Solaris 9 or Not to Solaris 9
Peter Baer Galvin
This month begins my coverage of Solaris 9 (S9). S9 is a major
new release for Sun, and Sun users. This month's column starts
with an overview of Solaris 9, with input from the Solaris Product
Line Manager, Bill Moffitt. Future columns will explore S9, including
its threading and memory models, and its additional features like
SunScreen and LDAP integration.
Mr. Bill and the Insides of Sun
Speaking with Mr. Moffitt was a pleasure, as he is clearly in
touch with the user community and "gets it" as far as
what is important to Sun users and the direction Solaris should
take. He is part of a team that includes Sun's engineers, as
well as technical marketing. This team determines the road map for
Solaris, including the minor and major releases. In fact, they are
currently working on the Solaris 10 feature set, having completed
the major planning for all of the Solaris 9 releases. In our discussions,
Bill was quite candid about the good and bad of Solaris and Sun,
and what he believes are the right ways to enhance the good and
reduce the bad. This column is based on my initial evaluation of
Solaris 9, as well as the information gleaned from Bill. Bill confirmed
some of my suspicions and allayed some fears, and in general shed
light on the entity that is Solaris.
As I mentioned, S9 incremental (or "minor") releases
are already defined and being implemented. The Solaris architecture
team must try to see into the future, guessing where the industry
is going and what users want from Solaris. The internals of Solaris
planning are interesting. Lots of groups own different pieces of
Solaris, and lots of groups are involved in contributing to the
release. Engineers set overall direction, and product managers within
the product marketing group for each component also contribute.
Then functional teams work on the details (these plans are set yearly,
based on resources), and all groups contribute to define the release
train. What used to be one-year planning cycles are changing to
longer-term cycles to better capture industry trends. Sun wants
to pick important directions, and set product releases to meet demand.
Bill said that in the past, Sun tried to do too many things, resulting
in incomplete solutions. He hopes to concentrate on fewer areas
and make them more complete (and usable). As a longtime Sun/Solaris
user (SunOS 3.2 was my first taste), I applaud this direction and
hope that it takes root.
Whither S9 on Intel?
The future of S9 on Intel is still being evaluated within Sun.
The software port of S9 is actually complete, but PC-specific drivers
still need porting or writing, and the product needs "productizing"
and documentation to be done to make it a finished release. Sun
wants to continue to execute the release (especially given how much
work has already been done). Unfortunately, the economic downturn
caused a hard look at projects, costs, and payoffs, and S9 on Intel
was one of the casualties. Still, the status is officially "delayed",
meaning it could be re-ignited later. For my part, I'd hope
that Sun would pick one PC manufacturer's product line, and
make S9 Intel work well on that. Trying to support all PC hardware
is a fool's errand, but having no S9 Intel will limit the spread
of S9 and decrease development and porting issues. I welcome feedback
on this issue and will send it along to Sun.
On the subject of Linux, Sun sees it as valuable at the "edge"
(e.g., for Web serving). Over time, the entire SunOne stack will
be ported over to Linux.
The Value of Solaris 9
Solaris 9 includes a host of internal changes, as well as external
new features. Here are some of the highlights:
- SunScreen is included with the initial S9 release (although
a little hard to find). This is the full release, and there apparently
will be no commercial option. Of course, it's fully supported,
as is the rest of Solaris.
- The iPlanet Web server is on the SunOne Advantage disk that
accompanies the core "WOS" ("wad of stuff",
as Sun calls the set of CDs that are the official Solaris release).
The iPlanet app server is there too.
- The iPlanet Directory Server is in the WOS, as a fully integrated
and supported component. More on this in future columns, as it
becomes clearer exactly what you can and can't do with it.
Internally, Sun is using LDAP for UNIX login authentication. Unfortunately,
this is not yet supported by Sun, but should be in a future Solaris
9 release. There is an LDAP client that is new with 9. Currently
the LDAP integration uses nsswitch.conf, but integration
with PAM is coming.
- Resource Manager is integrated with S9. Again, there will be
no commercial option. Mr. Moffitt says that everyone should evaluate
it for use in their environments as it is feature rich and has
great utility in many circumstances.
- The included "volume manager" is an enhanced version
of Disk Suite, and is not to be confused with the Veritas product
of the same name. It adds soft partitioning (so there is no longer
a limit of eight partitions per disk). It is also fully integrated
(rather than being an optional package), which means that extraordinary
measures will no longer need to be taken to use it (i.e., to upgrade
a system that has Solaris volume manager mirrored root disks).
A rudimentary version of snapshotting is included (this is the
same functionality as in S8 02/02, and is more for backups than
In the future, iPlanet (or SunOne, I suppose I should say) application
server 7 will be integrated with S9. Version 7 will be an integrated
Web and app server. (There will still be a for-cost enterprise version
that will have advanced features). The goal for Application server
7 is to be a quality release (with increased stability and performance),
just as Solaris 8 was a quality release and Solaris 7 was a feature
release. The fact that application server 7 will be integrated into
the core OS means more QA will be performed on it.
On the Subject of UFS
Sun is deciding how much to invest in it and how much to spend
on a next-generation file system. UFS is at its core 32-bit, and
was designed for the olden-times when files were small and fragmentation
was the biggest enemy. Sun is writing some code for an alternate
file system, and making decisions on whether to include the new
file system in S10 or whether to keep stretching UFS. The Solaris
9 direct I/O (also the same as that in S8), and is used automatically
by Oracle and the like for near-raw-disk performance.
Sun also put quite a bit of effort into improving performance
in Solaris 9. The changes are primarily aimed at larger machines
and larger applications. Some changes are useful on almost all machines
though, such as the threading library reengineering. As usual, Sun
ensured backward compatibility. In fact, no code recompile is necessary
to take advantage of the new version. Sun found some performance
problems with user-level threads (which were designed to increase
performance over kernel-level threads!). Context switching and thread
scheduling within the kernel are now so efficient that great gains
were realized by making all user-level threads into "bound
threads". That is, each user-level thread has an associated
kernel-level thread, and all thread scheduling is now done by the
kernel. Overall, multi-threaded applications improve by about 10%.
Some border cases have been seen to improve by 500%! Databases such
as Oracle see performance improvements.
Another performance win involves varying page sizes. Here, an
application can request a large amount of memory and that memory
is no longer allocated in 8-K chunks, but as a larger chunk. This
makes the translation lookaside buffer (TLB) much more efficient
as more memory can be located via a single entry.
Page coloring is the latest incarnation of memory allocation for
I/O and processes. Those who have been around the block with Solaris
remember the unified memory model (process and I/O fought for the
same memory pool), priority paging (processes had priority over
I/O for memory), and now page coloring (I/O and process memory are
managed separately). Oracle, for example, gains from page coloring
(both 32- and 64-bit). Coming down the road in Solaris 9 is memory
placement optimization. Sun's memory allocator already tried
to keep memory on the same system board as the thread is running,
and this will be improved. More performance fixes are also coming
for UFS logging.
Unfortunately, most of these performance improvements are found
via Sun's internal benchmarking, not via the public "benchmarketing"
at http://www.spec.org and http://www.tpc.org. Those
efforts have been slowed by cutbacks at Sun, so they will be sporadic.
Still, the Sun team is convinced that the performance improvements
in S9 are real and pervasive.
There are many security enhancements included in Solaris 8 and
9. Solaris 8 added RBAC, and 9 adds SunScreen. It also adds support
for smartcards, which are Sun's stated direction for physical
authentication. S9's smartcard services mean that a single
machine can be have more secure authentication, as well as a centrally
administered facility. Card insertion starts a new session (much
like on the SunRays). There are no APIs yet for smartcard access,
but that is coming. This is another good subject for a future column...
When to Make the Move
The question facing most Sun sites is when to make the move to
S9. The answer, if you ask a consultant, is "it depends".
There are some clear cases, at least. If the system in question
has four or more CPUs, and performance is important, then upgrade
sooner. Likewise if LDAP is important or if the site is moving toward
Web services model (because the software is included with S9). Solaris
9, from all indications, is solid and ripe today. Supported applications
are few now but many are coming, so that will also be an influence
on when to make the move. Don't forget to consider the live
upgrade feature to make the move easier (and allow you to switch
back if the upgrade does not meet your needs).
There was some excellent information on Solaris 9 available in
Jim Mauro and Richard McDougall's Solaris Internals tutorial
at Usenix 2002 (featuring guest star Kevin Sheehan). I had planned
to sit in just for a bit and then take in the scenery (at Monterey)
since I'd taught my tutorial the day before, but ended up staying
for the whole session. It was worth it.
They explained that Solaris 9 uses much smaller packages to contain
features than in the past releases. For example, telnet is in its
own package, and adding or removing telnet also modifies the inetd.conf
file to either include or exclude telnetd. This is a useful change,
but they warn not to overuse it. For example, removing the pre-installed
Perl can break other packages since quite a few depend on Perl (and
on the Sun version of it, of course). They recommend not removing
any Sun packages and replacing them with your own preferred versions.
Rather, leave the Sun one in place, add your own (e.g., to /opt),
and have users use /opt before /usr, for example.
As another example, other packages use the Sun version of ssh, so
leave that one and add your own if you prefer. Of course, choosing
which version to run in daemon mode is trickier. I recommend the
most recent version of what's installed because that tends
to be more secure.
Additional information from the tutorial is that Sun is making
a concerted effort in the area of user visibility into the operation
of Solaris. The new mdb editor is a big start, with more features
coming from mdb in the future. There are certainly some areas with
Solaris where "diagnosability" is still lacking. For example,
how can you determine which process is performing all that I/O to
a file system? How can you find which file it is using? And how
can you determine how much bandwidth of a given network interface
is being used? There are still some obvious areas in which the provided
tools are blind, and Sun is working to fix that.
The Usenix tutorial CD is still the best deal in systems administration,
including the PDF versions of many of the tutorials given at the
conferences. If you care about how Solaris works and how to optimize
it (either as an admin or developer), check out Mauro and McDougall's
Solaris Internals: Core Kernel Architecture (Prentice Hall
PTR; ISBN: 0130224960) book and then read the tutorial notes for
Solaris 8 and 9 updates.
Sun has concentrated on communicating Solaris features through
the docs, and you can read the "What's New" manual
at http://docs.sun.com. Unlike the marketing info on Sun's
Web site, there is detailed information about what is the same as
previous releases, what is enhanced over the previous release, and
what is brand new.
Solaris 9 is solid and feature-rich. Application support is scanty
at the moment but coming along rapidly. If you need improved performance,
LDAP integration, or iPlanet Web and application servers, then upgrade
sooner. Otherwise, upgrading later is probably the best approach.
Next month, the Solaris Companion will cover the newly integrated
(free) SunScreen firewall.