We found that Solaris 10 has been torn from its SPARC-only roots now runs very quickly and very easily on generic 32-bit x86 Intel- and 64-bit Advanced Micro Devices-based servers. It also has new security features and supports a range of Linux applications. And it's free.
Sun is gunning for some of Linux's rising popularity in the enterprise with the newest release of its Unix derivative, Solaris. In this Clear Choice Test, we found that Solaris 10 has been torn from its SPARC-only roots now runs very quickly and very easily on generic 32-bit x86 Intel- and 64-bit Advanced Micro Devices-based servers. It also has new security features and supports a range of Linux applications. And it's free.
How we did it
Solaris 10 has a variety of installation options, ranging from an everything-but-the-kitchen-sink option that includes OEM add-ons to a developers' option to a slim "networking" install. Most enterprise deployments would likely require a developer grouping for the initial installation because it contains necessary compilers, applications and development tools.
We installed Solaris 10 on all 10 of the 32-bit and 64-bit servers in our labs with only very minor problems. These servers ranged from Sun's own AMD64-based V20z box to an HP-Compaq server with dual 733-MHz Pentium III processors. In our tests, the operating system chose the most appropriate drivers for the components in these disparate servers with only minor exceptions.
Solaris 10 has a look and feel that's similar to Solaris 9's. Both the Gnome-based Common Development Environment and Java Desktop System user interfaces are offered. The Sun Management Console - which can be invoked from either interface - controls users, groups, projects and system resources. However, this console doesn't support applications needed to manage all of the functionality of Solaris 10. For example, to run encryption services or gather detailed disk and file information, you must use a command-line interface.
Commercial Linux distributors have learned how to manage the myriad administrative options needed in a server operating system through GUI interfaces.
Solaris 10 supports directory services such as Network Information System + and those based on Lightweight Directory Access Protocol . Even though Sun also provides Samba, the open source Microsoft Windows connectivity method, it offers no official support for it and only scant documentation. All three services' implementations worked acceptably well.
Solaris 10 is as fast as its Linux competition (see performance charts, below). The numbers posted by Solaris 10 and RedHat Enterprise Linux AS 4.0 in our series of Web transactional tests, in which both were running Apache 2.0.3 on the same Polywell 64-bit server,were very close across the board. We did find that Solaris had a small performance advantage when tested on Sun's own V20z box.
Solaris, since the release of Version 8, has supported role-based access controls via its Role Based Access Control (RBAC) mechanism. These Unix-based hierarchical roles - ranging from a lowly user or file to root-level rights that give a user or application full access to system resources - can be extended to users and application behavior.
RBAC provides a method of setting up how those roles interact with other system resources to prevent an application or users from reaching out to use resources they are not entitled to use. This feature is similar to the security features of Red Hat's SELinux implementation (see Red Hat Enterprise Linux test ).
These RBAC role-based groupings can serve as the basis of a new security feature within Solaris 10, referred to as containers. Containers are objects that comprise users, applications and processes logically grouped to create virtual workspaces; or in Solaris 10 terms, projects on the same physical server. Projects map to the Linux Virtual Machines seen in SLES9. These virtual workspaces eschew the overhead of full server virtualization products, including VMWare GSX.
Containers boost overall system security because they isolate project instances from scrutiny by other processes, and add fault tolerance by isolating processes from each other so if one project fails, it doesn't bring down the rest of the system.
Solaris 10 provides a flexible background for securely dividing system resources, providing performance guarantees and tracking usage for these containers. Creating basic containers and populating them with user applications and resources is simple. But some cases may require quite a bit of fine-tuning.
Once initial container characteristics are defined, they can be replicated to create multiple instances of like containers. It's also possible to change the behavior of containers on the fly to tune and re-allocate resources. Tuning was tedious; and although we saw our results immediately, the procedure can be daunting.
To monitor the activity of the containers (as well as other system services and applications), Solaris 10 has a tool called Dynamic Tracing (DTrace). We found that the modules and device calls that registered with DTrace produced a stunningly long and detailed list of information that we subsequently filtered to look at specific calls, such as disk and memory requests. The tool didn't appear to detract from performance, and the devil with DTrace is in its details - lots of it.
Sun recommends using Perl scripts to develop the accounting reports needed to keep track of containers, but we'd prefer to see a reporting module that plugs into the operating system that automatically tracks that information.
In terms of other security features, Sun has an automated patch management process that can update system software without attendance.
Overall, Solaris is a time-proven Unix platform, with a long legacy of stability and reliability. Solaris 10 has been tweaked for speed on generic PC-based hardware, and its new container methods show clear attention to security details. The price is certainly right for the capital cost of the product - it's free. What's not free is the training needed to make many of the components of Solaris 10 sing.
Learn more about this topic
Henderson is principal researcher for ExtremeLabs in Indianapolis. E-mail him.
Henderson is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.nwfusion.com/alliance.