kristien Hens and Michael Loebmann
  In solutions that implement Oracle RAC and Sun Cluster software, the flexibility and power of Sun's cluster solution can add structure and maintainability to various underlying hardware components. This article describes the benefits of an Oracle RAC and Sun Cluster solution.
  
  This article is the complete second chapter of the Sun BluePrints book, "Creating Highly Available Database Solutions: Oracle Real Application Clusters (RAC) and Sun Cluster 3.x Software," by Kristien Hens and Michael Loebmann, is now available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  

Back to Top

• Service Provisioning with Resource Management
  -by Sam Antwi
  The Solaris 9 Resource Management (Solaris 9 RM) offers a more granular, elegant, and flexible solution to Solaris Operating System (Solaris OS) platform resource sharing and control. It provides support for a predictable approach to guaranteed service level commitment, even in environments where resources are contested by multiple stacked application service workloads or where maximizing system resource utilization is paramount. This Sun BluePrint shows how to apply Solaris 9 RM for service provisioning, with a particular focus on three application service workloads: Sun ONE Web Server, BEA WebLogic, and Oracle9i.
  
  

Back to Top

• Ethernet Autonegotiation Best Practices
  -by Steve Hodnett and Jim Eggers
  Issues related to network performance, delays, jumpstart problems and link failures due to incorrect ethernet link speed and duplex settings are becoming more common due to outdated Ethernet link policies adopted by many administrators. This is largely due to misunderstanding of Ethernet autonegotation standards and experiences with older ethernet drivers and switches.
  
  This article details Sun's reco