Solaris Administration
Liveupgrade
From time to time you have to update or patch your system. How do you patch the system without long service interruptions? How do you keep a running version of your operating environment in case something goes wrong? Solaris can help you cope with these situations using its LiveUpgrade feature – patching and Updating while the system is still operational. You will find the Liveupgrade tutorial in section 3 on page 27
Boot environments based on ZFS snapshots
Live Upgrade was introduced for multiple disks or multiple partitions several years ago. How would such a functionality look like on modern file systems with ubiquitous snapshots? Well, ZFS boot and boot environments on ZFS give you such functionality today. The introduction to the ZFS based boot environments is located in section 4 on page 35
Working with the Service Management Facility
init.d was a venerable concept for many years to start and stop services. But it had its shortfalls. Sun therefore introduced the service management facility in Solaris 10, to offer functionalities like service dependencies, service instances and a central point of service management. Section 5 on page 40 will give you insight to this interesting feature of Solaris. 19
Solaris Resource Manager
You can run a multitude of services and applications on a single big system. But how can you ensure, that every application gets its share of performance? Solaris Resource Manager can help you to control a process’s CPU, memory and other resources. In section 6 on page 61 you can learn how use this feature.
/home? /export/home? AutoFS?
Many people wonder about the different location for the user home directories on a Solaris system. Why are the home directories located in /export/home and not in home? The history of these two directories and some insight into AutoFS will be described in section 7 on page 80
lockfs
Sometimes you have to ensure that a file system doesn’t change while you’re working on it. To avoid that, use the lockfs command. You will learn more about this function in section 8 on page 87.
Solaris Security
Role Based Access Control and Least Privileges
root can do everything on a system, but is it a wise choice to give everyone the root password and thus the key for all rooms in the kingdom? Does a process need all the privileges of root just to bind to a privileged port? How do you configure the least set of privileges to a process? Section 12 at page 115 answers this questions.
The Solaris Security Toolkit
The Solaris Security Toolkit is designed to automate the hardening and minimization of a Solaris system. The toolkit contains the knowledge even to harden a tough target like a Sun Cluster installation and simplifies the necessary steps. A tutorial on the usage of the Solaris Security Toolkit is located in section 13 on page 135.
Auditing
What happens on your system? When did a user use which command? When did a user delete a particular file? You need log files to answers this question. The auditing functionality in Solaris generates these and reports on a vast amount of actions happening on your system. The configuration of this feature is explained in 14 on page 145.
Basic Audit Reporting Tool
Sometimes you need to know, what has changed on a system since you installed it. For example when all your fellow admins tell you after a system crash. The Basic Audit Reporting Tool can answer this question by comparing different states of you system. The usage of BART is explained in section 15 on page 151.
IPsec
Secure communication between hosts gets more and more important. Secure communica- tion does not only mean encrypted traffic. It also includes the authentication of your communication partner. Solaris has had an IPsec implementation since a number of versions. The configuration of IPsec is described in 16 on page 153.
On Passwords
It is important to have good and secure passwords. All other security systems are rendered worthless without good keys to the systems. Solaris has some features to help the administrator to enforce good passwords. Section ?? on page ?? describes this feature.
Signed binaries
There are literally thousands of binaries on your system, but are they really all supplied by Sun? Every binary in Solaris is digitally signed by Sun. The section 17 on page 162 explains, how you verify these signatures.
Networking
Crossbow
Project ”Crossbow” resulted in a new IP stack for Solaris. It solves challenges like the question how do load network interfaces in the 10GBe age and introduces an integrated layer for network virtualization. Some interesting features of Crossbow and their configuration is described in section 20 on page 177.
IPMP
Solaris provides an matured mechanism to ensure the availability of the network connec- tion. This feature is called IP Multipathing (or short: IPMP). It’s in Solaris for several versions now and it’s easy to use. An description of the configuration of new and classic IPMP is available in section 21 on page 197.
kssl
In Solaris 10 got an interesting feature to enable SSL for any service by adding a transparent SSL proxy in front of its . This proxy runs completely in kernel-space and yields better performance compared to a solution in the user-space. The section 23 on page 237 explains, how you enable kssl.
Storage
fssnap - snapshots for UFS
File system backups can be faulty. When they take longer, the file system has a different content at the beginning at the end of the backup, thus they are consistent. A solution to this problem is freezing the file system. fssnap delivers this capability to UFS. Section 24 describes this feature. The tutorial starts on page 242.
iSCSI
With increasing transfer speed of Ethernet it gets more and more feasible to use this media to connect block devices such as disks to a server. Since Update 4 Solaris 10 has a built-in functionality to act as an iSCSI initiator and target. The configuration of iSCSI is the topic of section 26 on page 258.
Remote Mirroring with the Availability Suite
You have two data centers with similar hardware and same software on both. The second data center is a perfect replica of the first. Good basics for disaster recovery. The remaining issue: How to get the data to your backup data center? And how to get the data back after the you’ve recovered your primary data center. The Remote Mirroring facility of the Availability Suite was designed for such situations. Section 27 on page 270 explains the configuration of a remote mirror. 23
Point-in-Time Copy with the Availability Suite
Sometimes you need a copy of your data to test applications or to keep a working copy when you upgrade them. Copying the whole data is possible, but inefficient. Generating a frozen snapshot is easier. The Availability Suite enables the admin to freeze the state of a disk with much lower overhead in a short time. Point-in-Time copies will be explained in 28 on page 288.
SamFS - the Storage Archive Manager File System
Typically documents and data are put away for years without them being accessed, but you cannot delete the data – possibly due to law. So your data rotates on rotating rust for years on power-hungry disks. It would be nice to archive all this data on tape without thinking about it. SamFS is a tool for this task. The section 29 on page 312 will give you a basic overview of the configuration and use of SamFS, the hierarchical storage management system from Sun.
Solaris Administrators Toolbox
fuser
This short tutorial will show you how to find out which processes are using files on a file system. It’s located in section 30 on page 341.
pfiles
Many people install lsof on their system as they know it from Linux. But you have an similar tool in Solaris. In section 31 on page 344 you will find a short tip for its usage.
Installing Solaris Packages directly via Web
This trick isn’t widely known. You can install a package directly from a HTTP source. Look in this section 32 on page 346 for a description.
About crashes and cores
There is no bug-free code, thus from time to time an operating system has to react: it crashes and dumps core to protect itself. Learn to control the core-dumps and how you can do some basic analysis in section 33 on page 347.
Nontechnical feature
Long support cycles
Solaris has a long life time for a single Solaris release with a defined time line that governs the life cycle. Get some insight to the life of a release in section 36 on page 396.