Differences Between Solaris 11 and Solaris 10
Differences Between Solaris 11 and Solaris 10
Differences Between Solaris 11 and Solaris 10
DifferencesbetweenSolaris11andSolaris10
WelcomeTolulope
Account SignOut Help Country
Products
OracleTechnologyNetwork
Solutions
ServerandStorageSystems
Communities
Downloads
Solaris11
Iama...
Store
Iwantto...
Support
Search
Training
Partners
About
OTN
Overview
Overview
Technologies
Docs
Downloads
Training
LearnMore
Partners
DifferencesbetweenOracleSolaris10and11for
SystemAdministrators
ThefollowingtablessummarizedifferencesbetweenOracleSolaris10and11withemphasisonthebenefitsofOracleSolaris11.Thecontentis
drawnfromTransitioningfromOracleSolaris10toOracleSolaris11andothersourcesintheOracleSolarisdocumentation.
TableofContent
ImagePackagingSystem(IPS)
Virtualization
ZFS,SMBandCOMSTAR
Installation
SystemConfiguration
Networking
Security
LocalizationandInternationalization
ImagePackagingSystem(IPS)
OracleSolaris108/11
SVR4packages(datingfromthelate
1980's)
OracleSolaris11
ImagePackagingSystem(IPS)astateof
theart,networkrepositorybased
packagingsystem.
OracleSolaris11Benefits
InstallingandmaintainingOracleSolarisisgreately
simplifiedbecauseofthenewpackagingarchitecture.
Thissimplificationisparticularlynoticeableinreducing
theefforttokeepsystemsupdated.
ForOracleSolaris10andearlier,itwasnotuncommonto
spendtimedealingwithpatchdependencyissues.An
administratorhadnoideaoftheamountofworkthat
wouldberequiredforapplyingasinglepatch,i.e.
resolvingsituationswhereonepatchhadbeen
supersededbyanotherorbecomedependentonanother
patchbeingapplied.
ForOracleSolaris11allsystemchangesaremadeby
updatingpackagesandbecauseoftheautomatic
dependencychecking,beforeactuallyupdating
packages,theadministratorwillseetheentiresetof
packagesimpactedbyupdating.
Systemsoftwaremaintenancevia
packagesandpatches
Systemsoftwaremaintenanceviaupdates IPSgreatlysimplifiestheprocessofupdatingasystem
topackages
becausethereisonlyonewaytoupgradeorpatcha
systembyupdatingthepackages.
LiveUpgradeisariskmanagementfeature ThesamefeatureonOracleSolaris11is
mainlyusedforpatchingandupgradingby nowcalledcalledBootEnvironments.Itis
providingrollbackcapabilities.Itworkson nowcalledsimplyBootEnvironments.
bothUFSandZFSroot.
OracleSolaris11BootEnvironmentsarearisk
managementfeaturesuitableforanysituationinvolving
systemsoftwarechanges,andfullyintegratedinto
packageupdates,Zones,andZFS.
Patchasystembyapplyingtheappropriate
patchbundleeitherdirectlytothesystemin
singleusermode(afterdownloadingthe
appropriatepatchset)
#./installbundle
UpdateswillautomaticallycreateanalternateBoot
Environmenttowhichchangeswillbemade.OnOracle
Solaris10,LiveUpgrademustbemanuallyinvokedand
of,inaddition,runningonUFS,significantplanning
includingpotentiallydiskreformattingmayberequiredto
achieveLiveUpgradestoragerequirements.
orviaLiveUpgradetoanalternateBoot
Environment
Updateasystembyconnectingtothe
SupportRepositoryand
#pkgupdate
Thechangeswillbemadetoan
automaticallycreatedBootEnvironment
andchangeswillnotimpactrunning
environment.
OtheradvantagesaresimilartoOracleSolaris10swhen
thelatterisrunningonZFS:
Ifupgradeisnotwhatwasexpected,rollbacktopre
upgradeenvironment.
ZFSsnapshotsarealmostinstantaneous.
Thiscanhaveapositiveimpactondecreasing
maintenancewindows,particularlyifitispossibletostart
theupdateoperationduringproductiontime.Downtimeis
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
1/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
thenareboot,verifythattheapplicationsarerunning
correctly,andthenenablesystemtoproductionmode.
OrganizationswantingtouseLiveUpgradeonUFS
wereoftenconstrainedbydiskrequirements,which
sometimesrequiredbreakingamirrorsothatonehalf
wouldbethebeforepatchingstate,andtheotherafter
patchingstate.OnOracleSolaris11customersarenot
forcedtogiveupmirroringinordertobuildasafetynetfor
updatingasystem.
Upgradeasystemtoalaterreleasevia
traditionalupgradeprocess(aoneway
process),orviaLiveUpgrade
Upgradeasystembyconnectingtothe
repositoryasabove.
LiveUpgrademanagedthroughcommands BootEnvironmentsmanagedthroughthe
likethefollowing
beadm(1M)command.
Createabootenvironment:
#lucreatennewBE
Createabootenvironment
#beadmcreatenewBE
Status:
#lustatus
Status:
#beadmlist
Activate:
#luactivenewBE
Activate:
#beadmactivatenewBE
Delete:
#ludeleteBE
Delete:
#beadmdeleteBE
SVR4packagingsystemsupportsSVR4
packages.
SamenoteasaboveasthereisnodistinctiononOracle
Solaris11betweenupgradingasystemtoalaterrelease
andupdatingasystemwiththelatestpackageschanges.
Managementcentralizedinonecommandforallboot
environmentsadministration.
IPSsupportsIPSpackagesandSVR4
packages.SVR4packagecommandsare
included.SVR4patchcommandsonly
IPSsupportsSVR4packageswhereitisnotpracticalor
availablewithanSolaris10ZoneonOracle possibletorepackageinIPSformat.
Solaris11.
Packageshavehierarchicalnameslike
PackageshavenameslikeSUNWxxxx
driver/storage/<drivername>
system/management/<name>
andsoforth.
DownloadfullSVR4packagefrom
customersSVR4packagelocation.There
isnocentralizedOraclerepositoryfor
OracleSolaris10packages.
Packageswererefactoredtoconsolidatesimilar
componentsorbreakuplargepackagestofacilitate
updating.Finergrainpackagesgenerallymeanslessto
updatesincechangestoalargepackagetendnottobe
spreadevenlyacrossallcontentsofapackage.Packages
werethenrenamedtobemuchmoreunderstandableand
togiveanindicationofwhereaspecificpackagefitsinthe
overallsystemhierarchy.
IPSretrievespackagesfromOracleor
organizationrepository.IPScalculates
packagedeltasbetweenwhatiscurrently IPSminimizeswhatmustbetransferredtoupdatea
installedandlatestversionfromrepository package.
anddownloadsdifferences.
Packagemaintenancecapabilities
accessedthroughpkg(1)command
Setofcommandslikepkgadd,patchadd,
althoughSVR4packagecommands
pkgrm,pkgadm,pkginfo,pkgchk.
continuetoworkonIPSpackages.
Singlepkgcommandinterfaceforallactions.Oracle
Solaris10commandscanbeinvokedandwilldotheright
thingforIPS,e.g.pkginfo,pkgadd,pkgrm.
Updatingzones,seeZonessection.
ZonesandBootEnvironments,seeVirtualizationsection.
InstallationfromJumpstartvs.IPSRepository,seeInstallationsection.
KeyLinks:
OracleSolaris11PackageChanges
IntroducingtheBasicsofImagePackagingSystem(IPS)onOracleSolaris11
CreatingandAdministeringOracleSolaris11.2BootEnvironments
UpdatingtheSoftwareonanOracleSolarisSystem
OracleSolaris11CheatSheetforImagePackagingSystem.
Virtualization
OracleSolaris108/11
OracleSolaris11
SupportsSolaris8BrandedZonesand
OracleSolaris10and11Zonesare
Solaris9BrandedZonesbutdoesrequire supportedwithnoadditionlicensing
purchasinganadditionallicense.Solaris requirements.Solaris8and9Branded
10Zonesarepartofthebaseofferingand Zonesarenotsupported.
fullysupportedasapartofOraclesPremier Inaddition,OracleSolaris11alsosupports
SupportforOperatingSystems.
independentkernelsthroughanewfeature
inOracleSolaris11.2calledOracleSolaris
OracleSolaris11Benefits
SupportforOracleSolaris10ZonesisincludedinOracle
Solaris11supportprograms.Theprimaryadvantageis
thatitwillbepossibletorunOracleSolaris10
applicationsinanOracleSolaris11environmentonnew
hardwareplatformslongafterOracleSolaris10isno
longersupportedtorunnativelyonnewplatforms.
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
2/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
KernelZonesmeaningtheadministrators
canrundifferentOSversionsinparallel.
SupportlifeforOracleSolaris8and9isdocumentedin
LifetimeSupportPolicy:OracleHardwareandOperating
SystemsSupport.
Nobootenvironmentsforzones
Zonebootenvironmentssupported
Bootenvironmentsprovidethesamebenefitsforzonesas
theydofortheentiresystem,i.e.awaytosnapshotthe
zone'senvironmentbeforemakinganysoftwarechanges,
andthusprovidingasimplerollbackcapabilityshould
therebeareasontoreverttothestatebeforethechanges
tothezone'senvironment.
Monitorzonesthroughavarietyoftools
vmstat,mpstat,prstat
Newzonestat(1)commandprovides
Consolidatingcpu,memory,networkingandresource
varietyofzonespecificinformation.
controlutilizationintoonecommandsimplifiesmonitoring.
CommandsasmentionedforOracleSolaris
10arealsouseful.
Twooptionsforfilesystemorganization
sparseroot(whenminimizingsizewas
mostimportant)andwholeroot(when
customizingzonecontentsisimportant).
Singlesolutionaminimizedwholeroot
thatallowscustomizingzonecontents.
Notpossibletocreatezonesduringsystem Possibletodefinecontentsandcreate
installation.
zonesduringinitialsysteminstall.
Networkinginterfacesinzonescaneither
usesharedorexclusiveIPstacks.Shared
stacksarethedefault.
Hybridsolutionminimizesstoragerequirementstoless
than400MBperzonewhilemaintainingtheabilityto
customizezonecontent.
TheabilitytodirectlyprovisionzonesfromtheAIserver,
createsadditionalflexibilityindeployment.
Networkinginzonescanuseeithershared Theadvantagesofsharedstacksareofferedthroughnew
orexclusiveIPstacks.ExclusiveIPstacks capabilitiesforadministeringexclusiveIPstacks,see
arethedefault.
below.MoreovertheIPanddatalinklayersinOracle
Solaris11werereengineeredtointegratenetwork
virtualizationandnetworkresourcemanagement
capabilitiesandtousethosewithzonesonOracleSolaris
11,youmustselectexclusiveIPstacks.
IfyourunOracleSolaris10zonesonOracleSolaris11,it
ispossibletomakeuseofbothvirtualnetworkingand
networkresourcecapabilities,aslongasthoseare
createdandassignedfromtheglobalzone(i.e.running
OracleSolaris11).
ExclusiveIPstackzonescanbeassigned
anyIPaddressfromwithinthezone.
ArangeofallowableIPaddressescanbe ProvidesIPaddresscontrolsforExclusiveIPstackzones.
assignedexternallyfromtheglobalzoneto
anonglobalzoneusingexclusiveIPstack.
SharedIPstackprovidesdatalink
protectionagainstMACandIPspoofing.
Exclusivezonesnotprotected.
ProtectionagainstMACandIPspoofing
WiththedefaultofzonestoExclusiveIPstack,this
whetherusingSharedIPstackorExclusive symmetryensuresnolossofsecuritycapabilities.
IPstack.
ExclusiveIPstackzoneusageimplieda
dedicatedexternalphysicalinterfacefor
eachzone.
IntroductionofVirtualNICsremoved
VNICsandvirtualswitchesprovidemuchmoreflexibility
constraintofonephysicalinterfaceforeach increatingnetworkinaboxtopologiesaswellasgetting
zone.
betterutilizationfromhighspeedNICs.Seenetworking
sectionformoredetails.
Usermusthaverootprivilegesonglobal
zonetoadministerazone.
Zoneadministrationisassignedonaper
zonebasis.
zonecfg:myzone>addadmin
zonecfg:myzone:admin>set
user=zadminusername
zonecfg:myzone:admin>set
auths=login,manage
zonecfg:myzone:admin>end
Thisissimplyaroleaddedtothezoneadministrators
profile,andthatprofiledoesnothavetocontainanyother
globalzoneadministratorcapabilitiessozone
administratorcanonlyadministerassignedzones.
zonep2vchktoolformigratingaphysical
systemtoanOracleSolaris10zone.
zonep2vchktoolformigratingaphysical
OracleSolaris10systemtoanOracle
Solaris10or11Zone.
Thetoolofferssimilarcapabilitieswhethermigratingto
OracleSolaris10orOracleSolaris11zones.
#<dir>/zonep2vchk
#/usr/sbin/zonep2vchk
Zoneswhosecontentscan'tbemodified
canbecreatedviasparserootzonesbut
thiscapabilitywasnotdesignedasa
securityfeature.Thereislittleflexibilityin
configurations,andnotapplicabletowhole
rootzones.
Immutablezonesweredesignedasa
Theabilitytoinsulatezonesfromchangeisavery
securityfeature.Theycanbecreatedwitha powerfulsecurityfeature.
rangeofcapabilities.Thesecuritypolicy
canbe:
strictreadonly
fixedconfigurationpermits/var
updates
flexibleconfigurationpermits
/var,/etc,androothomedirectory
changes.
Otherattributesareassociatedwiththese
settings.
Hungzonemaynotbeabletoberestarted. Hungzonemorelikelyabletoberestarted. OnOracleSolaris10,ifazonehung,itwouldtypicallybe
duetoaprobleminsomeothersubsystem.Insome
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
3/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
situationsazonecouldnotbehaltedtorestart.OnOracle
Solaris11,azonethatishunghasabetterchanceof
beingabletobehaltedandrestarted.Itstillmayhang
againiftheunderlyingproblem(forexampleunavailability
ofafilesystemresource)hasnotbeenaddressed.
Togracefullyshutdownazone(not
summarilyhaltit)logintoeachzoneand
Allzonescanbegracefullyshutdown,one Abilitytogracefullyshutdownallzonesfromglobalzones,
byonefromtheglobalzonevia
simplifiesadministration.
#init5
#zoneadmzmyzoneshutdown
ZFS,SMBandCOMSTAR
OracleSolaris108/11
Nofilesystemencryptionfunctionality
OracleSolaris1111/11
OracleSolaris11Benefits
Filesystemencryptionisapropertythatcan Encryptionoffersveryhighsecurityvaluewithminimal
beassignedtoaZFSfilesystemwhenthe performanceimpact.Inparticular,theT4SPU(crypto
filesystemiscreated.
graphicsunit),achieveswirespeedencryptionand
decryptionontheprocessors10GbEports.
SeeBestPerfOracleblog.
ZFSdeduplicationisnotsupportedin
Deduplicationisapropertythatcanbe
OracleSolaris10releases,butyoucan
assignedtoaZFSdataset.
migrateapoolfromanOracleSolaris11
systemtoanOracleSolaris10systemwith
dedupeddata,butnofurtherdeduplication
takesplacewhenthepoolisimportedon
theSolaris10system.
DeduplicationplusZFScompressioncansubstantially
reducestoragerequirements.
ZFScapabilitiesaremanagedthroughthe
ZFScommandsandproperties.These
featuresaredescribedinzfs(1M)and
zpool(1M)manualpages
Corecapabilitiesaremanagedthroughthe BydistributingZFScapabilitiesintoseparatecommands
ZFScommandsandproperties.Delegated andproperties,itispossibletodelegateadministration
administration,encryption,andshare
basedonthespecificadministrativetask.
syntaxarecoveredintheseparate
zfs_allow(1M),zfs_encrypt(1M),and
zfs_share(1M)manualpages.
ForUFS,backupsareoftenaccomplished
byusingtheufsdumpandufsrestore
commands.YoucanmigrateaUFSfile
systemtoaZFSfilesystembyusingthese
commandsonanOracleSolaris10system
ormigrateUFSdatatoaZFSfilesystem
betweentwoOracleSolaris10systems.
OracleSolaris11includesanewsystem
ZFSprovidescomprehensivesetofcapabilitiestoarchive
cloneanddisasterrecoverycapability
andretrievefilesystemsnapshotsandmigratedata
calledUnifiedArchives.Administratorscan betweensystemsrunningdifferentOracleSolaris
usethearchiveadm(1M)commandto
versions.UnifiedArchivesprovidetheabilitytoquickly
quicklycaptureanarchiveandeither
captureacloneordisasterrecoveryarchiveanddeployit
deployitthroughtheexistingOracleSolaris toabaremetalorvirtualizedsystem.Thisprovides
ZoneadministrationtoolsorAutomated
extremelyflexiblegoldenimagedeploymentwhen
Installer.
required.
CreateZFSsnapshotsofimportantfile
systemsandthensend/receivethemto
backupsystem.Anautomaticsnapshot
service(service/storage/zfsauto
snapshot)isprovidedtocreatefilesystem
snapshotsautomatically.Or,youcan
archiveZFSdatawiththetraditionalUNIX
tar/cpio/paxarchiversorusemore
sophisticatedenterprisebackupproducts.
AUFSfilesystemcanbemigratedtoaZFS
filesystemonanOracleSolaris11system
byusingtheshadowmigrationfeature.
Inaddition,theufsdumpandufsrestore
commandscanbeusedtomigrateaaUFS
filesystemtoaZFSfilesystem.
OracleSolaris10releaseusestheiSCSI Administrationisthroughtheitadm(1M) COMSTARinOracleSolaris11providesamoreflexible
target,theiscsitadmcommand,andtheZFS commandformanagingSCSItargets,the environmentforiSCSIsupport.
shareiscsipropertytoconfigureiSCSI
srptadm(1M)commandformanaging
LUNs.
SCSIRDMAProtocol(SRP),andthe
stmfadm(1M)commandformanaging
SCSILUNs.
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
4/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
KeyLinks:
ManagingOracleSolarisZFSFileSystems
EncryptingZFSFileSystems
OracleSolarisZFSDelegatedAdministration
RecommendedOracleSolarisZFSPractices
MigratingFileSystemDatatoZFSFileSystems
UsingUnifiedArchivesforSystemRecoveryandCloninginOracleSolaris11.2
ConfiguringStorageDevicesWithCOMSTAR
Installation
OracleSolaris108/11
OracleSolaris11
OracleSolaris11Benefits
RootfilesystemcanbeUFSbasedorZFS RootfilesystemisZFS.OtherUFSfile
based.
systemscanstillbemountable.
ZFSfortherootfilesystemofferssuperiorreliabilityand
expandabilitycomparedtoUFS.Alsoeaseof
managementofZFSmakes3rdpartyvolumemanagers
unnecessary.
JumpStartforunattendedinstallations.
AI(unlikeJumpStart)integrateswithotherOracleSolaris
technologieslikeSystemManagementFramework(SMF),
IPSandZFStoprovideconsistency,scalability,and
performanceinprovisioningsystems,includingsystems
withOracleSolarisZones.
AutomatedInstaller(AI)forunattended
installations.
OracleVMManagerOpsCentercanprovisionboth
OracleSolaris10and11systemsaswellasmanage
virtualizationenvironmentsandmakesanattractiveoption
forcustomersthatdontwanttomanagetheirownAIand
orJumpstartservers.OracleVMManagerOpsCenterisa
nocostdownload.
Handsoninstallfrommediais
accomplishedbyinstallingfromOracle
SolarisinstallationDVDs(x86and
SPARC).
Unattendedinstallationsarepossibleby
placingthecontentsoftheinstallation
media(orISOimagecontentsfroma
download)onaJumpStartserver.
Handsoninstallfrommediacanbe
accomplishedthroughavarietyof
mechanisms.
Newinstallationarchitectureprovidesaconsistent
mechanismfordeployingsystems,viaasingle,feature
richautomatedinstallerorthroughtwotypesofinteractive
installations.
ForSPARCsystems:
TextInstallerCD
TextInstallerUSB
Forx86systems
TextInstallerCD
TextInstallerUSB
LiveMedia(formerlyLiveCD)DVD
LiveMedia(formerlyLiveCD)USB
Unattendedinstallationsarepossibleby
placingthecontentsoftheAIImagemedia
(orISOimagecontentsfromadownload)
onanAIserver.
Also,aDVDsetofthepackagerepository
forbothSPARCandx86isavailable.
InstalloverthenetworkviaJumpStartor
fromtheinstaller
InstalloverthenetworkviatheAutomated
Installer(AI).
SimilarresultsbutthesuperiorityofIPSdesignmeansIPS
packagesinstallfasteronOracleSolaris11thanSVr4
packagesonOracleSolaris10.
JumpStartserverandclientcreation
commands:
#setupinstall_server
#add_install_client
AutomatedInstallerserverandclient
creationcommands
AllAIactionsmanagedthroughthenewinstalladm
commandcentralizesadministration
#installadmcreateservice
#installadmcreateclient
JumpStartinstallsOracleSolaris10and
earlier
AIinstallsOracleSolaris11.
JumpStartProfileandRules
AIManifestandCriteria.
ThisallowscentralizingallinstallserversonOracle
Solaris11.
Additionallyitispossibletosetupan
OracleSolaris11systemasaJumpStart
serverforOracleSolaris10.
JumpStartdidnotsupporttheconceptof
WithAIitispossibletoprovisionbothfor
Thisisagoodexampleofhowdeeperintegrationwith
whatservicesshouldrunonasystem,only servicesandcontent.Forexampleitis
SMFprovidesadditionalflexibilityindeployments
whatshouldbeinstalledonasystem.
possibletospecificthesamepackage
contentfor2AIinstances,buthavedifferent
servicesenabledoneach.Oritispossible
tohavedifferentpackagecontentoneach
Themigrationutilityjs2aicanbeusedtomigratesome
aspectsofSolaris10JumpStartProfilesandRulestoAI
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
5/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
ManifestsandCriteria.
Systemclonesandfulldisasterrecovery
UnifiedArchivesisafeaturethat'sdeeplyintegratedinto
archivescanbecreatedusingUnified
thesystemallowingadministratorstoquicklycapturelive
Archivesanddeployedusingtheexisting runningsystemsanddeployacrossthecloud.
OracleSolarisZonesorAutomatedInstaller
capabilities.Archivescanbeflexibly
deployedeithertobaremetalorvirtualized
environmentswithpowerfultransforms.
KeyLinks:
TransitioningtoanOracleSolaris11InstallationMethod
InstallingOracleSolaris11.2Systems
InstallingUsingInstallationMedia
InstallingUsinganInstallServer
js2ai(1M)ReferenceManual
CreatingaCustomOracleSolaris11.2InstallationImage
SystemConfiguration
OracleSolaris108/11
Configurationinformationinfiles,typically
in/etc
OracleSolaris11
ConfigurationinformationintheSMF
repository.
OracleSolaris11Benefits
Centralizingmanagementsimplifiesconfigurationand
replication,particularlyinacloudenvironmentwherea
unifiedprogrammaticaccessisanecessitytosupport
dynamiccreationofOracleSolarisenvironments.
Flatfilesareeasytoadminister,buttheireditingsimplicity
masksotherproblems.PatchingandupgradingonOracle
Solaris10occasionallybroughtouttheproblemof
handlingconflictswithconfigurationfilesthathadbeen
modifiedsinceinstallation.WithOracleSolaris11,
configurationinformationisgenerallyaccessedandset
throughSMFcommands.Thereisnowalayeredconcept
ofconfigurationdatamanagementandsoadistinction
between,forexample,theunderlyingsetofconfiguration
defaults,andadministratorchanges.Thismakesfora
muchmoreorderlyupdateprocess,asadministrator
changesmadepriortoanupgradeandthatcorrespond
tovalidconfigurationparametersaftertheupgradecan
bepreserved.
sysidtool,sysidconfigandsys
sysconfigortheSCItoolcreatethe
unconfigaretoolsusedtoprovideorclear underlyingsc_profile.xmlfile.
systemconfigurationinformation
SystemconfigurationisnowintegratedaspartoftheSMF
repository.Thisgreatlysimplifiestheprocesstoconfigure
andunconfiguresystemsinareliableandrepeatable
way.
Edit/etc/nsswitch.conftospecifyhow Managedthrough
asystemwillgetinformationonhosts,
usersetc.
#svccfgssvc:/system/name
service/switch
SeethebenefitsofSMFdetailedinfirstrowofthissection
Edit/etc/nodenametosettheidentityof
thehost.
SeethebenefitsofSMFdetailedinfirstrowofthissection
Managedthrough
#svccfgs
svc:/system/identity:node
Edit/etc/defaultdomaintosetNIS
domain
Managedthrough
SeethebenefitsofSMFdetailedinfirstrowofthissection
#svccfgs
svc:/network/nis/domain
Propertyisconfig/domainname
Edit/etc/default/init
Localemanagedthrough
SeethebenefitsofSMFdetailedinfirstrowofthissection
#svccfgs
svc:/system/environment:init
Timezonemanagedthrough
#svccfgs
svc:/system/environment:init
Nameserviceserversanddomainsset
through/etc/resolv.conf
Managedthrough
SeethebenefitsofSMFdetailedinfirstrowofthissection
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
6/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
#svccfgs
svc:/network/dns/client
Manageserialportsthroughgetty,pmadm, Managedthrough
ttyadm,ttymon
#svccfgssvc:/system/console
login:terma
and
Inaddition,errorsinOracleSolaris10resolv.confwere
notflaggedleadingtobehaviorwheretheresultsdidnot
matchinintentionsoftheadministrator.InOracleSolaris
11basicerrorcheckingisperformedthroughtheuseof
SMFtemplatesandreportedthroughSMF.
SeethebenefitsofSMFdetailedinfirstrowofthissection
#svccfgssvc:/system/console
login:terma
Powermanagementbyediting
Powermanagementthroughpoweradm
/etc/power.conffileandusingpmconfig command.
command.
SeethebenefitsofSMFdetailedinfirstrowofthissection
Systemregistrationishandledbythe
feature,AutoRegistration.Oracle
ConfigurationManagerisavailablein
OracleSolaris108/11butnotenabledby
default.
Systemregistrationinvolvedcollectinganduploading
configurationinformationtoanOraclerepository.The
abilitytocollectinformationaboutcustomersystemsisa
coreelementintheabilitytooffercustomersasuperior
supportexperience.
SystemregistrationishandledbyOracle
ConfigurationManager.
OthernetworkingconfigurationtopicscanbefoundintheNetworkingsection.
KeyLinks:
SystemConfigurationMigrationtoSMF
SystemConfigurationToolsChanges
NamingandDirectoryServiceAdministration
Networking
OracleSolaris108/11
Useifconfigtochangecurrent
configuration
OracleSolaris11
Ifinmanualconfigurationmodeusenew
ipadmanddladmcommands
IfinAutomaticConfigurationMode,use
netcfg.
Limitedvirtualization:VLANsupportlink
andIPMPaggregation
Fullnetworkvirtualizationisnowa
fundamentalpartoftheOracleSolaris
networkingsubsystem.VirtualNICs
(VNICs),virtualswitches,VLANsupport,
areallavailable.
OracleSolaris11Benefits
Networkvirtualizationaddsmanynewcapabilitiesand
continuingtooverloadifconfigisthewrong
managementapproach.
Networkvirtualizationallowssharingahighbandwidth
connectionwithmultipleapplications,andexpandsthe
opportunityforserverconsolidationstoencompass
consolidatingentirenetworktopologiesonasingle
system.
QualityofServicecontrolsfornetworking
providedbyIPQoS.Nowaytocontrol
networkbandwidth.
Networkqualityofservicethroughnew
IPQoSinOracleSolaris10wasanaddontothe
networkresourcemanagementcapabilities networkingstacktoprovidequalityofservicecapabilities
includes:
butatthecostofnetworkperformance.InOracleSolaris
11,networkbandwidthmanagementwasintegratedinto
Assignmentofbandwidthlimitstophysical thedatalinklayertominimizeanyperformanceimpact.
andvirtualNICsbyport,IPaddress,
Thenewnetworkresourcemanagementprovidesa
protocol
frameworkforsettingmaximumbandwidthlimitsforboth
physicalandvirtualNICswithabilitytofinetunetospecific
AssignmentofCPUresourcesdesignated trafficcharacteristics.
tohandlenetworktraffic.
Forzones,bandwidthandCPUassignmentcontrols
InadditionifaVNICisassignedtoan
preventresourceusagewithinonezonefromnegatively
OracleSolarisZonealreadyunder
impactresourceusageinothers.
resourcemanagement
constraints,thatVNICwillautomaticallybe AnOracleSolaris10Zonecantakeadvantageof
associatedwiththoseresourceconstraints. bandwidthmanagementandCPUassignment,aslongas
administrationisfromtheglobalzonerunningonOracle
Solaris11.
Networkingobservablilityprincipally
throughifconfigandnetstat.
OracleSolaris11addstwonewcommands
fornetworkobservability,dlstat(1M)for
datalinklayerstatistics,and
flowstat(1M)(seebelow)inadditionthe
networkcanalsobeobservedvia
zonestat(1M).
VLANcompatibilitywhilesupportedis
convolutedtosetup
IntegratedsupportforVLANsoverVirtual
NICs.TosupportVLANsinaVNIC
infrastructureaVNICcanbegivenaVLAN
tag.
Enhancedstatisticsgatheringcapability,andinthecase
ofdlstat,abilitytogatherstatisticsoveradefinedtime
periodforhistoricalanalysispurposesmakeitpossibleto
useforcapacityplanning,debugging,andreporting
purposes.
ThissimpliesVLANadministration.Thereisnomore
configurationneededandVLANtagsareautomatically
addedtopacketsleavingthatVNIC.OracleSolarisvirtual
switchesalsounderstandVLANtagsandmakesurethat
trafficremainssegregated.
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
7/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
Noloadbalancer
TheIntegratedLoadBalancer(ILB)isnow Inintegratedloadbalancerprovidesopportunitiesto
afeatureofOracleSolaris.Itismanaged
addressloadbalancerneedswithoutnecessarily
viatheilbadm(1M)command.
purchasingseparateequipment.
Theloadbalancerisoneofthebuildingblocksfor
networkconsolidationprojectsenabledbythenetworking
virtualizationcapabilitiesinOracleSolaris11.
Networkpacketreceptionisalways
interruptdriven.
Adaptivepollingallowsthehandlingof
Withthisbehaviorthemostefficientmethodofhandling
networkpacketstoswitchbetweeninterrupt incomingnetworkpacketsisalwaysinoperation.Onvery
andpollingmodesdependentonthe
busynetworkswherethereceiverisalsoverybusy,the
volumeoftrafficbeingreceived.
highdemandforCPUresourcesassystembecomes
overwhelmedwithinterruptsisavoided.
Nowaytoautomaticallycoordinatethe
creationofVLANsdynamicallywiththe
switchinfrastructure
DynamiccreationofVLANsonthesystem Thisimprovessecuritybecauseonlythenecessary
andswitchinfrastructureissupportedvia VLANswillbeenabledonaswitchport,anditalso
theGARPVLANRegistration
improvesperformancebyreducingthenumberof
Protocol(GVRP).
multicastpacketsthatwillbeduplicatedbytheswitches.
GVRPallowsthehosttodynamicallyinform
thephysicalswitchesofVLANsconfigured
onaphysicallink.Whenthatfeatureis
enabledontheswitchandthehost,
messagesaresentfromthehosttothe
switchataregularinterval,containingthe
VLANswhichareenabledonthephysical
link.Theswitchusesthecontentofthese
messagestoenablethecorrectVLANson
theswitchports.
KeyLinks:
NetworkAdministrationFeatureChanges
ManagingNetworkVirtualizationandNetworkResourcesinOracleSolaris11.2
ConfiguringanOracleSolaris11.2SystemasaRouteroraLoadBalancer
ConfiguringVirtualNetworksbyUsingVirtualExtensibleLocalAreaNetworks
Security
OracleSolaris108/11
OracleSolaris11
OracleSolaris11Benefits
Securebydefaultisselectableduring
installation,butisnotthedefaultsecurity
setting.
Securebydefaultisthedefaultsecurity
settingatinstall.SSHistheonlyservice
enabled.
rootuseristypicallyusedfor
administrativepurposes.
rootisnowarolethatcanbeassignedto Therootusercannotlogintoasystem.Insteadtheroot
users.Itispossibletoturntherolebackinto roleisassignedtoauser,andthatusercanlogintothe
auser
system.Thisprovidessuperioraccountability.Anauditof
#rolemodKtype=normalroot
loginswould,forexample,showusernamesthathave
accessedasystem,notsimplythatsomeoneloggedinas
root.
Auditingnotonbydefault,andsome
performanceimpactincertainsituations.
Auditingisaserviceandenabledby
Onbydefault,andgreaterattentiontominimize
default.auditconfigisusedtoviewand performanceimpactofauditing.
changeauditpolicy.SMFcontrolstheaudit
service,svc:/system/auditd:default
IPFiltermanagedthroughipfrulefile
IPFiltermanagementisintegratedinto
PartoftheoverallshifttoSMFmanagedservicesas
SMF.
detailedintheConfigurationsection.
Thesvc.ipfddaemonmonitorsactionson
servicesthatusefirewallconfiguration.
Compatibilityismaintainedwithipfrule
files.
suisstandardcommandforassumingthe sudocommandnowincludedtoaugment
capabilitiesoftherootuser.
su.
BydefaultOracleSolaris11islessvulnerableatinstall
time.
PopularopensourceutilitynowincludedwithOracle
Solaris.
aset(1M)isusedtomonitororrestrict
accessestosystemfilesanddirectories
TheASETfunctionalityisreplacedbya
combinationofIPFilter,whichincludes
svc.ipfd,BART,SMF,ImmutableZones,
andothersecurityfeaturesthatare
supportedinOracleSolaris11.
Administrativerightscanbeassignedto
individualusersandrolescreatedto
implementseparationofduty
Manyadditionstorolesandrights.
WhiletheconceptofroleswasintroducedinOracle
Solaris8andresponsibilitieswasintroducedinOracle
Solaris9,therehasbeenaconcertedefforttofinetunein
OracleSolaris11topromoteusage.
Distinctionbetweenassigningand
delegating
MediaRestorerightsprofile
Profilebasedexecutionisinheritedbyall
processes,sopfexecisnolongerneeded
Abilitytoenforcerolebasedaccesscontrol
(RBAC)withouttherequirementtomodify
everyscripttoturnonRBAC.
Stoprightsprofileallowsadministratorsto
createrestrictedaccounts
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
8/9
8/29/2016
DifferencesbetweenSolaris11andSolaris10
Supportsabroadrangeofsecurity
standards
Expands/replacessecuritystandards
supported.
InternetKeyExchange(IKE)andIPsec
IKEnowincludesmoreDiffieHellman
groupsandcanalsouseEllipticCurve
Cryptography(ECC)groups.IPsecincludes
AESCCMandAESGCMmodesandis
nowcapableofprotectingnetworktrafficfor
theTrustedExtensionsfeatureofOracle
Solaris(TrustedExtensions)
Kerberosisnowcapableofmutual
authenticationofclientsandservers.Also,
supportforinitialauthenticationbyusing
X.509certificateswiththePKINITprotocol
hasbeenintroduced.
BARTdefaulthashisSHA256
Stayingcurrentwithchangesinsecuritystandardsisa
coredesigngoalforOracleSolarisreleases.
SSHSupportforhostanduser
authenticationbyusingX.509certificates
SeeZFSsectionforEncryptingZFSFileSystems.
KeyLinks:
SecurityFeatureChanges
Roles,Rights,Privileges,andAuthorizations
LocalizationandInternationalization
OracleSolaris108/11
Corelocalizationsare:
ChineseSimplified
ChineseTraditional
English
French
German
Italian
Japanese
Korean
Spanish
Swedish
PortugueseBrazilian
OracleSolaris11
Supports200Locales.Thecoresetof
localizationsis:
OracleSolaris11Benefits
Muchbroadersupportforlocalizationsoutsidethecore
group.
ChineseSimplified
ChineseTraditional
English
French
German
Italian
Japanese
Korean
Spanish
PortugueseBrazilian
KeyLinks:
InternationalizationandLocalizationChanges
http://www.oracle.com/technetwork/serverstorage/solaris11/overview/solarismatrix1549264.html?printOnly=1
9/9