System News for Sun Users - The Blog

Network.com, Sun’s collection of grid-enabled online applications available on a pay-per-use basis, along with the free open source 3D content creation suite Blender were selected by BBC World News as one of the best cloud applications available:

“Sun’s data centres are available for hire by the hour to power on-demand cloud services. Used mainly for processing scientific data, the servers can also be used for rendering animations via the open source Blender 3D software on the desktop.”

Network.com and Blender 3D recently made headlines as the technologies teamed up for the 3D animated movie “Big Buck Bunny.” Network.com acted as a web hosting location for the online comedy created using Blender 3D.

Solaris Containers or Zones are lightweight virtual Solaris instances similar to a full Solaris OS instance but which share a single Solaris kernel. They are easy to provision, require only a small amount of incremental disk space, and can be rebooted as needed in seconds. Containers can also be cloned, detached, moved and reattached. In a blog by Michael O’Connor, he shares the advantages of combining multiple applications onto a single server using lightweight Solaris Containers versus hypervisors.

In a follow-up entry, he explains that in some rare cases, applications are unable to run in a local or non-global zone and should go through a qualification process to identify potential installation or runtime issues, especially if root permission is needed to install or run the application.

“Local zones operate with a reduced set of process privileges relative to the global zone. As a result, all processes running in a non-global zone also have reduced privilege and certain system calls may return errors,” O’Connor writes. “Again, 99% of applications will run just fine in non-global zones but it pays to take the time to fully qualify new or migrating services before attempting a production deployment.”

Resources for ISVs and system administrators interested in taking a more cautious entry into Solaris Zones:

• Bringing your Application into the Zone
• Qualification Best Practices for Application Support in Non-Global Zones
• System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
• Zones and Containers FAQ at OpenSolaris.org
• Virtualization Blueprints at wikis.sun.com

Sun will be incorporating Symantec’s storage virtualization software into some of its products to advance archiving and e-discovery capabilities, announced Symantec Chairman and CEO John Thompson during the Symantec Vision 08 conference being held in Las Vegas this week.

“Sun will be using our storage virtualization software for energy conservation, archiving and e-discovery purposes,” Thompson said, reported Chris Preimesberger with eWeek. “This should all be finalized this fall.”

Glenn Brunette, Distinguished Engineer, and Rafat Alvi, Principal Engineer, in Sun’s Global Sales and Services Security Office relay the top five security threats facing Web scale deployments:

1. Rushing Services and Code Updates Without Considering Security Implications
Starting with time-tested building blocks and patterns is essential to Web scale success, say Brunette and Alvi. “That’s why the safe, reusable libraries and modules found in NetBeans and Sun Java Studio Enterprise are so important to consistently developing secure applications,” says Brunette. “Open source frameworks based on the contributions of large, security-minded communities are usually the better bet for application development. I’m hard-pressed to think of what can beat the time-tested principles of good security testing and automation tools such as JUnit and JsUnit.”

2. Inability to Secure and Audit Growing Customer Interactions
“Once an organization determines its Web applications can scale, identity management is the next step in keeping security in step with Web scale growth,” Alvi says. “The constantly evolving nature of security was a major design consideration in the development of Sun identity management tools.”

3. Haphazardly Linking New Web Scale Services to Other Environments
“Information that was once inaccessible externally now can be accessed from any location, often through multiple devices,” says Alvi. “This is a superb development, but linking the old, the new, and the unrelated multiplies the number of potential security challenges. It also raises trust issues when interconnected systems and devices are owned by different parties.”

“That’s why identity federation capabilities should be part of a well-stocked Web scale security arsenal,” Brunette adds.

4. Failing to Understand the Read-Write Nature of Web Scale Technologies
“The trend toward self-updating Web content is a mixed blessing,” Brunette says. “By allowing the access, execution, and aggregation of content at the client, a new doorway has been opened where attackers can trick users into running malicious code that reaches into corporate networks.”

Brunette says that the best defense against such threats is usually a good offense. “Educate your users about the dangers of accessing unknown sites and ensure that clients — including desktops, PDAs, and mobile phones — have security protections to defend against these attacks. But also ensure that a defense-in-depth architecture is in place — these frameworks have stood the test of time.”

5. Neglecting the Foundations of Web Services
“…a systemic approach to security that combines policy, methodology, architecture, and products is critical with Web services, because these environments are only as strong as their weakest link,” adds Alvi. “Web scale environments simply don’t fly for long unless they are based on a secure foundation.”

“The choice of hardware and operating system is critical in scaling out Web services securely,” says Brunette. “But security is also more than products and technologies. Best practices, training, education, processes, and policy all play important parts in deploying applications on a Web scale.”

See the March 2008 edition of Sun’s Inner Circle for the complete interview with the two Sun security experts and their suggestions on solutions that best address these issues.

The Sun health care team in The Netherlands has established the first Sun Modular Datacenter S20 in the health care space. For insight on how this particular datacenter was  actually built visit Joerg Schwarz’s weblog that details the installation in a visual documentation.

A free download of Rod Snevely’s 220-page book, “Enterprise Data Center Design and Methodology” is now available.

Contents:

1. Data Center Design Philosophy
2. Data Center Design Criteria
3. Designing a Data Center
4. Determining Data Center Capacities
5. Site Selection
6. Implementing a Raised Floor
7. 7. Power Distribution
8. HVAC and Other Environmental Controls
9. Network Cabling Infrastructure
10. Shipping, Receiving, and Staging
11. Avoiding Hazards
12. Environmental Contaminants
13. Codes and Construction

• A. Managing System Configurations
• B. Bibliography and References

Government Computer News reports that Sun MD (”Project BlackBox”) received a Best Of FOSE Award.

See Sun’s website for details of the Sun Modular Datacenter S20

IDC has made a “multi-media whitepaper”, sponsored by Sun, on HPC available at:

• http://idc.cycloneinteractive.net/sun_iview/sun_iview_v03.html

Earl Joseph, from IDC, delivers an interesting overview of the HPC marketplace.

IDC is estimating that the HPC market will grow about $B/year - from $11B in 2007 to about $15.5B in 2011

“In IDC’s view, Sun Microsystems is one of the few system vendors with the potential to address nearly the whole HPC market” - IDC

“Sun is attacking HPC system complexity on multiple fronts - hardware, software, storage, and networking - with the goal of building ‘ease-of-everything’ into all its offerings. HPC vendors that take this approach significantly increase their chances for satisfying user requirements and exploiting the revenue growth projected for the HPC market.” - IDC

United States’ National Security Agency (NSA) will be working with Sun and the OpenSolaris community to develop security enhancements to complement the security benefits of the mandatory access controls provided by the Solaris Trusted Extensions feature. The plan is to integrate an additional form of mandatory access control (MAC), based on the Flux Advanced Security Kernel (Flask) architecture.

“This is an opportunity to improve the security of an already robust OpenSolaris environment in a manner that may benefit government and commercial customers alike,” said Jonathan Schwartz, president and CEO, Sun. “The combination of the NSA’s expertise and Sun’s 18 years of experience in delivering mandatory access control solutions, along with its commitment to the open standards community, provides the basis for investigating the use of the Flask functionality with the OpenSolaris operating system.”

The Flask architecture supports a wide range of security policies, enabling the integration of different policy engines and the configuration of the security policy to meet the specific security goals for a wide range of computing environments.

virtualization.info has posted an interview with Steve Wilson, “Sun xVM Server and Ops Center Q&A with Steve Wilson“.

Some of the key points that Steve makes in the interview are:

• Sun is a player in the virtualization space
• Sun xVM Server includes a number of datacenter-grade features borrowed from Solaris that give xVM Server a set of highly unique attributes such as predictive self healing
• xVM Server will be able to run VM files which were created for VMware’s ESX Server or Microsoft’s Hyper-V without modification
• xVM Ops Center is designed to manage up to thousands of servers (physical and virtual)
• xVM Ops Center will be available freely under the very liberal GNU Public License (GPL) version 3
• Sun is planning to provide the ability to use Solaris Cluster together with xVM Server for applications where true clustering is required
• Ops Center 1.0 includes support for patching of Solaris (x86 and SPARC) as well as several versions of Redhat and SuSE Linux. Windows patching support will be added in a future revision
• xVM Server includes a simple to use, self-patching system that can automatically download and install the newest patches
• xVM Ops Center will ship in the next few weeks, ahead of the first commercial release of xVM Server
• xVM Ops Center 1.0 is focused on datacenter automation and includes features such as:
  • Server discovery and inventory management
  • Server firmware analysis and provisioning
  • Bare metal Server provisioning
  • Patch management
  • Monitoring
• xVM Server, and an update to xVM Ops Center to go with it, are planned for Q2 of calendar year 2008. Specific features to manage virtualized environments, include:
  • Full virtual guest life cycle management
  • Management of the domain 0 instance
  • Monitoring, management and provisioning of Windows, Linux and Solaris guests
  • Migration capabilities (Live, Regular and Cold)
  • Simple single host management through direct browser access, as well as large scale multi-node management via xVM Ops Center
  • Expansive resource monitoring and analysis
  • Guest image storage library management
  • Virtual and resource pooling
  • Network virtualization and bandwidth management

• Both xVM Server and xVM Ops Center will expose API sets through WS-Management. Sun will be putting specs out for this over at http://openxvm.org shortly

See also:

• Sun xVM Ops Center at sun.com
• Steve Wilson video on YouTube (2:30)
• Steve’s blog
• Sun’s (beta) Wiki pages for Sun xVM
• xVM weblog at blog.sun.com