Archives By Subject

NOTE TO OUR READERS:

Sun BluePrints OnLine articles are maintained in this archive for the benefit and historical reference of our readers. Details of the recommendations set forth in these articles may not reflect Sun's latest hardware and software releases. Caution, careful analysis and common sense should be exercised when applying these Sun BluePrints articles to newer products and software releases.

Resource Management

• Solaris Containers Technology Architecture Guide (May 2006)
  -by Jeff Victor
  This Sun BluePrints article is a must-read for those looking to find new ways to reduce IT infrastructure costs and better manage end user service levels. While costs from managing vast networks of servers and software components continue to escalate, existing server consolidation and virtualization techniques do not adequately provision applications and ensure shared resources are not compromised. The Solaris Containers technology addresses this void by making it possible to create a number of private execution environments within a single instance of the Solaris OS. This paper provides suggestions for designing system configurations using powerful tools associated with Solaris Containers, guidelines for selecting features most appropriate for the user's needs, advice on troubleshooting, and a comprehensive consolidation planning example.
  
  
• Working with Solaris Containers and the Solaris Service Manager (May 2006)
  -by Joost Pronk van Hoogeveen
  Solaris Containers and Predictive Self-Healing technologies work together by creating separate execution environments, each with its own namespace and assigned resources. Each environment can have its own self-healing personalities that can be changed, copied, and reloaded as needed. These technologies enable administrators to determine the current state of the environment, making it easier to use the Solaris OS for consolidation efforts. This article provides an inside look on what the Solaris 10 OS has to offer, as well as ideas on how to get started and put these new features to work, with technologies such as Solaris Containers, Solaris Predictive Self Healing and Solaris Service Management Facility. Emphasis is placed on illustrating how these functionalities can be used to create isolated environments customized for specific applications.
  
  
• Web Consolidation on the Sun Fire T1000 using Solaris Containers (December 2005)
  -by Kevin Kelly
  Reducing the costs of IT infrastructure and improving the manageability and efficiency of web services pose significant challenges for many organizations in today's economic climate. Recent studies describe the challenges IT managers face administering the proliferation of x86-based servers used to run web services applications. Those reports reveal that using large number of x86-based systems can increase space and power consumption, as well as cost and asset management overhead. In addition, many of these x86-based systems run a mixture of operating system and application software leading to increased management complexity and potential security concerns.
  
  Faced with these challenges, many organizations are attracted by the idea of consolidating web and application services from multiple x86-based servers to a smaller number of high-performance servers. This approach strives to help simplify management, improve performance, and increase the efficiency of delivering web services. The combined capabilities of the Sun Fire T1000 server and Solaris Containers technology in particular offer significant promise as a web-tier consolidation platform. The Sun Fire T1000 server offers high aggregate throughput performance in a small, power-efficient footprint. Solaris containers provide a complete, isolated, and secure runtime environment for applications, enabling multiple web servers to run safely and efficiently on the same platform.
  
  This paper explores the configuration and testing of the Sun Fire T1000 server as a web-tier consolidation platform. It discusses methodologies used to consolidate multiple web servers onto a single Sun Fire T1000 server, and explains the steps used to configure the Solaris Containers. In addition, to determine the effectiveness of this approach, testing was performed to evaluate the consolidated Sun Fire T1000 system against a baseline configuration of current Xeon servers, a popular choice as web server platform.
  
  
• Developing and Tuning Applications on UltraSPARC T1 Chip Multithreading Systems (December 2005)
  -by Denis Sheahan
  Traditional processor design has long emphasized the performance of a single hardware thread of execution, and focused on providing high levels of instruction-level parallelism. These increasingly complex processor designs have been driven to very high clock rates (frequencies), often at the cost of increased power consumption and heat production. Unfortunately, the impact of memory latency has meant that even the fastest single-threaded processors spend most of their time idle, waiting for memory. Complicating this tendency, many of today’s complex commercial workloads are simply unable to take advantage of instruction-level parallelism, instead benefiting from thread-level parallelism.
  
  This Sun BluePrints article describes techniques that system architects, application developers, and performance analysts can use to assess the scaling characteristics of an application. It also explains how to optimize an application for chip multithreading, in particular for systems that use UltraSPARC T1 processors. This article discusses the following topics:
  • Processor physical characteristics
  • Performance characteristics
  • Classes of commercial applications
  • Assessing performance on UltraSPARC T1 processor-based systems
  • Scaling applications with chip multithreading
  • Tuning for general performance
  • Accessing the modular arithmetic unit and encryption framework
  • Minimizing floating-point operations and VIS instruction
  
  
  
• Slicing and Dicing Servers: A Guide to Virtualization and Containment Technologies (October 2005)
  -by Harry J. Foxwell, Issac Rozenfeld
  Part of an emerging family of containment technologies, server virtualization is designed to help reduce server sprawl — the proliferation of individual hardware servers and accompanying management and resource allocation problems. Today, IT managers and executives are starting to consider a variety of virtualization and containment technologies available on Microsoft Windows, Linux, the Solaris Operating System and other environments. There is also renewed interest among industry and academic researchers in this area, as virtualization is a key technology in the deployment of both computational and business service grid architectures. However, significant confusion remains regarding the terminology and techniques involved, as well as the trade-offs among the range of current solutions.
  
  This article focuses on the motivation behind server-oriented containment and virtualization — secure, efficient, and cost-effective workload management — and discusses the concepts, vocabulary, and techniques currently available to help achieve it. Other forms of virtualization, such as those used for storage and networks, are not discussed. Directed at IT managers, CIOs, and CTOs responsible for computer resource allocation decisions, this article assumes general familiarity with IT infrastructure and management issues, and provides an overview of various solutions. Detailed technical knowledge of the techniques presented is not required. The first section reviews the requirements and challenges of workload management. Subsequent sections discuss the origins of virtualization and containment, currently available solutions and trade-offs, and a brief discussion of future technologies.
  
  
• Scheduler Policies for Job Prioritization in the N1 Grid Engine 6 System (October 2005)
  -by Charu Chaubal
  Grid engine technology powers collections of network-connected servers, called grids, providing efficient use of computing resources. The N1 Grid Engine 6 software, the newest version of Sun's resource management solution, includes the core services for establishing and managing a grid environment, and provides policy-based workload management and dynamic provisioning of application workloads for increased productivity. This article describes the tools and techniques for resource management that are available in the N1 Grid Engine 6 software, and explains how to use them effectively. It discusses the prioritization policies in the N1 Grid Engine 6 software, describes how they fit with the new resource aggregation methods, and makes recommendations for how to map real-life resource allocation schemes to N1 Grid configurations.
  
  The article addresses the following topics:
  • How the N1 Grid Engine 6 system implements job scheduling
  • The various scheduling policies that can be employed in an N1 Grid
  • An example scenario providing fair share use of resources with prioritization of jobs
  • Illustrates how to automatically determining priorities based on job requirements
  • Explains how to provide prioritization of jobs in combination with preemption of lower priority
  
  
• Protecting Investments Through Technology Advancements (October 2005)
  -by Brian Down
  With businesses becoming increasingly dependent on IT infrastructure, IT organizations are constantly seeking new ways to implement these vital assets in a cost-effective manner that supports business goals. At the same time, budget pressures are pushing organizations to find ways to protect technology investments and ensure they provide good value over time. Indeed, because IT assets depreciate, it is important they provide value—business flexibility, agility, and efficiency—for as long as possible, and be easy to replace when the time comes. This Sun BluePrints article explains what it means to protect IT investments, and what you need to consider when protecting them. It also illustrates how Sun's platform of UltraSPARC processor-based servers running the Solaris Operating System can be used to build an infrastructure with investment protection built-in.
  
  
• Using Host Groups and Cluster Queues in the Sun N1 Grid Engine 6 System (August 2005)
  -by Charu Chaubal
  Grid engine technology is currently used to power thousands of grids, collections of network-connected servers, providing more efficient use of computing resources. The N1 Grid Engine 6 software, the newest version of Sun's resource management solution, includes the core services for establishing and managing a grid environment, and provides policy-based workload management and dynamic provisioning of application workloads for increased productivity. This article discusses abstracting collections of resources within the N1 Grid environment using cluster queues and host groups, and explains how these features can be used to simplify administration and implement scheduling policies.
  
  
• Auto Diagnosis and Recovery Enhancements for Sun Fire Midrange Servers Updated for Firmware Release 5.19.0 (August 2005)
  -by Tricia Wittsack
  Beginning with firmware release 5.15.0 for the System Controller (SC), several enhancements were made to improve the availability serviceability, diagnosability, and repair characteristics of Sun Fire midrange servers. These enhancements provided in the system controller firmware, combined with enhancements to the Solaris Operating System (Solaris OS), implement auto diagnosis and recovery capabilities that can increase system uptime, decrease system outages, improve system resiliency when a hardware fault occurs and minimize service interruptions. These enhancements automate many processes and procedures which required human intervention prior to firmware version 5.15.0. Firmware version 5.19.0 and the appropriate Solaris OS with all relevant kernel updates and patches are required to fully benefit from these enhancements.
  
  This document is useful for support personnel and assumes a basic technical knowledge of the Sun Fire midrange servers.
  
  
• Creating Self-Balancing Solutions with Solaris Containers (June 2005)
  -by David Collier-Brown
  Transactions of some kind are an integral part of every organization, and must be completed on time if the business is to operate effectively and efficiently. Chaos, and damage, can be caused if critical transactions are not handled correctly. Today, IT managers often try to break workloads into chunks and process them with separate program instances in the hope that they can distribute the workload across the instances and keep pace with demand. This technique has its drawbacks. What happens when one instance fails to finish in time? Worse, what if the business is growing, and every month the number of lagging instances increases? How are system administrators supposed to figure out which instance is going to be late the next time?
  
  System administrators need to find ways to balance workloads across computing resources. With Solaris 10, Solaris Containers were further enhanced to include a new facility, Solaris Zones, which can be used to create a virtual environment that enables the management of unbalanced load problems. This Sun BluePrints article presents several techniques for dealing with unexpected load changes, and provides best practices for employing Solaris Containers in this effort.
  
  
• Solaris Containers--What They Are and How to Use Them (May 2005)
  -by Menno Lageman
  Over the years businesses have been building large-scale information systems to solve business problems, with a focus on building scalable and highly available IT infrastructures that can adapt change. Providing sufficient availability and performance for business applications was the primary driver for these efforts. Today, the need to protect technology investments and provide the same service levels at a lower price point is shifting the focus to reducing IT infrastructure cost and improving end user service level management. To help this effort, the Solaris Operating System includes Solaris Containers, a mechanism that provides isolation to safely and securely share resources between software applications or services using flexible, software-defined boundaries.
  
  This Sun BluePrint article discusses the challenges organizations face in dealing with resource and workload management. Solaris Containers, and their constituent technologies (projects, resource pools, Zones) are introduced and explained. Practical examples that show these technologies solving resource and workload management problems are demonstrated.
  
  
• Service Provisioning with Resource Management (November 2004)
  -by Sam Antwi
  The Solaris 9 Resource Management (Solaris 9 RM) offers a more granular, elegant, and flexible solution to Solaris Operating System (Solaris OS) platform resource sharing and control. It provides support for a predictable approach to guaranteed service level commitment, even in environments where resources are contested by multiple stacked application service workloads or where maximizing system resource utilization is paramount. This Sun BluePrint shows how to apply Solaris 9 RM for service provisioning, with a particular focus on three application service workloads: Sun ONE Web Server, BEA WebLogic, and Oracle9i.
  
  
• Using Solaris Resource Manager With Sun Ray (June 2004)
  -by Marcel Guerin
  This article describes best practices for managing system resources for Sun Ray users. Based on an actual customer scenario, this article provides recommendations for integrating and using the Solaris Resource Manager software to fairly distribute system resources when users insert and remove their smart cards from Sun Ray desktop units. Sample scripts associated with this article are available from the Sun BluePrints Scripts & Tools web site via the SDLC download service. This article and the scripts are intended for an audience with intermediate to advanced knowledge on this topic.
  
  
• Global Grid Connectivity Using Globus Toolkit With Solaris Operating System (May 2004)
  -by Chong-Wee Simon See and Gabriel Ghinita
  This article describes how to integrate grid computing with Globus Toolkit software for a site using Sun N1 Grid Engine software (formerly Sun Grid Engine) as a local resource manager. This article provides background information and step-by-step instructions for installing, configuring, integrating, and testing Globus Toolkit software with Sun N1 Grid Engine software on x86 architecture using the Solaris 9 Operating System.
  
  
• Sun Ray Deployment On Shared Networks (February 2004)
  -by Mike Oliver, Raja Doraisamy, Bob Doolittle, Kent Peacock, Gerard Wall, and Gary Sloane
  With the growing popularity of the Sun Ray thin client computing model and its increasing acceptance in business and research settings, there has been considerable demand for a more detailed description of best practices for deployment on varied existing network topologies. This article describes several common topologies and provides deployment hints and instructions not yet covered in the product documentation. This article is ideal for advanced network administrators.
  
  
• Dynamic Reconfiguration and Oracle 9i Dynamically Resizeable SGA (January 2004)
  -by Erik Vanden Meersch and Kristien Hens
  This article explains how Oracle 9i can operate in combination with Sun's dynamic reconfiguration (DR). It provides a brief overview of DR, intimate shared memory (ISM), dynamic intimate shared memory (DISM), and dynamically resizable system global area (SGA), and explains how these technologies fit together. In addition, this article provides step-by-step details for configuring Oracle relational databases on Sun Fire servers so that the DR capabilities of the Sun platform can be maximized. This article requires an intermediate reader. The features described in this article should be used with the Solaris 9 OS Update 2 and newer.
  
  
• Sun Grid Engine, Enterprise Edition-Configuration Use Cases and Guidelines (July 2003)
  -by Charu Chaubal
  This article describes a set of use cases for configuration of Sun Grid Engine, Enterprise Edition 5.3 (Sun ONE GEEE) software. It is meant to be a starting point from which intermediate to advanced Sun One GEEE software administrators can create a customized configuration for their particular environment. It is important to realize that each environment has unique requirements, and that the greatest benefits of the Sun ONE GEEE software policy module are obtained by fine-tuning a configuration once the results of the initial configuration have been assessed. Moreover, as the environment evolves and the needs of the enterprise change, additional tuning on an ongoing basis will probably be appropriate. This article assumes the reader has some familiarity with the features and parameters of Sun ONE GEEE.
  
  
• Building a Global Compute Grid - Two Examples Using the Sun ONE Grid Engine and the Globus Toolkit (April 2003)
  -by Charu Chaubal & Radoslaw Rafinski
  Currently, much research activity is based around the implementation of advanced resource sharing networks, which are geographically distributed. Much of this research has taken advantage of the Globus Toolkit, an open source toolkit provided by the Globus organization. In this Sun BluePrints article, the problem of building a compute grid using the Globus Toolkit and how it can best be integrated with Sun ONE Grid Engine are discussed. Two case studies in the academic arena are presented.
  
  
• A New Open Resource Management Architecture in the Sun HPC ClusterTools Environment (November 2002)
  -by Steve Sistare
  This article presents a new architecture for the integration of the Sun HPC ClusterTools parallel computing environment with distributed resource management systems such as the Sun Grid Engine system. The architecture enables a tight integration to be achieved with multiple distributed resource management systems in a uniform and extensible framework, which means that any of the popular management systems may be used to launch and monitor Sun MPI parallel jobs. Unlike previously available loose integrations, tight integrations allow a resource manager to accurately measure resources used by the parallel processes, to terminate jobs that exceed resource limits, and to generate accurate accounting information for multi-process jobs Tight integrations are implemented with Sun Grid Engine software, PBS, and LSF. Correct resource accounting with this tight integration is demonstrated and launching and debugging Sun MPI jobs using each system is detailed.
  
  
• Resource Management in the Solaris 9 Operating Environment (September 2002)
  -Stuart J. Lawson
  The Solaris Resource Manager (Solaris RM) enables the resources of a single instance of the operating environment to be shared in an arbitrarily fine-grained manner, among consolidated or partitioned applications or system users. The Solaris RM can be used such that a guaranteed level of service can be given, where appropriate. In this article, Stuart Lawson describes the three core resource management approaches in the Solaris 9 Operating Environment and offers best practices for setting up a resource management framework.
  
  
• Introduction to the Cluster Grid - Part 2 (September 2002)
  -James Coomer and Charu Chaubal
  Grid computing is a rapidly emerging technology that can be implemented through the use of the Sun Cluster Grid software stack. In the second part of a two-part series, this article takes the next step in describing the Sun Cluster Grid design phase which includes information gathering, design decisions, installation and management considerations, and example implementations.
  
  
• Introduction to the Cluster Grid - Part 1 (August 2002)
  -by James Coomer and Charu Chaubal
  Grid computing is a rapidly emerging technology which can be implemented today through the use of the Sun Cluster Grid software stack. Part one of this two part series provides an introduction to grid architecture, and discusses how the architecture can be applied to existing compute environments using the Sun Cluster Grid software stack. Full treatment of the cluster grid design and implementation will be provided in the September BluePrints Online article, "Introduction to the Cluster Grid - Part 2".
  
  
• Enterprise Management Systems Part II: Enterprise Quality of Service (QoS) Provisioning and Integration (May 2002)
  -by Deepak Kakadia with Dr. Tony G. Thomas, Dr. Sridhar Vembu, and Jay Ramasamy of AdventNet, Inc.
  Building on the concepts of how to best manage services in Service Driven Networks, this second article of the two-part series describes how to integrate Sun Management Center 3.0 software and AdventNet WebNMS 2.3 software to provision end-to-end services and provide a complete solution that can effectively manage a multivendor environment.
  
  
• Enterprise Management Systems Part I: Architectures and Standards (April 2002)
  -by Deepak Kakadia, Dr. Tony Thomas, Dr. Sridhar Vembu and Jay Ramasamy
  The first in a two-part series focused on managing services in Service Driven Networks (SDNs), this article presents a summary of typical architectures and a clarification of the standards to help the reader better understand the implementations of various third-party vendor EMSystems solutions.
  
  
• Enterprise Quality of Service (QoS) Part II: Enterprise Solution using Solaris Bandwidth Manager 1.6 Software (March 2002)
  -by Deepak Kakadia
  Deepak's article is the second in a two-part series that focuses on Quality of Service (QoS) issues. This article explores possible approaches to deploying an Enterprise Quality of Service solution using Solaris Bandwidth Manager 1.6 software. It also presents an integrated close-loop solution using Sun Management Center 3.0 software, which exploits API's offered by both products and creates a policy-based QoS solution for the enterprise.
  
  
• Enterprise Quality of Service (QoS): Part I - Internals (February 2002)
  -by Deepak Kakadia
  In a two-article series, distinguished Sun BluePrints author works to clear the confusion surrounding QoS by explaining what it is, how it is implemented, and how to use it in an enterprise. This month's part one article details the basics surrounding the "what" and "how" of implementation, as well as the internals of QoS. Be sure to return to Sun BluePrints OnLine next month for his second article which will focus on how to deploy QoS in an enterprise.
  
  
• Managing Systems and Resources in HPC Environments (February 2002)
  -by Omar Hassaine
  Written for the compute-intensive site administrator and user, this article highlights the benefits, presents preferred practices, and provides useful recommendations for using enterprise server tools and features available in commercial environments.
  
  
• Issues in Selecting a Job Management System (January 2002)
  -by Omar Hassaine
  This article addresses the problems usually faced when selecting the most appropriate job management system (JMS) to deploy at HPC sites. The article describes the three most popular offerings available on the Sun platform and provides a classification of the most important features to use as a basis in selecting a JMS. A JMS comparison and useful set of recommendations are included.
  
  
• Building Sun based Beowulf Cluster (December 2001)
  -by Börje Lindh
  This article explains how you can build compute clusters from Sun Microsystems components that competes with Beowulf clusters and above.
  
  
• System Performance Management: Moving from Chaos to Value (July 2001)
  -by Jon Hill and Kemer Thomson
  This article presents the rationale for formal system performance management from a management, systems administrative and vendor perspective. It describes four classes of systems monitoring tools and their uses. The article discusses the issues of tool integration, "best-of-breed versus integrated suite" and the decision to "buy versus build."
  
  
• Using Solaris Resource Manager with Solaris PC NetLink Software - Part 2 (June 2000)
  -by Don DeVitt
  Don presents part 2 of this article in which he includes an experiment that is performed to determine a useful range of shares that can be allocated to the Solaris PC NetLink software by the Solaris Resource Manager software.
  
  
• Using Solaris Resource Manager with Solaris PC NetLink Software - Part 1 (May 2000)
  -by Don DeVitt
  Don discusses the use of Solaris PC NetLink with Solaris Resource Manager.
  
  
• Sun Enterprise 10000 Server Floating Tape Library Solution (January 2000)
  -by Enrique Vargas
  Enrique presents the fourth article in the Dynamic Reconfiguration (DR) series.
  
  
• Tracing Resource Consumption of Solaris PC NetLink Software Users (December 1999)
  -by Don DeVitt
  Shows the Solaris Operating Environment commands and the Solaris PC NetLink software commands for determining which PC clients are consuming resources via Solaris PC NetLink software.
  
  
• Policy-Based Networks (October 1999)
  -by Jean-Christophe Martin
  Talks about the network policy concept in greater depth, and see how it is implemented in the Solaris Bandwidth Manager software.
  
  
• Modelling the Behavior of Solaris Resource Manager Software (August 1999)
  -by Enterprise Engineering
  How Solaris Resource Manager software achieves dynamic resource consumption by using a fair share CPU scheduling algorithm.
  
  
• Solaris Resource Manager: Resource Assignment (August 1999)
  -by Richard McDougall
  This article explains how users are assigned resource lnodes and under what circum-stances they change to ensure that resource limits are allocated correctly.
  
  
• Solaris Bandwidth Manager (June 1999)
  -by Evert Hoogendoorn
  Evert explains the benefits of Solaris Bandwidth Manager.
  
  
• Load Sharing Facility (June 1999)
  -by Tom Bialaski
  How LSF can be used as a resource management tool for running technical batch applications such as simulations.
  
  
• Solaris Resource Manager - Decay Factors and Parameters (April 1999)
  -by Richard McDougall
  More on Solaris Resource Manager with the Decay Factors and Parameters.
  
  
• Solaris Resource Manager - Decay and Scheduler Parameters (April 1999)
  -by Richard McDougall
  Continues with the topic of Solaris Resource Manager Decay.
  
  
• An Overview of Methodology (April 1999)
  -by Adrian Cockcroft
  An in-depth overview on Service Level Definitions and Interactions and Resource Management Control Loop.
  
  
• Dynamic Reconfiguration (April 1999)
  -by Enrique Vargas
  The fundamentals of Dynamic Reconfiguration.
  
  
• Managing NFS Workloads (April 1999)
  -by Richard McDougall, Adrian Cockcroft and Evert Hoogendoorn
  Demonstration of the usage and management of NFS.
  
  
• Solaris Resource Manager (April 1999)
  -by Richard McDougall
  Overview and examples of Solaris Resource Manager functions.
  
  

Back to Top

Data Management

• Architecting Availability and Disaster Recovery Solutions (April 2006)
  -by Tim Read
  IT departments typically run four broad classes of service in the data centre: mission critical, business critical, business operational and administrative services. Which service falls into which category is normally agreed between the business units and the IT department by determining the importance of various business processes and how these map on to IT systems. Each class, and possibly individual services, will have service level agreement (SLAs). In turn, these demand different levels of protection against failure, whether caused by hardware or software problems, administrative error, data loss or corruption or disasters of various sorts. Problems that make the data unavailable, through hardware or software failure, require a different solution to those that make the underlying data itself unavailable, either through corruption or deletion.
  
  Services considered mission critical require technical solutions that include both a service availability and a disaster recovery component as part of a full business continuity plan (BCP). The 'best practice' data centre infrastructure design patterns for many of the pieces needed for such solutions: local area networks, storage area networks, systems management, security, provisioning and clustering are described in detail in the 'Data Centre Reference Implementation' white paper.
  
  This document discusses the options for meeting the SLAs for mission and business critical services with particular reference to the Sun Cluster software. Where multiple solutions exist, the underlying complementary technologies: disk mirroring, data replication, transaction monitors and database replication techniques, are examined to highlight the trade-offs that must be made when using certain hardware and software combinations.
  
  The broader topic business continuity involves the consideration of more than just system availability and disaster recovery. This white paper does not cover any aspects of the disaster planning required for telecommunications, staffing or physical infrastructure, such as buildings, desks, etc.
  
  
• Understanding the Benefits of Implementing Oracle RAC on Sun Cluster Software (January 2005)
  -by Kristien Hens and Michael Loebmann
  In solutions that implement Oracle RAC and Sun Cluster software, the flexibility and power of Sun's cluster solution can add structure and maintainability to various underlying hardware components. This article describes the benefits of an Oracle RAC and Sun Cluster solution.
  
  This article is the complete second chapter of the Sun BluePrints book, "Creating Highly Available Database Solutions: Oracle Real Application Clusters (RAC) and Sun Cluster 3.x Software," by Kristien Hens and Michael Loebmann, is now available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  
• Best Practices for Deploying the Sun StorADE Utility (January 2004)
  -by Christian Cadieux and Mike Monahan
  This article discusses the Sun Automated Diagnostic Environment (StorADE) utility. The StorADE utility provides centralized monitoring and diagnostics for most Sun storage product offerings. The first part of this article provides an overview and describes how to plan a StorADE deployment. The second part provides step-by-step installation information with best practice recommendations for StorADE configuration; whether the environment contains complex storage area networks (SANs), or straightforward direct-connect devices. This article is intended for IT architects, administrators, and anyone looking for an introductory article on a storage monitoring utility.
  
  
• Migrating to the Solaris Operating System: Migrating From Tru64 UNIX (November 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article presents a fictional case study that illustrates the methodology, tools, and best practices used to migrate a Tru64 environment to a Solaris environment.
  BR> This article is the complete tenth chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", by Ken Pepple, Brian Down, and David Levy, which is available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  
• Hardware Replication Challenges (November 2003)
  -by Selim Daoud
  This article describes the challenges of keeping valuable hardware-replicated data safe. Being able to access and manipulate the cloned data is crucial and often neglected. This article describes the different types of data replication and the procedure to access a hardware-replicated set of data. This article targets an intermediate audience.
  
  
• Solaris Volume Manager Performance Best Practices (November 2003)
  -by Glenn Fawcett
  Compelling new features such as soft partitioning and automatic device relocation make the Solaris Volume Manager software a viable candidate for storage management needs. Solaris Volume Manager software features enhance storage management capabilities beyond what is handled by intelligent storage arrays with hardware RAID. Now Solaris Volume Manager software is integrated with the Solaris Operating Environment (Solaris OE) and does not require additional license fees. This article provides specific Solaris Volume Manager tips for system, storage, and database administrators who want get the most of Solaris Volume Manager software in their data centers. This article targets an intermediate audience.
  
  
• Solaris Operating System and ORACLE Relational Database Management System Performance Tuning (October 2003)
  -by Ramesh Radhakrishna
  This article focuses on the performance problems at the Resource Tier (database server). The assumption is that the database server is a Sun server running an ORACLE Relational Management System (RDBMS). The article requires a general knowledge of Solaris Operating System (Solaris OS) and Oracle RDBMS system administration. It is written for beginner- and intermediate-level system administrators responsible for Sun systems, and for Sun's customer engineers, and database administrators responsible for tuning Oracle databases.
  
  
• Migrating to the Solaris Operating System: Migration Strategies (September 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article defines the most important terms in migration, and differentiates between these terms. In addition, it presents migration strategies, the benefits and risks of each strategy, and the appropriateness of each strategy for various situations. This article is ideal for a beginning to intermediate audience.
  
  This article is the complete third chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", which will be available at Sun BluePrints Publication page, the amazon.com website, and Borders and Barnes & Noble bookstores at the end of October, 2003.
  
  
• Using filesync for Disaster Recovery, Business Continuance, and Mobility (July 2003)
  -by John Rosander
  The Solaris Operating Environment filesync(1) command can be used for disaster recovery, business continuance, and mobility. This article details how to use the filesync(1) command to synchronize directories between Sun servers, and between Sun servers and Linux laptops. This article is ideal for a reader with an intermediate level of expertise.
  
  
• Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle9i Release 2 And Sun Fire Servers (March 2003)
  -byGlenn Fawcett
  There are a handful of common performance issues that arise when trying to scale Oracle database applications on Solaris Operating Enironment. These issues are sometimes difficult to identify and address. This paper incorporates the experiences of Sun's Strategic Application Engineering group in tuning Oracle RDBMS systems on a variety of workloads. There are accompanying document, Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle9i Release 2 And Sun Fire Servers Appendices, that supplements the information in this article.
  
  
• APPENDICES - Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle9i Release 2 And Sun Fire Servers Appendices (March 2003)
  -by Glenn Fawcett
  These are the appendices for the article Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle 9i Release 2 And Sun Fire Servers (March 2003)
  
  
• Configuring Databases Using Soft Links (January 2003)
  -by Carlos Godinez
  This article explains the advantages of using symbolic (soft) links when configuring databases and provides techniques and examples for using them. This article presents information that will enable you to manage database configuration efficiently and accurately.
  
  
• Managing Shared Storage in a Sun Cluster 3.0 Environment With Solaris Volume Manager Software (November 2002)
  -by Kristien Hens and Peter Dennis
  Traditionally, VERITAS Volume Manager (VxVM) has been the volume manager of choice for shared storage in enterprise-level configurations. In this article, a free and easy-to-use alternative, Solaris Volume Manager software, which is part of the Solaris 9 Operating Environment (Solaris 9 OE) is explored. This mature product offers similar functionality to VxVM. Moreover, it is tightly integrated into the Sun Cluster 3.0 software framework and, therefore, should be considered to be the volume manager of choice for shared storage in this environment.
  
  
• Memory Hierarchy in Cache-Based Systems (November 2002)
  -by Ruud Van Der Pas
  This article will help the reader understand the architecture of modern microprocessors by introducing and explaining the most common terminology and addressing some of the performance related aspects. Written for programmers and people who have a general interest in microprocessors, this article presents introductory information on caches and is designed to provide understanding on how modern microprocessors work and how a cache design impacts performance.
  
  Despite improvements in technology, microprocessors are still much faster than main memory. Memory access time is increasingly the bottleneck in overall application performance. As a result, an application might spend a considerable amount of time waiting for data. This not only negatively impacts the overall performance, but the application cannot benefit much from a processor clock-speed upgrade either. One method for overcoming this problem is to insert a small high-speed buffer memory between the processor and main memory. Such a buffer is generally referred to as cache memory, or cache for short.
  
  
• Configuring Boot Disks With Solaris Volume Manager Software (October 2002)
  -by Erik Vanden Meersch and Kristien Hens
  This article is an update to the April 2002 Sun BluePrints OnLine article, Configuring Boot Disks With Solstice DiskSuite Software. This article focuses on the Solaris 9 Operating Environment, Solaris Volume Manager software, and VERITAS Volume Manager 3.2 software. It describe how to partition and mirror the system disk, and how to create and maintain a backup system disk. In addition, this article presents technical arguments for the choices made, and includes detailed runbooks.
  
  
• Monitoring and Tuning Oracle - Chapter 22, Part II (August 2002)
  -by Allan N. Packer
  Building on his July 2002 Sun BluePrints OnLine article, Allan continues to provide more best practices for Oracle monitoring using utlbstat/utlestat scripts and to recommend parameter settings for OLTP and DSS environments. Issues ranging from load performance to dynamic reconfiguration and Oracle recovery are also examined. Additional Oracle monitoring and tuning recommendations are available in his recently released book "Configuring and Tuning Databases on the Solaris Platform."
  
  
• Sun StorEdge[tm[ Instant Image 3.0 and Oracle8i Database Best Practices (August 2002)
  -by Art Licht
  A methodology for implementing the Sun StorEdge Instant Image 3.0 Point-In-Time (PIT) copy technology to perform non-intrusive and efficient backup operations on Oracle8i databases, without impacting business operations is presented. A method customers can use to repurpose the PIT Oracle8i data for parallel business processes is also included.
  
  
• Reducing the Backup Window With Sun StorEdge Instant Image Software (July 2002)
  -by Selim Daoud
  This article discusses the advantages and methods of using a point-in-time (PIT) type of backup system versus a more traditional backup approach that requires extended downtime. This article is for anyone interested in reducing the backup window (improving the uptime of important applications) while backing up a system that is nearly online.
  
  
• Monitoring and Tuning Oracle - Chapter 22 Part 1 (July 2002)
  -by Allan N. Packer
  Allan N. Packer shares Oracle monitoring and tuning recommendations from his recently-released book, "Configuring and Tuning Databases on the Solaris Platform", ISBN# 0-13-083417-2. In this article, Allan examines ways of managing Oracle behavior, changing tunable parameters, calculating the buffer cache hit rate, and other topics. The article goes on to discuss Oracle monitoring using the utlbstat/utlestat scripts.
  
  
• Drill-Down Monitoring of Database Servers - Chapter 21 (June 2002)
  -by Allan N. Packer
  Database expert, Allan N. Packer, shares database best practices from his recently-released book, "Configuring and Tuning Databases on the Solaris Platform", ISBN# 0-13-083417-2. In this article, Allen presents a process for identifying and resolving problems with the performance of database servers.
  
  
• LAN-Free Backups Using the Sun StorEdge Instant Image 3.0 Software (June 2002)
  -by Art Licht
  As data grows in size and backup windows shrink, performing backups across the LAN is no longer the ideal method. This article gives an overview of LAN and SAN backup practices and includes procedures for performing LAN-free backups.
  
  
• Network Storage Evaluations Using Reliability Calculations (June 2002)
  -by Selim Daoud
  This article uses a case study to introduce concepts and calculations for systematically comparing redundancy and reliability factors as they apply to network storage configurations.
  
  
• Storage Resource Management: A Practitioner's Approach (April 2002)
  -by Stevan Arbona and Joe Catalanotti
  Storage resource management (SRM) best practices are presented, with a particular focus on the positive impact that SRM can have on controlling costs by increasing operational efficiency.
  
  
• Configuring Boot Disks With Solstice DiskSuite Software (April 2002)
  -by Erik Vanden Meersch and Kristien Hens
  How to partition the system disk, mirror it, and create and maintain a contingency boot disk are presented. Topics include two-, three-, and four-disk configurations, their associated runbooks, and the SUNBEsdm package with scripts.
  
  
• Configuring Boot Disks (December 2001)
  -by John S. Howard and David Deeths
  This article is the fourth chapter of the Sun BluePrints book titled Boot Disk Management: A Guide For The Solaris Operating Environment (ISBN 0-13-062153-6), which is available through www.sun.com/books, amazon.com, and Barnes & Noble bookstores.
  
  This chapter presents a reference configuration of the root disk and associated disks that emphasizes the value of configuring a system for high availability and high serviceability. This chapter explains the value of creating a system with both of these characteristics, and outlines the methods used to do so.
  
  
• Sun StorEdge T3 Array: Installation, Configuration and Monitoring Best Practices (October 2001)
  -by Ted Gregg
  In order to fully realize the benefits of the capabilities built into the Sun StorEdge T3 array, it must be installed, configured, and monitored with best practices for RAS. This article details these best practices. It includes both Sun StorEdge T3 array configuration and host system configuration recommendations, along with brief descriptions of some of the available software installation and monitoring tools.
  
  Sun StorEdge T3 Dual Storage Array Part 3 - Basic Management (April 2001)
  -by Mark Garner
  The final article in the series looks at the configuration of basic management and monitoring functions on the T3 array. It concludes with example Expect scripts that could be used as a starting point for automating your own T3 installations.
  
  
• Sun StorEdge T3 Dual Storage Array Part 2 - Configuration (March 2001)
  -by Mark Garner
  This second article in the series addresses the installation and configuration of a T3 array partner group. It covers how two single arrays would be reconfigured to form a partner group, how the new devices are created on the host and how VERITAS Volume Manager integrates into the solution.
  
  
• Sun StorEdge T3 Dual Storage Array Part 1 - Installation, Planning and Design (February 2001)
  -by Mark Garner
  This article looks at the planning and design requirements for the installation of a Sun StorEdge T3 Array partner group. It is the first of three articles which address planning and design, configuration and basic management of a Sun StorEdge T3 Array.
  
  
• Sun/Oracle Best Practices (January 2001)
  -by Bob Sneed
  In this paper, Best Practice concepts are first defined, then specific high-impact technical issues common with Oracle in the Solaris Operating Environment are discussed.
  
  
• Storage Area Networks: A blueprint for Early Deployment (January 2001)
  -by Brian Wong
  This paper surveys the applications to which Storage Area Networks (SANs) aspire, the available SAN technology-and its limitations-and attempts to prepare users for forthcoming technology, so that they can deploy real operational storage in data centers without further delay.
  
  
• Wide Thin Disk Striping (October 2000)
  -by Bob Larson
  In this article, the technique of using stripes to distribute data and indexes over several disks is described. The article also contains the recommendations to use wide-thin stripes to maximize operational flexibility while minimizing complexity.
  
  
• Online Backups Using the VxVM Snapshot Facility (September 2000)
  -by John S. Howard
  Complete and accurate backups performed in a timely fashion are crucial to every datacenter. This article presents a procedure utilizing the snapshot facility of the Veritas Volume Manager software which enables the System Administrator to perform timely, complete and accurate online backups with minimal impact to the user or application.
  
  
• Sun StorEdge T3 Single Storage Array Design and Installation (September 2000)
  -by Mark Garner
  This article provides a roadmap for the cinfiguration of a single Sun StorEdge T3 Storage Array. It addresses: Prerequisites, Storage Layout Design, Implementation, Configuration and Basic Management.
  
  
• Toward a Reference Configuration for VxVM Managed Boot Disks (August 2000)
  -by Gene Trantham and John S. Howard
  Gene and John outline the fundamental procedures typically followed in a boot disk encapsulation and the problems this default encapsulation introduces. A best practice for VxVM installation, root disk encapsulation and a reference configuration is presented.
  
  (See the Sun BluePrints book Boot Disk Management: A Guide for the Solaris Operating Environment by John S. Howard and David Deeths ISBN # 0-13-062153-6 for updated information about the topics detailed in this article.)
  
  
• SCSI-Initiator ID (August 2000)
  -by David Deeths
  Changing the SCSI-initiator ID is necessary for cluster configurations that share SCSI devices between multiple hosts. This article walks you through the process, and also provides an excellent background on SCSI issues in clustered systems.
  
  
• VxVM Private Regions: Mechanics and Internals of the VxVM Configuration Database (July 2000)
  -by Gene Trantham
  Gene discuss the functions of the VxVM public and private regions, the configuration database, and the special considerations for root disk encapsulation.
  
  
• Scrubbing Disk Using the Solaris Operating Environment Format Program (June 2000)
  -by Rob Snevely
  Rob explains how to effectively scrub disks on a Solaris Operating Environment system, using the format utility.
  
  
• Veritas VxVM Storage Management Software (May 2000)
  -by Gene Trantham
  Gene explains the underlying actions VxVM during boot disk encapsulation, and details the mechanism by which it seizes and manages a boot device.
  
  
• Sun Enterprise 10000 Server Floating Tape Library Solution (January 2000)
  -by Enrique Vargas
  Presents the fourth article in the Dynamic Reconfiguration (DR) series.
  
  

Back to Top

Performance

• Developing and Tuning Applications on UltraSPARC T1 Chip Multithreading Systems (December 2005)
  -by Denis Sheahan
  Traditional processor design has long emphasized the performance of a single hardware thread of execution, and focused on providing high levels of instruction-level parallelism. These increasingly complex processor designs have been driven to very high clock rates (frequencies), often at the cost of increased power consumption and heat production. Unfortunately, the impact of memory latency has meant that even the fastest single-threaded processors spend most of their time idle, waiting for memory. Complicating this tendency, many of today’s complex commercial workloads are simply unable to take advantage of instruction-level parallelism, instead benefiting from thread-level parallelism.
  
  This Sun BluePrints article describes techniques that system architects, application developers, and performance analysts can use to assess the scaling characteristics of an application. It also explains how to optimize an application for chip multithreading, in particular for systems that use UltraSPARC T1 processors. This article discusses the following topics:
  • Processor physical characteristics
  • Performance characteristics
  • Classes of commercial applications
  • Assessing performance on UltraSPARC T1 processor-based systems
  • Scaling applications with chip multithreading
  • Tuning for general performance
  • Accessing the modular arithmetic unit and encryption framework
  • Minimizing floating-point operations and VIS instruction
  
  
  
• Maximizing the Performance a Gigabit Ethernet NIC Interface (April 2004)
  -by Francesco DiMambro
  This article describes how to get the greatest benefits from your Ethernet NIC interface. It includes information on the tools that can help you achieve the best results from that interface, as well as a section on troubleshooting. This article targets an advanced reader.
  
  
• Understanding Tuning TCP (March 2004)
  -by Deepak Kakadia
  This article describes some of key Transport Control Protocol (TCP) tunable parameters related to performance tuning. More importantly, it describes how these tunables work, how they interact with each other, and how they impact network traffic when they are modified. This article requires an advanced level reader.
  
  
• Supporting Multiple Page Sizes in the Solaris Operating System (March 2004)
  -by Richard McDougal
  The Solaris 9 Operating System contains a feature to enable the use of larger memory page sizes for the heap and stack segments of a program. The use of larger page sizes is often able to deliver significant performance gain for a large range of applications. This article explains how to engage the MPSS feature and how to analyze the performance effect. This article requires an intermediate to advanced level reader.
  
  
• APPENDICES - Supporting Multiple Page Sizes in the Solaris Operating System Appendix (March 2004)
  -by Richard McDougall
  This appendix supports the article "Supporting Multiple Page Sizes in the Solaris Operating System"
  
  
• Taming Your Emu to Improve Application Performance (February 2004)
  -by Richard McDougall
  The Solaris 9 Operating System contains a feature to enable the use of larger memory page sizes for the heap and stack segments of a program. This article explains how to use this feature to deliver significant performance gain for a large range of applications. This article addresses a reader with an intermediate to advanced knowledge level.
  
  Sun BluePrints OnLine March and April editions will feature additional, very comprehensive articles on this subject.
  
  
• Performance Forensics (December 2003)
  -by Bob Sneed
  The health care industry has well-established protocols for the triage, diagnosis, and treatment of patient complaints, while the resolution of system-performance complaints often seems to take a path that lacks any recognizable process or discipline. This article draws from lessons and concepts of health care delivery to provide ideas for addressing system-performance complaints with predictable and accurate results. Specific tools from the Solaris Operating System are discussed. This article is applicable to all audience levels.
  
  
• Capacity Planning as a Performance Tuning Tool--Case Study for a Very Large Database Environment (July 2003)
  -by Gamini Bullumille and Marcos Bordin
  This article discusses the performance and scaleability impact due to severe CPU and I/O bottlenecks in a very large database (over 20 terabytes). It describes the methodologies used to collect performance data in a production environment, and explains how to evaluate and analyze the memory, CPU, network, I/O, and Oracle database in a production server by using the following tools:

   - Solaris Operating Environment (Solaris OE) Standard UNIX tools
   - Oracle STATSPACK performance evaluation software from ORACLE Corporation
   - Trace Normal Form (TNF)
   - TeamQuest Model software from Team Quest Corporation
   - VERITAS Tool VxBench from VERITAS Corporation
  

  The article is intended for use by intermediate to advanced performance tuning experts, database administrators, and TeamQuest specialists. It assumes that the reader has a basic understanding of performance analysis tools and capacity planning. The expertise level of this article is intermediate to advanced.
  
  

• Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle9i Release 2 And Sun Fire Servers (March 2003)
  -byGlenn Fawcett
  There are a handful of common performance issues that arise when trying to scale Oracle database applications on Solaris Operating Enironment. These issues are sometimes difficult to identify and address. This paper incorporates the experiences of Sun's Strategic Application Engineering group in tuning Oracle RDBMS systems on a variety of workloads. There are accompanying document, Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle9i Release 2 And Sun Fire Servers Appendices, that supplements the information in this article.
  
  
• APPENDICES - Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle9i Release 2 And Sun Fire Servers Appendices (March 2003)
  -by Glenn Fawcett
  These are the appendices for the article Avoiding Common Performance Issues When Scaling RDBMS Applications With Oracle 9i Release 2 And Sun Fire Servers (March 2003)
  
  
• Understanding Gigabit Ethernet Performance on Sun Fire Servers (February 2003)
  -by Jian Huang
  The recent network-centric computing has been exercising tremendous pressure on servers' network performance. With the increasing popularity of gigabit Ethernet, especially the availability of lower-cost copper-based gigabit Ethernet adapters, the question of how Sun's servers perform in this arena has become one of the most important issues that Sun engineering teams are trying to address. This paper presents an overview of the performance of the new Sun GigaSwift Ethernet MMF Adapter card on a Sun Fire server in terms of TCP/IP networking.
  
  Most of the previous effort on TCP/IP network performance has been focused on bulk-transfer traffic, which imposes on servers a continuous flow of packets with sizes equal to the Maximal Transfer Unit (MTU) of the underlying carrier.
  
  In the client-server computing environment, however, not all requests from clients, nor all replies from the servers are constantly large. The traffic of small packets, whose size is below that of the MTU of the carrier, is also very commonly seen. Hence, this paper investigates the performance of both the bulk-transfer and small-packet traffic on a Sun Fire 6800 server.
  
  In addition to presenting a performance picture, this paper also takes the initiative to study the root cause of the behavior of Sun servers by revealing some of the implementation details of the Solaris Operating Environment (Solaris OE). A set of tuning parameters that affect TCP/IP network performance is discussed and some tuning recommendations is given.
  
  
• BluePrint for Benchmarking Success (January 2003)
  -by Hans Joraandstad and Barbara Perz
  This article provides best practices for benchmarking and it's ideal for those using benchmarking to gather information that will help make a decision on which computer to buy.
  
  
• A Strategy for Managing Performance (December 2002)
  -by John Brady
  This article addresses the importance of adopting and executing a thorough performance management strategy in your compute environment. Managing performance puts you in the position of being proactive and in control of your compute resources, not vice versa, while saving revenue at the same time. This article offers suggestions for developing a performance management strategy that enables you to predict and correct potential performance problems, to control resources, to track changes for capacity planning and to consolidate resources.
  
  
• Memory Hierarchy in Cache-Based Systems (November 2002)
  -by Ruud Van Der Pas
  This article will help the reader understand the architecture of modern microprocessors by introducing and explaining the most common terminology and addressing some of the performance related aspects. Written for programmers and people who have a general interest in microprocessors, this article presents introductory information on caches and is designed to provide understanding on how modern microprocessors work and how a cache design impacts performance.

  Despite improvements in technology, microprocessors are still much faster than main memory. Memory access time is increasingly the bottleneck in overall application performance. As a result, an application might spend a considerable amount of time waiting for data. This not only negatively impacts the overall performance, but the application cannot benefit much from a processor clock-speed upgrade either. One method for overcoming this problem is to insert a small high-speed buffer memory between the processor and main memory. Such a buffer is generally referred to as cache memory, or cache for short.

  
  
  
• ORACLE Middleware Layer Net8 Performance Tuning Utilizing Underlying Network Protocol (October 2002)
  -by Gamini Bulumulle
  This article discusses performance optimization and tuning of SQL*Net based on an arbitrary UNP which could be TCP/IP, SPX/IP or DECnet. SQL*Net performance can be maximized by synchronization with tunable parameters of the UNP, for example, buffer size. This article explain how total SQL*Net transaction performance can be divided into components of connect time and query time, where Total SQL*Net (Net8) Transaction Time = Connect Time + Query Time. Connect time can be maximized by calibration of tunable parameters of SQL*Net and the UNP when designing and implementing networks. Query time is typically affected by database tuning parameters which are outside the scope of this article. However, database tuning parameters, which impact network performance, are discussed.
  
  
• HPC Administration Tips and Techniques (October 2002)
  -by Omar Hassaine
  This article gives an introduction to the features introduced in the latest Sun HPC ClusterTools 4 software, including best practices for configuration and mixed clusters. It describes how to configure a checkpointing and migration environment using both Sun Grid Engine and Condor standalone checkpointing libraries. This article also includes discussion about administrative best practices.
  
  
• Application Performance Optimization (March 2002)
  -by Börje Lindh
  This article provides a brief introduction to optimization on the Solaris Operating Environment. To explore this subject in more detail, refer to Rajat Garg's and Ilya Sharapov's Sun BluePrints book, Techniques for Optimizing Applications, published July 2001(ISBN 0-13-093476-3).
  
  
• Sizing Sun Ray Servers Running Windows Applications with SunPCi IIpro Coprocessor Cards (November 2001)
  -by Don DeVitt
  This paper addresses the task of sizing a server capable of supporting Wintel based applications on a Sun Ray Server utilizing Sun Pci IIpro co-processor cards. The paper integrates the the informationof several previously published documents and sizing tools to determine a baselineconfiguration. The paper also suggests many best practice options for configuring the server.
  
  
• Supporting Microsoft Windows 2000 Server Applications from Sun Enterprise Servers (June 2001)
  -by Don DeVitt
  This article explores using multiple SunPCi II Pro cards running on Sun Enterprise servers to support Microsoft Windows 2000 Server applications. New SunPCi II Pro hardware and software now support multiple cards in one Sun Enterprise server. Benchmarks and Sizing information for a Windows 2000 Terminal Server environment are discussed.
  
  
• Administering Sun Cluster 2.2 Environments (October 2000)
  -by David Deeths
  David Deeths discusses the fundamentals and best practices of installing, configuring, and managing a Sun Cluster 2.2 environment. He also offers many tips for effective cluster administration and how to increase and maintain a high level of system availability.
  
  
• Sun HPC ClusterTools Software Best Practices(September 2000)
  -by Omar Hassaine
  This paper discusses the Best Practices for successfully configuring, installing and using the Sun High Performance Computing (HPC) ClusterTools software. It also covers the current status of the Sun HPC ClusterTools in the field and briefly describes the architecture.
  
  
• Static Performance Tuning (May 2000)
  -by Richard Elling
  Richard discusses a class of problems that can affect system performance which is not dynamic by nature, and cannot be detected by conventional dynamic tuning tools.
  
  
• Tales from the Trenches: The Case of the RAM Starved Cluster (April 2000)
  -by Richard Elling
  Richard discusses how Veritas File System (VxFS) affects memory on a Solaris Operating Environment server. He also describes a real world example of the interactions between the Solaris Operating Environment Version 2.5.1, VxFS Version 2.3.1, and user applications.
  
  
• Scenario Planning - Part 2 (March 2000)
  -by Adrian Cockcroft
  Presents part two of the Scenario Planning article and explains how to follow-up a simple planning methodology based on a spreadsheet that is used to break down the problem and experiment with alternative future scenarios.
  
  
• Fast Oracle Parallel Exports on Sun Enterprise Servers (March 2000)
  -by Stan Stringfellow - Special to Sun BluePrints OnLine
  Gives a script that performs very fast Oracle database exports by taking advantage of parallel processing on SMP machines. This script can be invaluable for situations where you need to perform exports of large mission-critical databases that require high availability.
  
  
• Scenario Planning - Part 1 (February 2000)
  -by Adrian Cockcroft
  Discusses scenario planning techniques to help predict latent demand during overload periods. In this part 1 he explains how to simplify your model down to a single bottleneck.
  
  
• Upgrading the Solaris PC NetLink Software (January 2000)
  -by Don DeVitt
  Highlights some of the subtle upgrade options that many system administrators will want to be aware of as they move from one version of Solaris PC NetLink software to the next.
  
  
• Observability (December 1999)
  -by Adrian Cockcroft
  Discusses Capacity Planning and Performance Management techniques.
  
  
• Processing Accounting Data into Workloads (October 1999)
  -by Adrian Cockcroft
  Information about Solaris operating system accounting to include code examples that extract the data in a usable format and pattern match it into workloads.
  
  

Back to Top

JumpStart

• Creating a Customized Boot CD/DVD for the Solaris Operating System for x86 Platforms (December 2005)
  -by John Cecere, Dana Fagerstrom
  This article explains the mechanics of the boot process on the Solaris Operating System for x86 platforms so that you understand what is needed to create a customized CD/DVD. It discusses both the hard disk and CD/DVD boot processes, and points out the differences between the two.
  
  There are a number of practical applications for this topic, including:
  • Jumpstart Software — The feature in Solaris that allows access to Solaris installation media and configuration rules over a network
  • Diagnostics — The ability to create a bootable CD for the purpose of diagnosing system problems without accessing or modifying the copy of the operating system that is installed on the target system
  • Restoration — The ability to create a bootable CD with tools that aid in the repair and restoration of a down system
  • Diskless clients that cannot do PXE booting—PXE is a DHCP-based network-based installation technology similar to Solaris Jumpstart. Some older x86-based system are incapable of using PXE
  • Canned Firewall—The creation of a bootable CD that starts Solaris on a system configured with multiple network interfaces. A preset ipf configuration is then used to establish a network firewall on that system.
  This article begins by examining the layout of a hard disk in the x86 architecture and the components on it that are used for booting. It then describes the pieces that are unique to a CD boot. Finally, this article puts the pieces together and creates an image file that can be burned to CD.
  
  
• Configuring JumpStart Servers to Provision Sun x86-64 Systems (February 2005)
  -by Pierre Reynes
  Organizations are constantly challenged to deploy systems throughout the enterprise with consistent and reliable configurations. Solaris JumpStart technology provides a mechanism for fully automating the Solaris Operating System (Solaris OS) installation process. With the ability to locate installation information over the network or from a local CD-ROM drive, and use customized profiles, JumpStart facilitates the rapid and consistent deployment of Solaris OS-based systems.
  
  Many organizations have relied on UltraSPARC/Solaris platforms for years, and use JumpStart technology for operating system deployment. With the introduction of Sun x86-64 based systems, organizations are now seeking ways to use existing JumpStart servers to deploy the Solaris OS and Linux operating environment on Sun x86-64 based systems. This article describes how to modify existing JumpStart servers to support the deployment of the Solaris OS and Linux operating environment on Sun x86-64 based systems, as well as how to use standard Linux installation tools for configuring Sun x86-64 based systems.
  
  
• Performing Network Installations Without a Local Boot Server (May 2004)
  -by John S. Howard
  In some instances, it might be necessary or advantageous to boot an installation client from local boot media, such as a CD or DVD, but have the Solaris product installed from a JumpStart (or installation) server. This article describes the system startup and installation processes for the Solaris Operating System and explains how to modify them to change the location from which the Solaris product is installed.
  
  
• Building a Bootable DVD to Deploy a Solaris Flash Archive (April 2004)
  -by John S. Howard
  This article provides techniques to augment a DVD-ROM-based installation with the services and behaviors typically provided by a JumpStart server. The techniques presented in this article can be used when you need to perform an automated installation of a Solaris Flash archive, but are unable to use a JumpStart server. This article describes a procedure to create a bootable installation DVD-ROM with a complete software stack on a DVD that you can use to perform a standardized and fully automated installation of the software stack from the DVD.
  
  This article also examines the structure of a bootable Solaris OS DVD and provides information about modifying installation behaviors to perform an automated install of a Solaris Flash archive from a DVD.
  
  
• Deploying the Solaris Operating Environment Using a Solaris Security Toolkit CD (September 2003)
  -by Steven Spadaccini
  The Solaris Security Toolkit is a collection of shell scripts combined to form a flexible and extensible framework for rapidly deploying hardened platforms running the Solaris Operating Environment. The Toolkit is, however, quite versatile and can be used for much more than just hardening a system. This article discusses how the Toolkit can be used to construct a bootable CD, based on Sun's JumpStart framework, for building and configuring new systems. This article is authored for intermediate and advanced system administrators.
  
  
• Managing Data Centers With Sun Management Center Change Manager (October 2002)
  -John S. Howard
  Deploying and updating software are two of the most challenging and time consuming tasks facing datacenter managers. The Sun Management Center (Sun MC) Change Manager software provides a framework and tools for quickly and efficiently deploying, replicating, updating, and managing software over a large number of systems. This article presents techniques and best practices for using Sun Management Center Change Manager software.
  
  
• Customizing JumpStart Framework for Installation and Recovery (August 2002)
  -by John S. Howard and Alex Noordergraaf
  Techniques to augment a CDROM-based installation with the services and behaviors provided by a JumpStart server are detailed in this article. These techniques are suitable to situations when a hands-free Solaris Operating Environment (Solaris OE) installation is necessary but when a JumpStart server cannot be used. This article is a chapter from the Sun BluePrints book, "JumpStart Technology: Effective Use in the Solaris Operating Environment", ISBN# 0-13-062154-4.
  
  
• Using Live Upgrade 2.0 With JumpStart Technology and Web Start Flash (April 2002)
  -by John S. Howard
  In this final installment of his three-part series on Solaris Live Upgrade 2.0 (LU) technology, John S. Howard provides recommendations and techniques for integrating LU with the JumpStart software framework and the Solaris Web Start Flash software.
  
  
• WebStart Flash (November 2001)
  -by John S. Howard and Alex Noordergraaf
  The Solaris Operating Environment Flash installation component extends JumpStart technology by adding a mechanism to create a system archive, a snapshot of an installed system, and installation of the Solaris Operating Environment from that archive. This article introduces the concepts and best practices for a Flash archive, describes the master machine, and suggested storage strategies, and provides a complete example of creating a Flash archive and installing a Web server with Flash.
  
  
• Cluster Platform 220/1000 Architecture-A Product from the SunTone Platforms Portfolio (August 2001)
  -by Enrique Vargas
  This article will provide customers a better understanding of this product capabilities by presenting its hardware and software architecture as well as best practices used in integrating the design.
  
  
• Automating LDAP Client Installations (July 2001)
  -by Tom Bialaski
  The article explains how to configure a native LDAP client at installation time, which is a new feature in Solaris 8 Operating Environment U3. The basics of sysidtools and creating a sysidcfg file for hands-off installation is covered along with how they relate to LDAP. Hard to find (non-documented) tips are provided to avoid common pitfalls.
  
  
• Building a JumpStart Infrastructure (April 2001)
  -by Alex Noordergraaf
  This article discussed how the core JumpStart components interract. Recommendations on how to structure the JumpStart server are provided in addition to step by step instructions on how to get a basic automated JumpStart environment up and running as quickly as possible.
  
  
• Customizing the JumpStart Boot Image Recovery (March 2001)
  -by John S. Howard
  This article includes techniques and recommendations for creating a recovery platform by augmenting the Solaris OE boot image (mini-root). This article will also examine the boot and installation processes by demonstrating how to adapt those processes for system recovery.
  
  
• Building a Bootable JumpStart Installation CD-ROM (March 2001)
  -by John S. Howard
  This article presents an examination of the structure of a bootable Solaris Operating Environment (Solaris OE) CD-ROM and procedures for how to create a bootable JumpStart installation CD-ROM. This CD can be used to complete a standardized, hands-free Solaris OE installation in environments where the disk space or networking constraints do not allow for a JumpStart server.
  
  
• MR System for Rapid Recovery (January 2001)
  -by John S. Howard
  This article is an introduction to the MR system for rapid recovery. As the system uptime requirements have become more exacting, the length of time it takes to boot these larger and more complex systems has grown. By implementing MR on your JumpStart servers it may be possible to reduce the number of reboots required during a system recovery or service event. This minimization of reboots will speed recovery and service time as well as enable the system administrator to use datacenter tools during system recovery procedures.
  
  
• Updated (November 2000)
  -by Alex Noordergraaf and Glenn Brunette
  In parallel with the "JASS" Toolkit version 0.2 release all three articles describing the "JASS Toolkit have been updated and revised to document new updates and functionality.
  

  JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 1

  JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 2

  JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 3

• JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 3 (September 2000) -Alex Noordergraaf
  This article is third in a three part series describing an automated toolkit for implementing the security modifications documented in earlier Sun BluePrints onLine articles. In conjuction with this final article the toolkit itself is being made freely available.
  
  
• JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 2 (August 2000) -Alex Noordergraaf
  This article is part two of a three part series that presents the JumpStart Architecture and Security Scripts toolkit. We continue with an in-depth review of the configuration files, directories, and scripts used by the toolkit to enhance the security of Solaris Operating Environment systems. This series is a must read for anyone interested in upgrading the security of their site.
  
  
• JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 1 (July 2000) -Alex Noordergraaf
  This article is part one of a three part series presenting the JumpStart Architecture and Security Scripts tool (Toolkit) for the Solaris Operating Environment. The Toolkit is a set of scripts which automatically harden and minimize Solaris Operating Environment systems. The modifications made are based on the recommendations made in the previously published Sun BluePrints OnLine security articles.
  
  
• JumpStart Mechanics: Using JumpStart Application for Hands- Free Installation of Unbundled Software - Part 2 Automatic Encapsulation of the Root Disk (June 2000)
  -by John S. Howard
  John provides procedures to fully automate the initial configuration of Sun Enterprise Volume Manager and automate encapsulation of the boot disk using JumpStart.
  
  
• JumpStart Mechanics: Using JumpStart Application for Hands-Free Installation of Unbundled Software - Part 1 (May 2000)
  -by John S. Howard
  John discusses automating and standardizing the installation of the Solaris Operating Environment along with the associated unbundled software products and datacenter management tools.
  
  
• Solaris 8 Additions to sysidcfg (March 2000)
  -by Rob Snevely
  Shows you how to do fully hands-off installations of the Solaris 8 Operating Environment. He also discusses how to use Jumpstart and sysidcfg to provide uniform Solaris Operating Environment installations and save you time.
  
  
• Setting Up a Solaris Operating Environment Install Server and the Solaris JumpStart Feature (December 1999)
  -by Rob Snevely
  A walkthrough on setting up an install server.
  
  
• JumpStart: NIS and sysidcfg (October 1999)
  -by Rob Snevely
  How to use JumpStart technology to allows automation of the install process.
  
  

Back to Top

Naming and Directory Services

• Understanding the NIS to LDAP Service (N2L) Architecture (March 2006)
  -by Michael Haines and Baban Kenkre
  This article discusses Network Information Service (NIS) to LDAP transition service (N2L service) support for NIS clients based on naming information stored in the Sun Java System Directory Server 5.2 software. This approach enables a complete transition from the NIS naming service to the LDAP naming service. It includes detailed installation, configuration, and operational information needed to create a supportable instance of the NIS/LDAP Transition Gateway product offering. While the NIS to LDAP transition product is designed to work with any RFC2307bis-compliant directory (LDAP) server, Sun only supports the N2L Service in conjunction with the Sun Java System Directory (LDAP) Server 5.1 and 5.2 software.
  
  
• Using pGINA to Authenticate Users in Microsoft Windows Environments (June 2004)
  -by Dave Pickens and Kent Price
  This article addresses a common challenge -- how to authenticate users in a mixed environment running the Solaris and Microsoft Windows operating systems. This article describes how you can use pGINA software with a variety of authentication plug-ins to authenticate users to a unified authentication scheme. The pGINA software also provides a way to avoid deployment of Microsoft Active Directory. The article is intended for technical people who are interested in directory services and the integration of Microsoft Windows into a heterogeneous environment. This article is valuable to technical readers of any level.
  
  
• LDAP Triggers: A Framework for Sun Java System Directory Server (February 2004)
  -by Nicola Venditti
  This article describes how to implement SQL-like triggers in a Sun Java System Directory Server. The example scenario shows how to extend the server using the Plug-in API. This article is primarily directed at expert developers and architects who want to understand issues related to developing and deploying the Sun Java System Directory Server extension, implemented with plug-ins and extended operations.
  
  
• Using the LDAP to NIS+ Gateway (September 2003)
  -by Tom Bialaski and Michael Haines
  There are two approaches that you can take when transitioning from NIS+ to LDAP-based services. One approach is to replace your naming service clients with the Secured LDAP Client. The second approach is to keep your current NIS+ clients, and deploy a transition tool to gain access to LDAP naming service data. The first approach is covered in chapter four of the just released Sun BluePrints book, "LDAP in the Solaris Operating Environment -- Deploying Secure Directory Services", by Michael Haines and Tom Bialaski. The second approach, using the NIS+ to LDAP Gateway, is discussed in this article. This article is intended for IT architects and administrators who have deployed an earlier version of the directory server software, and who are interested in upgrading to the Sun ONE Directory Server 5.2 software version.
  
  This Sun BluePrints book is scheduled for publication in the Fall of 2003 and will be available at the Sun BluePrints Publication page, the amazon.com website, and Borders and Barnes & Noble bookstores.
  
  
• Transition Guide--Upgrading From the iPlanet Directory Server 5.1 Software to the Sun ONE Directory Server 5.2 Software (August 2003)
  -by Tom Bialaski and Michael Haines
  The information in this article is derived from an upcoming Sun BluePrints book, "LDAP in the Solaris Operating Environment -- Deploying Secure Directory Services," by Michael Haines and Tom Bialaski. This book is scheduled for publication in the Fall of 2003.

  That book and this article cover the recently released Sun ONE Directory Server 5.2 software, which introduces several significant features, including support for the Secured LDAP Client. This article discusses important differences in the packaging, installation, and configuration of the Sun ONE Directory Server 5.2 software as compared with the previous version. This article also discusses how to configure the software to support Secured LDAP Clients. This article is intended for IT architects and administrators who have deployed an earlier version of the directory server software, and who are interested in upgrading to the Sun ONE Directory Server 5.2 software version.
  
  

• Writing an Authentication Plug-in for a Sun ONE Directory Server (March 2003)
  -by Nicola Venditti
  The Sun ONE Directory Server has an advanced application program interface (API) for writing plug-ins that extend the directory server's functionality. In this article, information is provided for a better understanding of the tasks involved in writing a plug-in. The impact and benefit plug-ins can provide to the directory server is explained. In addition, a sample preoperation plug-in is provided.
  
  
• Understanding Solaris 9 Operating Environment Directory Services (December 2002)
  -by Tom Bialaski
  This article examines the differences between the Solaris 8 Operating Environment (Solaris OE) Lightweight Directory Access Protocol (LDAP) Client and the Solaris 9 OE Secured LDAP Client, and explains how to support them on the same directory server. In addition, this article details troubleshooting tips for common implementation problems.
  
  
• Extending Authentication in the Solaris 9 Operating Environment Using Pluggable Authentication Modules (PAM): Part II (October 2002)
  -by Michael Haines and Joep Vesseur
  This article is part two of a two-part series and details the PAM application programming interface (API) and the PAM service provider interface (SPI). Also included are procedures on how to effectively write PAM modules when using the Solaris 9 Operating Environment (Solaris 9 OE). By writing these PAM service modules, it is possible to extend the capability of the Solaris 9 OE authentication mechanisms in a number of different ways.
  
  Part one, Extending Authentication in the Solaris 9 Operating Environment Using Pluggable Authentication Modules (PAM): Part I, was published in the September 2002 issue of Sun BluePrints Online.
  
  
• Extending Authentication in the Solaris 9 Operating Environment Using Pluggable Authentication Modules (PAM): Part I (September 2002)
  -Michael Haines
  This article is the first of a two-part series that offers a technical overview of how the Solaris 9 Operating Environment implementation of Pluggable Authentication Modules (PAM) works. This article demonstrates straightforward methods for configuring PAM to accommodate site-specific security policy requirements and examines the PAM architecture and its components.
  
  
• Securing LDAP Through TLS/SSL--A Cookbook (June 2002)
  -by Stefan Weber
  Deploying secure Lightweight Directory Access Protocol (LDAP) connections is becoming more demanding. This article details the steps on how to set up the Sun Open Net Environment (Sun ONE) Directory Server software so that it can be accessed securely from command line tools.
  
  
• Solaris Operating Environment LDAP Capacity Planning and Performance Tuning (May 2002)
  -by Steve Lopez
  Experienced System Administrators can increase the performance and scalability of Netscape Directory by utilizing the key practice methodologies presented in this article. These include key practices for the capacity planning of the LDAP naming service on the Solaris Operating Environment, as well as performance tuning examples and exercises.
  
  
• Automating LDAP Client Installations (July 2001)
  -by Tom Bialaski
  The article explains how to configure a native LDAP client at installation time, which is a new feature in Solaris 8 Operating Environment U3. The basics of sysidtools and creating a sysidcfg file for hands-off installation is covered along with how they relate to LDAP. Hard to find (non-documented) tips are provided to avoid common pitfalls.
  
  
• This article is no longer available!
  Running Multiple Solaris Operating Environment Naming Services on a Client (May 2001)
  -by Tom Bialaski
  The native LDAP client installation program assumes that you will not be running another naming service on your client. Some customers, who I have worked with, do not want to disable NIS when they configure native LDAP. This can be done, but there is no readily available document which describes how to do it. The article not only describes this procedure, but also highlights best practices for running NIS and LDAP together.
  
  

Back to Top

PC Interoperability

• Consolidating Legacy Applications onto Sun x64 Servers
  How to move Microsoft Windows NT Applications onto Sun x64 Servers using VMware ESX Server (February 2006)
  -by Marshall Choy
  IT organizations wishing to continue to run applications on the Microsoft Windows NT Server operating system have faced a limited number of choices given the increasing lack of support for their aging hardware, and the lack of drivers for current hardware. The ability of VMware ESX Server to host these operating system environments and their applications on state-of-the-art, high-performance hardware platforms like the Sun Fire V40z server gives IT organizations a new class of options. Not only can they use virtualization to run their applications on current, supported hardware — they can leverage the greater processing power, memory capacity, and disk storage of today's servers to consolidate multiple PC server environments onto a single platform. Now IT organizations can upgrade their hardware platforms, and use the upgrade process also to address their power, space, and cooling issues, while exploiting the economies of scale that consolidation brings.
  
  This Sun BluePrints article describes in step-by-step fashion how one such application — an Apache Web server running on the Windows NT Server operating system — could be consolidated onto ESX Server running on a Sun Fire V40z server with no changes to the application or its configuration. The importance of this exercise is not the application itself. It is the fact that the only changes to the disk image imported by the physical-to-virtual process were to install drivers for the virtual network interface and display devices supported by the virtual machine environment. Once an application is consolidated into the virtual environment in this way, it can securely share a single platform with multiple instances of Windows operating systems and the applications that they host. Because each virtual machine provides an idealized environment to the guest operating system, the disk images created by the consolidation process are portable. So as this consolidation technique becomes proven in any given IT organization, PC workloads can be re-distributed among a growing number of servers by moving virtual disks and virtual machine configuration files.
  
  
• Configuring Multiboot Environments on Sun x64 Systems with AMD Opteron Processors (September 2005)
  -by Barton Fiske
  This Sun BluePrints article gives detailed procedures for configuring Sun x64 workstations with AMD Opteron processors to boot more than one operating system from the same physical hard drive. This capability is referred to throughout this article as “multiboot.” Specifically, the three major operating systems in use today — the Solaris Operating System, Linux, and Windows operating systems — can be deployed on a single system disk, and configured to allow a user to choose between the different operating systems at boot time. Multiboot capability should not be confused with available virtualization technology that allows simultaneous operation of multiple operating systems (such as VMware, Xen, or other approaches).
  
  
• Using pGINA to Authenticate Users in Microsoft Windows Environments (June 2004)
  -by Dave Pickens and Kent Price
  This article addresses a common challenge -- how to authenticate users in a mixed environment running the Solaris and Microsoft Windows operating systems. This article describes how you can use pGINA software with a variety of authentication plug-ins to authenticate users to a unified authentication scheme. The pGINA software also provides a way to avoid deployment of Microsoft Active Directory. The article is intended for technical people who are interested in directory services and the integration of Microsoft Windows into a heterogeneous environment. This article is valuable to technical readers of any level.
  
  
• Migrating to the Solaris Operating System: Migrating From Tru64 UNIX (Novembe 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article presents a fictional case study that illustrates the methodology, tools, and best practices used to migrate a Tru64 environment to a Solaris environment.
  BR> This article is the complete tenth chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", by Ken Pepple, Brian Down, and David Levy, which is available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  
• Desktop Architecture Selection Guide (October 2003)
  -by Howard Carlton
  This article examines some of the main business drivers behind the current trend towards adoption of thin client desktop solutions. The article provides useful insights on the benefits and drawbacks of the various candidate components for an alternative desktop environment. It also provides guidelines on non-functional requirements and project life-cycle approaches. This article is targeted to an introductory reader.
  
  
• Migrating to the Solaris Operating System: Migration Strategies (September 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article defines the most important terms in migration, and differentiates between these terms. In addition, it presents migration strategies, the benefits and risks of each strategy, and the appropriateness of each strategy for various situations. This article is ideal for a beginning to intermediate audience.
  
  This article is the complete third chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", which will be available at the Sun BluePrints Publication page, the amazon.com website, and Borders and Barnes & Noble bookstores at the end of October, 2003.
  
  
• Windows NT Server Consolidation and Performance Improvements with Solaris PC NetLink 2.0 Software (August 2002)
  -by Don DeVitt
  This article focuses on best practices to help data center managers meet cost reduction goals in supporting multiple users accessing servers through PC clients. New features in Solaris PC NetLink 2.0 software that improve performance and add new options for consolidating Windows NT servers are discussed.
  
  
• Sizing Sun Ray Servers Running Windows Applications with SunPCi IIpro Coprocessor Cards (November 2001)
  -by Don DeVitt
  This paper addresses the task of sizing a server capable of supporting Wintel based applications on a Sun Ray Server utilizing Sun Pci IIpro co-processor cards. The paper integrates the the informationof several previously published documents and sizing tools to determine a baselineconfiguration. The paper also suggests many best practice options for configuring the server.
  
  
• Supporting Microsoft Windows 2000 Server Applications from Sun Enterprise Servers (June 2001)
  -by Don DeVitt
  This article explores using multiple SunPCi II Pro cards running on Sun Enterprise servers to support Microsoft Windows 2000 Server applications. New SunPCi II Pro hardware and software now support multiple cards in one Sun Enterprise server. Benchmarks and Sizing information for a Windows 2000 Terminal Server environment are discussed.
  
  
• Sharing NFS and Remote File Systems via Solaris PC NetLink Software (November 2000)
  -by Don DeVitt
  This article offers best practice solutions for sharing NFS and remote file systems via Solaris PC NetLink software. These solutions help your enterprise avoid potential conflicts in the decision to allow access to files using Solaris PC NetLink software.
  
  
• Using Solaris Resource Manager with Solaris PC NetLink Software - Part 2 (June 2000)
  -by Don DeVitt
  Don presents part 2 of this article in which he includes an experiment that is performed to determine a useful range of shares that can be allocated to the Solaris PC NetLink software by the Solaris Resource Manager software.
  
  
• Using Solaris Resource Manager with Solaris PC NetLink Software - Part 1 (May 2000)
  -by Don DeVitt
  Don discusses the use of Solaris PC NetLink with Solaris Resource Manager.
  
  
• Troubleshooting the Computer Browser Service with Solaris PC NetLink Software (April 2000)
  -by Don DeVitt
  Don discusses trouble-shooting network browsing with Solaris PC NetLink software.
  
  
• Managing the Solaris PC NetLink Registry (February 2000)
  -by Don DeVitt
  highlights the importance of documenting and managing changes to the Solaris PC NetLink registry and establishing procedures for maintaining the state server.
  
  
• Upgrading the Solaris PC NetLink Software (January 2000)
  -by Don DeVitt
  Highlights some of the subtle upgrade options that many system administrators will want to be aware of as they move from one version of Solaris PC NetLink software to the next.
  
  
• Tracing Resource Consumption of Solaris PC NetLink Software Users (December 1999)
  -by Don DeVitt
  Shows the Solaris Operating Environment commands and the Solaris PC NetLink software commands for determining which PC clients are consuming resources via Solaris PC NetLink software.
  
  
• SunPCi Supporting Highly Available PC Applications with Solaris (August 1999)
  -by Don DeVitt
  Creating a highly available environment for supporting PC applications, using the newly introduced SunPCi card.
  
  
• Transitioning to Solaris PC NetLink 1.0 (June 1999)
  -by Don DeVitt
  Don takes you through step-by-step on setting up the Solaris PC NetLink.
  
  

Back to Top

High Availability

• Architecting Availability and Disaster Recovery Solutions (April 2006)
  -by Tim Read
  IT departments typically run four broad classes of service in the data centre: mission critical, business critical, business operational and administrative services. Which service falls into which category is normally agreed between the business units and the IT department by determining the importance of various business processes and how these map on to IT systems. Each class, and possibly individual services, will have service level agreement (SLAs). In turn, these demand different levels of protection against failure, whether caused by hardware or software problems, administrative error, data loss or corruption or disasters of various sorts. Problems that make the data unavailable, through hardware or software failure, require a different solution to those that make the underlying data itself unavailable, either through corruption or deletion.
  
  Services considered mission critical require technical solutions that include both a service availability and a disaster recovery component as part of a full business continuity plan (BCP). The 'best practice' data centre infrastructure design patterns for many of the pieces needed for such solutions: local area networks, storage area networks, systems management, security, provisioning and clustering are described in detail in the 'Data Centre Reference Implementation' white paper.
  
  This document discusses the options for meeting the SLAs for mission and business critical services with particular reference to the Sun Cluster software. Where multiple solutions exist, the underlying complementary technologies: disk mirroring, data replication, transaction monitors and database replication techniques, are examined to highlight the trade-offs that must be made when using certain hardware and software combinations.
  
  The broader topic business continuity involves the consideration of more than just system availability and disaster recovery. This white paper does not cover any aspects of the disaster planning required for telecommunications, staffing or physical infrastructure, such as buildings, desks, etc.
  
  
• Using iSCSI Multipathing in the Solaris 10 Operating System (December 2005)
  -by Aaron Dailey, Scott Tracy
  This article describes how to use Internet Small Computer Systems Interface (iSCSI) multipathing in the Solaris 10 Operating System. Implementing iSCSI in a storage solution provides two important benefits: it can increase storage availability via fail-over protection and also increase scalability and throughput via link aggregation.
  
  This article describes different approaches to implementing multipathing between an iSCSI initiator and an iSCSI target device. It reviews the reasons for multipathing, describes the different approaches that Solaris supports, discusses the trade-offs between those approaches, and provides recommendations for specific configurations.
  
  This article contains discussions about: the iSCSI Protocol, iSCSI Support in Solaris 10 Update 1 and Solaris 10 Multipathing Options for iSCSI Devices.
  
  
• Sun Fire Midrange Server Update Best Practices Update for Firmware 5.18.x (May 2005)
  -by Ken Kambic and James Hsieh
  This is an update to the several other versions of the same titled document. It will provide guidance for the reader on the implementation of the features added from 5.14.0 to 5.18.0. The document will also include the information presented in the earlier versions of the document.
  
  
• Predictive Fault Monitoring in Sun Fire Servers (April 2005)
  -by Dave Re and Kumar Loganathan
  This document describes several new Predictive Fault Monitoring features in Sun's enterprise class Sun Fire server platforms (V1280-E25K) and in Sun's Solaris operating system (Solaris OS), including discussion about how these features operate and what action should be taken based on their output. The intention of this sun BluePrints document is to educate the reader on the functionality of these features so that the reader can use these new features to increase overall uptime in Sun's enterprise class systems.
  
  
• Understanding the Benefits of Implementing Oracle RAC on Sun Cluster Software (January 2005)
  -by Kristien Hens and Michael Loebmann
  In solutions that implement Oracle RAC and Sun Cluster software, the flexibility and power of Sun's cluster solution can add structure and maintainability to various underlying hardware components. This article describes the benefits of an Oracle RAC and Sun Cluster solution.
  
  This article is the complete second chapter of the Sun BluePrints book, "Creating Highly Available Database Solutions: Oracle Real Application Clusters (RAC) and Sun Cluster 3.x Software," by Kristien Hens and Michael Loebmann, is now available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  
• Increasing Storage Area Network Productivity (July 2004)
  -by Scott Tracy and Ken Gibson
  This article describes the Sun StorEdge SAN Foundation software (SFS) features that allow dynamic and persistent recognition of storage and configuration changes without rebooting servers running the Solaris Operating System.
  
  
• Data Center Availability Features for High-End Servers (July 2004)
  -by Vasant Butala
  This article describes the System Management Services (SMS) 1.4.1 software features that enhance the availability of Sun's high-end servers, the Sun Fire E20K/E25K and Sun Fire 15K/12K servers. This paper is useful for support personnel who have a basic knowledge of high-end server systems.
  
  
• Sun Fire Midrange Server Auto Diagnosis and Recovery Features (April 2004)
  -by Tricia Wittsack and Peter Gonscherowski
  This document describes the availability enhancements on Sun Fire midrange systems with the new firmware releases. The Auto Diagnose Engine (ADE), the "Domain Hang Recovery" and the "panic-reboot loop" prevention additions are explained. System Administrators who want to familiarize themselves with the new features or want to get a better understanding of the changes will benefit from reading this document. This article targets an advanced audience and requires knowledge of Sun Fire midrange systems.
  
  
• Dynamic Reconfiguration for High-End Servers: Part 1--Planning Phase (March 2004)
  -by Holger Leister and Daniel Ellison
  This article is part one of a two-part series about planning and implementing Sun Fire 15K/12K server Dynamic Reconfiguration (DR). Part one provides an introduction to Sun Fire 15K/12K server DR and details the planning phase. This article is a primer for the second article titled "Dynamic Reconfiguration for High-End Servers: Part 2--Implementation Phase." This article requires an intermediate to advanced level reader.
  
  
• Dynamic Reconfiguration for High-End Servers: Part 2--Implementation Phase (March 2004)
  -by Holger Leister and Daniel Ellison
  This article is part two of a two-part series about planning and implementing Sun Fire 15K/12K server Dynamic Reconfiguration (DR). Part 2 describes the implementation of DR operations and presents best practices for successfully deploying DR operations. This article is a follow-up to the first article title "Dynamic Reconfiguration for High-End Servers: Part 1--Planning Phase." This article requires an intermediate to advanced level reader.
  
  
• Sun Ray Deployment On Shared Networks (February 2004)
  -by Mike Oliver, Raja Doraisamy, Bob Doolittle, Kent Peacock, Gerard Wall, and Gary Sloane
  With the growing popularity of the Sun Ray thin client computing model and its increasing acceptance in business and research settings, there has been considerable demand for a more detailed description of best practices for deployment on varied existing network topologies. This article describes several common topologies and provides deployment hints and instructions not yet covered in the product documentation. This article is ideal for advanced network administrators.
  
  
• Sun Fire 15K/12K Auto Diagnosis and Recovery (February 2004)
  -by Vasant Butala
  This article describes the new System Management Services (SMS) 1.4 software features that enhance Sun Fire 15K/12K system availability. This document is useful for support personnel who have a basic knowledge of the Sun Fire 15K/12K systems. This article requires a reader with an intermediate to advanced knowledge level.
  
  
• Dynamic Reconfiguration and Oracle 9i Dynamically Resizeable SGA (January 2004)
  -by Erik Vanden Meersch and Kristien Hens
  This article explains how Oracle 9i can operate in combination with Sun's dynamic reconfiguration (DR). It provides a brief overview of DR, intimate shared memory (ISM), dynamic intimate shared memory (DISM), and dynamically resizable system global area (SGA), and explains how these technologies fit together. In addition, this article provides step-by-step details for configuring Oracle relational databases on Sun Fire servers so that the DR capabilities of the Sun platform can be maximized. This article requires an intermediate reader. The features described in this article should be used with the Solaris 9 OS Update 2 and newer.
  
  
• Sun Fire 6800/4810/4800/3800 Systems Auto Diagnosis and Recovery Enhancements (October 2003)
  -by Peter Gonscherowski and Tricia Wittsack
  This article describes the Sun Fire 6800/4810/4800/3800 systems availability enhancements provided in the system controller (SC) firmware versions 5.15.0 and 5.15.3 releases and the Solaris OE kernel updates. This document is useful for support personnel, who have a basic technical knowledge of the Sun Fire 6800/4810/4800/3800 systems.
  
  Enhancements have been added to both the Solaris Operating Environment (Solaris OE) and the Sun Fire firmware release 5.15.3. Improved auto diagnosis of hardware failures and system recovery are now available. These enhancements achieve increased availability and better serviceability of the Sun Fire 6800/4810/4800/3800 systems. Both firmware version 5.15.3 and either the Solaris 8 OE kernel update 24 or Solaris 9 OE kernel update 5 are required to benefit from these enhancements.
  
  
• Sun Fire V1280/Netra 1280 Server Considerations for Improving RAS (August 2003)
  -by Kumar Loganathan
  This article provides recommendations and highlights important aspects in the configuration, administration, and servicing of the Sun Fire V1280 and Netra 1280 servers. This article is ideal for an advanced system administrator looking to address RAS issues.
  
  
• Sun Fire 6800/4810/4800/3800 Auto Diagnosis and Recovey Features (April 2003)
  -by Peter Gonscherowski
  This article describes the Sun Fire 6800/4810/4800/3800 system availability enhancements provided in the system controller (SC) firmware version 5.15.0 release and Solaris 8 kernel updates. Version 5.15.0 of the system controller (SC) firmware introduces several new features to improve the availability, serviceability, diagnosability, and repair characteristics of Sun Fire 6800/4810/4800/3800 systems.
  
  
• Modeling Sun Cluster Availability (December 2002)
  -by Ira Pramanick
  Modeling the availability of software systems is an extremely difficult task that has not been accomplished successfully to any degree of accuracy until now. This article describes the approach taken to model specific Sun Cluster stacks, including the service layer. This modeling methodology combines black-box measurements with white-box analysis to arrive at an availability model for a system. The methodology facilitates extrapolation of the model to other stacks that differ in well-defined ways. It also entails setting availability budgets of various layers in the stack.
  
  
• Designing Highly Available Architectures: A Methodology (November 2002)
  -by Erik Vanden Meersch
  This article presents a methodology for discussing availability requirements for Information Technology (IT) systems. This methodology focuses on the interaction between system vendors and customers at the early stage of a project and defines the minimum information that should be exchanged to design an architecture that will satisfy the availability requirements of the future owner of the system.
  
  
• Managing Shared Storage in a Sun Cluster 3.0 Environment With Solaris Volume Manager Software (November 2002)
  -by Kristien Hens and Peter Dennis
  Traditionally, VERITAS Volume Manager (VxVM) has been the volume manager of choice for shared storage in enterprise-level configurations. In this article, a free and easy-to-use alternative, Solaris Volume Manager software, which is part of the Solaris 9 Operating Environment (Solaris 9 OE) is explored. This mature product offers similar functionality to VxVM. Moreover, it is tightly integrated into the Sun Cluster 3.0 software framework and, therefore, should be considered to be the volume manager of choice for shared storage in this environment.
  
  
• Campus Clusters Based on Sun Cluster Software (November 2002)
  -by Harmut Streppel
  This article describes how to use Sun Cluster 3.0 software as part of a comprehensive disaster recovery solution to ensure continuous service availability. This article provides guidelines to consider when deploying a campus-cluster solution and offers helpful tips for setting up sound administrative practices.
  
  
• Sun Fire Midframe Server Best Practices for Firmware Update 5.13.x (October 2002)
  -by James Hsieh
  This article is an update to the October 2001 Sun BluePrints OnLine article, Sun Fire Midframe Servers Best Practices for Administration, and includes updated information for connecting and configuring the Sun Fire system controller (SC) and introduces SC administration concepts, platform security, and error analysis and diagnosis. This article update also introduces new features available with the 5.13.x firmware release for the Sun Fire SC, which further improve on the reliability, availability, and serviceability of Sun Fire Midframe Servers.
  
  
• >Enterprise Network Design Patterns: High Availability (September 2002)
  -by Deepak Kakadia, Sam Halabi, and Bill Cormier
  High availability considerations extend well beyond individual servers in today's enterprise. Ultimately, availability is only as good as the networking infrastructure. This article presents the key issues, explores available network topologies and protocols, and makes recommendations for their application in creating a highly available network.
  
  
• Sun Fire 3800-6800 Servers Dynamic Reconfiguration (April 2002)
  -by Peter Gonscherowski
  A general overview of Dynamic Reconfiguration (DR), its implementation on Sun Fire 3800-6800 servers, and best practice guidelines for DR with Sun Management Center or the command line are provided.
  
  
• Cluster and Complex Design Issues (November 2001)
  -by Richard Elling and Tim Read
  This is the entire first chapter from the Sun BluePrints Book Designing Solutions with Sun Cluster 3.0. In it, the authors examine how failures occur in complex systems and show methods that contain, isolate, report, and repair failures. Special considerations for clustered systems are discussed, including the impact of caches, timeouts, and the various failure modes, such as split brain, amnesia, and multiple instances.
  
  
• Sizing Sun Ray Servers Running Windows Applications with SunPCi IIpro Coprocessor Cards (November 2001)
  -by Don DeVitt
  This paper addresses the task of sizing a server capable of supporting Wintel based applications on a Sun Ray Server utilizing Sun Pci IIpro co-processor cards. The paper integrates the the informationof several previously published documents and sizing tools to determine a baselineconfiguration. The paper also suggests many best practice options for configuring the server.
  
  
• Writing Scalable Services With Sun Cluster 3.0 Software (October 2001)
  -by Peter Lees
  This article provides an introduction to the supporting features in the Sun Cluster 3.0 product release. It also describes both the technical requirements that must be considered when designing and programming an application to the most effective use of the cluster framework. This article also details some of the tools available for creating scalable resources.
  
  
• Sun Fire Midframe Server Best Practices for Administration (October 2001)
  -by James Hsieh
  This article introduces best practices to maintain a Sun Fire server for mission-critical environments. It includes details of connecting the System Controller (SC), SC Administration Concepts for the Sun Fire Midframe Server, Platform Security, and Error Analysis and Diagnosis.
  
  
• Sun Fire Midframe Server Configuration Best Practices (September 2001)
  -by James Hsieh
  This article introduces best practices that take advantage of the new features, capabilities, and technologies of the Sun Fire server. These practices will aid in configuring a Sun Fire system for mission critical applications.
  
  
• Cluster Platform 220/1000 Architecture-A Product from the SunTone Platforms Portfolio (August 2001)
  -by Enrique Vargas
  This article will provide customers a better understanding of this product capabilities by presenting its hardware and software architecture as well as best practices used in integrating the design.
  
  
• Supporting Microsoft Windows 2000 Server Applications from Sun Enterprise Servers (June 2001)
  -by Don DeVitt
  This article explores using multiple SunPCi II Pro cards running on Sun Enterprise servers to support Microsoft Windows 2000 Server applications. New SunPCi II Pro hardware and software now support multiple cards in one Sun Enterprise server. Benchmarks and Sizing information for a Windows 2000 Terminal Server environment are discussed.
  
  
• Demystifying the Directory Information Tree (DIT) (April 2001)
  -by Tom Bialaski
  Understand how NIS data is stored in the LDAP Directory Information Tree (DIT) helps you develop a directory topolgy that works best for you. This article introduces LDAP terminology and concepts which relate to the DIT and draws an analogy to terminology used to describe the UNIX® UFS filesystem. Examples are provided which show different options for storing NIS data.
  
  
• Using dsimport to Convert NIS Maps to LDAP Directory Entries (February 2001)
  -by Tom Bialaski
  This article describes a method to import your NIS maps into an LDAP directory using the dsimport utility. Use of this tool rather than a homegrown one or one found in the public domain is a best practice because it is complete, tested, and verifiable.
  
  
• Planning to Fail (December 2000)
  -by John S. Howard
  This article presents design guidelines and "best practices" for the selection and configuration of system software such as Veritas Volume Manager, Dynamic Mulit-pathing, Dynamic Reconfiguration, and Live Update. It also focuses on which versions and combinations of these software tools result in viable configurations, and which combinations to avoid.
  
  
• Directory Server Security (December 2000)
  -by Tom Bialaski
  This article provides an overview of what the LDAP model consists of and what security changes need to be made to accommodate the Solaris Operating Environment naming service requirements.
  
  
• High Availability Best Practices (December 2000)
  -by Enrique Vargas
  This article introduces best practices that assist in minimizing the impact of people and processes in the datacenter which helps to achieve higher availability goals.
  
  
• Directory Server Indexing (November 2000)
  -by Tom Bialaski
  Indexing plays an important role in optimizing the performance of a directory server. Both types of indexing discussed in this article, attribute and Virtual List View (VLV), should be deployed when configuring a directory server to support the native LDAP naming service which is included in the Solaris 8 Operating Environment.
  
  
• High Availability Fundamentals (November 2000)
  -by Enrique Vargas
  This article emphasizes configuration elements that impact a single server availability to help system administrators arrive at a hardware configuration that best matches their availability requirements.
  
  
• Implementing LDAP in the Solaris Operating Environment (October 2000)
  -by Tom Bialaski
  This article provides an overview of LDAP implementation. LDAP is an industry standard interface that is more than just a protocol. This article provides an explanation of the LDAP models and their actual implementation. Since the installation and configuration of Solaris Native LDAP is quite complex this article provides a foundation for understanding the fundamental principles involved.
  
  
• SCSI-Initiator ID (August 2000)
  -by David Deeths
  Changing the SCSI-initiator ID is necessary for cluster configurations that share SCSI devices between multiple hosts. This article walks you through the process, and also provides an excellent background on SCSI issues in clustered systems.
  
  
• Fast Oracle Parallel Exports on Sun Enterprise Servers (March 2000)
  -by Stan Stringfellow - Special to Sun BluePrints OnLine
  Gives a script that performs very fast Oracle database exports by taking advantage of parallel processing on SMP machines. This script can be invaluable for situations where you need to perform exports of large mission-critical databases that require high availability.
  
  
• Clustering LDAP Directory Servers (December 1999)
  -by Tom Bialaski
  Explore deployment of Sun Cluster software to create an environment for LDAP based directory services that are highly available for both read and write access.
  
  
• Availability - What It Means, Why It's Important, and How to Improve It (October 1999)
  -by Richard McDougall
  Explains various aspect of availability.
  
  
• Solaris Directory Services: Past, Present and Future (October 1999)
  -by Tom Bialaski
  The high availability features of currently supported Solaris Operating Environment directory services (NIS, NIS+, DNS) and contrasts them with LDAP's high availability features.
  
  
• Workgroup Server PCI RAID Solution - The Sun StorEdge SRC/P Controller (October 1999)
  -by Don DeVitt
  SRC/P basic description and performance considerations in the Sun Enterprise 450 server.
  
  
• HA: Boot/Root/Swap (June 1999)
  -by Jeannie Johnstone Kobert
  Ways to mirror your system disk to prevent system failure.
  
  

Back to Top

Data Center Practices

• The Service Delivery Network: A Case Study (April 2006)
  -by Mikael Lofstrand, Jason Carolan
  Secure messaging has emerged as a core IT service. Most organizations today rely upon e-mail as a mission-critical application that serves key business processes and transports proprietary and confidential business information among authorized users. The case study in this article shows how to use Sun's Service Delivery Network (SDN) to guide the design of a secure, service-optimized network architecture for an example secure e-mail application. Secure e-mail was chosen for this case study because it is a familiar application that is relatively simple to describe and understand, allowing the reader to focus on the use of SDN rather than the details of an application. Note, however, that the SDN approach can be used to design network architectures that support almost any kind of application or service.
  
  
• Toward Systemically Secure IT Architectures (February 2006)
  -by Glenn Brunette
  The convergence and availability of greater numbers of computers, mobile phones, PDAs, and other devices are fueling new opportunities and new styles of sharing, participation, and commerce. Traditional organizational and network boundaries continue to blur and fade as organizations find new ways of engaging their customers, partners, suppliers, and employees. Furthermore, the delivery of services is becoming more streamlined, as associations among components and data become more dynamic in response to “just in time” business decisions. Unprecedented levels of access and sharing are fast becoming the norm and helping to fuel what is being called “the Participation Age.”
  
  Security risk accompanies all of the benefits that these opportunities offer — risk that cannot and must not be ignored. Attacks on IT resources can now be executed on a global basis, using the Internet or other communications networks, at speed and on a scale previously unknown. News of identity theft, industrial espionage, and the ever-present insider threat is rapidly increasing. While many of the common attack methods have largely not changed over the last ten years, their impact has been amplified as a result of a significantly increased number of potential targets, increased levels of dependence and connectivity among targets, and heightened levels of attack automation, making the attacks easier to configure and execute on a global scale.
  
  This Sun BluePrints OnLine article addresses the need for strong security guarantees in increasingly dynamic and flexible information technology (IT) environments. The Sun Systemic Security approach applies time-tested security principles, architectural patterns, and iterative refinement policies to weave security controls and assurances more systemically throughout an IT environment. Using a pattern-based approach and a focus on iterative refinement, organizations can transform their existing legacy deployments into resilient architectures that meet not only their security, privacy, and compliance needs, but also satisfy other business goals, such as increased agility, flexibility, efficiency, and availability. In fact, this approach can be used to help drive the adoption of new service and utility-based compute architectures.
  
  
• Consolidating Legacy Applications onto Sun x64 Servers
  How to move Microsoft Windows NT Applications onto Sun x64 Servers using VMware ESX Server (February 2006)
  -by Marshall Choy
  IT organizations wishing to continue to run applications on the Microsoft Windows NT Server operating system have faced a limited number of choices given the increasing lack of support for their aging hardware, and the lack of drivers for current hardware. The ability of VMware ESX Server to host these operating system environments and their applications on state-of-the-art, high-performance hardware platforms like the Sun Fire V40z server gives IT organizations a new class of options. Not only can they use virtualization to run their applications on current, supported hardware — they can leverage the greater processing power, memory capacity, and disk storage of today's servers to consolidate multiple PC server environments onto a single platform. Now IT organizations can upgrade their hardware platforms, and use the upgrade process also to address their power, space, and cooling issues, while exploiting the economies of scale that consolidation brings.
  
  This Sun BluePrints article describes in step-by-step fashion how one such application — an Apache Web server running on the Windows NT Server operating system — could be consolidated onto ESX Server running on a Sun Fire V40z server with no changes to the application or its configuration. The importance of this exercise is not the application itself. It is the fact that the only changes to the disk image imported by the physical-to-virtual process were to install drivers for the virtual network interface and display devices supported by the virtual machine environment. Once an application is consolidated into the virtual environment in this way, it can securely share a single platform with multiple instances of Windows operating systems and the applications that they host. Because each virtual machine provides an idealized environment to the guest operating system, the disk images created by the consolidation process are portable. So as this consolidation technique becomes proven in any given IT organization, PC workloads can be re-distributed among a growing number of servers by moving virtual disks and virtual machine configuration files.
  
  
• Web Consolidation on the Sun Fire T1000 using Solaris Containers (December 2005)
  -by Kevin Kelly
  Reducing the costs of IT infrastructure and improving the manageability and efficiency of web services pose significant challenges for many organizations in today's economic climate. Recent studies describe the challenges IT managers face administering the proliferation of x86-based servers used to run web services applications. Those reports reveal that using large number of x86-based systems can increase space and power consumption, as well as cost and asset management overhead. In addition, many of these x86-based systems run a mixture of operating system and application software leading to increased management complexity and potential security concerns.
  
  Faced with these challenges, many organizations are attracted by the idea of consolidating web and application services from multiple x86-based servers to a smaller number of high-performance servers. This approach strives to help simplify management, improve performance, and increase the efficiency of delivering web services. The combined capabilities of the Sun Fire T1000 server and Solaris Containers technology in particular offer significant promise as a web-tier consolidation platform. The Sun Fire T1000 server offers high aggregate throughput performance in a small, power-efficient footprint. Solaris containers provide a complete, isolated, and secure runtime environment for applications, enabling multiple web servers to run safely and efficiently on the same platform.
  
  This paper explores the configuration and testing of the Sun Fire T1000 server as a web-tier consolidation platform. It discusses methodologies used to consolidate multiple web servers onto a single Sun Fire T1000 server, and explains the steps used to configure the Solaris Containers. In addition, to determine the effectiveness of this approach, testing was performed to evaluate the consolidated Sun Fire T1000 system against a baseline configuration of current Xeon servers, a popular choice as web server platform.
  
  
• Consolidating the Sun Store onto Sun Fire T2000 Servers (December 2005)
  -by Casey Costley, Srinivasa Bodicharla, Brad Coates, Yunas Nadiadi and Ragu Venkatesan
  Many data centers today are at or near capacity in terms of space, power, and cooling, even as they are compelled to provide secure and available services that will scale into the future. Faced with real hard limits on real estate, power, and thermal capacity, data center managers are increasingly changing the ways they evaluate infrastructure. Performance in particular must be viewed in an envelope of space, power, and dissipated heat--with performance per watt, performance per square foot, and performance per rack unit of paramount importance.
  
  Sun faces these same demands and constraints in its own Information Technology (IT) and is actively seeking effective solutions. In particular, Sun is deploying architectures and strategies to consolidate its own mission-critical SunStore application, using commercially available technology to run Sun-on-Sun. Based on the UltraSPARC T1 processor with CoolThreads technology, the new Sun Fire T2000 server offers an effective consolidation platform for these efforts, complemented by the flexibility of Solaris Containers partitioning technology from the Solaris 10 Operating System.
  
  Providing a unique insight into Sun's own operations and adoption of new products and technologies, this article discusses the existing SunStore architecture and describes a timely real-world consolidation effort. In addition to architecture and configuration information, an analysis of anticipated savings in power, cooling, and space is also provided.
  
  
• Protecting Investments Through Technology Advancements (October 2005)
  -by Brian Down
  With businesses becoming increasingly dependent on IT infrastructure, IT organizations are constantly seeking new ways to implement these vital assets in a cost-effective manner that supports business goals. At the same time, budget pressures are pushing organizations to find ways to protect technology investments and ensure they provide good value over time. Indeed, because IT assets depreciate, it is important they provide value—business flexibility, agility, and efficiency—for as long as possible, and be easy to replace when the time comes. This Sun BluePrints article explains what it means to protect IT investments, and what you need to consider when protecting them. It also illustrates how Sun's platform of UltraSPARC processor-based servers running the Solaris Operating System can be used to build an infrastructure with investment protection built-in.
  
  
• Sun's Pattern-based Design Framework: The Service Delivery Network (September 2005)
  -by Jason Carolan and Mikael Lofstrand
  The Service Delivery Network (SDN) is the approach that Sun uses to design service optimized network architectures for customer and in-house implementations. This approach consists of basic network building blocks, common network design patterns, integrated network components, and industry best practices that together are carefully blended in response to a customer's business and technical goals. The SDN provides a set of network connectivity, routing, load balancing, and advanced security mechanisms that, when applied in combination, result in flexible network infrastructure designs that provide high performance, scalability, availability, security, flexibility, and manageability.
  
  The primary goal of the SDN is simple:
  
  Service delivery at any time, from anywhere, to any device.
  
  A service optimized network architecture focuses on the services provided over the network to the end user, rather than the enabling technologies or their related components. By virtualizing resources and understanding the core services offered directly to end users, as well as the other data center services that support these end user services, organizations can take advantage of a true service-driven architecture.
  
  
• Enforcing the Two-Person Rule Via Role-Based Access Control in the Solaris 10 Operating System (August 2005)
  -by Glenn Brunette
  Whether discussing physical or logical access controls, organizations have for years applied the practice of the two-person rule to help secure IT assets. Using the two-person rule is an optional approach for organizations wanting to protect access to key data sets, or to restrict who may perform sensitive or high impact operations on a system.In many circumstances, however, more traditional IT security controls are likely appropriate. Using the two-person rule is most often reserved for restricting the most sensitive IT security operations performed within an organization. Whether and where a given organization could apply the two-person rule depends on its policies, architecture, processes, and requirements.
  
  This Sun BluePrints cookbook describes how to use Solaris Role-Based Access Control (RBAC) in the Solaris 10 Operating System (Solaris OS) to enforce the two-person rule in IT security.
  
  
• Automating Initial Setup and Management of Sun Fire V20z and V40z Servers (June 2005)
  -by Jacques Bessoudo
  Many compute- and network-centric applications can benefit from pools or grids of smaller, horizontally-scaled servers due to their lower initial cost, flexibility, scalability, and performance for certain tasks. However, installing and managing tens or hundreds of servers in a consistent manner can be time consuming and prone to errors that further increase the time required to manage large pools of servers. Fortunately, many administrative tasks can be easily automated using the integrated service processor in the Sun Fire V20z and V40z servers.
  
  There are three areas of setup and management of the Sun Fire V20z and V40z server's service processor that are usually performed manually--where automated scripts can save time and can eliminate errors:
  
  * Service processor setup
  * Service processor management
  * Server (BIOS) and service processor firmware updates
  
  This article describes a method for helping system administrators save time by automating these processes and running them on multiple systems simultaneously. It details the steps for creating scripts to automate these tasks and run them in parallel and includes examples of several of the more common tasks.
  
  
• Creating Self-Balancing Solutions with Solaris Containers
  -by David Collier-Brown
  Transactions of some kind are an integral part of every organization, and must be completed on time if the business is to operate effectively and efficiently. Chaos, and damage, can be caused if critical transactions are not handled correctly. Today, IT managers often try to break workloads into chunks and process them with separate program instances in the hope that they can distribute the workload across the instances and keep pace with demand. This technique has its drawbacks. What happens when one instance fails to finish in time? Worse, what if the business is growing, and every month the number of lagging instances increases? How are system administrators supposed to figure out which instance is going to be late the next time?
  
  System administrators need to find ways to balance workloads across computing resources. With Solaris 10, Solaris Containers were further enhanced to include a new facility, Solaris Zones, which can be used to create a virtual environment that enables the management of unbalanced load problems. This Sun BluePrints article presents several techniques for dealing with unexpected load changes, and provides best practices for employing Solaris Containers in this effort.
  
  
• Solaris Containers--What They Are and How to Use Them (May 2005)
  -by Menno Lageman
  Over the years businesses have been building large-scale information systems to solve business problems, with a focus on building scalable and highly available IT infrastructures that can adapt change. Providing sufficient availability and performance for business applications was the primary driver for these efforts. Today, the need to protect technology investments and provide the same service levels at a lower price point is shifting the focus to reducing IT infrastructure cost and improving end user service level management. To help this effort, the Solaris Operating System includes Solaris Containers, a mechanism that provides isolation to safely and securely share resources between software applications or services using flexible, software-defined boundaries.
  
  This Sun BluePrint article discusses the challenges organizations face in dealing with resource and workload management. Solaris Containers, and their constituent technologies (projects, resource pools, Zones) are introduced and explained. Practical examples that show these technologies solving resource and workload management problems are demonstrated.
  
  
• Migrating From Tru64 UNIX to the Solaris Operating System (March 2005)
  -by Ken Pepple, Brian Down and David Levy
  Using a fictional case study, this Sun BluePrint article illustrates the methodology, tools, and best practices used to migrate a Tru64 environment to the Solaris environment. This study examines the migration of a simple, custom-written application that used a Sybase database to store information about a company's inventory as well as client-specific data. This application was converted to run under the Solaris Operating System (Solaris OS) and was integrated with directory services. Additionally, the database vendor was changed from Sybase to Oracle. This article provides an overview of the Tru64 Unix operating environment; discussions of 64-bit computing and clustering architectures; descriptions of justifying, architecting, and implementing the migration; and suggestions for managing the new Solaris environment.
  
  
• Migrating from HP/UX Platform to the Solaris Operating System (March 2005)
  -by Ken Pepple, Brian Down and David Levy
  Using a fictional case study that draws from several actual customer migration projects, this Sun BluePrint article illustrates the methodology, tools, and best practices used to migrate an HP/UX environment to the Solaris environment. The most significant of these projects, for a large health care insurance provider based in the United Kingdom, involved migrating a commercial-off-the-shelf (COTS) integrated-accounts solution to the Solaris Operating System (Solaris OS), and enhancing it to support their risk-underwriting and claims-processing business functions. This article provides an overview of the case study; descriptions of justifying, architecting, and implementing the migration; suggestions for managing the new Solaris environment; and a summary of the successful results of the migration.
  
  
• N1 Grid Architecture Realized: Measurable Requirements
  -by Jason Carolan, Scott Radeztsky, Paul Strong and Ed Turner (March 2005)
  This article discusses using the Sun architecture methodologies to translate customer business drivers and stated functional and operational requirements into a measurable Critical to Quality (CTQ) baseline for architectural analysis and solution testing. This article is the entire fifth chapter of the Sun BluePrints book N1 Grid Realized: Preparing, Architecting, and Implementing Service-Centric Data Centers.
  
  
• Solaris Patch Management: Recommended Strategy (February 2005)
  -by Pierre Reynes
  Applying patches and updating a system from one software release to another have evolved into what can be complex, time-consuming processes. This article discusses Sun's recommended strategy for managing patches and software updates. It describes the types of patches, patch interrelationships, and patch delivery collections, recommends practices for maintaining properly patched and updated software. Included is an explanation of what goes into a Solaris software update, considers the risks, costs, and timing of updating your software, and provides references to Sun's patch-related tools.
  
  
• Operations Management Capabilities Model (February 2005)
  -by Edward Wustenhoff, Michael J. Moore, and Dale H. Avery
  Successful IT management cannot be purchased out-of-the-box. The implementation of a robust IT management infrastructure is as much an exercise in organizational change as it is a technology implementation. IT management must be enhanced in an evolutionary manner, over time, through the application of a continuous improvement methodology that addresses the combination of people, process, and tools components.
  
  The Sun Microsystem's Operations Management Capabilities Model (OMCM) is a comprehensive, continuous improvement methodology for IT management that provides a practical framework and measurable roadmap for enhancing IT management. The OMCM helps organizations define, measure, and thoroughly assess their current and desired IT capability.
  
  The OMCM is based on the Sun IT Management Framework (Sun ITMF), which defines the three core different aspects--people, processes, and tools--of an organization's IT management infrastructure. The OMCM encompasses IT management best practices at all levels of the IT environment, mapping IT management disciplines to the architecture used to implement them. The OMCM provides the basis of assessment for the purpose of determining where best to invest in IT resources in support of key business needs.
  
  
• Understanding the Benefits of Implementing Oracle RAC on Sun Cluster Software (January 2005)
  -by Kristien Hens and Michael Loebmann
  In solutions that implement Oracle RAC and Sun Cluster software, the flexibility and power of Sun's cluster solution can add structure and maintainability to various underlying hardware components. This article describes the benefits of an Oracle RAC and Sun Cluster solution.
  
  This article is the complete second chapter of the Sun BluePrints book, "Creating Highly Available Database Solutions: Oracle Real Application Clusters (RAC) and Sun Cluster 3.x Software," by Kristien Hens and Michael Loebmann, is now available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  
• Service Provisioning with Resource Management (November 2004)
  -by Sam Antwi
  The Solaris 9 Resource Management (Solaris 9 RM) offers a more granular, elegant, and flexible solution to Solaris Operating System (Solaris OS) platform resource sharing and control. It provides support for a predictable approach to guaranteed service level commitment, even in environments where resources are contested by multiple stacked application service workloads or where maximizing system resource utilization is paramount. This Sun BluePrint shows how to apply Solaris 9 RM for service provisioning, with a particular focus on three application service workloads: Sun ONE Web Server, BEA WebLogic, and Oracle9i.
  
  
• Data Center Availability Features for High-End Servers (July 2004)
  -by Vasant Butala
  This article describes the System Management Services (SMS) 1.4.1 software features that enhance the availability of Sun's high-end servers, the Sun Fire E20K/E25K and Sun Fire 15K/12K servers. This paper is useful for support personnel who have a basic knowledge of high-end server systems.
  
  
• Best Practices for Deploying the Sun StorADE Utility (June 2004)
  -by Michael Monahan
  "Best Practices for Deploying the Sun StorADE Utility", the Sun BluePrints OnLine article for January 2004 has been updated for the newest version of the Sun Storage Automated Diagnostic Environment utility (StorADE 2.3). StorADE enables centralized monitoring of most Sun storage products. This article covers StorADE features, how it works, and provides best practice recommendations for its deployment. This article is intended for anyone involved in managing Sun storage devices, from an architectural, deployment, or administration perspective. This article is ideal for a reader seeking introductory technical information on StorADE software.
  
  
• N1 Grid Architecture Realized: Strategic Flexibility (May 2004)
  -by Ed Turner, Paul Strong, Jason Carolan and Scott Radeztsky
  Any architectural solution must first solve the basic IT problems of cost and complexity. Then, it must strive to develop the business and IT linkage to its fullest extent. That is the central theme of the Sun N1 Grid architectural solution, and it is articulated in the concept of strategic flexibility.
  
  
• Building a Bootable DVD to Deploy a Solaris Flash Archive (April 2004)
  -by John S. Howard
  This article provides techniques to augment a DVD-ROM-based installation with the services and behaviors typically provided by a JumpStart server. The techniques presented in this article can be used when you need to perform an automated installation of a Solaris Flash archive, but are unable to use a JumpStart server. This article describes a procedure to create a bootable installation DVD-ROM with a complete software stack on a DVD that you can use to perform a standardized and fully automated installation of the software stack from the DVD.
  
  This article also examines the structure of a bootable Solaris OS DVD and provides information about modifying installation behaviors to perform an automated install of a Solaris Flash archive from a DVD.
  
  
• Data Center Best Practices for High-End Servers (March 2004) (This article is temporarily unavailable, please check back - 06/05)
  -by Vasant Butala
  This article provides best practices for installing, configuring, securing, and maintaining availability and performance for the Sun Fire 15K server. Although the Sun Fire 12K server, Sun Enterprise 20000 server, and Sun Enterprise 25000 server are not addressed separately, the best practices here apply as well to these servers. Additionally, reference materials for topics not covered in this article such as environment and domain configuration are provided. Throughout this article, best practices are described fully, then summarized in Tips for quick reference. This article requires an intermediate reader level.
  
  
• Sun Ray Deployment On Shared Networks (February 2004)
  -by Mike Oliver, Raja Doraisamy, Bob Doolittle, Kent Peacock, Gerard Wall, and Gary Sloane
  With the growing popularity of the Sun Ray thin client computing model and its increasing acceptance in business and research settings, there has been considerable demand for a more detailed description of best practices for deployment on varied existing network topologies. This article describes several common topologies and provides deployment hints and instructions not yet covered in the product documentation. This article is ideal for advanced network administrators.
  
  
• Migrating to the Solaris Operating System: Migrating From Tru64 UNIX (November 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article presents a fictional case study that illustrates the methodology, tools, and best practices used to migrate a Tru64 environment to a Solaris environment.
  BR> This article is the complete tenth chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", by Ken Pepple, Brian Down, and David Levy, which is available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  
• Migrating to the Solaris Operating System: Migration Strategies (September 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article defines the most important terms in migration, and differentiates between these terms. In addition, it presents migration strategies, the benefits and risks of each strategy, and the appropriateness of each strategy for various situations. This article is ideal for a beginning to intermediate audience.
  
  This article is the complete third chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", which will be available at Sun BluePrints Publication page, the amazon.com website, and Borders and Barnes & Noble bookstores at the end of October, 2003.
  
  
• Sun Fire 15K/12K Server Preferred Practices (July 2003)
  -by Lee Lustig
  Many documents about configuring Sun Fire servers have been written at Sun Microsystems. This article consolidates the information in those documents to derive a set of preferred practices you can quickly reference while planning an implementation. This article addresses preferred practices at a high level, referencing supporting documentation when a more in-depth technical discussion is warranted. This article is targeted for an introductory level of expertise.
  
  
• Role Based Access Control and Secure Shell--A Closer Look At Two Solaris Operating Environment Security Features (June 2003)
  -by Thomas M. Chalfant
  To aid the customer in adopting better security practices, this article introduces and explains two security features in the Solaris operating environment. The first is Role Based Access Control and the second is Secure Shell. The goal is to provide you with enough information to make an effective decision to use or not use these features at your site as well as to address configuration and implementation topics. This article is targeted to the intermediate level of expertise.
  
  
• Using NTP on the Sun Fire 15K/12K Server (June 2003)
  -by Jason Beloro
  This article addresses the time skew issues for the Sun Fire 12K/F15K server and explains how the system controllers and domains can be configured as NTP clients to external servers. A sample configuration is also provided. This article is targeted to the intermediate level of expertise.
  
  
• Consolidation Methodology (June 2003)
  -by David Hornby and Ken Pepple
  A proven methodology is critical to the success of a consolidation project. This article outlines the major phases of the consolidation methodology developed by Sun Professional Services. If you are considering, or have already begun, a consolidation project for your data center, you can use the methodology presented in this article to get a consolidation effort underway.
  
  This article is the complete fourth chapter of the Sun BluePrints book, Consolidation in the Data Center, by David Hornby and Ken Pepple (ISBN #0-13-045495-8). The later chapters in this book address the feasibility, assessment, architecture, implementation, and management phases in detail.
  
  
• An Architecture for Creating and Managing Integrated Software Stacks (May 2003)
  -by John S. Howard
  Creating and managing complex, integrated system software stacks are some of the most challenging and time-consuming tasks facing data center managers. This article examines the challenges of these tasks and provides an architecture for software stack creation and management.
  
  
• A Patch Management Strategy for the Solaris Operating Environment (January 2003)
  -by Ramesh Radhakrishnan
  Managing software patches is complex and time consuming. This article offers a high-level strategy for managing patches in a variety of different types of compute environments that are running on the Solaris operating environment. This article divides the patch management process into seven phases, each of which can be tailored to suit your distinct IT environment. This article does not discuss the step-by-step process of installing Solaris OE patches, but instead addresses higher-level concepts that can be used with any patch installation utility. This article is intended for IT managers, IT architects, lead system administrators, and anyone interested in developing a patch management strategy.
  
  
• BluePrint for Benchmarking Success (January 2003)
  -by Hans Joraandstad and Barbara Perz
  This article provides best practices for benchmarking and it's ideal for those using benchmarking to gather information that will help make a decision on which computer to buy.
  
  
• Configuring Databases Using Soft Links (January 2003)
  -by Carlos Godinez
  This article explains the advantages of using symbolic (soft) links when configuring databases and provides techniques and examples for using them. This article presents information that will enable you to manage database configuration efficiently and accurately.
  
  
• Managing Data Centers With Sun Management Center Change Manager (October 2002)
  -John S. Howard
  Deploying and updating software are two of the most challenging and time consuming tasks facing datacenter managers. The Sun Management Center (Sun MC) Change Manager software provides a framework and tools for quickly and efficiently deploying, replicating, updating, and managing software over a large number of systems. This article presents techniques and best practices for using Sun Management Center Change Manager software.
  
  
• Sun Fire Systems Design and Configuration Guide (September 2002)
  -Nathan Wiger and Roger Blythe
  This article details key features of the Sun Fire product line and presents a process you can follow to determine which server best meets your needs. An excerpt from the new Sun BluePrints book, "Sun Fire Systems Design and Configuration Guide" by Nathan Wiger and Roger Blythe, this article provides best practice design consideration, rules of thumb, and sample server configurations.
  
  
• Consolidation in the Data Center (September 2002)
  -by Ken Pepple and David Hornby
  Data center consolidation is about reducing the number of devices you have to manage and reducing the number of ways you use to manage them. This article introduces various types of consolidations you can perform - servers, applications, storage, shared services, networks, and people resources - and describes some of the benefits of each type of consolidation.
  
  
• Sun StorEdge[tm[ Instant Image 3.0 and Oracle8i Database Best Practices (August 2002)
  -by Art Licht
  A methodology for implementing the Sun StorEdge Instant Image 3.0 Point-In-Time (PIT) copy technology to perform non-intrusive and efficient backup operations on Oracle8i databases, without impacting business operations is presented. A method customers can use to repurpose the PIT Oracle8i data for parallel business processes is also included.
  
  
• An Information Technology Management Reference Architecture Implementation (July 2002)
  -by Edward Wustenhoff
  This article is the fifth in a series of articles by Edward Wustenhoff on the data center management infrastructure. The focus of this article is on the implementation of the management infrastructure. It is a follow-up article on the "An information Technology Management Reference Architecture article published earlier by Edward Wustenhoff and the Sun BluePrints group. It describes the implementation of IT management reference architecture in the Authorized iForce Ready Center (iFRC) program that displays an IDC Mail and Messaging Architecture. The iFRC program is a Sun program that provides reference implementations and proof of concepts to assist our customers in avoiding common pitfalls. This article describes the technical aspects and details of the management and organization (M&O) architecture deployment.
  
  
• An Information Technology Management Reference Architecture (June 2002)
  -by Edward Wustenhoff
  Building on Edward's prior Sun BluePrints OnLine articles, this article describes the results of a proof-of-concept process to create an IT management reference architecture that displays IDC mail and messaging, as conducted at Sun's iForce Ready Center.
  
  
• Deployment Considerations for Data Center Management Tools (May 2002)
  -by Edward Wustenhoff
  Build a better management infrastructure by understanding more about the basic building blocks, architecture, and key design elements of a complete Systems Management Tools Framework, as presented in this first article in a two-part series.
  
  
• Using Live Upgrade 2.0 With JumpStart Technology and Web Start Flash (April 2002)
  -by John S. Howard
  In this final installment of his three-part series on Solaris Live Upgrade 2.0 (LU) technology, John S. Howard provides recommendations and techniques for integrating LU with the JumpStart software framework and the Solaris Web Start Flash software.
  
  
• Service Level Agreement in the Data Center (April 2002)
  -by Edward Wustenhoff
  Building on the definitions, processes, and best practices supporting the Service Level Management (SLM) process presented in the first article in this two-part series, this article explores Service Level Agreements (SLAs). Best practices for keeping SLAs simple, measurable, and realistic--thus avoiding the most common pitfalls of overpromising and underdelivering on agreements--are detailed and templates are provided that illustrate the translation of SLA principles to real-world examples.
  
  
• Using Live Upgrade 2.0 With a Logical Volume Manager (March 2002)
  -by John S. Howard
  Part two of a three-part series by John S. Howard, this article addresses best practices for upgrading systems, specifically using Live Upgrade 2.0 (LU 2.0) with a logical volume manager. As system administrators know, system upgrades can be time-consuming and error-prone processes. Further, mission-critical systems or datacenter systems typically cannot afford to be taken down for much time to test patches and execute software upgrades. While the examples in this article use VERITAS Volume Manager (VxVM), the concepts and high-level procedural steps are the same whether you use LU 2.0 with Solstice DiskSuite software.
  
  
• Service Level Management in the Data Center (March 2002)
  -by Edward Wustenhoff
  Service Level Management (SLM) provides the methodology and discipline for measuring overall system performance parameters and forms the basis for implementing service level agreements (SLAs). This article presents a basic definition of SLM, details the SLM process, and provides best practices for using SLM. Tasks described include all aspects of gathering the metrics needed, at all platform layers, to evaluate compliance with SLAs and to ensure continuous improvement in overall system performance. Future articles from this author will investigate best practices surrounding SLAs.
  
  
• Managing Solaris Operating Environment Upgrades with Live Upgrade 2.0 (February 2002)
  -by John S. Howard
  Performing an upgrade of an operating system and the associated system software is one of the most time-consuming and error prone tasks facing system administrators. Compounding the upgrade process is the reality that most mission-critical or datacenter systems cannot afford to be taken down for any length of time to test patches and execute software upgrades. This article, part one of a three-part series, focuses on how Live Upgrade (LU) provides a mechanism to manage and upgrade multiple on-disk Solaris Operating Environments without taking the systems down. LU provides a framework to upgrade and work within multiple on-disk environments and reboots into the new Solaris Operating Environment after completion of changes to the on-disk software images.
  
  
• Data Center Design Philosophy (January 2002)
  -by Rob Snevely
  This article is from the entire first chapter of the Sun BluePrints book, Enterprise Data Center Design and Methodology, (ISBN 0-13-047393-6), which is available beginning January 30th through www.sun.com/books, amazon.com, and Barnes & Noble bookstores.
  
  This article lays the foundation for addressing challenges of data center design, through a presentation of the more important design issues, priorities, and philosophies. The article concludes with a summary of the ten most important design guidelines.
  
  
• The Intelligent Architectures Design Philosophy (December 2001)
  -by John S. Howard
  This article introduces the design philosophy and tenets of the Intelligent Architectures (IA) approach to systems architecture: a philosophy centered on the use of archetypes - original models after which similar things are patterned. This article presents the IA archetypes in brief, as well as rules and recommendations for combining archetypes to design systems and datacenters.
  
  
• Configuring Boot Disks (December 2001)
  -by John S. Howard and David Deeths
  This article is the fourth chapter of the Sun BluePrints book titled Boot Disk Management: A Guide For The Solaris Operating Environment (ISBN 0-13-062153-6), which is available through www.sun.com/books, amazon.com, and Barnes & Noble bookstores.
  
  
• Using NTP to Control and Synchronize System Clocks - Part III: NTP Monitoring and Troubleshooting (September 2001)
  -by David Deeths and Glenn Brunette
  This article is the third in a series of three articles that discuss using Network Time Protocol (NTP) to synchronize system clocks. The goal of this article is to provide an effective understanding of NTP troubleshooting and monitoring.
  
  
• Using NTP to Control and Synchronize System Clocks - Part II: Basic NTP Administration and Architecture (August 2001)
  -by David Deeths and Glenn Brunette
  This is Part 2 of a three-article series that discusses how to use Network Time Protocol (NTP) to synchronize system clocks. This article explains the basics of client and server administration, covering various client/server configurations, as well as authentication and access control mechanisms. This article also provides a number of suggestions for an effective NTP architecture.
  
  
• Using NTP to Control and Synchronize System Clocks - Part I: Introduction to NTP (July 2001)
  -by David Deeths and Glenn Brunette
  This article is the first of a series on the Network Time Protocol (NTP). NTP allows synchronizing clocks on different network nodes, which is critical in today's networked world. This first article provides an overview of why time synchronization is important and introduces basic NTP concepts.
  
  
• Datacenter Naming Scheme (May 2001)
  -by Mark Garner
  Eighty percent of outages are allegedly the result of people or proces issues. An intuitive and informative naming scheme can define and highlight the composition and function of components within a service infrastructure. The article looks at the merits of such a naming scheme and includes an example system for servers, storage, networks and cables that may help reduce operational error.
  
  
• Customizing the JumpStart Boot Image Recovery (March 2001)
  -by John S. Howard
  This article includes techniques and recommendations for creating a recovery platform by augmenting the Solaris OE boot image (mini-root). This article will also examine the boot and installation processes by demonstrating how to adapt those processes for system recovery.
  
  
• MR System for Rapid Recovery (January 2001)
  -by John S. Howard
  This article is an introduction to the MR system for rapid recovery. As the system uptime requirements have become more exacting, the length of time it takes to boot these larger and more complex systems has grown. By implementing MR on your JumpStart servers it may be possible to reduce the number of reboots required during a system recovery or service event. This minimization of reboots will speed recovery and service time as well as enable the system administrator to use datacenter tools during system recovery procedures.
  
  
• Sun/Oracle Best Practices (January 2001)
  -by Bob Sneed
  In this paper, Best Practice concepts are first defined, then specific high-impact technical issues common with Oracle in the Solaris Operating Environment are discussed.
  
  
• Planning for Large Configurations of Netra t1 Servers (January 2001)
  -by Stan Stringfellow - Special to the Sun BluePrints OnLine
  This article examines a wide range of management and serviceability issues that should be considered when planning a large (and possibly geographically disbursed) server farm consisting of Netra t1 servers. The use of the Netra alarms and lights-out management (LOM) module is discussed in some detail. Consideration is also given to several other topics, including the power and cooling issues that arise when up to 32 Netra t1 servers are mounted within a single rack or cabinet.
  
  
• Planning to Fail (December 2000)
  -by John S. Howard
  This article presents design guidelines and "best practices" for the selection and configuration of system software such as Veritas Volume Manager, Dynamic Mulit-pathing, Dynamic Reconfiguration, and Live Update. It also focuses on which versions and combinations of these software tools result in viable configurations, and which combinations to avoid.
  
  
• Sun StorEdge T3 Single Storage Array Design and Installation (September 2000)
  -by Mark Garner
  This article provides a roadmap for the cinfiguration of a single Sun StorEdge T3 Storage Array. It addresses: Prerequisites, Storage Layout Design, Implementation, Configuration and Basic Management.
  
  
• An Introduction to Live Upgrade (July 2000)
  -by John S. Howard
  John provides an introduction and overview of Live Upgrade and also provides techniques and best practices for the usage of Live Upgrade.
  
  
• Disaster Recovery Requirements Analysis (July 2000)
  -by Stan Stringfellow - Special to Sun BluePrints OnLine
  Stan discusses how to successfully implement a disaster recovery program through careful and exhaustive disaster recovery requirements analysis. He also provides a disaster recovery requirements analysis form that can serve as the basis for an iterative negotiation process that helps all parties to arrive at realistic expectations and well-understood disaster recovery service level agreements.
  
  
• JumpStart Mechanics: Using JumpStart Application for Hands- Free Installation of Unbundled Software - Part 2 Automatic Encapsulation of the Root Disk (June 2000)
  -by John S. Howard
  John provides procedures to fully automate the initial configuration of Sun Enterprise Volume Manager and automate encapsulation of the boot disk using JumpStart.
  
  
• The Art of Production Environment Engineering (June 2000)
  -by Bill Walker
  Bill addresses the production environment needs of the datacenter using the International Organization for Standardization (ISO), Fault Configuration Application Performance Security model (FCAPS), Information Technology Infrastructure Library framework (ITIL), a basic IT reference model, and the SunReady Methodology's roadmap to prodution.
  
  
• JumpStart Mechanics: Using JumpStart Application for Hands-Free Installation of Unbundled Software - Part 1 (May 2000)
  -by John S. Howard
  John discusses automating and standardizing the installation of the Solaris Operating Environment along with the associated unbundled software products and datacenter management tools.
  
  
• Solaris 8 Additions to sysidcfg (March 2000)
  -by Rob Snevely
  Shows you how to do fully hands-off installations of the Solaris 8 Operating Environment. He also discusses how to use Jumpstart and sysidcfg to provide uniform Solaris Operating Environment installations and save you time.
  
  
• Fast Oracle Parallel Exports on Sun Enterprise Servers (March 2000)
  -by Stan Stringfellow - Special to Sun BluePrints OnLine
  Gives a script that performs very fast Oracle database exports by taking advantage of parallel processing on SMP machines. This script can be invaluable for situations where you need to perform exports of large mission-critical databases that require high availability.
  
  
• Setting Up a Solaris Operating Environment Install Server and the Solaris JumpStart Feature (December 1999)
  -by Rob Snevely
  A walkthrough on setting up an install server.
  
  
• JumpStart: NIS and sysidcfg (October 1999)
  -by Rob Snevely
  How to use JumpStart technology to allows automation of the install process.
  
  
• An Overview of Methodology (April 1999)
  -by Adrian Cockcroft
  An in-depth overview on Service Level Definitions and Interactions and Resource Management Control Loop.
  
  
• Dynamic Reconfiguration (April 1999)
  -by Enrique Vargas
  The fundamentals of Dynamic Reconfiguration.
  
  

Back to Top

Rapid Recovery Techniques

• Architecting Availability and Disaster Recovery Solutions (April 2006)
  -by Tim Read
  IT departments typically run four broad classes of service in the data centre: mission critical, business critical, business operational and administrative services. Which service falls into which category is normally agreed between the business units and the IT department by determining the importance of various business processes and how these map on to IT systems. Each class, and possibly individual services, will have service level agreement (SLAs). In turn, these demand different levels of protection against failure, whether caused by hardware or software problems, administrative error, data loss or corruption or disasters of various sorts. Problems that make the data unavailable, through hardware or software failure, require a different solution to those that make the underlying data itself unavailable, either through corruption or deletion.
  
  Services considered mission critical require technical solutions that include both a service availability and a disaster recovery component as part of a full business continuity plan (BCP). The 'best practice' data centre infrastructure design patterns for many of the pieces needed for such solutions: local area networks, storage area networks, systems management, security, provisioning and clustering are described in detail in the 'Data Centre Reference Implementation' white paper.
  
  This document discusses the options for meeting the SLAs for mission and business critical services with particular reference to the Sun Cluster software. Where multiple solutions exist, the underlying complementary technologies: disk mirroring, data replication, transaction monitors and database replication techniques, are examined to highlight the trade-offs that must be made when using certain hardware and software combinations.
  
  The broader topic business continuity involves the consideration of more than just system availability and disaster recovery. This white paper does not cover any aspects of the disaster planning required for telecommunications, staffing or physical infrastructure, such as buildings, desks, etc.
  
  
• Tuning ORACLE to Minimize Recovery Time: For Solaris Operating System on SPARC (November 2003)
  -by James Mauro
  This article provides recommendations for tuning ORACLE on SPARC processor-based systems running the Solaris Operating System (Solaris OS) to minimize recovery in the event of a system or database failure. This article is relevant for any audience level
  
  
• Deploying the Solaris Operating Environment Using a Solaris Security Toolkit CD (September 2003)
  -by Steven Spadaccini
  The Solaris Security Toolkit is a collection of shell scripts combined to form a flexible and extensible framework for rapidly deploying hardened platforms running the Solaris Operating Environment. The Toolkit is, however, quite versatile and can be used for much more than just hardening a system. This article discusses how the Toolkit can be used to construct a bootable CD, based on Sun's JumpStart framework, for building and configuring new systems. This article is authored for intermediate and advanced system administrators.
  
  
• Sun StorEdge[tm[ Instant Image 3.0 and Oracle8i Database Best Practices (August 2002)
  -by Art Licht
  A methodology for implementing the Sun StorEdge Instant Image 3.0 Point-In-Time (PIT) copy technology to perform non-intrusive and efficient backup operations on Oracle8i databases, without impacting business operations is presented. A method customers can use to repurpose the PIT Oracle8i data for parallel business processes is also included.
  
  
• Customizing the JumpStart Boot Image for Recovery (March 2001)
  -by John S. Howard
  This article includes techniques and recommendations for creating a recovery platform by augmenting the Solaris OE boot image (mini-root). This article will also examine the boot and installation processes by demonstrating how to adapt those processes for system recovery.
  
  
• MR Systme for Rapid Recovery (January 2001)
  -by John S. Howard
  This article is an introduction to the MR system for rapid recovery. As the system uptime requirements have become more exacting, the length of time it takes to boot these larger and more complex systems has grown. By implementing MR on your JumpStart servers it may be possible to reduce the number of reboots required during a system recovery or service event. This minimization of reboots will speed recovery and service time as well as enable the system administrator to use datacenter tools during system recovery procedures.
  
  
• SCSI-Initiator ID (August 2000)
  -by David Deeths
  Changing the SCSI-initiator ID is necessary for cluster configurations that share SCSI devices between multiple hosts. This article walks you through the process, and also provides an excellent background on SCSI issues in clustered systems.
  
  
• Disaster Recovery Requirements Analysis (July 2000)
  -by Stan Stringfellow - Special to Sun BluePrints OnLine
  Stan discusses how to successfully implement a disaster recovery program through careful and exhaustive disaster recovery requirements analysis. He also provides a disaster recovery requirements analysis form that can serve as the basis for an iterative negotiation process that helps all parties to arrive at realistic expectations and well-understood disaster recovery service level agreements.
  
  
• A Sun StorEdge Rapid Restore Solution for Disaster Resiliency (April 2000)
  -by Raza Hussain
  Raza gives a quick and efficient method for using point in time images to minimize the potential of data loss and expedite the restoration of business to normal.
  
  
• SSP Best Practices (March 2000)
  -by John S. Howard
  Presents best practice procedures and configurations for the SSP and backup SSP. In addition, an overview of the MR system for rapid recovery of systems or domains.
  
  
• Rapid Recovery Techniques: Auditing Custom Software Configurations (February 2000)
  -by Richard Elling
  The fourth article in a series that covers rapid recovery techniques for the Solaris Operating Environment.
  
  
• Rapid Recovery Techniques for the Solaris Operating Environment (January 2000)
  -by Richard Elling
  Discusses the Solaris Operating Environment software registry, the ease of building packages, and the use of these packages in an automated installation environment.
  
  
• Rapid Recovery Techniques: Repairing File Ownership and Mode (December 1999)
  -by Richard Elling
  The second article in a series that will discuss rapid recovery techniques for the Solaris Operating Environment.
  
  
• Rapid Recovery Techniques: Exploring the Solaris Software Registry (October 1999)
  -by Richard Elling
  How to use processes to recover from errors caused by people.
  
  

Back to Top

Security

• Privilege Bracketing in the Solaris 10 Operating System (April 2006)
  -by Glenn Brunette
  In IT security, the well-known “least privilege” principle states that: “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” This Sun BluePrints OnLine article describes how to use the Process Rights Management feature of the Solaris 10 Operating System to implement this principle for any given software program.
  
  Process Rights Management allows software developers to write privilege-aware programs that run with only the privileges they need, dropping those that are not needed or are no longer required. Further, using a programming technique called privilege bracketing, a developer can control exactly when a privilege or set of privileges is active or in effect.
  
  Software developers can use the privilege bracketing technique to ensure that a program is running with privilege only when that privilege is required. This is accomplished by placing privileged software operations between code that effectively enables and disables specific privileges. Using the methods described in this article, software developers will be able to develop privileged programs that are more secure and resilient to flaws because the use of privilege within the code can be more tightly controlled.
  
  
• Using the Cryptographic Accelerator of the UltraSPARC T1 Processor (March 2006)
  -by Ning Sun, Pallab Bhattacharya
  Businesses in every industry are concerned about secure communications and data privacy. Typically, these tasks are accomplished through the utilization of the Secure Sockets Layer (SSL). Unfortunately, SSL processing is compute-intensive and can create performance bottlenecks for a variety of commercial workloads. To address these concerns, organizations can take advantage of several Sun technologies that work together to mitigate the performance bottlenecks associated with SSL encryption and decryption. The Solaris Cryptographic Framework (SCF) provides cryptographic services for kernel-level and user-level consumers, as well as several software encryption modules. Based on the SCF, a new SSL proxy (KSSL) kernel module offloads SSL processing from user applications, enabling them to transparently take advantage of powerful hardware accelerators, like those available in Sun’s new UltraSPARC T1 processor, that speed up SSL processing.
  
  This Sun BluePrints article demonstrates how the combination of the Solaris 10 Operating System and the UltraSPARC T1 processor can be used to create a high performance, secure Web site. It provides a brief overview of SSL technology, as well as an introduction to the Solaris Cryptographic Framework. Configuration details are included for common security applications, such as Apache, the Sun Java System Web Server, and secure Java technology applications, enabling these programs to utilize NCP and KSSL technology. A performance study of secure Web applications is also included.
  
  
• The Solaris Fingerprint Database - a Security Tool for Solaris Operating Environment Files (March 2006)
  -by Vasanthan Dasan, Alex Noordergraaf, Lou Ordorica, Glenn Brunette
  This article describes the Solaris Fingerprint Database (sfpDB), a security tool that enables users to verify the integrity of files distributed with the Solaris Operating Environment. By validating that these files have not been modified, administrators can determine whether their systems have, or have not, been hacked and had trojaned malicious replacements for system files installed.
  
  This is an updated version of the original Sun BluePrints publication, published in May 2001. This document has been updated to support the Solaris 10 Operating System and includes numerous other additions, clarifications, and references.
  
  
• Toward Systemically Secure IT Architectures (February 2006)
  -by Glenn Brunette
  The convergence and availability of greater numbers of computers, mobile phones, PDAs, and other devices are fueling new opportunities and new styles of sharing, participation, and commerce. Traditional organizational and network boundaries continue to blur and fade as organizations find new ways of engaging their customers, partners, suppliers, and employees. Furthermore, the delivery of services is becoming more streamlined, as associations among components and data become more dynamic in response to “just in time” business decisions. Unprecedented levels of access and sharing are fast becoming the norm and helping to fuel what is being called “the Participation Age.”
  
  Security risk accompanies all of the benefits that these opportunities offer — risk that cannot and must not be ignored. Attacks on IT resources can now be executed on a global basis, using the Internet or other communications networks, at speed and on a scale previously unknown. News of identity theft, industrial espionage, and the ever-present insider threat is rapidly increasing. While many of the common attack methods have largely not changed over the last ten years, their impact has been amplified as a result of a significantly increased number of potential targets, increased levels of dependence and connectivity among targets, and heightened levels of attack automation, making the attacks easier to configure and execute on a global scale.
  
  This Sun BluePrints OnLine article addresses the need for strong security guarantees in increasingly dynamic and flexible information technology (IT) environments. The Sun Systemic Security approach applies time-tested security principles, architectural patterns, and iterative refinement policies to weave security controls and assurances more systemically throughout an IT environment. Using a pattern-based approach and a focus on iterative refinement, organizations can transform their existing legacy deployments into resilient architectures that meet not only their security, privacy, and compliance needs, but also satisfy other business goals, such as increased agility, flexibility, efficiency, and availability. In fact, this approach can be used to help drive the adoption of new service and utility-based compute architectures.
  
  
• Privilege Debugging in the Solaris 10 Operating System (February 2006)
  -by Glenn Brunette, Darren Moffat
  The traditional UNIX privilege model is based on the concept of a super-user. In this model, the system associates all of its privileged operations with the root account or — more precisely — the user identifier (UID) 0. All other UIDs are considered unprivileged by the operating system. This “all or nothing” approach to privilege delegation means that any application that must perform a privileged operation, such as a binding to a reserved network port (for example, one whose port number is less than 1024), must be started as root.
  
  Starting applications in this manner, however, is inherently risky because it means that the application will have privilege to do anything on the system. Administrators are forced to trust the applications to use only the privileges that they need and only in the ways that are expected. Consequently, disaster could ensue should the application not manage its use of privilege safely, or should the application be misconfigured or exploited in some way.
  
  This Sun BluePrints article describes how to profile applications and services in order to determine which Solaris 10 privileges they attempt to use. With this information, organizations can then restrict those applications and services so that they are granted only the absolutely necessary privileges that they need to fulfill their intended purpose.
  
  
• Enforcing the Two-Person Rule Via Role-Based Access Control in the Solaris 10 Operating System (August 2005)
  -by Glenn Brunette
  Whether discussing physical or logical access controls, organizations have for years applied the practice of the two-person rule to help secure IT assets. Using the two-person rule is an optional approach for organizations wanting to protect access to key data sets, or to restrict who may perform sensitive or high impact operations on a system.In many circumstances, however, more traditional IT security controls are likely appropriate. Using the two-person rule is most often reserved for restricting the most sensitive IT security operations performed within an organization. Whether and where a given organization could apply the two-person rule depends on its policies, architecture, processes, and requirements.
  
  This Sun BluePrints cookbook describes how to use Solaris Role-Based Access Control (RBAC) in the Solaris 10 Operating System (Solaris OS) to enforce the two-person rule in IT security.
  
  
• Restricting Service Administration in the Solaris 10 Operating System (June 2005)
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to use the Solaris 10 Service Management Facility (SMF) to require specific authorizations for certain types of operations. Using this capability, it is possible to delegate access to core service management functions based on the concept of least privilege--if a user or service does not strictly need to have some degree of privilege, then that privilege should not be granted. SMF allows organizations to have much finer grained access control policies than was possible before the Solaris 10 Operating System.
  
  
• Limiting Service Privileges in the Solaris 10 Operating System (May 2005)
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to use the Solaris 10 Service Management Facility (SMF) to start a service at boot time (or at any later time) with reduced privileges. This is accomplished by setting the user, group, and set of privileges used to start the service. This article describes how to accomplish this in a practical context using a real service as an example.
  
  
• Using Computer Forensics When Investigating System Attacks (April 2005)
  -by Joel Weise and Brad Powell
  This Sun BluePrints Online article describes how to use computer forensics when investigating attacks on a computer system. Computer forensics is an approach that helps investigators identify the source of an attack on an organization's systems and helps with assessing and recovering from any damage resulting from such an attack.
  
  Computer forensic investigations must be conducted in such a way that the information collected could be introduced as evidence in a court of law during the criminal prosecution of the attacker. Failure to follow guidelines for handling evidence might preclude an organization from being able to successfully prosecute the attacker(s). Although not all computer-forensic investigations lead to prosecution, organizations should always collect evidence using a methodology that can stand up in a court of law.
  
  
• Integrating BART and the Solaris Fingerprint Database in the Solaris 10 Operating System (April 2005)
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to quickly and easily authenticate BART, "the Solaris 10 Operating System Basic Audit and Reporting Tool", manifests using the Solaris Fingerprint Database (sfpDB). Using this process, you can determine whether there exist any files within the BART manifest that have been modified from the way in which they were shipped by Sun. This information is crucial when deciding how much trust can be placed in the validity of the files at the time the BART manifest was generated.
  
  
• Automating Solaris 10 File Integrity Checks (March 2005)
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to centralize and automate the collection of file integrity information using the following Solaris features:
  
  * Secure Shell
  * Role-based Access Control (RBAC)
  * Process Privileges
  * Basic Auditing and Reporting Tool (BART)
  
  Each of these features can be quickly and easily integrated to centralize and automate the process of collecting file fingerprints across a network of Solaris 10 systems.
  
  
• IPsec--A Secure Deployment Option (June 2004)
  -by Regunathan Rajaiah
  This article addresses the problem of protecting data traffic between systems. The document uses working examples to explain how to configure IPsec to protect data, to create keys, and to troubleshoot implementations. The article targets an intermediate reader and also addresses the trade-offs in implementing IPsec.
  
  
• Building OpenSSH--Tools and Tradeoffs, Updated for OpenSSH 3.7.1p2 (April 2004)
  -by Jason Reid
  This article updates the information in the January 2003 Sun BluePrints OnLine article, "Building OpenSSH--Tools and Tradeoffs". This article contains information about gathering the needed components, deciding the compile-time configuration decisions, building the components, and finally assembling OpenSSH. The script file, "Building OpenSSH Tools TAR", provides tools that simplify the packaging and deployment of the OpenSSH tool on the Solaris Operating Environment. This article targets an advanced audience.
  
  
• Securing the Sun Fire 12K/15K System Controller (January 2004)
  -by Alex Noordergraaf, Steven Spadaccini and Dina Nimeh
  This article provides recommendations on how to securely deploy the Sun Fire 12K and 15K system controllers (SC). These recommendations apply to environments where security is a concern, particularly environments where the uptime requirements of the SC and/or the information on the Sun Fire server is critical to the organization. This article is one in a series that provides recommendations for enhancing security of a Sun Fire system. After securing the SC, we recommend that you use the "Securing the Sun Fire 12K and 15K Domains" article to secure the SC domains. This article includes updates related to System Management Services (SMS) version 1.4.
  
  
• Securing the Sun Fire 12K/15K Domains (January 2004)
  -by Alex Noordergraaf, Steven Spadaccini and Dina Nimeh
  This article documents security modifications that you can implement on Sun Fire 12K and 15K domains without adversely affecting their behavior. The configuration changes in this article enable Solaris Operating Environment (OE) security features and disable potentially insecure services and daemons. This article is one in a series that provides recommendations for enhancing security of a Sun Fire system. Before securing the domains, we recommend that you use the "Securing the Sun Fire 12K and 15K System Controllers" article to secure the system controllers. This article includes updates related to System Management Services (SMS) version 1.4.
  
  
• Securing Linux Systems With Host-Based Firewalls: Implemented With Linux iptables (November 2003)
  -by Ge' Weijers
  This article provides information and recommendations for securing Linux operating systems with host-based firewalls. This article aims to provide readers with a template for constructing a host-based firewall that provides a useful layer of protection against the risks of exposing a system to internal and/or external users. Additionally, readers can gain an understanding of construction methods for host-based firewalls in general and Linux-based firewalls in particular. This article targets an intermediate audience.
  
  
• Responding to a Customer's Security Incidents--Part 4: Processing Incident Data (October 2003)
  -by Vijay Masurkar
  This fourth article focuses on authenticating, preserving, and processing the incident data. Only the salient points for best practices that should be executed in processing the incident data are discussed here. These practices are typically preceded by a recovery phase and are only starting points for a more detailed analysis for building a policy with the associated processes and procedures. This article is targeted to an advanced reader.
  
  
• Responding to Customer's Security Incidents--Part 3: Following Up After an Incident (September 2003)
  -by Vijay Masurkar
  The third in a five-part series, this article focuses on following up after an incident and presents the best practices that should be executed in the follow-up phase. These topics include acquiring incident data, resorting to legal actions when deemed necessary, and conducting post-incident activities such as taking inventory of the affected assets, assessing the damage, and capturing the lessons learned. This article is intended for advanced readers such as computer security managers, security policy developers, system administrators, and other related staff, who are responsible for the creation or operation of a computer security incident response policy and service.
  
  
• Deploying the Solaris Operating Environment Using a Solaris Security Toolkit CD (September 2003)
  -by Steven Spadaccini
  The Solaris Security Toolkit is a collection of shell scripts combined to form a flexible and extensible framework for rapidly deploying hardened platforms running the Solaris Operating Environment. The Toolkit is, however, quite versatile and can be used for much more than just hardening a system. This article discusses how the Toolkit can be used to construct a bootable CD, based on Sun's JumpStart framework, for building and configuring new systems. This article is authored for intermediate and advanced system administrators.
  
  
• Part I: Minimizing Domains for Sun Fire V1280, 6800, 12K, and 15K Systems (September 2003)
  -by Nicholas O'Donnell and Alex Noordergraaf
  This article is the first part of a two-part series that provides information and recommendations for minimizing domains for Sun Fire V1280, Midframe, 12K, and 15K systems. This part provides background information, describes the concept of qualifying a minimized Solaris configuration for an application, covers how to automate installations using JumpStart technology, and details a recommended methodology for minimizing a system. This article is targeted toward an advanced audience.
  
  
• Part II: Minimizing Domains for Sun Fire V1280, 6800, 12K, and 15K Systems (September 2003)
  -by Nicholas O'Donnell and Alex Noordergraaf
  This article is the second part of a two-part series and provides information and recommendations for minimizing domains for the Sun Fire V1280, Midframe, 12K and 15K systems. This part describes the package configurations needed for the various applications, describes the profiles produced for performing JumpStart installations of domains, and provides a case study as an example of applying the minimization methodology to an application. This article is targeted toward an advanced audience.
  
  
• Building Secure Sun Fire Link Interconnect Networks Using Sun Fire 15K and Sun Fire 12K Servers (August 2003)
  -by Joe Higgins and Steven Spadaccini
  Deploying a secure distributed computer system can be difficult. This article describes how to install and deploy the Sun Fire Link product so that it can be securely managed and operated. The article documents the software architecture and steps needed to secure the Sun Fire Link interconnect. The commands used in configuration steps are either Fire Link Manager (FM) or Solaris Operating Environment (Solaris OE) tools. The article also includes a section on how to create, configure, and secure a Sun Fire Link fabric. This article requires a general knowledge of Solaris OE system administration and is written for advanced system administrators.
  
  
• Securing Sun Linux Systems: Part I, Local Access and File Systems (July 2003)
  -by Glenn Brunette, Michael Hullhorst, and Ge Weijers
  This article is the first part of a two-part series that provides recommendations for securing the Sun Linux 5.0 operating system. This part provides recommendations for securing local access and file systems. The information in this article applies only to the Sun Linux 5.0 distribution, although some of the techniques or recommendations might apply to other Linux distributions. This article is ideal for a reader with a beginner to Intermediate level of expertise.
  
  
• Securing Sun Linux Systems: Part II, Network Security (July 2003)
  -Glenn Brunette, Michael Hullhorst, and Ge Weijers
  The second in a two-part series, this article provides recommendations for securing the Sun Linux 5.0 operating system. This part provides specific recommendations for network security. The information in this article applies only to the Sun Linux 5.0 distribution, although some techniques or recommendations may apply to other Linux distributions. This article is ideal for a reader with a beginner to Intermediate level of expertise.
• Role Based Access Control and Secure Shell--A Closer Look At Two Solaris Operating Environment Security Features (June 2003)
  -by Thomas M. Chalfant
  To aid the customer in adopting better security practices, this article introduces and explains two security features in the Solaris operating environment. The first is Role Based Access Control and the second is Secure Shell. The goal is to provide you with enough information to make an effective decision to use or not use these features at your site as well as to address configuration and implementation topics. This article is targeted to the intermediate level of expertise.
  
  
• Solaris Operating Environment Network Settings for Security: Updated for Solaris 9 Operating Environment (June 2003)
  -by Alex Noordergraaf
  This article describes network settings available within the Solaris Operating Environment (Solaris OE) and recommends how to adjust network settings to strengthen the security posture of Solaris OE systems.
  
  This article updates the original article to include changes for Solaris 9 OE. These additions and modifications are incorporated into an updated "nddconfig" script available from http://www.sun.com/blueprints/tools/. This article is ideal for all levels of expertise.
  
  
• Integrating the Secure Shell Software (May 2003)
  -by Jason Reid
  This article discusses integrating Secure Shell software into an environment. It covers replacing rsh(1) with ssh(1) in scripts, using proxies to bridge disparate networks, limiting privileges with role-based access control (RBAC), and protecting legacy TCP-based applications. This article is the entire fifth chapter of the upcoming Sun BluePrints book "Secure Shell in the Enterprise" by Jason Reid, which will be available in June 2003.
  
  
• Auditing System Security (May 2003)
  -by Alex Noodergraaf and Glenn Brunette
  This article describes how to audit (validate) a system's security using the Solaris Security Toolkit software. You can use the information and procedures in this article to maintain an established security profile after hardening. For systems that are already deployed, you can use this information to assess security before hardening.
  
  This article is the entire sixth chapter of the upcoming Sun BluePrints book, "Securing Systems With the Solaris Security Toolkit", by Alex Noodergraaf and Glenn Brunette (ISBN 0-13-141071-7), which will be available in early July 2003.
  
  
• Responding to Customer's Security Incidents--Part 2: Executing a Policy (April 2003)
  -by Vijay Masurkar
  This article is the second in a series that discusses a policy of security incident responses. The article describes the policy best practices and execution features - evaluation, containment, and eradication of and recovery from a security incident - for responding to a customer's incident within the policy scope. Part one of this series, "Responding to Customer's Security Incidents (Part 1): Establishing Teams and a Policy" was a March 2003 Sun BluePrints OnLine article.
  
  
• Configuring the Secure Shell Software (April 2003)
  -by Jason M. Reid
  This article provides recommendations for configuring two specific Secure Shell implementations for the Solaris Operating Environment (Solaris OE): OpenSSH and the Solaris Secure Shell software. The Solaris Secure Shell software is a component of the Solaris 9 OE release. OpenSSH is also available for previous Solaris OE releases. For information on building OpenSSH, consult the January 2003 Sun BluePrints OnLine article, "Building OpenSSH Tools and Tradeoffs."
  
  
• Responding to Customer's Security Incidents--Part 1: Establishing Teams and a Policy (March 2003)
  -by Vijay Masurkar
  This article is the first of a series of articles that discuss building teams, establishing a security incident response policy, and executing it. The article is intended to provide highlights and best practices information about computer security incident response, building teams to process security incidents, and developing important factors in establishing a security incident response policy framework. The primary audience consists of computer security managers, security policy developers, system administrators, and other related staff responsible for the creation or operation of a computer incident response team and/or a computer security incident response (CSIR) policy and service.
  
  
• Securing the Sun Fire 12K and 15K System Controllers (February 2003)
  -by Alex Noordergraaf and Dina Nimeh
  This article provides recommendations on how to securely deploy the Sun Fire 12K and 15K system controllers (SC). These recommendations apply to environments where security is a concern, particularly environments where the uptime requirements of the SC and/or the information on the Sun Fire server is critical to the organization.
  
  
• Securing the Sun Fire 12K and 15K Domains (February 2003)
  -by Alex Noordergraaf and Dina Nimeh
  This article documents security modifications that you can implement on Sun Fire 12K and 15K domains without adversely affecting their behavior. The configuration changes in this article enable Solaris Operating Environment (Solaris OE) security features and disable potentially insecure services and daemons.
  
  
• Securing the Sun Cluster 3.x Software (February 2003)
  -by Alex Noordergraaf
  To provide a robust environment where Sun Cluster 3.x software can be deployed, very specific requirements are placed on the configuration of the Solaris Operating Environment (Solaris OE). This article describes how to secure the Solaris OE and the Sun Cluster 3.x software. Before the release of Sun Cluster 3.0 (12/01) software, no secured configurations were supported. This article includes updates for Sun Cluster 3.1 software.
  
  
• Building Secure Sun Fire Link Interconnect Networks Using Midframe Servers (February 2003)
  -by Joe Higgins
  This article describes how to install and deploy the Sun Fire Link interconnect so that it can be securely managed and operated. The software architecture and the steps to secure the Sun Fire Link interconnect software are documented.
  
  
• Building OpenSSH--Tools and Tradeoffs (January 2003)
  -by Jason M. Reid
  This article updates much of the information in the July 2001 Sun BluePrints OnLine article, "Building and Deploying OpenSSH for the Solaris Operating Environment". The article contains information about gathering the needed components, making the compile-time configuration decisions, building the components, and finally assembling the OpenSSH environment.
  
  
• System Management Services Software: An Inside Look (January 2003)
  -by Tom Chalfant
  This article addresses some of the more advanced topics of System Management Services (SMS) software including the Management Network (MAN) and SMS security. In addition, it provides insight to a new security feature that enables you to use secure shell for file synchronization between system controllers (SCs).
  
  
• Solaris Operating Environment Security: Updated for Solaris 9 Operating Environment (December 2002)
  -by Alex Noordergraaf and Keith Watson
  This article provides recommendations on how to secure a Solaris Operating Environment (Solaris OE). Securing a Solaris OE system requires that changes be made to its default configuration. The changes outlined in this article address the majority of the methods that intruders use to gain unauthorized or privileged access to an improperly configured system. Implementing the changes recommended in this article requires planning, testing, and documentation to be successful in securing a computing environment.
  
  
• Trust Modeling for Security Architecture Development (December 2002)
  -by Donna Andert, Robin Wakefield, and Joel Weise
  Information technology architects must build applications, systems, and networks that match ordinary users' expectations of trust in terms of identity, authentication, service level agreements, and privacy. This article describes the vocabulary of trust relationships and demonstrates the practical importance of using trust modeling to formalize the threshold for risk.
  
  
• Minimizing the Solaris Operating Environment for Security: Updated for Solaris 9 Operating Environment (November 2002)
  -by Alex Noordergraaf
  This article provides tips, instructions, and preferred practices for minimizing the Solaris Operating Environment (Solaris OE) to increase system security. It focuses on operating system (OS) installation practices for minimizing and automating Solaris OE installations. It provides a simple, reproducible, and secure application installation methodology.
  
  
• Extending Authentication in the Solaris 9 Operating Environment Using Pluggable Authentication Modules (PAM): Part II (October 2002)
  -by Michael Haines and Joep Vesseur
  This article is part two of a two-part series and details the PAM application programming interface (API) and the PAM service provider interface (SPI). Also included are procedures on how to effectively write PAM modules when using the Solaris 9 Operating Environment (Solaris 9 OE). By writing these PAM service modules, it is possible to extend the capability of the Solaris 9 OE authentication mechanisms in a number of different ways.
  
  Part one, Extending Authentication in the Solaris 9 Operating Environment Using Pluggable Authentication Modules (PAM): Part I, was published in the September 2002 issue of Sun BluePrints Online.
  
  
• Extending Authentication in the Solaris 9 Operating Environment Using Pluggable Authentication Modules (PAM): Part I (September 2002)
  -Michael Haines
  This article is the first of a two-part series that offers a technical overview of how the Solaris 9 Operating Environment implementation of Pluggable Authentication Modules (PAM) works. This article demonstrates straightforward methods for configuring PAM to accommodate site-specific security policy requirements and examines the PAM architecture and its components.
  
  
• Securing Sun Fire 12K and 15K Domains: Updated for SMS 1.2 (July 2002)
  -by Alex Noordergraaf and Dina Nimeh
  This article documents security modifications that you can implement on Sun Fire 12K and 15K domains without adversely affecting their behavior. The configuration changes in this article enable Solaris Operating Environment (Solaris OE) security features and disable potentially insecure services and daemons. This article is one in a series that provides recommendations for enhancing security of a Sun Fire system. Before securing the domains, we recommend that you use the "Securing the Sun Fire 12K and 15K System Controllers" article to secure the system controllers.
  
  
• Securing the Sun Fire 12K and 15K System Controllers: Updated for SMS 1.2 (July 2002)
  -by Alex Noordergraaf and Dina Nimeh
  This article provides recommendations on how to securely deploy the Sun Fire 12K and 15K system controllers (SC). These recommendations apply to environments where security is a concern, particularly environments where the uptime requirements of the SC and/or the information on the Sun Fire server is critical to the organization. This article is one in a series that provides recommendations for enhancing security of a Sun Fire system. After securing the SC, we recommend that you use the "Securing the Sun Fire 12K and 15K Domains" article to secure the SC domains.
  
  
• Securing LDAP Through TLS/SSL--A Cookbook (June 2002)
  -by Stefan Weber
  Deploying secure Lightweight Directory Access Protocol (LDAP) connections is becoming more demanding. This article details the steps on how to set up the Sun Open Net Environment (Sun ONE) Directory Server software so that it can be accessed securely from command line tools.
  
  
• Securing the Sun Fire Midframe System Controller (June 2002)
  -by Alex Noordergraaf and Tony M. Benson
  Securely deploying the Sun Fire Midframe System Controller (SC) is crucial. This article offers recommendations on building a separate and private SC network, to which the insecure protocols required to manage an SC are restricted.
  
  
• How Hackers Do It: Tricks, Tools, and Techniques (May 2002)
  -by Alex Noordergraaf
  Learn how to build and maintain secure systems and implement preventive solutions against the common tricks, tools, and techniques used by hackers to gain unauthorized access to Solaris Operating Environment systems.
  
  
• Securing the Sun Cluster 3.0 Software (May 2002)
  -by Alex Noordergraaf
  Reduce susceptibility to attacks and increase the reliability, availability, and serviceability of systems that run Sun Cluster 3.0 software by implementing the recommendations for configuring the Solaris Operating Environment and supported agents detailed in this article.
  
  
• Securing the Sun Enterprise 10000 System Service Processors (March 2002)
  -by Alex Noordergraaf
  Security of high-end systems, such as the Sun Enterprise 10000 servers, is of critical concern to customers deploying such systems in their environments. This article provides a documented and fully supported solution for protecting the weakest links in the security of the Sun Enterprise 10000 server--the system service processors (SSPs).
  
  
• Server Virtualization Using Trusted Solaris 8 Operating Environment (February 2002)
  -by Glenn Faden
  Building on the concepts presented in his follow-on article, Maintaining Network Separation with Trusted Solaris 8 Operating Environment, expands on the techniques of configuring labeled networks to show how the Trusted Solaris Operating Environment can be deployed by a network service provider to support multiple customers within a single infrastructure. Through the use of the appropriate Trusted Solaris Operating Environment functionality, each customer can have its own virtual server or community. This article describes best practices for administrative procedures and configuration files that are required to set up fully contained communities.
  
  
• Configuring OpenSSH for the Solaris Operating Environment (January 2002)
  -by Jason M. Reid
  The network environment was never safe. As more users connect to open networks for remote access, the risks of compromising systems and accounts increase. Secure network tools such as OpenSSH counter the threats of password theft, session hijacking, and other network attacks. These tools require planning, configuration, and integration. This article deals with server and client configurations, key management, and integration into existing environments for the Solaris Operating Environment (OE).
  
  (NOTE - See the Sun BluePrints article "Configuring Secure Shell Software" by Jason M. Reid, April 2003 for additional and updated information.)
  
  
• Securing Sun Fire 15K Domains (January 2002)
  -Alex Noordergraaf and Dina Kurktchi
  This article describes how the Solaris Operating Environment can be hardened on a Sun Fire 15K domain. Included are recommendations on how the Solaris Operating Environment image running on the Sun Fire 15K domains should be configured in secure environments.
  
  
• Developing a Security Policy (December 2001)
  -by Joel Weise and Charles R. Martin
  Security policy development is a frequently overlooked component of overall security architectures. This article details the importance of security policies and the basic steps involved in their creation.
  
  
• Sun Cluster 3.0 12/01 Security: with the Apache and iPlanet Web and Messaging Agents (December 2001)
  -by Alex Noordergraaf, Mark Hashimoto and Richard Lau
  This article takes a first step in providing secured configurations for Sun Cluster 3.0 software by describing how three specific agents can be deployed in a secured configuration that is supported by Sun Microsystems. Sun Cluster 3.0 software is used by organizations to provide additional assurance that mission-critical services will be available despite unexpected hardware or software failures.
  
  
• Securing the Sun Fire 15K System Controller (November 2001)
  -by Alex Noordergraaf and Dina Kurktchi
  This Sun BluePrints OnLine article provides specific recommendations on how the security of the Sun Fire 15k System Controller (SC) can be improved. These recommendations include specific recommendations on how the Solaris Operating Environment (Solaris OE) image running on the SC should be configured in secured environments.
  
  
• Kerberos Network Security in the Solaris Operating Environment (October 2001)
  -by Wyllys Ingersoll
  This article describes how to correctly and securely configure Kerberos in the Solaris Operating Environment. It provides best practices and recommendations.
  
  
• Securing the Sun Fire Midframe System Controller (September 2001)
  -by Alex Noordergraaf and Tony Benson
  This article provides detailed recommendations on how to securely integrate the new Sun Fire Midframe systems into your environment.
  
  
• Securing Systems with Host-Based Firewalls - Implemented With SunScreen Lite 3.1 Software (September 2001)
  -by Martin Englund
  This article provides a discussion of why host-based firewalls can be an effective alternative to choke-point based firewalls or an additional layer of security in an environment. Details are then provided on how to implement a host-based firewalls using Sun's free host-based firewall software - SunScreen SecureNet Lite.
  
  
• Using NTP to Control and Synchronize System Clocks - Part III: NTP Monitoring and Troubleshooting (September 2001)
  -by David Deeths and Glenn Brunette
  This article is the third in a series of three articles that discuss using Network Time Protocol (NTP) to synchronize system clocks. The goal of this article is to provide an effective understanding of NTP troubleshooting and monitoring.
  
  
• Using NTP to Control and Synchronize System Clocks - Part II: Basic NTP Administration and Architecture (August 2001)
  -by David Deeths and Glenn Brunette
  This is Part 2 of a three-article series that discusses how to use Network Time Protocol (NTP) to synchronize system clocks. This article explains the basics of client and server administration, covering various client/server configurations, as well as authentication and access control mechanisms. This article also provides a number of suggestions for an effective NTP architecture.
  
  
• Public Key Infrastructure Overview (August 2001)
  -by Joel Weise
  This article removes some of the mystique, fear and misconceptions with Public Key Infrastructures (PKI), by providing an overview of what it is, how it works, why and when it should be used, and the benefits it can provide. After reading this article individuals should be better able to determine their requirements for a PKI and what features they need for their particular business.
  
  
• Building and Deploying OpenSSH on the Solaris Operating Environment (July 2001)
  -by Jason M. Reid and Keith Watson
  This article describes the build and deployment processes for OpenSSH on Solaris Operating Environment. There are several components that must be built prior to building OpenSSH itself. Each necessary component is listed and described along with recommendations on build options. Openssh itself is a flexible tool with several options that affect integration into a site's security policy. These options are explored. Issues of packaging and deployment are also addressed.
  
  
• Using NTP to Control and Synchronize System Clocks - Part I: Introduction to NTP (July 2001)
  -by David Deeths and Glenn Brunette
  This article is the first of a series on the Network Time Protocol (NTP). NTP allows synchronizing clocks on different network nodes, which is critical in today's networked world. This first article provides an overview of why time synchronization is important and introduces basic NTP concepts.
  
  
• Updated The Solaris Security Toolkit - Quick Start: Updated for Toolkit version 0.3 (June 2001)
  -by Alex Noordergraaf and Glenn Brunette
  This article provides an administrator with the information critical to getting the Solaris Security Toolkit installed and running as quickly as possible. None of the details included in Internals or Configuration and Installation are included.
  
  
• Updated The Solaris Security Toolkit - Release Notes: Updated for Toolkit version 0.3 (June 2001)
  -by Alex Noordergraaf and Glenn Brunette
  This article provides the Toolkit user with a discussion of the new features, enhacements, and and changes included in version 0.3 of the Solaris Security Toolkit.
  
  
• Updated The Solaris Security Toolkit - Installation, Configuration, and Usage Guide: Updated for Toolkit version 0.3 (June 2001)
  -by Alex Noordergraaf and Glenn Brunette
  This article focuses on the configuration and installation information of the Solaris Security Toolkit. This is a more in-depth discussion of the installation, configuration, and usage aoptions available in the Toolkit than in the Sun BluePrints OnLine article titled Solaris Security Toolkit - Quick Start Guide.
  
  
• Updated The Solaris Security Toolkit - Internals: Updated for Toolkit version 0.3 (June 2001)
  -by Alex Noordergraaf and Glenn Brunette
  This article focuses on the internals of the Toolkit. Each directory, file, and script included with the Toolkit source is discussed. Each of these components of the Solaris Security Toolkit are discussed to provide the reader with a detailed understanding of how the different Toolkit components function and interact.
  
  
• Updated Solaris Operating Environment Security - Updated for Solaris 8 Operating Environment (April 2001)
  -by Alex Noordergraaf and Keith Watson
  This article discusses how system and network security can be dramatically improved on a Solaris Operating Environment (Solaris OE) system. Specific security recommendations are made for Solaris OE versions 2.5.1 through 8. This revised version, of the original Solaris OE Security Sun BluePrints published in January of 2000, incorporates all security-related updates in Solaris 8 OE.
  
  
• Maintaining Network Separation with Trusted Solaris 8 Operating Environment (March 2001)
  -by Glenn Faden
  Glenn Faden describes how Mandatory Access Control (MAC) can be used to provide concurrent access to two isolated networks without compromising the separation.
  
  
• Auditing in the Solaris 8 Operating Environment (February 2001)
  -by William Osser and Alex Noordergraaf
  The use of the Solaris 8 Operating Ennvironment auditing (BSM) has never been well understood. This article presents an auditing configuration optimized for the Solaris 8 OE. The recommended configuration will audit activity on a system without generated gigabytes of data every day. In addition, the configuration files are available for download from http://www.sun.com/blueprints/tools.
  
  
• Directory Server Security (December 2000)
  -by Tom Bialaski
  This article provides an overview of what the LDAP security model consists of and what security changes need to be made to accommodate the Solaris Operating Environment naming service requirements.
  
  
• Updated (11/01) Solaris Operating Environment Network Settings for Security: Updated for Solaris 8 Operating Environment (December 2000)
  -by Keith Watson and Alex Noordergraaf
  This article updates the original Solaris Operating Environment Network Settings for Security article published December 1999 to include security specific IPv4 and IPv6 options added in Solaris 8 Operating Environment. These additions and modifications have been incorporated into an updated nddconfig script available on http://www.sun.com/blueprints/tools.
  
  
• Updated Solaris Operating Environment Minimization for Security: A Simple, Reproducible and Secure Application Installation Methodolgy - Updated for Solaris 8 Operating Environment (November 2000)
  -by Alex Noordergraaf
  This article updates the original OS Minimization article's required package listings for Solaris 8 Operating Environment and 64bit UltraSPARC II hardware.
  
  
• Updated (November 2000)
  -by Alex Noordergraaf and Glenn Brunette
  In parallel with the "JASS" Toolkit version 0.2 release all three articles describing the "JASS Toolkit have been updated and revised to document new updates and functionality.
  
  

  JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 1

  JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 2

  JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 3

• Building Secure N-Tier Environments (October 2000)
  -by Alex Noordergraaf
  This article provides recommendations on how to architect and implement secure N-Tier ecommerce environments.
  
  
• JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 3 (September 2000)
  -by Alex Noordergraaf
  This article is third in a three part series describing an automated toolkit for implementing the security modifications documented in earlier Sun BluePrints onLine articles. In conjuction with this final article the toolkit itself is being made freely available.
  
  
• JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 2 (August 2000)
  -by Alex Noordergraaf
  This article is part two of a three part series that presents the JumpStart Architecture and Security Scripts toolkit. We continue with an in-depth review of the configuration files, directories, and scripts used by the toolkit to enhance the security of Solaris Operating Environment systems. This series is a must read for anyone interested in upgrading the security of their site.
  
  
• JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 1 (July 2000)
  -by Alex Noordergraaf
  This article is part one of a three part series presenting the JumpStart Architecture and Security Scripts tool (Toolkit) for the Solaris Operating Environment. The Toolkit is a set of scripts which automatically harden and minimize Solaris Operating Environment systems. The modifications made are based on the recommendations made in the previously published Sun BluePrints OnLine security articles.
  
  
• Solaris Operating Environment Security (January 2000)
  -by Keith Watson and Alex Noordergraaf
  This article splits the discussion of the Solaris Operating Environment system security into two parts.
  
  
• Solaris Operating Environment Minimization for Security: A Simple, Reproducible and Secure Application Installation Methodology (December 1999)
  -by Keith Watson and Alex Noordergraaf
  Discuss OS minimization as a technique for reducing system vulnerabilities; a simple method for duplicating these installations on large numbers of servers is also introduced. (See "November 2000" updated for the Solaris 8 Operating Environment)
  
  
• Updated (11/01) Solaris Operating Environment Network Settings for Security (December 1999)
  -by Keith Watson and Alex Noordergraaf
  Discuss the many low-level network options available within Solaris and their impact on security. (See "December 2000" updated for the Solaris 8 Operating Environment)
  
  

Back to Top

Operating Environment

• Solaris Containers Technology Architecture Guide (May 2006)
  -by Jeff Victor
  This Sun BluePrints article is a must-read for those looking to find new ways to reduce IT infrastructure costs and better manage end user service levels. While costs from managing vast networks of servers and software components continue to escalate, existing server consolidation and virtualization techniques do not adequately provision applications and ensure shared resources are not compromised. The Solaris Containers technology addresses this void by making it possible to create a number of private execution environments within a single instance of the Solaris OS. This paper provides suggestions for designing system configurations using powerful tools associated with Solaris Containers, guidelines for selecting features most appropriate for the user's needs, advice on troubleshooting, and a comprehensive consolidation planning example.
  
  
• Working with Solaris Containers and the Solaris Service Manager (May 2006)
  -by Joost Pronk van Hoogeveen
  Solaris Containers and Predictive Self-Healing technologies work together by creating separate execution environments, each with its own namespace and assigned resources. Each environment can have its own self-healing personalities that can be changed, copied, and reloaded as needed. These technologies enable administrators to determine the current state of the environment, making it easier to use the Solaris OS for consolidation efforts. This article provides an inside look on what the Solaris 10 OS has to offer, as well as ideas on how to get started and put these new features to work, with technologies such as Solaris Containers, Solaris Predictive Self Healing and Solaris Service Management Facility. Emphasis is placed on illustrating how these functionalities can be used to create isolated environments customized for specific applications.
  
  
• Privilege Bracketing in the Solaris 10 Operating System (April 2006)
  -by Glenn Brunette
  In IT security, the well-known “least privilege” principle states that: “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” This Sun BluePrints OnLine article describes how to use the Process Rights Management feature of the Solaris 10 Operating System to implement this principle for any given software program.
  
  Process Rights Management allows software developers to write privilege-aware programs that run with only the privileges they need, dropping those that are not needed or are no longer required. Further, using a programming technique called privilege bracketing, a developer can control exactly when a privilege or set of privileges is active or in effect.
  
  Software developers can use the privilege bracketing technique to ensure that a program is running with privilege only when that privilege is required. This is accomplished by placing privileged software operations between code that effectively enables and disables specific privileges. Using the methods described in this article, software developers will be able to develop privileged programs that are more secure and resilient to flaws because the use of privilege within the code can be more tightly controlled.
  
  
• Using the Cryptographic Accelerator of the UltraSPARC T1 Processor (March 2006)
  -by Ning Sun, Pallab Bhattacharya
  Businesses in every industry are concerned about secure communications and data privacy. Typically, these tasks are accomplished through the utilization of the Secure Sockets Layer (SSL). Unfortunately, SSL processing is compute-intensive and can create performance bottlenecks for a variety of commercial workloads. To address these concerns, organizations can take advantage of several Sun technologies that work together to mitigate the performance bottlenecks associated with SSL encryption and decryption. The Solaris Cryptographic Framework (SCF) provides cryptographic services for kernel-level and user-level consumers, as well as several software encryption modules. Based on the SCF, a new SSL proxy (KSSL) kernel module offloads SSL processing from user applications, enabling them to transparently take advantage of powerful hardware accelerators, like those available in Sun’s new UltraSPARC T1 processor, that speed up SSL processing.
  
  This Sun BluePrints article demonstrates how the combination of the Solaris 10 Operating System and the UltraSPARC T1 processor can be used to create a high performance, secure Web site. It provides a brief overview of SSL technology, as well as an introduction to the Solaris Cryptographic Framework. Configuration details are included for common security applications, such as Apache, the Sun Java System Web Server, and secure Java technology applications, enabling these programs to utilize NCP and KSSL technology. A performance study of secure Web applications is also included.
  
  
• The Solaris Fingerprint Database - a Security Tool for Solaris Operating Environment Files (March 2006)
  -by Vasanthan Dasan, Alex Noordergraaf, Lou Ordorica, Glenn Brunette
  This article describes the Solaris Fingerprint Database (sfpDB), a security tool that enables users to verify the integrity of files distributed with the Solaris Operating Environment. By validating that these files have not been modified, administrators can determine whether their systems have, or have not, been hacked and had trojaned malicious replacements for system files installed.
  
  This is an updated version of the original Sun BluePrints publication, published in May 2001. This document has been updated to support the Solaris 10 Operating System and includes numerous other additions, clarifications, and references.
  
  
• Service Management Facility (SMF) in the Solaris 10 OS (February 2006)
  -by Rob Romack
  A significant challenge in today's data centers is the demand for increased service levels in environments that feature increasing complexity. The Solaris 10 Operating System (OS) introduces a new foundation that improves service levels by detecting and correcting component failures while simplifying systems management. This foundation — known as Predictive Self-Healing — includes new technologies that Sun has incorporated into its hardware and software products to maximize availability in the event of system faults. Overall, Predictive Self-Healing simplifies system administration and helps to contribute to a lower total cost of ownership (TCO) in the data center.
  
  A key component of Predictive Self-Healing is the new Service Management Facility (SMF) in the Solaris 10 OS. SMF is designed to simplify the management of system and application services. It delivers new and improved ways to control services, and tries to restart failed services automatically. In addition, SMF allows administrators to define the relationships between services. It is now possible to define a service that is dependent on other services — a dependent service will not run unless the other services that it requires are already running. Through a set of new administrative interfaces, SMF allows services to be easily and consistently configured, enabled, and controlled, at the same time providing better visibility of errors and improved debugging capabilities to resolve service-related problems quickly when they occur.
  
  This BluePrints article is intended for system administrators. It introduces the functionality provided by the Service Management Facility and demonstrates the use of new SMF administrative commands. It assumes that the reader has a reasonable level of knowledge of the Solaris OS (in particular, of OS versions prior to Solaris 10), or of other UNIX systems in general. The article makes the assumption that the reader is not already familiar with SMF or other specifics of the Solaris 10 OS.
  
  
• Privilege Debugging in the Solaris 10 Operating System (February 2006)
  -by Glenn Brunette, Darren Moffat
  The traditional UNIX privilege model is based on the concept of a super-user. In this model, the system associates all of its privileged operations with the root account or — more precisely — the user identifier (UID) 0. All other UIDs are considered unprivileged by the operating system. This “all or nothing” approach to privilege delegation means that any application that must perform a privileged operation, such as a binding to a reserved network port (for example, one whose port number is less than 1024), must be started as root.
  
  Starting applications in this manner, however, is inherently risky because it means that the application will have privilege to do anything on the system. Administrators are forced to trust the applications to use only the privileges that they need and only in the ways that are expected. Consequently, disaster could ensue should the application not manage its use of privilege safely, or should the application be misconfigured or exploited in some way.
  
  This Sun BluePrints article describes how to profile applications and services in order to determine which Solaris 10 privileges they attempt to use. With this information, organizations can then restrict those applications and services so that they are granted only the absolutely necessary privileges that they need to fulfill their intended purpose.
  
  
• Web Consolidation on the Sun Fire T1000 using Solaris Containers (December 2005)
  -by Kevin Kelly
  Reducing the costs of IT infrastructure and improving the manageability and efficiency of web services pose significant challenges for many organizations in today's economic climate. Recent studies describe the challenges IT managers face administering the proliferation of x86-based servers used to run web services applications. Those reports reveal that using large number of x86-based systems can increase space and power consumption, as well as cost and asset management overhead. In addition, many of these x86-based systems run a mixture of operating system and application software leading to increased management complexity and potential security concerns.
  
  Faced with these challenges, many organizations are attracted by the idea of consolidating web and application services from multiple x86-based servers to a smaller number of high-performance servers. This approach strives to help simplify management, improve performance, and increase the efficiency of delivering web services. The combined capabilities of the Sun Fire T1000 server and Solaris Containers technology in particular offer significant promise as a web-tier consolidation platform. The Sun Fire T1000 server offers high aggregate throughput performance in a small, power-efficient footprint. Solaris containers provide a complete, isolated, and secure runtime environment for applications, enabling multiple web servers to run safely and efficiently on the same platform.
  
  This paper explores the configuration and testing of the Sun Fire T1000 server as a web-tier consolidation platform. It discusses methodologies used to consolidate multiple web servers onto a single Sun Fire T1000 server, and explains the steps used to configure the Solaris Containers. In addition, to determine the effectiveness of this approach, testing was performed to evaluate the consolidated Sun Fire T1000 system against a baseline configuration of current Xeon servers, a popular choice as web server platform.
  
  
• Using iSCSI Multipathing in the Solaris 10 Operating System (December 2005)
  -by Aaron Dailey, Scott Tracy
  This article describes how to use Internet Small Computer Systems Interface (iSCSI) multipathing in the Solaris 10 Operating System. Implementing iSCSI in a storage solution provides two important benefits: it can increase storage availability via fail-over protection and also increase scalability and throughput via link aggregation.
  
  This article describes different approaches to implementing multipathing between an iSCSI initiator and an iSCSI target device. It reviews the reasons for multipathing, describes the different approaches that Solaris supports, discusses the trade-offs between those approaches, and provides recommendations for specific configurations.
  
  This article contains discussions about: the iSCSI Protocol, iSCSI Support in Solaris 10 Update 1 and Solaris 10 Multipathing Options for iSCSI Devices.
  
  
• Protecting Investments Through Technology Advancements (October 2005)
  -by Brian Down
  With businesses becoming increasingly dependent on IT infrastructure, IT organizations are constantly seeking new ways to implement these vital assets in a cost-effective manner that supports business goals. At the same time, budget pressures are pushing organizations to find ways to protect technology investments and ensure they provide good value over time. Indeed, because IT assets depreciate, it is important they provide value—business flexibility, agility, and efficiency—for as long as possible, and be easy to replace when the time comes. This Sun BluePrints article explains what it means to protect IT investments, and what you need to consider when protecting them. It also illustrates how Sun's platform of UltraSPARC processor-based servers running the Solaris Operating System can be used to build an infrastructure with investment protection built-in.
  
  
• Configuring Multiboot Environments on Sun x64 Systems with AMD Opteron Processors (September 2005)
  -by Barton Fiske
  This Sun BluePrints article gives detailed procedures for configuring Sun x64 workstations with AMD Opteron processors to boot more than one operating system from the same physical hard drive. This capability is referred to throughout this article as “multiboot.” Specifically, the three major operating systems in use today — the Solaris Operating System, Linux, and Windows operating systems — can be deployed on a single system disk, and configured to allow a user to choose between the different operating systems at boot time. Multiboot capability should not be confused with available virtualization technology that allows simultaneous operation of multiple operating systems (such as VMware, Xen, or other approaches).
  
  
• Creating Self-Balancing Solutions with Solaris Containers (June 2005)
  -by David Collier-Brown
  Transactions of some kind are an integral part of every organization, and must be completed on time if the business is to operate effectively and efficiently. Chaos, and damage, can be caused if critical transactions are not handled correctly. Today, IT managers often try to break workloads into chunks and process them with separate program instances in the hope that they can distribute the workload across the instances and keep pace with demand. This technique has its drawbacks. What happens when one instance fails to finish in time? Worse, what if the business is growing, and every month the number of lagging instances increases? How are system administrators supposed to figure out which instance is going to be late the next time?
  
  System administrators need to find ways to balance workloads across computing resources. With Solaris 10, Solaris Containers were further enhanced to include a new facility, Solaris Zones, which can be used to create a virtual environment that enables the management of unbalanced load problems. This Sun BluePrints article presents several techniques for dealing with unexpected load changes, and provides best practices for employing Solaris Containers in this effort.
  
  
• Solaris Containers--What They Are and How to Use Them (May 2005)
  -by Menno Lageman
  Over the years businesses have been building large-scale information systems to solve business problems, with a focus on building scalable and highly available IT infrastructures that can adapt change. Providing sufficient availability and performance for business applications was the primary driver for these efforts. Today, the need to protect technology investments and provide the same service levels at a lower price point is shifting the focus to reducing IT infrastructure cost and improving end user service level management. To help this effort, the Solaris Operating System includes Solaris Containers, a mechanism that provides isolation to safely and securely share resources between software applications or services using flexible, software-defined boundaries.
  
  This Sun BluePrint article discusses the challenges organizations face in dealing with resource and workload management. Solaris Containers, and their constituent technologies (projects, resource pools, Zones) are introduced and explained. Practical examples that show these technologies solving resource and workload management problems are demonstrated.
  
  
• Limiting Service Privileges in the Solaris 10 Operating System (May 2005)
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to use the Solaris 10 Service Management Facility (SMF) to start a service at boot time (or at any later time) with reduced privileges. This is accomplished by setting the user, group, and set of privileges used to start the service. This article describes how to accomplish this in a practical context using a real service as an example.
  
  
• Integrating BART and the Solaris Fingerprint Database in the Solaris 10 Operating System (April 2005)
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to quickly and easily authenticate BART, "the Solaris 10 Operating System Basic Audit and Reporting Tool", manifests using the Solaris Fingerprint Database (sfpDB). Using this process, you can determine whether there exist any files within the BART manifest that have been modified from the way in which they were shipped by Sun. This information is crucial when deciding how much trust can be placed in the validity of the files at the time the BART manifest was generated.
  
  
• Migrating From Tru64 UNIX to the Solaris Operating System (March 2005)
  -by Ken Pepple, Brian Down and David Levy
  Using a fictional case study, this Sun BluePrint article illustrates the methodology, tools, and best practices used to migrate a Tru64 environment to the Solaris environment. This study examines the migration of a simple, custom-written application that used a Sybase database to store information about a company's inventory as well as client-specific data. This application was converted to run under the Solaris Operating System (Solaris OS) and was integrated with directory services. Additionally, the database vendor was changed from Sybase to Oracle. This article provides an overview of the Tru64 Unix operating environment; discussions of 64-bit computing and clustering architectures; descriptions of justifying, architecting, and implementing the migration; and suggestions for managing the new Solaris environment.
  
  
• Migrating from HP/UX Platform to the Solaris Operating System (March 2005)
  -by Ken Pepple, Brian Down and David Levy
  Using a fictional case study that draws from several actual customer migration projects, this Sun BluePrint article illustrates the methodology, tools, and best practices used to migrate an HP/UX environment to the Solaris environment. The most significant of these projects, for a large health care insurance provider based in the United Kingdom, involved migrating a commercial-off-the-shelf (COTS) integrated-accounts solution to the Solaris Operating System (Solaris OS), and enhancing it to support their risk-underwriting and claims-processing business functions. This article provides an overview of the case study; descriptions of justifying, architecting, and implementing the migration; suggestions for managing the new Solaris environment; and a summary of the successful results of the migration.
  
  
• Automating Solaris 10 File Integrity Checks (March 2005)
  -by Glenn Brunette
  This Sun BluePrints Cookbook describes how to centralize and automate the collection of file integrity information using the following Solaris features:
  
  * Secure Shell
  * Role-based Access Control (RBAC)
  * Process Privileges
  * Basic Auditing and Reporting Tool (BART)
  
  Each of these features can be quickly and easily integrated to centralize and automate the process of collecting file fingerprints across a network of Solaris 10 systems.
  
  
• Solaris Operating System Availability Features (May 2004)
  -by Tom Chalfant
  Processor off-lining is a feature whereby a processor is removed from use by Solaris in response to one or more L2 cache errors. Page retirement is a feature whereby a page of memory is removed from use by Solaris in response to repeated ECC errors within a memory page on a DIMM. This paper provides detailed discussion regarding the algorithm, implementation, kernel tunables, and the messages you are likely to see on a system running the appropriate kernel updates.
  
  
• Solaris Operating System Availability Features (January 2004)
  -by Thomas M. Chalfant
  The processor offlining feature enables a processor to be removed from use by Solaris in response to one or more L2 cache errors. The page retirement feature enables a page of memory to be removed from use by Solaris in response to repeated ECC errors within a memory page on a DIMM. This paper provides detailed discussion regarding the algorithm, implementation, kernel tunables, and messages you are likely to see on a system running the appropriate kernel updates. This article is ideal for an intermediate to advanced reader.
  
  
• Design, Features, and Applicability of Solaris File Systems (January 2004)
  -by Brian Wong
  The Solaris Operating System includes many file systems, and more are available as add-ons. Deciding which file system to apply to a particular application can be puzzling without insight into the design criteria and engineering tradeoffs that go into each product. This article offers a taxonomy of file systems, describes some of the strengths and weaknesses of the different file systems, and provides insight into the issues you should consider when deciding how to apply the set of file systems that are available for specific applications. This article requires an intermediate reader.
  
  
• Migrating to the Solaris Operating System: Migrating From Tru64 UNIX (November 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article presents a fictional case study that illustrates the methodology, tools, and best practices used to migrate a Tru64 environment to a Solaris environment.
  BR> This article is the complete tenth chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", by Ken Pepple, Brian Down, and David Levy, which is available at our Sun BluePrints publication page, amazon.com, and Barnes & Noble bookstores. This article targets an intermediate audience.
  
  
• Migrating to the Solaris Operating System: Migration Strategies (September 2003)
  -by Ken Pepple, Brian Down, and David Levy
  This article defines the most important terms in migration, and differentiates between these terms. In addition, it presents migration strategies, the benefits and risks of each strategy, and the appropriateness of each strategy for various situations. This article is ideal for a beginning to intermediate audience.
  
  This article is the complete third chapter of the Sun BluePrints book, "Migrating to the Solaris Operating System", which will be available at Sun BluePrints Publication page, the amazon.com website, and Borders and Barnes & Noble bookstores at the end of October, 2003.
  
  
• Linux Overview for Solaris Users (August 2003)
  -by John Cecere
  This article provides a technical overview of the Linux operating environment and compares and contrasts it with the Solaris Operating Environment (Solaris OE). The purpose of this article is to quickly familiarize advanced system administrators with the Linux OE and to provide a reference for Solaris to Linux usage. This article is for intermediate and advanced readers who are experienced with the Solaris OE and are tasked with deploying, servicing,maintaining, and using Linux-based systems.
  
  
• Role Based Access Control and Secure Shell--A Closer Look At Two Solaris Operating Environment Security Features (June 2003)
  -by Thomas M. Chalfant
  To aid the customer in adopting better security practices, this article introduces and explains two security features in the Solaris operating environment. The first is Role Based Access Control and the second is Secure Shell. The goal is to provide you with enough information to make an effective decision to use or not use these features at your site as well as to address configuration and implementation topics. This article is targeted to the intermediate level of expertise.
  
  
• Provisioning in Replicated, Mission-Critical Environments (March 2003)
  -by Jay Daliparthy and James Falkner
  This article introduces the concepts and best practices for using Solaris Flash and Solaris Live Upgrade technologies to perform quick, consistent, controlled, and reproducible Solaris Operating Environment installations and upgrades. Creating, archiving, and deploying a Flash archive is covered along with how to create and manage multiple boot environments.
  
  
• A Patch Management Strategy for the Solaris Operating Environment (January 2003)
  -by Ramesh Radhakrishnan
  Managing software patches is complex and time consuming. This article offers a high-level strategy for managing patches in a variety of different types of compute environments that are running on the Solaris operating environment. This article divides the patch management process into seven phases, each of which can be tailored to suit your distinct IT environment. This article does not discuss the step-by-step process of installing Solaris OE patches, but instead addresses higher-level concepts that can be used with any patch installation utility. This article is intended for IT managers, IT architects, lead system administrators, and anyone interested in developing a patch management strategy.
  
  
• System Management Services Software: An Inside Look (January 2003)
  -by Tom Chalfant
  This article addresses some of the more advanced topics of System Management Services (SMS) software including the Management Network (MAN) and SMS security. In addition, it provides insight to a new security feature that enables you to use secure shell for file synchronization between system controllers (SCs).
  
  
• Performance Oriented System Administration (December 2002)
  -by Bob Larson
  In most cases, using the default configuration for an operating system helps ensure that cascading effects don't overly complicate system tuning and maintenance. In some cases, however, you might need to tune a system. This article explains the algorithms and heuristics surrounding the most important tunables and describes several kernel tunables and the algorithms behind them.
  
  
• Internet Protocol Network Multipathing (Update) (November 2002)
  -by Mark Garner
  This article looks at the features of Internet Protocol network multipathing and the steps required to configure it for network adapter resilience.
  
  This article is an update to the IPMP article published in November 2002. This revision addresses Bug ID: 4451678, "Synopsis: in.mpathd does not accurately detect interface failures in active-standby config". This problem is resolved by applying patch 108528-15 and above. This problem was fixed in the Solaris 9 Operating Environment.
  
  
• Using Live Upgrade 2.0 With JumpStart Technology and Web Start Flash (April 2002)
  -by John S. Howard
  In this final installment of his three-part series on Solaris Live Upgrade 2.0 (LU) technology, John S. Howard provides recommendations and techniques for integrating LU with the JumpStart software framework and the Solaris Web Start Flash software.
  
  
• Using Live Upgrade 2.0 With a Logical Volume Manager (March 2002)
  -by John S. Howard
  Part two of a three-part series by John S. Howard, this article addresses best practices for upgrading systems, specifically using Live Upgrade 2.0 (LU 2.0) with a logical volume manager. As system administrators know, system upgrades can be time-consuming and error-prone processes. Further, mission-critical systems or datacenter systems typically cannot afford to be taken down for much time to test patches and execute software upgrades. While the examples in this article use VERITAS Volume Manager (VxVM), the concepts and high-level procedural steps are the same whether you use LU 2.0 with Solstice DiskSuite software.
  
  
• Managing Solaris Operating Environment Upgrades with Live Upgrade 2.0 (February 2002)
  -by John S. Howard
  Performing an upgrade of an operating system and the associated system software is one of the most time-consuming and error prone tasks facing system administrators. Compounding the upgrade process is the reality that most mission-critical or datacenter systems cannot afford to be taken down for any length of time to test patches and execute software upgrades. This article, part one of a three-part series, focuses on how Live Upgrade (LU) provides a mechanism to manage and upgrade multiple on-disk Solaris Operating Environments without taking the systems down. LU provides a framework to upgrade and work within multiple on-disk environments and reboots into the new Solaris Operating Environment after completion of changes to the on-disk software images.
  
  
• Configuring Boot Disks (December 2001)
  -by John S. Howard and David Deeths
  This article is the fourth chapter of the Sun BluePrints book titled Boot Disk Management: A Guide For The Solaris Operating Environment (ISBN 0-13-062153-6), which is available through www.sun.com/books, amazon.com, and Barnes & Noble bookstores.
  
  This chapter presents a reference configuration of the root disk and associated disks that emphasizes the value of configuring a system for high availability and high serviceability. This chapter explains the value of creating a system with both of these characteristics, and outlines the methods used to do so.
  
  
• Application Troubleshooting: Alternate Methods of Debugging (November 2001)
  -by Christopher Duncan
  What to do when applications are crashing or hanging is a critical issue for any software user. Few people will have the resources and skill set to debug the application directly using a source code debugger. In many cases source code debugging may not even be an option. This paper will discuss a variety of options open to a Solaris Operating Environment user to narrow down the causes and scope of a application failure. The article discusses programs such as truss, proc tools and features of the Solaris runtime linker.
  
  
• WebStart Flash (November 2001)
  -by John S. Howard and Alex Noordergraaf
  The Solaris Operating Environment Flash installation component extends JumpStart technology by adding a mechanism to create a system archive, a snapshot of an installed system, and installation of the Solaris Operating Environment from that archive. This article introduces the concepts and best practices for a Flash archive, describes the master machine, and suggested storage strategies, and provides a complete example of creating a Flash archive and installing a Web server with Flash.
  
  
• Using NTP to Control and Synchronize System Clocks - Part III: NTP Monitoring and Troubleshooting (September 2001)
  -by David Deeths and Glenn Brunette
  This article is the third in a series of three articles that discuss using Network Time Protocol (NTP) to synchronize system clocks. The goal of this article is to provide an effective understanding of NTP troubleshooting and monitoring.
  
  
• Using NTP to Control and Synchronize System Clocks - Part II: Basic NTP Administration and Architecture (August 2001)
  -by David Deeths and Glenn Brunette
  This is Part 2 of a three-article series that discusses how to use Network Time Protocol (NTP) to synchronize system clocks. This article explains the basics of client and server administration, covering various client/server configurations, as well as authentication and access control mechanisms. This article also provides a number of suggestions for an effective NTP architecture.
  
  
• Using NTP to Control and Synchronize System Clocks - Part I: Introduction to NTP (July 2001)
  -by David Deeths and Glenn Brunette
  This article is the first of a series on the Network Time Protocol (NTP). NTP allows synchronizing clocks on different network nodes, which is critical in today's networked world. This first article provides an overview of why time synchronization is important and introduces basic NTP concepts.
  
  
• Building a Bootable JumpStart Installation CD-ROM (March 2001)
  -by John S. Howard
  This article presents an examination of the structure of a bootable Solaris Operating Environment (Solaris OE) CD-ROM and procedures for how to create a bootable JumpStart installation CD-ROM. This CD can be used to complete a standardized, hands-free Solaris OE installation in environments where the disk space or networking constraints do not allow for a JumpStart server.
  
  
• IP Network Multipathing (Updated) (August 2001)
  -by Mark Garner
  IP Network Multipathing allows a server to have multiple network adapters connected to the same subnet. This article looks at the features of IP Network Multipathing and the steps required to configure it for network adapter resilience.
  
  
• Exploring the iPlanet Directory Server NIS Extensions (August 2000)
  -by Tom Bialaski
  Tom discusses how to implement a phased deployment using the Solaris Extensions for Netscape Directory Server 4.11.
  
  
• Upgrading to the Solaris 8 Operating Environment (April 2000)
  -by Computer Systems, Solaris Productization and Marketing
  This article displays how administrators can upgrade quickly to the Solaris 8 Operating Environment by proactively testing applications and using Solaris JumpStart.
  
  
• Building Longevity into Solaris Operating Environment Applications (April 2000)
  -by Computer Systems, Solaris Productization and Marketing
  This article discusses specific steps that developers can take to improve the longevity of their applications. It also introduces evolutionary new features and interfaces that Sun offers in the Solaris 8 Operating Environment release.
  
  
• Operating Environment: Solaris 8 Installation and Boot Disk Layout (March 2000)
  -by Richard Elling
  Discusses Solaris WebStart. a new Java-based procedure that simplifies installation of the Solaris 8 Operating Environment. Richard also recommends a boot disk layout for desktop and small workgroup servers.
  
  
• NIS to LDAP Transition: Exploring (February 2000)
  -by Tom Bialaski
  Examines technologies that help increase availability during the transition from legacy Solaris Operating Environment directory services to LDAP based ones.
  
  
• Solaris Directory Services: Past, Present and Future (October 1999)
  -by Tom Bialaski
  The high availability features of currently supported Solaris Operating Environment directory services (NIS, NIS+, DNS) and contrasts them with LDAP's high availability features.
  
  
• Starfire Server DR-Detach and DR-Attach Requirements (August 1999)
  -by Enrique Vargas
  Provides a complete list of Starfire Server prerequisites for enabling attach and detach operations on any system board.
  
  
• DR Requirements for I/O Device Drivers (June 1999)
  -by Enrique Vargas
  Covers the device driver functions that are required to fully support the DR framework.
  
  

Back to Top

Service Provider

• The Service Delivery Network: A Case Study (April 2006)
  -by Mikael Lofstrand, Jason Carolan
  Secure messaging has emerged as a core IT service. Most organizations today rely upon e-mail as a mission-critical application that serves key business processes and transports proprietary and confidential business information among authorized users. The case study in this article shows how to use Sun's Service Delivery Network (SDN) to guide the design of a secure, service-optimized network architecture for an example secure e-mail application. Secure e-mail was chosen for this case study because it is a familiar application that is relatively simple to describe and understand, allowing the reader to focus on the use of SDN rather than the details of an application. Note, however, that the SDN approach can be used to design network architectures that support almost any kind of application or service.
  
  
• Consolidating the Sun Store onto Sun Fire T2000 Servers (December 2005)
  -by Casey Costley, Srinivasa Bodicharla, Brad Coates, Yunas Nadiadi and Ragu Venkatesan
  Many data centers today are at or near capacity in terms of space, power, and cooling, even as they are compelled to provide secure and available services that will scale into the future. Faced with real hard limits on real estate, power, and thermal capacity, data center managers are increasingly changing the ways they evaluate infrastructure. Performance in particular must be viewed in an envelope of space, power, and dissipated heat--with performance per watt, performance per square foot, and performance per rack unit of paramount importance.
  
  Sun faces these same demands and constraints in its own Information Technology (IT) and is actively seeking effective solutions. In particular, Sun is deploying architectures and strategies to consolidate its own mission-critical SunStore application, using commercially available technology to run Sun-on-Sun. Based on the UltraSPARC T1 processor with CoolThreads technology, the new Sun Fire T2000 server offers an effective consolidation platform for these efforts, complemented by the flexibility of Solaris Containers partitioning technology from the Solaris 10 Operating System.
  
  Providing a unique insight into Sun's own operations and adoption of new products and technologies, this article discusses the existing SunStore architecture and describes a timely real-world consolidation effort. In addition to architecture and configuration information, an analysis of anticipated savings in power, cooling, and space is also provided.
  
  
• Sun's Pattern-based Design Framework: The Service Delivery Network (September 2005)
  -by Jason Carolan and Mikael Lofstrand
  The Service Delivery Network (SDN) is the approach that Sun uses to design service optimized network architectures for customer and in-house implementations. This approach consists of basic network building blocks, common network design patterns, integrated network components, and industry best practices that together are carefully blended in response to a customer's business and technical goals. The SDN provides a set of network connectivity, routing, load balancing, and advanced security mechanisms that, when applied in combination, result in flexible network infrastructure designs that provide high performance, scalability, availability, security, flexibility, and manageability.
  
  The primary goal of the SDN is simple:
  
  Service delivery at any time, from anywhere, to any device.
  
  A service optimized network architecture focuses on the services provided over the network to the end user, rather than the enabling technologies or their related components. By virtualizing resources and understanding the core services offered directly to end users, as well as the other data center services that support these end user services, organizations can take advantage of a true service-driven architecture.
  
  
• The IT Utility Model--Part II (August 2003)
  -by Emlyn Pagden
  This article is the second part of a two-part series and provides solutions for implementing and maintaining a utility model within a service provider or data center environment. This article also discusses the required financial management systems, and describes the application software and hardware required to support each of the solution areas of a utility model. This article is targeted to an advanced audience.
  
  
• The IT Utility Model--Part I (July 2003)
  -by Emlyn Pagden
  This article is part one of a two-part series that describes the current business requirements for a utility model, and discusses the current commercial and political issues faced when implementing one. Both financial and technical aspects are covered, from detailing what a utility model is and why it is needed, to describing the mechanism required for capturing compute resource consumption to accurately bill customers. The intended audience for this article is IT Architects, Finance staff, and Executive officers. This article is targeted for an advanced level of expertise.
  
  
• Metropolitan Area Sun Ray Services (May 2002)
  -by Lars Persson
  Expand into new lines of business and drastically reduce the actual and hidden costs of ownership of the desktop PC device by implementing these preferred practice recommendations for deploying Sun Rays over a Metropolitan Area Network.
  
  
• Establishing an Architectural Model (February 2002)
  -by John V. Nguyen
  This article is the complete third chapter of the upcoming Sun BluePrints book, Designing ISP Architectures, ISBN 0-13-045496-6. This article introduces an architectural model as a framework for designing platform-independent ISP architectures, based upon expertise and Sun best practices for designing ISP architectures. Ideal for IT architects and consultants who design ISP architectures, John's complete book will be available beginning March 2002 through www.sun.com/books, amazon.com, and Barnes & Noble bookstores.
  
  
• Planning for Large Configurations of Netra t1 Servers (January 2001)
  -by Stan Stringfellow - Special to the Sun BluePrints OnLine
  This article examines a wide range of management and serviceability issues that should be considered when planning a large (and possibly geographically disbursed) server farm consisting of Netra t1 servers. The use of the Netra alarms and lights-out management (LOM) module is discussed in some detail. Consideration is also given to several other topics, including the power and cooling issues that arise when up to 32 Netra t1 servers are mounted within a single rack or cabinet.
  
  
• Architecting a Service Provider Infrastructure for Maximum Growth (June 2000)
  -by Stan Stringfellow - Special to Sun BluePrints OnLine
  Stan introduces the first of a new series of Sun BluePrints OnLine articles that will examime the issues involved with building scalable and highly available service provider infrastructures. ISPs, ASPs, NSP's corporate Web services, Telco services, and digital wireless network services all benefit from the principles that will be discussed in these series of articles.
  
  

Back to Top

Cluster

• Architecting Availability and Disaster Recovery Solutions (April 2006)
  -by Tim Read
  IT departments typically run four broad classes of service in the data centre: mission critical, business critical, business operational and administrative services. Which service falls into which category is normally agreed between the business units and the IT department by determining the importance of various business processes and how these map on to IT systems. Each class, and possibly individual services, will have service level agreement (SLAs). In turn, these demand different levels of protection against failure, whether caused by hardware or software problems, administrative error, data loss or corruption or disasters of various sorts. Problems that make the data unavailable, through hardware or software failure, require a different solution to those that make the underlying data itself unavailable, either through corruption or deletion.
  
  Services considered mission critical require technical solutions that include both a service availability and a disaster recovery component as part of a full business continuity plan (BCP). The 'best practice' data centre infrastructure design patterns for many of the pieces needed for such solutions: local area networks, storage area networks, systems management, security, provisioning and clustering are described in detail in the 'Data Centre Reference Implementation' white paper.
  
  This document discusses the options for meeting the SLAs for mission and business critical services with particular reference to the Sun Cluster software. Where multiple solutions exist, the underlying complementary technologies: disk mirroring, data replication, transaction monitors and database replication techniques, are examined to highlight the trade-offs that must be made when using certain hardware and software combinations.
  
  The broader topic business continuity involves the consideration of more than just system availability and disaster recovery. This white paper does not cover any aspects of the disaster planning required for telecommunications, staffing or physical infrastructure, such as buildings, desks, etc.
  
  
• Sun Cluster 3.0 Series: Guide to Installation--Part 2 (May 2003)
  -by >Chris Dotson
  This Sun Cluster implementation guide reviews the Sun Cluster concepts and components important to the specific installation procedures. This guide also describes the methods of constructing a Sun Cluster, and provides procedures for installing the cluster software onto each node and configuring the disks. This article is teh second part in a two-part series. "Sun Cluster 3.0 Series: Guide to Installation--Part 1" was a Sun BluePrints article in April 2003.
  
  
• Sun Cluster 3.0 Series: Guide to Installation--Part 1 (April 2003)
  -by Chris Dotson
  Part one of a two-part series, this article guides the reader through preparation and setup, prior to deployment of a Sun Cluster system. Sun's preferred methodology for installing Sun Cluster software, Sun's Enterprise Install Services (EIS) processes, are presented.
  
  
• Cluster Column:
  IMPLEMENTATION GUIDE:
  Guide to Installation--Part II: Sun Cluster 3.0 Software Management Services (May 2002)
  -by Chris Dotson and Steve Lopez
  The second in a two-part series, this module details the tasks that must be performed to install the Solaris Operating Environment on each cluster node during a Sun Cluster 3.0 software installation.
  
  
• Cluster Column:
  IMPLEMENTATION GUIDE:
  Guide to Installation--Part I: Sun Cluster Management Services (April 2002)
  -by Chris Dotson and Steve Lopez
  This module contains the tasks that must be performed for installation of Sun Cluster 3.0 software. These tasks include setting up the administrative workstation, configuring the Sun Cluster 3.0 software cluster, implementing best practices, performing design verifications, and administering a two-node Sun Cluster 3.0 hardware cluster.
  
  
• Introduction to SunTone Clustered Database Platforms (March 2002)
  -by Ted Persky and Richard Elling
  While there appears to be unanimous consent in the industry that integrated hardware and software platforms are needed, there is not a similar agreement of what, exactly, constitutes an integrated stack, particularly in the area of clusters and high availability. Further, people want to know what best practices they should embrace and which services they should provide. This article details the benefits that can be derived from a clustered Oracle database software stack that has been integrated to best practices and is ready to deploy. The examples in this article highlight Sun's soon-to-be-released Clustered Database Platform 280/3.
  
  
• Automating Sun Cluster 3.0 Data Service Setup (February 2002)
  -by Tom Bialaski
  After installing Sun Cluster 3.0 software and performing basic cluster configuration, the next task is to set up the applications or data services for the application to run on the cluster. This procedure involves a number of steps, many of which need to be performed from the command line. Others such as creating a resource group, can be performed through the SunPlex GUI. Because these steps require executing complicated commands or traversing through several GUI screens, it is advantageous to write scripts that can simplify and automate the data service and configuration process. Scripts are also a valuable tool to capture work completed in a test environment to ensure consistent deployment on the production network. In addition, scripts are useful to enable less-experienced system administrators to perform complex configuration tasks, or to rebuild systems for multiple testing purposes. To highlight how to architect such scripts, this article illustrates best practices in deploying the HA-NFS data service, for which the agent is contained on the Sun Cluster 3.0 Data Services CD-ROM.
  
  
• IMPLEMENTATION GUIDE:
  Guide to Installation - Hardware Setup (January 2002)
  -by Chris Dotson and Steve Lopez
  This article provides hardware configuration and installation procedures for each component of a Sun Cluster 3.0, two-node cluster. Procedures include commands required to configure the cluster hardware and best practices for achieving higher availability and/or performance for the two-node cluster. Sun's Cluster Platform 220/1000, featuring redundant Sun Enterprise 220R servers and Sun StorEdge D1000 disk arrays, Terminal Concentrator, and the Sun Cluster 3.0 Administration Workstation is examined. Note: This article is available in PDF format only.
  
  
• Building Sun based Beowulf Cluster (December 2001)
  -by Börje Lindh
  This article explains how you can build compute clusters from Sun Microsystems components that competes with Beowulf clusters and above.
  
  
• Cluster and Complex Design Issues (November 2001)
  -by Richard Elling and Tim Read
  This is the entire first chapter from the Sun BluePrints Book Designing Solutions with Sun Cluster 3.0. In it, the authors examine how failures occur in complex systems and show methods that contain, isolate, report, and repair failures. Special considerations for clustered systems are discussed, including the impact of caches, timeouts, and the various failure modes, such as split brain, amnesia, and multiple instances.
  
  
• Writing Scalable Services With Sun Cluster 3.0 Software (October 2001)
  -by Peter Lees
  This article provides an introduction to the supporting features in the Sun Cluster 3.0 product release. It also describes both the technical requirements that must be considered when designing and programming an application to the most effective use of the cluster framework. This article also details some of the tools available for creating scalable resources.
  
  
• Robust Clustering: A Comparison of Sun Cluster 3.0 versus Sun Cluster 2.2 Software (September 2001)
  -by Tim Read and Don Vance
  This article provides a technical comparision between Sun's most recent version of its clustering software and the previous version. The newest version includes numerous new features, which are examined in depth.
  
  
• Cluster Platform 220/1000 Architecture-A Product from the SunTone Platforms Portfolio (August 2001)
  -by Enrique Vargas
  This article will provide customers a better understanding of this product capabilities by presenting its hardware and software architecture as well as best practices used in integrating the design.
  
  

Back to Top

Sun ONE Solutions

• Consolidating the Sun Store onto Sun Fire T2000 Servers (December 2005)
  -by Casey Costley, Srinivasa Bodicharla, Brad Coates, Yunas Nadiadi and Ragu Venkatesan
  Many data centers today are at or near capacity in terms of space, power, and cooling, even as they are compelled to provide secure and available services that will scale into the future. Faced with real hard limits on real estate, power, and thermal capacity, data center managers are increasingly changing the ways they evaluate infrastructure. Performance in particular must be viewed in an envelope of space, power, and dissipated heat--with performance per watt, performance per square foot, and performance per rack unit of paramount importance.
  
  Sun faces these same demands and constraints in its own Information Technology (IT) and is actively seeking effective solutions. In particular, Sun is deploying architectures and strategies to consolidate its own mission-critical SunStore application, using commercially available technology to run Sun-on-Sun. Based on the UltraSPARC T1 processor with CoolThreads technology, the new Sun Fire T2000 server offers an effective consolidation platform for these efforts, complemented by the flexibility of Solaris Containers partitioning technology from the Solaris 10 Operating System.
  
  Providing a unique insight into Sun's own operations and adoption of new products and technologies, this article discusses the existing SunStore architecture and describes a timely real-world consolidation effort. In addition to architecture and configuration information, an analysis of anticipated savings in power, cooling, and space is also provided.
  
  
• LDAP Triggers: A Framework for Sun Java System Directory Server (February 2004)
  -by Nicola Venditti
  This article describes how to implement SQL-like triggers in a Sun Java System Directory Server. The example scenario shows how to extend the server using the Plug-in API. This article is primarily directed at expert developers and architects who want to understand issues related to developing and deploying the Sun Java System Directory Server extension, implemented with plug-ins and extended operations.
  
  
• Securing Web Applications through a Secure Reverse Proxy (November 2003)
  -by Anh-Duy Nguyen
  This article describes recommended practices for setting up the Sun ONE Proxy Server software to represent a secure content server to outside clients, preventing direct, unmonitored access to your server's data from outside your company. This article uses recommended practices to secure your web applications behind a firewall and leverage access and authentication using the Sun ONE platform products.
  
  This article assumes an intermediate reader who is familiar with installing and configuring the Sun ONE Proxy Server. It also assumes that the reader can configure the firewall router to allow a specific server on a specific port access through the firewall without allowing any other machines in or out.
  
  
• Sun ONE Portal Server 6 Best Practices (October 2003)
  -by Christian Candia
  Christian Candia - This article presents the best practices for high availability, security, and scalability that commonly have significant success on a Sun ONE Portal Server software solution. In addition, the article includes guidelines for creating a Sun ONE Portal Server software solution that can be easily supported. This article is ideal for the advanced reader.
  
  
• Using the LDAP to NIS+ Gateway (September 2003)
  -by Tom Bialaski and Michael Haines
  There are two approaches that you can take when transitioning from NIS+ to LDAP-based services. One approach is to replace your naming service clients with the Secured LDAP Client. The second approach is to keep your current NIS+ clients, and deploy a transition tool to gain access to LDAP naming service data. The first approach is covered in chapter four of the soon-to-be released Sun BluePrints book, "LDAP in the Solaris Operating Environment -- Deploying Secure Directory Services", by Michael Haines and Tom Bialaski. The second approach, using the NIS+ to LDAP Gateway, is discussed in this article. This article is intended for IT architects and administrators who have deployed an earlier version of the directory server software, and who are interested in upgrading to the Sun ONE Directory Server 5.2 software version.
  
  This Sun BluePrints book is scheduled for publication in the Fall of 2003 and will be available at Sun BluePrints Publication page, the amazon.com website, and Borders and Barnes & Noble bookstores.
  
  
• Sun ONE Messaging Server Practices and Techniques for Enterprise Customers (September 2003)
  -by Dave Pickens
  Often times a messaging server implementation isn't properly monitored for "soft" faults or warnings until it's too late. This article, a chapter from the new Sun BluePrints book, "Sun ONE Messaging Server, Practices and Techniques for Enterprise Customers", provides insight and guidance into methods for monitoring the Sun ONE Messaging Server. This article is ideal for a beginning to intermediate audience.
  
  This new book will be available at Sun BluePrints Publication page, the amazon.com website, and Borders and Barnes & Noble bookstores in September 2003.
  
  
• Sun ONE Portal Server and Lotus iNotes Integration Recipe (August 2003)
  -by Rob Baker
  This article describes a best-practices approach to integrating the latest version of Lotus iNotes with the Sun ONE Portal Server 6.0 software. This article covers Lotus iNotes configuration, advanced portal configuration, and how to coordinate both products so that they complement each other in a successful, secure-portal deployment. This article is intended for integrators, administrators, and Sun Professional Services personnel. You should have familiarity with portal administration before performing the procedure in this article.
  
  
• Transition Guide--Upgrading From the iPlanet Directory Server 5.1 Software to the Sun ONE Directory Server 5.2 Software (August 2003)
  -by Tom Bialaski and Michael Haines
  The information in this article is derived from an upcoming Sun BluePrints book, "LDAP in the Solaris Operating Environment -- Deploying Secure Directory Services," by Michael Haines and Tom Bialaski. This book is scheduled for publication in the Fall of 2003.

  That book and this article cover the recently released Sun ONE Directory Server 5.2 software, which introduces several significant features, including support for the Secured LDAP Client. This article discusses important differences in the packaging, installation, and configuration of the Sun ONE Directory Server 5.2 software as compared with the previous version. This article also discusses how to configure the software to support Secured LDAP Clients. This article is intended for IT architects and administrators who have deployed an earlier version of the directory server software, and who are interested in upgrading to the Sun ONE Directory Server 5.2 software version.
  
  

• Using the Sun ONE Application Server 7 to Enable Collaborative B2B Transactions (June 2003)
  -by Michael Wheaton
  This Sun BluePrints OnLine article describes a design for a comprehensive Web services application architecture that enables businesses to publish, find, and execute collaborative B2B workflows with trading partners. It describes how businesses should capture their offerings in a declarative Web services format and decouple them from the tightly bound code that exists in point-to-point solutions.
  
  This article is written for system architects and professional service engineers who have a solid understanding of Web services technologies, including WS-I Basic Profile and electronic business eXtended Markup Language (ebXML) specifications. This article is targeted to the introductory level of expertise.
  
  
• Sun ONE Portal Server and Microsoft Exchange Integration Cookbook (May 2003)
  -by Rob Baker
  This article, written in the form of a cookbook, as well as related scripts, provide you with information and tools necessary to integrate Microsoft Exchange 2000 SP3, with the Sun Open Net Environment (Sun ONE) Portal Server software. This article can help portal administrators solve portal server integration problems caused by new underlying technologies introduced by Microsoft in Exchange 2000 SP3, specifically for integration with the portal server Netlet and rewriter components.
  
  You need knowledge of both products prior to attempting this integration. Extensive familiarity with HTML 4.x, JavaScript, CSS, XML, and XSL is also important to fully understand the implications of changes suggested by this article. To download the scripts for this article, see the Sun BluePrints Scripts and Tools page and click on Exchange Integration Cookbook Scripts.
  
  
• Writing an Authentication Plug-in for a Sun ONE Directory Server (March 2003)
  -by Nicola Venditti
  The Sun ONE Directory Server has an advanced application program interface (API) for writing plug-ins that extend the directory server's functionality. In this article, information is provided for a better understanding of the tasks involved in writing a plug-in. The impact and benefit plug-ins can provide to the directory server is explained. In addition, a sample preoperation plug-in is provided.
  
  
• Sun ONE Portal Server 3.0 Rewriter Configuration and Management Guide (July 2002)
  -by Rob Baker
  This article provides comprehensive best practices and deployment guidelines for the Sun ONE Portal Server 3.0 product, with a specific emphasis on the rewriter component of the Secure Remote Access Gateway (SRAP). The SRAP is a portal server add-on that enables end users to access enterprise web content securely, using only a standard web browser with a Java virtual machine. The article highlights best practices for the SRAP and presents methods for configuring it to leverage existing corporate intranet content while enabling flexibility for future growth. These practices allow users to fully utilize this unique feature of the Sun ONE Portal Server product. Detailed knowledge needed for complex Sun ONE Portal Server product deployments involving a vast array of aggregated content and content types are also provided.
  
  

Back to Top

Quality

• A Patch Management Strategy for the Solaris Operating Environment (January 2003)
  -by Ramesh Radhakrishnan
  Managing software patches is complex and time consuming. This article offers a high-level strategy for managing patches in a variety of different types of compute environments that are running on the Solaris operating environment. This article divides the patch management process into seven phases, each of which can be tailored to suit your distinct IT environment. This article does not discuss the step-by-step process of installing Solaris OE patches, but instead addresses higher-level concepts that can be used with any patch installation utility. This article is intended for IT managers, IT architects, lead system administrators, and anyone interested in developing a patch management strategy.
  
  
• Sun's Quality, Engineering, and Deployment (QED) Test Train Model (August 2002)
  -by George Wood
  The why and how of Sun's integration and interoperability testing process, known internally as the Solaris OE Train, are explained in this article. This long conducted software testing program supports each Solaris Operating Environment (Solaris OE) release and have recently been expanded to include rigorous integration and interoperability testing of key third party software from VERITAS Software and Oracle Corporation, as well as Sun Open Net Environment (Sun ONE) software.
  
  

Back to Top

Networking

• The Service Delivery Network: A Case Study (April 2006)
  -by Mikael Lofstrand, Jason Carolan
  Secure messaging has emerged as a core IT service. Most organizations today rely upon e-mail as a mission-critical application that serves key business processes and transports proprietary and confidential business information among authorized users. The case study in this article shows how to use Sun's Service Delivery Network (SDN) to guide the design of a secure, service-optimized network architecture for an example secure e-mail application. Secure e-mail was chosen for this case study because it is a familiar application that is relatively simple to describe and understand, allowing the reader to focus on the use of SDN rather than the details of an application. Note, however, that the SDN approach can be used to design network architectures that support almost any kind of application or service.
  
  
• Sun's Pattern-based Design Framework: The Service Delivery Network (September 2005)
  -by Jason Carolan and Mikael Lofstrand
  The Service Delivery Network (SDN) is the approach that Sun uses to design service optimized network architectures for customer and in-house implementations. This approach consists of basic network building blocks, common network design patterns, integrated network components, and industry best practices that together are carefully blended in response to a customer's business and technical goals. The SDN provides a set of network connectivity, routing, load balancing, and advanced security mechanisms that, when applied in combination, result in flexible network infrastructure designs that provide high performance, scalability, availability, security, flexibility, and manageability.
  
  The primary goal of the SDN is simple:
  
  Service delivery at any time, from anywhere, to any device.
  
  A service optimized network architecture focuses on the services provided over the network to the end user, rather than the enabling technologies or their related components. By virtualizing resources and understanding the core services offered directly to end users, as well as the other data center services that support these end user services, organizations can take advantage of a true service-driven architecture.
  
  
• Ethernet Autonegotiation Best Practices (July 2004)
  -by Steve Hodnett and Jim Eggers
  Issues related to network performance, delays, jumpstart problems and link failures due to incorrect ethernet link speed and duplex settings are becoming more common due to outdated Ethernet link policies adopted by many administrators. This is largely due to misunderstanding of Ethernet autonegotation standards and experiences with older ethernet drivers and switches.
  
  This article details Sun's recommendation to leave Ethernet autonegotiation enabled (default) when connecting Solaris Operating System 100Mb and 1000Mb Ethernet NICs to switches and hubs that are IEEE 802.3 compliant. Customers are unnecessarily setting 100Mb and 1000Mb ethernet interfaces parameters in /etc/system and driver.conf, or using ndd, without fully understanding the possible ramifications and negative results.
  
  
• Maximizing the Performance a Gigabit Ethernet NIC Interface (April 2004)
  -by Francesco DiMambro
  This article describes how to get the greatest benefits from your Ethernet NIC interface. It includes information on the tools that can help you achieve the best results from that interface, as well as a section on troubleshooting. This article targets an advanced reader.
  
  
• Sun Ray Deployment On Shared Networks (February 2004)
  -by Mike Oliver, Raja Doraisamy, Bob Doolittle, Kent Peacock, Gerard Wall, and Gary Sloane
  With the growing popularity of the Sun Ray thin client computing model and its increasing acceptance in business and research settings, there has been considerable demand for a more detailed description of best practices for deployment on varied existing network topologies. This article describes several common topologies and provides deployment hints and instructions not yet covered in the product documentation. This article is ideal for advanced network administrators.
  
  
• Enterprise Network Design Patterns: High Availability (December 2003)
  -by Deepak Kakadia, Sam Halabi, and Bill Cormier
  This article describes how to create highly available network designs, using Sun technologies and network switching/routers. Its content is geared for an advanced reader.
  
  
• Network Design Patterns: N-Tier Data Centers (October 2003)
  -by Deepak Kakadia and Richard Croucher
  This article describes design concepts and principles that can be extremely valuable in the construction of optimal Sun ONE N-Tier Data Center architectures. When trying to deliver complete and optimal solutions, there is a void on how to assemble the various Sun ONE components to craft a complete working system. This paper describes in detail how to assemble the various building blocks of an N-Tier system.
  
  
• Building Secure Sun Fire Link Interconnect Networks Using Sun Fire 15K and Sun Fire 12K Servers (August 2003)
  -by Joe Higgins and Steven Spadaccini
  Deploying a secure distributed computer system can be difficult. This article describes how to install and deploy the Sun Fire Link product so that it can be securely managed and operated. The article documents the software architecture and steps needed to secure the Sun Fire Link interconnect. The commands used in configuration steps are either Fire Link Manager (FM) or Solaris Operating Environment (Solaris OE) tools. The article also includes a section on how to create, configure, and secure a Sun Fire Link fabric. This article requires a general knowledge of Solaris OE system administration and is written for advanced system administrators.
  
  
• Understanding Gigabit Ethernet Performance on Sun Fire Servers (February 2003)
  -by Jian Huang
  The recent network-centric computing has been exercising tremendous pressure on servers' network performance. With the increasing popularity of gigabit Ethernet, especially the availability of lower-cost copper-based gigabit Ethernet adapters, the question of how Sun's servers perform in this arena has become one of the most important issues that Sun engineering teams are trying to address. This paper presents an overview of the performance of the new Sun GigaSwift Ethernet MMF Adapter card on a Sun Fire server in terms of TCP/IP networking.
  
  Most of the previous effort on TCP/IP network performance has been focused on bulk-transfer traffic, which imposes on servers a continuous flow of packets with sizes equal to the Maximal Transfer Unit (MTU) of the underlying carrier.
  
  In the client-server computing environment, however, not all requests from clients, nor all replies from the servers are constantly large. The traffic of small packets, whose size is below that of the MTU of the carrier, is also very commonly seen. Hence, this paper investigates the performance of both the bulk-transfer and small-packet traffic on a Sun Fire 6800 server.
  
  In addition to presenting a performance picture, this paper also takes the initiative to study the root cause of the behavior of Sun servers by revealing some of the implementation details of the Solaris Operating Environment (Solaris OE). A set of tuning parameters that affect TCP/IP network performance is discussed and some tuning recommendations is given.
  
  
• (April 2002) Enterprise Management Systems Part I: Architectures and Standards
  -by Deepak Kakadia, Dr. Tony Thomas, Dr. Sridhar Vembu and Jay Ramasamy
  The first in a two-part series focused on managing services in Service Driven Networks (SDNs), this article presents a summary of typical architectures and a clarification of the standards to help the reader better understand the implementations of various third-party vendor EMSystems solutions.
  
  
• Enterprise Quality of Service (QoS) Part II: Enterprise Solution using Solaris Bandwidth Manager 1.6 Software (March 2002)
  -by Deepak Kakadia
  Deepak's article is the second in a two-part series that focuses on Quality of Service (QoS) issues. This article explores possible approaches to deploying an Enterprise Quality of Service solution using Solaris Bandwidth Manager 1.6 software. It also presents an integrated close-loop solution using Sun Management Center 3.0 software, which exploits API's offered by both products and creates a policy-based QoS solution for the enterprise.
  
  
• Enterprise Quality of Service (QoS): Part I - Internals (February 2002)
  -by Deepak Kakadia
  In a two-article series, distinguished Sun BluePrints author works to clear the confusion surrounding QoS by explaining what it is, how it is implemented, and how to use it in an enterprise. This month's part one article details the basics surrounding the "what" and "how" of implementation, as well as the internals of QoS. Be sure to return to Sun BluePrints OnLine next month for his second article which will focus on how to deploy QoS in an enterprise.
  
  
• Using NTP to Control and Synchronize System Clocks - Part III: NTP Monitoring and Troubleshooting (September 2001)
  -by David Deeths and Glenn Brunette
  This article is the third in a series of three articles that discuss using Network Time Protocol (NTP) to synchronize system clocks. The goal of this article is to provide an effective understanding of NTP troubleshooting and monitoring.
  
  
• Using NTP to Control and Synchronize System Clocks - Part II: Basic NTP Administration and Architecture (August 2001)
  -by David Deeths and Glenn Brunette
  This is Part 2 of a three-article series that discusses how to use Network Time Protocol (NTP) to synchronize system clocks. This article explains the basics of client and server administration, covering various client/server configurations, as well as authentication and access control mechanisms. This article also provides a number of suggestions for an effective NTP architecture.
  
  
• Using NTP to Control and Synchronize System Clocks - Part I: Introduction to NTP (July 2001)
  -David Deeths and Glenn Brunette
  This article is the first of a series on the Network Time Protocol (NTP). NTP allows synchronizing clocks on different network nodes, which is critical in today's networked world. This first article provides an overview of why time synchronization is important and introduces basic NTP concepts.
  
  
• Maintaining Network Separation with Trusted Solaris 8 Operating Environment (March 2001)
  -by Glenn Faden
  Glenn Faden describes how Mandatory Access Control (MAC) can be used to provide concurrent access to two isolated networks without compromising the separation.
  
  
• Policy-Based Networks (October 1999)
  -by Jean-Christophe Martin
  Explores the network policy concept in greater depth, and see how it is implemented in the Solaris Bandwidth Manager software.
  
  
• Resource Management: Solaris Bandwidth Manager (June 1999)
  -by Evert Hoogendoorn
  Evert explains the benefits of Solaris Bandwidth Manager.
  
  

Back to Top

Sun x64 Systems

• Consolidating Legacy Applications onto Sun x64 Servers
  How to move Microsoft Windows NT Applications onto Sun x64 Servers using VMware ESX Server (February 2006)
  -by Marshall Choy
  IT organizations wishing to continue to run applications on the Microsoft Windows NT Server operating system have faced a limited number of choices given the increasing lack of support for their aging hardware, and the lack of drivers for current hardware. The ability of VMware ESX Server to host these operating system environments and their applications on state-of-the-art, high-performance hardware platforms like the Sun Fire V40z server gives IT organizations a new class of options. Not only can they use virtualization to run their applications on current, supported hardware — they can leverage the greater processing power, memory capacity, and disk storage of today's servers to consolidate multiple PC server environments onto a single platform. Now IT organizations can upgrade their hardware platforms, and use the upgrade process also to address their power, space, and cooling issues, while exploiting the economies of scale that consolidation brings.
  
  This Sun BluePrints article describes in step-by-step fashion how one such application — an Apache Web server running on the Windows NT Server operating system — could be consolidated onto ESX Server running on a Sun Fire V40z server with no changes to the application or its configuration. The importance of this exercise is not the application itself. It is the fact that the only changes to the disk image imported by the physical-to-virtual process were to install drivers for the virtual network interface and display devices supported by the virtual machine environment. Once an application is consolidated into the virtual environment in this way, it can securely share a single platform with multiple instances of Windows operating systems and the applications that they host. Because each virtual machine provides an idealized environment to the guest operating system, the disk images created by the consolidation process are portable. So as this consolidation technique becomes proven in any given IT organization, PC workloads can be re-distributed among a growing number of servers by moving virtual disks and virtual machine configuration files.
  
  
• Updating BIOS and Firmware on Sun Fire V20z and Sun Fire V40z Servers Using Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003 (September 2005)
  -by Pierre Reynes
  In an era of tight IT budgets, many organizations are challenged to optimize existing computing resources. To help this effort, Sun x64 servers give enterprises the freedom to choose from a variety of operating systems, including the Solaris Operating System, SuSE Linux, Red Hat Linux and Microsoft Windows. By keeping the BIOS and firmware up-to-date on these systems, organizations are better able to experience increased performance and take advantage of the latest technology.
  
  This Sun BluePrints article provides detailed instructions on how to perform BIOS and Service Processor updates on Sun x64 servers running the Solaris OS or Linux environments. It is intended for organizations running Sun Fire V20z or Sun Fire V40z servers and Microsoft Windows 2000, Microsoft Windows Server 2003, or Microsoft Windows XP operating environments. It provides step-by-step instructions for updating the BIOS and Service Processor from a system running any of these Microsoft operating environments. In particular, it describes how to share the NSV files with the appropriate permissions, mount the Server Message Block (SMB) share from the Service Processor (SP) on the Sun Fire V20z or Sun Fire V40z server, and perform the update.
  
  
• Configuring Multiboot Environments on Sun x64 Systems with AMD Opteron Processors (September 2005)
  -by Barton Fiske
  This Sun BluePrints article gives detailed procedures for configuring Sun x64 workstations with AMD Opteron processors to boot more than one operating system from the same physical hard drive. This capability is referred to throughout this article as “multiboot.” Specifically, the three major operating systems in use today — the Solaris Operating System, Linux, and Windows operating systems — can be deployed on a single system disk, and configured to allow a user to choose between the different operating systems at boot time. Multiboot capability should not be confused with available virtualization technology that allows simultaneous operation of multiple operating systems (such as VMware, Xen, or other approaches).
  
  
• Automating Initial Setup and Management of Sun Fire V20z and V40z Servers (June 2005)
  -by Jacques Bessoudo
  Many compute- and network-centric applications can benefit from pools or grids of smaller, horizontally-scaled servers due to their lower initial cost, flexibility, scalability, and performance for certain tasks. However, installing and managing tens or hundreds of servers in a consistent manner can be time consuming and prone to errors that further increase the time required to manage large pools of servers. Fortunately, many administrative tasks can be easily automated using the integrated service processor in the Sun Fire V20z and V40z servers.
  
  There are three areas of setup and management of the Sun Fire V20z and V40z server's service processor that are usually performed manually--where automated scripts can save time and can eliminate errors:
  
  * Service processor setup
  * Service processor management
  * Server (BIOS) and service processor firmware updates
  
  This article describes a method for helping system administrators save time by automating these processes and running them on multiple systems simultaneously. It details the steps for creating scripts to automate these tasks and run them in parallel and includes examples of several of the more common tasks.
  
  
• Configuring JumpStart Servers to Provision Sun x86-64 Systems (February 2005)
  -by Pierre Reynes
  Organizations are constantly challenged to deploy systems throughout the enterprise with consistent and reliable configurations. Solaris JumpStart technology provides a mechanism for fully automating the Solaris Operating System (Solaris OS) installation process. With the ability to locate installation information over the network or from a local CD-ROM drive, and use customized profiles, JumpStart facilitates the rapid and consistent deployment of Solaris OS-based systems.
  
  Many organizations have relied on UltraSPARC/Solaris platforms for years, and use JumpStart technology for operating system deployment. With the introduction of Sun x86-64 based systems, organizations are now seeking ways to use existing JumpStart servers to deploy the Solaris OS and Linux operating environment on Sun x86-64 based systems. This article describes how to modify existing JumpStart servers to support the deployment of the Solaris OS and Linux operating environment on Sun x86-64 based systems, as well as how to use standard Linux installation tools for configuring Sun x86-64 based systems.
  
  

Back to Top

---

  to the top  |     back to home

---