Cover V11, I09

Article

sep2002.tar

To Solaris 9 or Not to Solaris 9

Peter Baer Galvin

This month begins my coverage of Solaris 9 (S9). S9 is a major new release for Sun, and Sun users. This month's column starts with an overview of Solaris 9, with input from the Solaris Product Line Manager, Bill Moffitt. Future columns will explore S9, including its threading and memory models, and its additional features like SunScreen and LDAP integration.

Mr. Bill and the Insides of Sun

Speaking with Mr. Moffitt was a pleasure, as he is clearly in touch with the user community and "gets it" as far as what is important to Sun users and the direction Solaris should take. He is part of a team that includes Sun's engineers, as well as technical marketing. This team determines the road map for Solaris, including the minor and major releases. In fact, they are currently working on the Solaris 10 feature set, having completed the major planning for all of the Solaris 9 releases. In our discussions, Bill was quite candid about the good and bad of Solaris and Sun, and what he believes are the right ways to enhance the good and reduce the bad. This column is based on my initial evaluation of Solaris 9, as well as the information gleaned from Bill. Bill confirmed some of my suspicions and allayed some fears, and in general shed light on the entity that is Solaris.

As I mentioned, S9 incremental (or "minor") releases are already defined and being implemented. The Solaris architecture team must try to see into the future, guessing where the industry is going and what users want from Solaris. The internals of Solaris planning are interesting. Lots of groups own different pieces of Solaris, and lots of groups are involved in contributing to the release. Engineers set overall direction, and product managers within the product marketing group for each component also contribute. Then functional teams work on the details (these plans are set yearly, based on resources), and all groups contribute to define the release train. What used to be one-year planning cycles are changing to longer-term cycles to better capture industry trends. Sun wants to pick important directions, and set product releases to meet demand. Bill said that in the past, Sun tried to do too many things, resulting in incomplete solutions. He hopes to concentrate on fewer areas and make them more complete (and usable). As a longtime Sun/Solaris user (SunOS 3.2 was my first taste), I applaud this direction and hope that it takes root.

Whither S9 on Intel?

The future of S9 on Intel is still being evaluated within Sun. The software port of S9 is actually complete, but PC-specific drivers still need porting or writing, and the product needs "productizing" and documentation to be done to make it a finished release. Sun wants to continue to execute the release (especially given how much work has already been done). Unfortunately, the economic downturn caused a hard look at projects, costs, and payoffs, and S9 on Intel was one of the casualties. Still, the status is officially "delayed", meaning it could be re-ignited later. For my part, I'd hope that Sun would pick one PC manufacturer's product line, and make S9 Intel work well on that. Trying to support all PC hardware is a fool's errand, but having no S9 Intel will limit the spread of S9 and decrease development and porting issues. I welcome feedback on this issue and will send it along to Sun.

On the subject of Linux, Sun sees it as valuable at the "edge" (e.g., for Web serving). Over time, the entire SunOne stack will be ported over to Linux.

The Value of Solaris 9

Solaris 9 includes a host of internal changes, as well as external new features. Here are some of the highlights:

  • SunScreen is included with the initial S9 release (although a little hard to find). This is the full release, and there apparently will be no commercial option. Of course, it's fully supported, as is the rest of Solaris.
  • The iPlanet Web server is on the SunOne Advantage disk that accompanies the core "WOS" ("wad of stuff", as Sun calls the set of CDs that are the official Solaris release). The iPlanet app server is there too.
  • The iPlanet Directory Server is in the WOS, as a fully integrated and supported component. More on this in future columns, as it becomes clearer exactly what you can and can't do with it. Internally, Sun is using LDAP for UNIX login authentication. Unfortunately, this is not yet supported by Sun, but should be in a future Solaris 9 release. There is an LDAP client that is new with 9. Currently the LDAP integration uses nsswitch.conf, but integration with PAM is coming.
  • Resource Manager is integrated with S9. Again, there will be no commercial option. Mr. Moffitt says that everyone should evaluate it for use in their environments as it is feature rich and has great utility in many circumstances.
  • The included "volume manager" is an enhanced version of Disk Suite, and is not to be confused with the Veritas product of the same name. It adds soft partitioning (so there is no longer a limit of eight partitions per disk). It is also fully integrated (rather than being an optional package), which means that extraordinary measures will no longer need to be taken to use it (i.e., to upgrade a system that has Solaris volume manager mirrored root disks). A rudimentary version of snapshotting is included (this is the same functionality as in S8 02/02, and is more for backups than user access).

In the future, iPlanet (or SunOne, I suppose I should say) application server 7 will be integrated with S9. Version 7 will be an integrated Web and app server. (There will still be a for-cost enterprise version that will have advanced features). The goal for Application server 7 is to be a quality release (with increased stability and performance), just as Solaris 8 was a quality release and Solaris 7 was a feature release. The fact that application server 7 will be integrated into the core OS means more QA will be performed on it.

On the Subject of UFS

Sun is deciding how much to invest in it and how much to spend on a next-generation file system. UFS is at its core 32-bit, and was designed for the olden-times when files were small and fragmentation was the biggest enemy. Sun is writing some code for an alternate file system, and making decisions on whether to include the new file system in S10 or whether to keep stretching UFS. The Solaris 9 direct I/O (also the same as that in S8), and is used automatically by Oracle and the like for near-raw-disk performance.

Performance

Sun also put quite a bit of effort into improving performance in Solaris 9. The changes are primarily aimed at larger machines and larger applications. Some changes are useful on almost all machines though, such as the threading library reengineering. As usual, Sun ensured backward compatibility. In fact, no code recompile is necessary to take advantage of the new version. Sun found some performance problems with user-level threads (which were designed to increase performance over kernel-level threads!). Context switching and thread scheduling within the kernel are now so efficient that great gains were realized by making all user-level threads into "bound threads". That is, each user-level thread has an associated kernel-level thread, and all thread scheduling is now done by the kernel. Overall, multi-threaded applications improve by about 10%. Some border cases have been seen to improve by 500%! Databases such as Oracle see performance improvements.

Another performance win involves varying page sizes. Here, an application can request a large amount of memory and that memory is no longer allocated in 8-K chunks, but as a larger chunk. This makes the translation lookaside buffer (TLB) much more efficient as more memory can be located via a single entry.

Page coloring is the latest incarnation of memory allocation for I/O and processes. Those who have been around the block with Solaris remember the unified memory model (process and I/O fought for the same memory pool), priority paging (processes had priority over I/O for memory), and now page coloring (I/O and process memory are managed separately). Oracle, for example, gains from page coloring (both 32- and 64-bit). Coming down the road in Solaris 9 is memory placement optimization. Sun's memory allocator already tried to keep memory on the same system board as the thread is running, and this will be improved. More performance fixes are also coming for UFS logging.

Unfortunately, most of these performance improvements are found via Sun's internal benchmarking, not via the public "benchmarketing" at http://www.spec.org and http://www.tpc.org. Those efforts have been slowed by cutbacks at Sun, so they will be sporadic. Still, the Sun team is convinced that the performance improvements in S9 are real and pervasive.

Security

There are many security enhancements included in Solaris 8 and 9. Solaris 8 added RBAC, and 9 adds SunScreen. It also adds support for smartcards, which are Sun's stated direction for physical authentication. S9's smartcard services mean that a single machine can be have more secure authentication, as well as a centrally administered facility. Card insertion starts a new session (much like on the SunRays). There are no APIs yet for smartcard access, but that is coming. This is another good subject for a future column...

When to Make the Move

The question facing most Sun sites is when to make the move to S9. The answer, if you ask a consultant, is "it depends". There are some clear cases, at least. If the system in question has four or more CPUs, and performance is important, then upgrade sooner. Likewise if LDAP is important or if the site is moving toward Web services model (because the software is included with S9). Solaris 9, from all indications, is solid and ripe today. Supported applications are few now but many are coming, so that will also be an influence on when to make the move. Don't forget to consider the live upgrade feature to make the move easier (and allow you to switch back if the upgrade does not meet your needs).

Tidbits

There was some excellent information on Solaris 9 available in Jim Mauro and Richard McDougall's Solaris Internals tutorial at Usenix 2002 (featuring guest star Kevin Sheehan). I had planned to sit in just for a bit and then take in the scenery (at Monterey) since I'd taught my tutorial the day before, but ended up staying for the whole session. It was worth it.

They explained that Solaris 9 uses much smaller packages to contain features than in the past releases. For example, telnet is in its own package, and adding or removing telnet also modifies the inetd.conf file to either include or exclude telnetd. This is a useful change, but they warn not to overuse it. For example, removing the pre-installed Perl can break other packages since quite a few depend on Perl (and on the Sun version of it, of course). They recommend not removing any Sun packages and replacing them with your own preferred versions. Rather, leave the Sun one in place, add your own (e.g., to /opt), and have users use /opt before /usr, for example. As another example, other packages use the Sun version of ssh, so leave that one and add your own if you prefer. Of course, choosing which version to run in daemon mode is trickier. I recommend the most recent version of what's installed because that tends to be more secure.

Additional information from the tutorial is that Sun is making a concerted effort in the area of user visibility into the operation of Solaris. The new mdb editor is a big start, with more features coming from mdb in the future. There are certainly some areas with Solaris where "diagnosability" is still lacking. For example, how can you determine which process is performing all that I/O to a file system? How can you find which file it is using? And how can you determine how much bandwidth of a given network interface is being used? There are still some obvious areas in which the provided tools are blind, and Sun is working to fix that.

The Usenix tutorial CD is still the best deal in systems administration, including the PDF versions of many of the tutorials given at the conferences. If you care about how Solaris works and how to optimize it (either as an admin or developer), check out Mauro and McDougall's Solaris Internals: Core Kernel Architecture (Prentice Hall PTR; ISBN: 0130224960) book and then read the tutorial notes for Solaris 8 and 9 updates.

Conclusions

Sun has concentrated on communicating Solaris features through the docs, and you can read the "What's New" manual at http://docs.sun.com. Unlike the marketing info on Sun's Web site, there is detailed information about what is the same as previous releases, what is enhanced over the previous release, and what is brand new.

Solaris 9 is solid and feature-rich. Application support is scanty at the moment but coming along rapidly. If you need improved performance, LDAP integration, or iPlanet Web and application servers, then upgrade sooner. Otherwise, upgrading later is probably the best approach.

Next month, the Solaris Companion will cover the newly integrated (free) SunScreen firewall.

 
© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com