Oracle Solaris 11 Continuous Innovation
Joost Pronk van Hoogeveen Martin Müller
Product Management Oracle Solaris Engineering
Copyright © 2019 Oracle and/or its affiliates. Safe Harbor
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation.
Statements in this presentation relating to Oracle’s future plans, expectations, beliefs, intentions and prospects are “forward-looking statements” and are subject to material risks and uncertainties. A detailed discussion of these factors and other risks that affect our business is contained in Oracle’s Securities and Exchange Commission (SEC) filings, including our most recent reports on Form 10-K and Form 10-Q under the heading “Risk Factors.” These filings are available on the SEC’s website or on Oracle’s website at http://www.oracle.com/investor. All information in this presentation is current as of September 2019 and Oracle undertakes no duty to update any statement in light of new information or future events.
Copyright © 2019 Oracle and/or its affiliates. The IT Modernization Challenge
Mature business critical applications Delivering critical services Costly and difficult to replace
Aging infrastructure Increasing security risk Complex, bespoke management Lack of real-time insight Lack of capacity Increasingly difficult and expensive to maintain
Copyright © 2019 Oracle and/or its affiliates. Business Critical Technology Requirements
Consistent Simple Secure Save money Save time Reduce Risk
Engineered for Investment Protection and Innovation
Until at least 2034
Copyright © 2019 Oracle and/or its affiliates. Switching to Continuous Delivery
Focus on delivery in Updates Focus on delivery in SRUs 2010 2012 2014 2016 2018 2020 2022 2024 2026 2028
Oracle Solaris 11 Oracle Solaris 11.2 Oracle Solaris 11.4
Oracle Solaris 11.1 Oracle Solaris 11.3
• Grouping features for larger distinct releases • Release features when ready • Drives requalification and migration plans • Part of continuous flow of SRUs • Customers need to wait for finished features • Quick delivery of features and fixes
Copyright © 2019 Oracle and/or its affiliates. Oracle Solaris 11.4
The foundation for ongoing Solaris innovation
• 15 monthly Support Repository Updates (SRUs) delivered to date – More than 200 security fixes – More than 275 enhancements, including: • X8 Platform; Oracle VM Server for SPARC v3.6.1; automatic boot environment naming, Memory Reservation Pools, Solaris WebUI Database Statistics sheet, SCAT 5.5.5, legacy compatibility libraries, SSD BearCove Plus, LEO-B HDD, enhancements to ps(1), prstat(1) and truss(1), additional Linux libc compatibility functions • Updates to many popular Open Source components, including Apache Tomcat, OpenLDAP, LLVM/Clang, BIND, rsync, git, PHP, Rust, Django, MySQL, Apache Web Server, OpenSSL, Erlang, ruby, Python, git, OpenSSH, dnsmasq, mercurial, PTP, NTP, etc. – And many other important security, availability and functional fixes
Copyright © 2019 Oracle and/or its affiliates. Oracle Solaris 11.4 Enhancements
Observavility Security & Compliance • StatsStore & WebUI • Multi-node Compliance • Stats/Faults/Audits in one location • CVE reports • Database Stats Sheet • Application Sandboxes • REST API • Per-file Auditing
Virtualization Data Management • Single Step Evacuation • ZFS Device Removal • Archive Dehydration • Resumable Send Streams • OCI support • Storage I/O Limits • Memory Pools • Scheduled ZFS Scrubs
Copyright © 2019 Oracle and/or its affiliates. Outstanding Observability
Oracle Solaris System Web Interface
View Real-time and historical data • Essential statistics collected continuously • Additional data acquired on demand • Correlation with administrative actions and faults • Integration with Oracle Database V$SYSTEM_EVENT & V$SYSSTAT Lightweight intuitive web UI • Designed for minimal overhead • No Agents to install
Copyright © 2019 Oracle and/or its affiliates. Demo 1
Observability — StatsStore, WebUI, Oracle Database & DAX
Confidential – © 2019 Central Dynamic Compliance Updates
Full up-to-date insight in security status • Central collection and analysis • Updated every SRU Know exactly which vulnerabilities need to be addressed Added Spectre and Meltdown fixes and compliance checks in SRUs • Indicating which CVE’s are applicable
Copyright © 2019 Oracle and/or its affiliates. Security Matters Today more than ever, staying current is critical to securing your systems
Oracle Solaris Security Certifications: • Oracle OpenSSL FIPS Object Module • FIPS 140-2 Certificate #3335, 7/18/19 • Oracle Solaris Kernel Cryptographic Framework (kCF) & Oracle Solaris Userland Cryptographic Framework (uCF) • Implementation Under Test 7/10/2019 • Common Criteria • New evaluation in progress
Copyright © 2019 Oracle and/or its affiliates. Up to date bundled software
Table 1 Compilers and Interpreters Software Oracle Solaris 11.3 Versions Oracle Solaris 11.4 Versions gcc 3.4, 4.5, 4.7, 4.8 4.9, 5.5 Oracle Solaris incudes more Java 7, 8 8 than 1500 regularly updated Python 2.6, 2.7, 3.4 2.7, 3.4, 3.5 open source and 3rd party Perl 5.8, 5.12 5.22, 5.26 packages., with 157 packages 5.6 (removed in SRU9) , 7.1, 7.3 PHP 5.3, 5.6 (SRU10) updated through SRU11 Ruby Table 2 Developer and DevOps Tools1.9, 2.1 2.3 2.3 (SRU5), 2.6 (SRU9) TCL/TK Software 8.5 Oracle Solaris 11.3 Versions 8.6 Oracle Solaris 11.4 Versions LLVM/Clang MySQL – 5.1, 5.5, 5.6 3.8 5.5, 5.6, 5.7 Go Git – 1.7 1.7 2.15 (replaced by 2.19 in SRU6) GDB 7.6 8.0 Mercurial 3.4 4.1 Puppet Table 4 Network Services and 3.6Clients 5.5 Cmake Software 2.8 Oracle Solaris 11.3 Versions3.9 Oracle Solaris 11.4 Versions Oracle Instant Client Apache HTTPD – 2.2, 2.4 12.2, 18.3 (SRU3) 2.4 Tomcat 6.0, 8.0 8.5 85% of Oracle Solaris SSH SunSSH, OpenSSH 6.5 OpenSSH 7.6 (7.7 as of SRU6) Samba 3.6 4.7 (4.9 as of SRU6) security vulnerabilities Postfix 2.11 3.2 in the last 2 years are ISC BIND 9.6 9.10 associated with firewall IPfilter, PF OpenBSD 5.5 Packet Filter (PF) bundled software Kerberos Sun fork 1.15 Wireshark 1.12 2.4
Copyright © 2019 Oracle and/or its affiliates. Full Spectrum Virtualization
Deploy compute capacity where & how needed • Application Sandboxes • Containers (Zones), Virtual Machines (Kernel Zones and Logical Domains) Easy device management • Virtual device isolation • Online device add and remove Simple migration and orchestration • One-step evacuate/restore • Enforce Inter-VM application dependencies
Copyright © 2019 Oracle and/or its affiliates. Migration Tools / Encryption Efficiency Convert existing ZFS Filesystems Space overhead reduced Convert filesystems and snapshots Encryption requires no more extra • Full ZFS context is migrated blocks Send/receive from unencrypted to >300% reduction for small files encrypted to new filesystem • Big impact in RAID Z and RAID 1 scenarios • Migrate data on the same devices
Copyright © 2019 Oracle and/or its affiliates. Oracle Solaris REST Interface • Layered on top of Remote Administration Daemon (RAD) • Gives access to all RAD modules • Strong security • Using https over TLS • Uses RBAC access rules • Agentless management • Connect and collect centrally • Use your favorite DevOps or System Management tools
Copyright © 2019 Oracle and/or its affiliates. Demo 2
Systems Management through REST — Collect Configuration and Stats, Administrate and Control
Confidential – © 2019 Preserving your Solaris 10 investment Extended support for Solaris 10 now available through January 2024 Minimize your exposure by using Solaris 10 Containers on Solaris 11 • Easily deploy a flash archive from any Solaris 10 system in a branded zone; upgrading the legacy system to S10U9 is no longer required* • blog on modernization via Containers Access to patches for critical issues • Quarterly updates including kernel fixes and key 3rd party component updates • Recently updated components include automount, CDE, Filesystem, Java SE, Apache HTTP, Apache Portable Runtime, BIND, ImageMagik, NTP, libxml2, Apache Tomcat, OpenSSL, SunSSH, GNU tar, RCP, Python, DHCP Client, LDOMS IO, Zsh Shell, RSYNC, Studio C++ libraries, tCsh, ant * From 11.4 SRU7
Copyright © 2019 Oracle and/or its affiliates. Environment Migration Options LDoms Solaris Zones
V2V V2V
Control Solaris Zone Domain Solaris 9 Zone Oracle Solaris 10 Oracle Solaris 10 Oracle Solaris 10 Solaris 10 Zone Solaris 10 Zone
Oracle Solaris 11 Control Domain Solaris 9 Zone
Oracle Solaris 11 Oracle Solaris 10 Oracle Solaris 10 Oracle Solaris 10 P2V
Oracle Solaris Zones System Preflight Oracle Solaris 10 P2V Checker Confidential – © 2019 Migration Options Advice
Environment Migration Application Migration
Least Preferred Good Compromise Best Option • Oracle Solaris 10 LDom Oracle Solaris 10 Zone • Oracle Solaris 11 • Little change needed Easy conversion • Biggest change • Still Full Oracle Solaris Oracle Solaris 11 Kernel • Full Oracle Solaris 11 10 Kernel only stack
Control Domain Solaris 10 Zone Solaris 10 Zone Solaris 11 Zone Solaris 11 Zone
Oracle Solaris 11 Oracle Solaris 10 Oracle Solaris 11 Oracle Solaris 11
Confidential – © 2019 Oracle Solaris (on x86) in Oracle Cloud
Oracle Cloud Infrastructure • Bare Metal Compute • Virtual Machine Compute Support Included • pkg access to support repo • Technical Support Solaris Images now available in Cloud Marketplace
Copyright © 2019 Oracle and/or its affiliates. Oracle Solaris meets the Challenge Long Term Investment Protection Consistent management • 20+ year history of Guaranteed • Oracle Enterprise Manager Ops Center Application Binary Compatibility • Integrates with popular DevOps tools • Support for Oracle Solaris 11 through at least 2034 Real time observability Secure, up to date Platform • Integrated auditing • Dynamic tracing • Security in Silicon • Stats Store & Web Dashboard • Integrated compliance tools • More than 1500 regularly updated widely Room for growth used open source packages • SPARC performance and integrated • Easy-to-apply update stream virtualization for the largest workloads
Copyright © 2019 Oracle and/or its affiliates. Thank You
Joost Pronk van Hoogeveen Martin Müller
Product Management Oracle Solaris Engineering