The $500 Million OS

Solaris gets a "bionic" makeover... faster, stronger, better than ever before

The latest version of the premier UNIX operating system is here, and it's a significant release of great importance to users and developers. Important because of the numbers it boasts: 600 new features, up to 80 percent system utilization, and up to 30 times better application performance. Important because it provides the highest levels of availability to date. Important because it comes with military grade security to prevent security problems, not just fix them.

The Solaris 10 OS isn't just a revision of the same old operating system (OS) made new by package redesign and shrink wrap. It's the result of half-a-billion in R&D dollars and more than four years of brain-bending problem solving by some of the most creative — and pragmatic — technology innovators on the planet. The result is a radically different OS that tackles head-on the fundamental issues customers have with their systems.

Customers want screaming performance. They need a more intelligent way to deal with file systems. They have to do more with less, and they want the confidence of knowing that their applications are always available and always secure. The Solaris 10 OS delivers all of this and more, releasing enterprises from the constraints of the old way of doing things. It's truly like nothing the industry has ever seen before.

Boost Application Performance up to 30x

Every day, application developers deal with a tough client: the business. Whether they're developing or debugging an application, they're totally focused on keeping that client happy. Businesses, of course, are always in motion — the drive to do things better, faster, and smarter is ever-present. And the pressure is on developers to deliver applications that satisfy these demands.

Meeting day-to-day business needs alone is a full-time job. What application developer has free time to worry about optimization at the OS level? We certainly don't expect developers — typically specializing in one programming language — to unearth complicated insights as to how applications interact with the OS. We know they have families to go home to.

There's no avoiding the fact that applications can run faster, but application developers don't have the bandwidth to take on the data center as a client. That's the hitch; there's huge potential to maximize applications by examining the complex behavior between the application and the OS, but no one in the IT organization gets paid to track down performance problems across the many layers of software in an infrastructure.

The old paradigm was to put some warm bodies on the payroll to do the job. New, inventive thinking puts technology to work and saves big money in salaries. And that's what Sun did. It invented its way out of lackluster application performance by developing a clever tool called DTrace, one of several new ultra-intelligent facilities available in the Solaris 10 OS.

Real-Time Dynamic Tracing

If you've ever wanted to get to the root of jaded application performance, pay attention. DTrace, or dynamic tracing, digs deep and gets to the bottom of performance problems in real-time. It works by using smart system probes that can access areas of ho-hum performance or bottlenecks. These probes are programmable sensors, scattered everywhere, illuminating every dark corner of your Solaris OS.

If you want to figure out what's going on in your system, simply use DTrace to program the appropriate sensors to record information that is of interest to you. Then, as each probe fires off information, DTrace gathers the data and reports back what's happening.

Here's another great feature: all of the instrumentation in DTrace is dynamic. Probes only come to life when you call on them. When their job is done, they're automatically disabled and their instrumentation is removed. That means there's no performance decline in your system.

DTrace provides visibility into kernel and application activity, giving you operational insights and performance gains unrivaled by any other operating system. Plus, since DTrace is built into the kernel, performance problems can be identified on production machines, eliminating wasted time and money for separate test beds.

System bottlenecks can be pinpointed and fixed as they happen, not days afterward. And with 25,000 probes in the kernel alone, DTrace can track, tune, and troubleshoot systems, all while boosting performance anywhere from 30 to 3000 percent.

Death, Taxes, and File Systems

Let's talk about file systems for a minute. Along with death and taxes, file systems are one of life's certainties. When it comes to data corruption, file systems are like sitting ducks. A system error or unexpected power outage can easily upset the integrity of your data.

Then there's the business of managing file systems. It is, in a word, brutal, but somehow we've just learned to live with their limitations. For example, to create a volume, create three file systems, and then grow the volume — five logical steps — takes 28 commands with a traditional file system and volume manager. Maybe, like with death and taxes, there's just no other way. Or is there?

Going back to the goal of freeing customers from system constraints, Sun decided it was time to rethink and re-architect the file system from the ground up. The charter: create a single file system that understands the files it manages and truly simplifies administrative tasks. After many late nights at the white board, a radically new approach to file system management was born — ZFS (zettabyte file system).

A Quantum Leap in File Systems

Remember what we said about file systems — vulnerable to silent data corruption and brutal to manage? Well now you can forget about it. ZFS represents a technological quantum leap in file systems. With ZFS, data corruption is history. ZFS is the only file system with built-in technology that provides provable data integrity. It conducts end-to-end 64-bit checksums on all data to detect and correct silent data corruption.

When data is read, the checksum is verified to ensure that the data the application wrote is what is returned. Even when the system shuts down unexpectedly, administrators can be confident that data remains intact. In fact, Solaris engineers put ZFS through more than a million forced, violent crashes during the course of testing. Not once did ZFS lose data integrity or leak a single block. No other operating system comes close to this kind of data certainty.

Making file system management easier meant doing away with the many complicated administrative concepts and chores associated with traditional file systems. To do so, Sun engineers took on the entire software stack and created an integrated file system from scratch.

Now, managing file systems is, well, simple. Remember that 28-step process? It's now just five simple ZFS commands. What's more, these commands complete consistently in just a few seconds. Traditional file systems and volumes often take hours to configure. In the example above, ZFS reduces the time required to complete the task from 40 minutes to less than 10 seconds.

And if that's not enough, ZFS solves a host of other problems. Some you probably haven't even considered, like storage, for example. Unlike traditional file systems that require a separate volume manager, ZFS is built on top of virtual storage pools, so creating and deleting files is much easier. Financially speaking, that's as good as money in the bank because it eliminates the cost of volume manager licenses. It also boosts storage utilization and slashes administration chores.

As a 128-bit system, ZFS can store 16-billion times more data than conventional file systems. It's designed to support more storage, more file systems, more snapshots, more directory entries, and more files than can possibly be created in the foreseeable future. And how's this for cool: ZFS is the only file system that is endian-neutral, so you can easily move disks from a SPARC server to an x86 server.

Fighting the Battle of the Bulge

One of the legacies passed down from the nineties boom is sprawling IT infrastructures. Many IT managers thought that dedicated server environments would provide a more reliable way to ensure performance and availability, while also mitigating security risks. The result was an outbreak of the 1:1:1 ratio — one application per operating environment per server.

The trend toward network-based applications also contributed to bulging infrastructures. Applications themselves have become more complex, requiring specific configurations of Web servers, application servers, and databases. Trying to get two applications to run effectively on one machine is complicated — and risky. IT managers typically see no choice but to ante up for a second machine.

Clearly, this approach doesn't scale — the more things that need to be managed, the more time consuming and expensive that infrastructure becomes. And it very quickly reaches the point of diminishing returns. The solution, then, is to find a way to slim down the IT infrastructure without compromising applications.

Server consolidation and virtualization techniques are a good start. They enable systems within the data center to be visualized and managed as interconnected computing resources rather than as individual systems. However, for resource management techniques to be effective, companies must be able to manage applications independently, control resource utilization according to business needs, isolate faults, and ensure security between multiple applications.

A New Approach to System Utilization

Sun engineers pushed the edge of virtualization and software partitioning to come up with a new approach to system utilization: flexible, software-defined boundaries that isolate software applications and services within a single machine.

Introducing Solaris Containers, an integral part of the Solaris 10 OS. Solaris Containers allow the creation of multiple private execution environments within a single instance of the Solaris OS. Each environment has its own identity, separate from the underlying hardware, yet behaves as if it is running on its own system, making consolidation simple, safe, and secure. And because system resources are virtualized, administrators can increase hardware utilization while meeting peak demand levels.

With each application running in its own private environment, many applications can be deployed on a single server without impacting each another. System and network resources can be allocated and controlled on a fine-grained basis, so applications can be consolidated onto fewer servers without concern for resource constraints, fault propagation, or security. This sub-CPU granularity gives one server the ability to deliver the security and reliability benefits of a fleet of systems — without the additional hardware outlays or management overhead.

Administrators can create up to 8000 secure, fault-isolated software partitions, each with its own IP address, memory space, file area, host name, root password, and so on. With so many organizations fighting the battle of the infrastructure bulge, Solaris Containers is a technology whose time has come, enabling IT organizations to shed the weight of underutilized boxes and don a sleeker, more efficient computing infrastructure.

An Ounce of Prevention

Injecting your network with a little preventive medicine can work wonders in warding off crises. But keeping close tabs on enterprise systems and curing ills before they grow into serious network disease isn't always possible. Traditionally, system monitoring has only been available with complex, expensive add-on software. For most IT organizations, hamstrung by ever-shrinking budgets, adding such monitoring capabilities to their software repertoire isn't an option.

By letting their imaginations lead, Sun engineers came up with a pound of cure: letting the system diagnose and heal itself. What emerged from that "aha" moment was Predictive Self-Healing (PSH) technology. PSH is an innovative feature that provides fine-grained fault isolation and restart of any component — hardware or software — that experiences a problem. It automatically diagnoses, isolates, and recovers from hardware and application faults.

Business-critical applications and essential system services continue uninterrupted in the event of software failures, major hardware component failures, and even software misconfiguration problems. If an application restart is required, PSH checks and manages hardware and application dependencies to ensure a clean recovery. This allows businesses to deliver superior levels of availability while minimizing administrative costs.

A PSH-enabled system can dynamically take a CPU, an I/O device, and/or regions of memory offline before they can cause system failure. In the Solaris 10 OS, the Solaris Fault Manager performs intelligent, automated, proactive diagnosis of error telemetry captured by the OS. It isolates and disables "unhealthy" components, helping to ensure continuous service — even before potential problems have hit the radar.

Should a task require human intervention, a PSH technology-enabled system will issue easy-to-understand diagnostic messages that point to articles in Sun's knowledge base, clearly explaining how to heal the system.

A New Approach to Access Privileges

Historically, the UNIX operating system has offered only two privilege levels to users and administrators: a single, all-powerful root user, and any number of other, unprivileged users. However, today's servers run hundreds of applications and are administered by various groups of people — all with different access needs and skill levels. It's not really desirable to give all of these administrators full access to every server and application. Doing so generates security hazards and increases the risk of system problems due to human error.

The two-privilege approach also doesn't factor in developers who need special privileges, either for installing applications or using certain debugging tools in development and production. UNIX administrators have typically worked around these problems through homegrown or third-party utilities that execute using all privileges and then allow certain users to perform additional tasks beyond their normal privilege levels.

Because their approaches are not tightly integrated with the OS, they become security risks if they have defects. Moreover, they require customers to work around the OS — and even wrap or disable its built-in features.

Security: Not an Afterthought

Sun has always taken a different approach to security than its competitors. We build security into every product instead of tacking it on as an afterthought. This is exactly the case with the Solaris 10 OS, which provides a solution to the all-or-nothing super-user model by integrating least-privilege security directly into the base operating system.

With this new functionality, the Solaris OS stands alone as the only UNIX OS to offer this security model fully integrated into the operating system kernel and associated components, while providing complete compatibility with the legacy UNIX environment and existing applications.

Every Solaris application has a fine-grained list of specific privileges enforced by the kernel, rather than a single all-powerful root privilege. And every Solaris OS service has been converted to use only the minimum privileges necessary, making it even harder to hack into the system and exploit services. Administrators can assign groups of privileges to roles corresponding to their business processes for different kinds of administrators and developers.

The Solaris 10 OS also includes an industry-leading range of security technologies to complement least-privilege, such as RBAC (role-based access control) for individual services and IPSec (Internet Protocol Security) secure networking, as well as a full range of cryptographic services that automatically adapt to and optimize for each hardware platform.

These security features don't require applications to change; administrators can dynamically control the security attributes of existing applications. What's more, least-privilege security attributes are sewn into all of the other new Solaris 10 OS features, including DTrace, ZFS, Containers, and PSH.

Inventive Solutions

They say necessity is the mother of invention. With that in mind, Sun looked at what customers needed to do — boost performance, simplify administration, eliminate waste, and maximize uptime — and the mission was clear: rebuild the operating system.

Sun engineers knew they could rebuild it. They had the technology. They had the capability to build the world's first "bionic" OS. When designing the Solaris 10 OS, Sun infused innovation into every bit and byte of the OS — a strategy none of Sun's competitors can replicate. The result is a dramatically improved Solaris OS, one that puts innovation to work and, consequently, purges cost and complexity from the IT infrastructure. That's why we call it the 500 million dollar operating system — it's "faster, stronger, better than ever before."

Get ready to get rocked: Did you know the Solaris 10 — the "bionic" OS — is available FREE?